| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes meldet Outbond Data Camp LimitedWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.12.2015, 10:31
| #1 |
 |  Malwarebytes meldet Outbond Data Camp Limited Moin zusammen, ich hab seit einigen tagen dass Problem dass Malwarebytes mir meldet dass eine Website als bösartig geblockt wurde, obwohl ich diese Seite auch gar nicht aufgerufen habe. Die meldung kommt, browserunabhängig(Firefox und Opera sind inkl. Adguard Adblocker installiert) bei Aufruf der Seite www.express.de. Nun habe ich selbst mit Malwarebytes, adwcleaner, JRT und SuperAntSpyware einiges durchlaufen lassen und nach JRT sind die Meldungen anscheinend verschwunden. Ich traue dem aber nicht und bitte darum dass mit mir jemand durchschaut ob mein System wieder OK ist. Hier die MWB LOG mit der Outbond Meldung Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="1" datetime="2015-12-13T07:27:53.225901+01:00" code="No Internet connection detected" source="Scheduler" message="Failed" type="Update" username="SYSTEM" systemname="RALF" last_modified_tag="e9eea48b-c425-45c8-915a-daf7ff204312"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-13T07:27:53.265930+01:00" code="No Internet connection detected" source="Scheduler" message="Failed" type="Update" username="SYSTEM" systemname="RALF" last_modified_tag="f9eb6fe8-ceb6-4592-8013-9fa5e44ec741"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-13T07:30:59.570210+01:00" source="Scheduler" type="Update" username="SYSTEM" systemname="RALF" fromVersion="2015.12.12.5" last_modified_tag="017edbb5-4efc-42bf-968f-df2dd9d82a49" name="Malware Database" toVersion="2015.12.13.2"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T07:30:59.589224+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="857164c2-877a-4847-94e0-baadcc98b7a9" result="Starting" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T07:30:59.592225+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="f7d2b025-b609-4242-a4fc-2a0a5bf6266c" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T07:30:59.801373+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="2edc3e96-20c5-4410-bc86-9bb57e6d37ea" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" scantype="threat" LoggingEventType="6" starttime="2015-12-13T07:27:53+01:00" datetime="2015-12-13T07:31:05.908790+01:00" source="Context" type="Scan" username="SYSTEM" systemname="RALF" last_modified_tag="bbf64e50-5e2b-4e27-8c8c-3a554af8265c" duration="192" malwaredetections="0" nonmalwaredetections="0" scanresult="completed"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T07:31:12.038228+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="d1c8674c-ae3f-4a1f-80ba-0b5cf553eab3" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T07:31:12.047234+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="18584da6-789d-41e1-a9a4-f11d55923328" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T07:31:12.677680+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="17312d7a-8c97-477e-bca8-053a19dd98bc" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:04:59.564729+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="2667b169-8790-4e36-9546-df45718c48a9" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:04:59.564729+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="ddf926b3-3466-4e99-94da-873e972092ce" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:05:01.017878+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="a98c952d-4195-4bcf-b05f-e790446780b3" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:05:06.443322+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="671315ac-06ad-4153-9875-f49dbdd19a0d" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:06:41.031390+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="77189142-14a5-456d-9912-6966eff2a4c3" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:06:41.031390+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="fd6dd714-1565-462e-b069-c24a231ef8f4" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:06:42.484526+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="342f3df6-46b3-4519-b92c-c33820cf3c4c" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:06:46.438927+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="6d4cb0a1-b378-4473-a968-77dffb4d0408" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-12-13T08:18:52.792283+01:00" source="Manual" type="Update" username="SYSTEM" systemname="RALF" code="No Internet connection detected" last_modified_tag="19abda06-d71a-4004-aea1-f910af247515" message="Failed"></record>
<record severity="debug" starttime="2015-12-13T08:18:52+01:00" LoggingEventType="6" datetime="2015-12-13T08:24:43.780123+01:00" source="Manual" type="Scan" username="SYSTEM" systemname="RALF" last_modified_tag="4fe88dd1-3a22-45a0-85c6-4728913061a9" duration="350" malwaredetections="0" nonmalwaredetections="0" scanresult="completed" scantype="threat"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:29:35.983608+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="3669d654-0db4-4430-b528-ecca6db96748" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:29:35.999233+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="0ca934ec-9911-481a-b848-1d1dd668835e" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:29:36.014858+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="49ab4d12-2e39-44b7-b796-93691decc661" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T08:29:41.488029+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="c8dd40c8-006e-4bb8-87fe-1666ec0f0bea" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:32:29.286570+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="6d286214-efda-4855-b2ee-a92b7723081a" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49505"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:32:29.341609+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="f5045779-3560-493e-b473-dfaee7b10359" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49505"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:32:29.499721+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="7779889d-27ef-4647-b1cc-278043b35b1a" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49506"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:32:29.525740+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="4e8041f9-86b4-4efd-b387-65cad87e4aa3" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49507"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:32:29.546754+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="f248eb84-b76a-46f3-874f-b9bee698cc75" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49508"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:39:34.701468+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="7c100663-d561-4bb8-b85d-ec18bd108ebf" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49875"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:39:34.728486+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="8af8d01f-9ef1-4485-a76b-7ce9185fc05b" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49876"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:39:34.756506+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="7557024f-cda7-4024-ba7e-087d18107a53" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49877"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:39:34.785527+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="260901b2-2ed6-4c76-a7de-7586f23ea4a9" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49878"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:39:35.464005+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="2ceb12ea-e703-4e1c-80b6-e5b824799678" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49892"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:39:35.484020+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="72ac9e1e-b295-4498-aee9-be8b18ac2c2d" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49893"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:39:35.504034+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="a9ee9fda-501a-44f3-a878-0f3618496f89" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49894"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:41:01.447791+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="8cf35577-bfd1-4f1f-8123-2f5200c9fd56" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49939"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:41:01.473810+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="60e290d4-335e-4393-b0b4-0d470f54e109" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49940"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:41:01.503831+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="fb845b22-5571-4401-a202-117c3c70bf56" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49941"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:41:02.167300+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="f47d9b93-fee0-43c9-8dba-1a816c852fa4" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49949"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:41:02.186313+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="f79a8a0f-ab26-4f80-b700-fdac3124d1ae" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49950"></record>
<record severity="debug" process="C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe" LoggingEventType="0" datetime="2015-12-13T08:41:02.207330+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="b723dcee-e0eb-444b-b449-96e66f148ccd" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="49951"></record>
<record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2015-12-13T08:41:31.553299+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="f205edad-a266-416e-afd6-9922a933a2f5" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="50038"></record>
<record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2015-12-13T08:41:31.608338+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="a0c8f00d-b7b9-4f98-97b4-6545d75fe06c" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="50039"></record>
<record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2015-12-13T08:41:31.633356+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="RALF" last_modified_tag="a8b72cf6-1987-48e2-9eb3-542c33dcc3bc" subtype="Malicious Website Protection" direction="Outbound" domain="whats-158544.c.cdn77.org" ip="185.59.220.32" malwaretype="IP" port="50040"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T09:23:39.910900+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="b6e3320b-f482-4b48-8929-cc7bc5ece12a" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T09:23:39.926525+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="63b9e959-bc0a-45b2-a004-8387ccf087aa" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T09:23:39.942150+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="2e647dbf-eabd-4ec9-85a7-c84954fa2fae" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-12-13T09:23:43.953957+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="RALF" last_modified_tag="166d4dbb-13dd-43cd-bd24-41196ec46f1e" result="Started" subtype="Malicious Website Protection"></record>
</logs>
Ralf Edit: nochwas...ich hab als Virenscanner GDATA Internet Security in aktueller Version. Geändert von Ralle68 (13.12.2015 um 10:38 Uhr) |
|
13.12.2015, 15:56
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Malwarebytes meldet Outbond Data Camp Limited Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1   Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
13.12.2015, 16:35
| #3 |
| | Malwarebytes meldet Outbond Data Camp Limited Hallo Jürgen,
__________________danke dir dass du dich meiner annimmst. Das Problem besteht nämlich immer noch. Nachdem ein paar Stunden Ruhe war gehts wieder los. Hier die beiden FRST Logs Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01 durchgeführt von RalfN (Administrator) auf RALF (13-12-2015 16:31:59) Gestartet von C:\Users\RalfN\Desktop Geladene Profile: RalfN (Verfügbare Profile: RalfN & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe (MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (MSI) C:\Program Files (x86)\SCM\SCM.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe (Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (Logitech, Inc.) C:\ProgramData\LogiShrd\LogiOptions\Software\3.20.35\LogiOptionsMgr.exe (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-12-24] (Realtek Semiconductor) HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [405504 2014-10-14] (MSI) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806000 2014-12-24] (Synaptics Incorporated) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft) HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1553528 2015-09-01] (Logitech, Inc.) HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.) HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-02-24] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink) HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1864312 2015-06-16] (G DATA Software AG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe, HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ACHTUNG HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ACHTUNG HKU\S-1-5-21-2852321177-494340521-2433802200-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS) HKU\S-1-5-21-2852321177-494340521-2433802200-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd) HKU\S-1-5-21-2852321177-494340521-2433802200-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-02] (SUPERAntiSpyware) HKU\S-1-5-21-2852321177-494340521-2433802200-1001\...\MountPoints2: {bf343533-bd69-11e4-8262-806e6f6e6963} - "E:\autorun.exe" HKU\S-1-5-21-2852321177-494340521-2433802200-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ACHTUNG HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ACHTUNG ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-12-25] ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A32F7F52-0DC5-40EF-84BD-7D30CC20D157}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{BBE9D8B8-A15E-4A93-AABF-5DB8C6DD53AE}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-2852321177-494340521-2433802200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com HKU\S-1-5-21-2852321177-494340521-2433802200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-20] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-20] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft) FireFox: ======== FF ProfilePath: C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default FF DefaultSearchEngine: Bing FF Homepage: hxxp://news.google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-20] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [Keine Datei] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [Keine Datei] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default\searchplugins\google-images.xml [2015-04-26] FF SearchPlugin: C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default\searchplugins\google-maps.xml [2015-04-26] FF SearchPlugin: C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default\searchplugins\metager.xml [2014-08-30] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-09-20] FF Extension: Disable Anti-Adblock - C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default\extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2015-10-20] FF Extension: Tiny JavaScript Debugger - C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default\extensions\tinyjsdebugger@enigmail.net.xpi [2015-12-12] FF Extension: uBlock Origin - C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default\Extensions\uBlock0@raymondhill.net.xpi [2015-12-12] FF Extension: web Plugin Plus - C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default\Extensions\{115c730f-3ac3-492f-9a4a-27e204566853}.xpi [2015-08-26] [ist nicht signiert] FF Extension: Tab Mix Plus - C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-09-01] Opera: ======= OPR Extension: (Adguard Werbeblocker) - C:\Users\RalfN\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2015-12-11] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-09-19] (Qualcomm Atheros) [Datei ist nicht signiert] R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2740344 2015-11-26] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [966776 2015-06-16] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3842504 2015-09-16] (G Data Software AG) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-26] (CyberLink) R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3203392 2015-09-15] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789624 2015-06-16] (G Data Software AG) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-12-12] (SurfRight B.V.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-12-24] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-10-14] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert] R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-20] (Qualcomm Atheros) [Datei ist nicht signiert] R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [158720 2015-10-20] (G Data Software AG) S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG) R1 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [28672 2015-10-20] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-10-20] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [231936 2015-10-20] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [91648 2015-10-20] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [69120 2015-12-10] (G DATA Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-12-10] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [126464 2015-10-20] (G Data Software AG) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-13] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation) S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-12-24] (Windows (R) Win 7 DDK provider) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-11-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2233344 2014-09-18] (Qualcomm Atheros, Inc.) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-12-24] (Realsil Semiconductor Corporation) S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (SteelSeries Corporation) S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation) R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2014-12-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-12-24] (Synaptics Incorporated) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [Datei ist nicht signiert] S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] () ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-13 16:31 - 2015-12-13 16:32 - 00025492 _____ C:\Users\RalfN\Desktop\FRST.txt 2015-12-13 16:31 - 2015-12-12 20:33 - 02369536 _____ (Farbar) C:\Users\RalfN\Desktop\FRST64.exe 2015-12-13 16:20 - 2015-12-13 16:20 - 00000000 ____D C:\Users\RalfN\AppData\Local\Wondershare 2015-12-13 11:53 - 2015-12-13 11:53 - 02870984 _____ (ESET) C:\Users\RalfN\Downloads\esetsmartinstaller_deu.exe 2015-12-13 09:17 - 2015-12-13 15:07 - 00000543 _____ C:\Users\RalfN\Desktop\JRT.txt 2015-12-13 09:16 - 2015-12-13 09:16 - 01599336 _____ (Malwarebytes) C:\Users\RalfN\Downloads\JRT.exe 2015-12-13 08:03 - 2015-12-13 15:07 - 00000000 ____D C:\AdwCleaner 2015-12-13 08:02 - 2015-12-13 08:02 - 01738240 _____ C:\Users\RalfN\Downloads\AdwCleaner_5.024.exe 2015-12-12 23:13 - 2015-12-12 23:13 - 00000000 ____D C:\Users\RalfN\AppData\Local\Windows Live 2015-12-12 22:20 - 2015-12-13 16:31 - 00000000 ____D C:\FRST 2015-12-12 20:33 - 2015-12-12 20:33 - 02369536 _____ (Farbar) C:\Users\RalfN\Downloads\FRST64.exe 2015-12-12 08:39 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-12 08:39 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-12 08:39 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-12 08:39 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-12-12 08:39 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-12 08:39 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-12 08:39 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-12 08:39 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-12 08:39 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-12 08:39 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-12 08:39 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-12 08:39 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-12 08:39 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-12-12 08:39 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-12 08:39 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-12 08:39 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-12 08:39 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-12 08:39 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-12-12 08:39 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-12 08:39 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-12 08:39 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-12 08:39 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-12 08:39 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-12 08:39 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-12 08:39 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-12 08:39 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-12 08:39 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-12 08:39 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-12-12 08:39 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-12-12 08:39 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-12 08:39 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-12 08:39 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-12 08:39 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-12 08:39 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-12 08:39 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-12 08:39 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-12-12 08:39 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-12 08:39 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-12 08:39 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-12 08:39 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-12 08:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-12 08:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL 2015-12-12 08:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-12 08:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-12 08:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-12 08:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL 2015-12-12 08:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-12 08:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-12 08:39 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2015-12-12 08:39 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll 2015-12-12 08:39 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2015-12-12 08:39 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll 2015-12-12 08:39 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls 2015-12-12 08:39 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\system32\locale.nls 2015-12-12 08:38 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-12-12 08:38 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-12-12 08:38 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-12-12 08:38 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-12-12 08:38 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-12-12 08:38 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-12-12 08:38 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-12-12 08:38 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-12-12 08:38 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-12-12 08:38 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-12 08:38 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-12 08:38 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-12 08:38 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-12 08:38 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-12 08:38 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-12 08:38 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-12 08:38 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-12 08:38 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-12 08:38 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-12-12 08:38 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-12 08:38 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-12 08:38 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-12 08:38 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-12 08:38 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-12 08:38 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-12 08:38 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-12 08:38 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-12 08:38 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-12 08:38 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-12 08:38 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-12 08:38 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2015-12-12 08:38 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-12 08:38 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-12 08:38 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2015-12-12 08:38 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2015-12-12 08:38 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-12-12 08:38 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-12-12 08:37 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-12-12 08:37 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-12-12 08:37 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2015-12-12 08:37 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2015-12-12 08:37 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2015-12-12 08:37 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2015-12-12 08:37 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2015-12-12 08:37 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2015-12-12 08:37 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2015-12-12 08:37 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys 2015-12-12 08:37 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll 2015-12-12 08:37 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll 2015-12-12 08:37 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe 2015-12-12 08:37 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2015-12-12 08:26 - 2015-12-13 15:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-12-12 08:26 - 2015-12-13 08:04 - 00000520 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cfc299b0-4e2e-4279-b4b9-c12c4342c460.job 2015-12-12 08:26 - 2015-12-13 08:04 - 00000520 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c5328900-c6dc-4171-b6b9-0a0e4f234d25.job 2015-12-12 08:26 - 2015-12-12 20:39 - 00003568 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task cfc299b0-4e2e-4279-b4b9-c12c4342c460 2015-12-12 08:26 - 2015-12-12 20:39 - 00003486 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c5328900-c6dc-4171-b6b9-0a0e4f234d25 2015-12-12 08:26 - 2015-12-12 08:26 - 00001830 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2015-12-12 08:26 - 2015-12-12 08:26 - 00000000 ____D C:\Users\RalfN\AppData\Roaming\SUPERAntiSpyware.com 2015-12-12 08:26 - 2015-12-12 08:26 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2015-12-12 08:26 - 2015-12-12 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-12-12 08:25 - 2015-12-12 08:25 - 24191912 _____ (SUPERAntiSpyware) C:\Users\RalfN\Downloads\SUPERAntiSpyware.exe 2015-12-12 08:20 - 2015-12-12 08:20 - 00001927 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2015-12-12 08:20 - 2015-12-12 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-12-12 08:20 - 2015-12-12 08:20 - 00000000 ____D C:\Program Files\HitmanPro 2015-12-12 08:19 - 2015-12-12 08:19 - 09867256 _____ (SurfRight B.V.) C:\Users\RalfN\Downloads\hitmanpro_x64.exe 2015-12-11 16:55 - 2015-12-12 20:39 - 00003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449849322 2015-12-11 16:55 - 2015-12-12 17:20 - 00000000 ____D C:\Program Files (x86)\Opera 2015-12-11 16:55 - 2015-12-11 16:55 - 35428072 _____ (Opera Software) C:\Users\RalfN\Downloads\opera_33.0.1990.115_setup.exe 2015-12-11 16:55 - 2015-12-11 16:55 - 00001157 _____ C:\Users\Public\Desktop\Opera.lnk 2015-12-11 16:55 - 2015-12-11 16:55 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-12-11 16:55 - 2015-12-11 16:55 - 00000000 ____D C:\Users\RalfN\AppData\Roaming\Opera Software 2015-12-11 16:55 - 2015-12-11 16:55 - 00000000 ____D C:\Users\RalfN\AppData\Local\Opera Software 2015-12-11 16:53 - 2015-12-11 16:53 - 00720272 _____ (Opera Software) C:\Users\RalfN\Downloads\Opera_NI_stable(1).exe 2015-12-11 16:51 - 2015-12-11 16:51 - 00720272 _____ (Opera Software) C:\Users\RalfN\Downloads\Opera_NI_stable.exe 2015-12-11 06:31 - 2015-12-11 06:32 - 00071254 _____ C:\Users\RalfN\Downloads\manually_sort_folders-1.1-tb.xpi 2015-12-10 10:57 - 2015-12-13 16:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-10 10:56 - 2015-12-10 10:56 - 22908888 _____ (Malwarebytes ) C:\Users\RalfN\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-10 10:56 - 2015-12-10 10:56 - 00001124 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-10 10:56 - 2015-12-10 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-10 10:56 - 2015-12-10 10:56 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-10 10:56 - 2015-12-10 10:56 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-10 10:56 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-10 10:56 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-10 10:56 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-10 10:42 - 2015-12-10 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2015-12-06 13:45 - 2015-12-06 13:45 - 00002206 _____ C:\Users\Public\Desktop\HP ENVY 7640 series.lnk 2015-12-06 13:45 - 2015-12-06 13:45 - 00000057 _____ C:\ProgramData\Ament.ini 2015-12-06 13:45 - 2015-12-06 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-12-06 13:45 - 2015-12-06 13:45 - 00000000 ____D C:\Program Files\HP 2015-12-06 13:45 - 2015-12-06 13:45 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-12-06 13:45 - 2014-08-22 05:12 - 00751624 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMDC11.dll 2015-11-26 09:43 - 2015-11-26 19:47 - 00000047 _____ C:\Users\RalfN\Documents\mt-x_hook.txt 2015-11-26 09:43 - 2015-11-26 19:47 - 00000009 _____ C:\Users\RalfN\Documents\mt-e_hook.txt 2015-11-26 08:13 - 2015-11-26 08:21 - 00001874 _____ C:\Users\RalfN\Desktop\ets2(x64)v1211s+6tr - Verknüpfung.lnk 2015-11-15 06:58 - 2015-11-15 07:03 - 00000000 ____D C:\ProgramData\Skype 2015-11-15 06:56 - 2015-12-12 08:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-11-15 06:56 - 2015-12-12 08:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-11-15 06:56 - 2015-12-12 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-15 06:50 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-15 06:50 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-15 06:50 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-15 06:50 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-15 06:50 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-15 06:50 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-15 06:50 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-15 06:50 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-15 06:50 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2015-11-15 06:50 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2015-11-15 06:50 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-15 06:50 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-15 06:50 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-15 06:50 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-15 06:50 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-11-15 06:50 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-15 06:50 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-15 06:50 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-11-15 06:50 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-15 06:50 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2015-11-15 06:50 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-11-15 06:50 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-11-15 06:50 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-11-15 06:50 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-11-15 06:50 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-11-15 06:50 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-11-15 06:50 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-11-15 06:50 - 2015-09-12 14:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml 2015-11-15 06:50 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-11-15 06:50 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2015-11-15 06:50 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-11-15 06:50 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys 2015-11-15 06:50 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe 2015-11-15 06:50 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-11-15 06:50 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-11-15 06:49 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2015-11-15 06:49 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-11-15 06:49 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2015-11-15 06:49 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2015-11-15 06:49 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2015-11-15 06:49 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2015-11-15 06:49 - 2015-06-09 23:39 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS 2015-11-15 06:49 - 2015-06-09 23:39 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys 2015-11-15 06:49 - 2015-06-09 23:38 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys 2015-11-15 06:49 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2015-11-15 06:49 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-11-15 06:49 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-13 16:26 - 2014-11-06 01:41 - 00766620 _____ C:\Windows\system32\perfh007.dat 2015-12-13 16:26 - 2014-11-06 01:41 - 00159902 _____ C:\Windows\system32\perfc007.dat 2015-12-13 16:26 - 2014-03-18 11:03 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-13 16:26 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-12-13 16:19 - 2015-04-30 13:05 - 00000000 ____D C:\Users\RalfN\AppData\Local\ClassicShell 2015-12-13 16:19 - 2014-12-25 04:10 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-13 16:19 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-13 16:19 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-13 15:31 - 2015-04-29 20:46 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B0AFB947-D443-425E-B087-58B5144F0358} 2015-12-13 14:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache 2015-12-13 13:34 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-12-13 10:07 - 2015-04-29 19:15 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2852321177-494340521-2433802200-1001 2015-12-13 08:24 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-13 08:04 - 2015-04-29 19:14 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-13 08:04 - 2015-04-29 19:14 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-13 07:30 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-12-12 23:12 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-12 20:39 - 2015-04-29 19:14 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-12 20:38 - 2015-04-29 19:14 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-12 08:49 - 2013-08-22 15:44 - 00370576 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-12 08:47 - 2015-06-21 12:56 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-12 08:46 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-12-12 08:43 - 2015-04-30 13:50 - 00000000 ____D C:\Windows\system32\MRT 2015-12-12 08:41 - 2015-04-30 13:50 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-12 08:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF 2015-12-11 09:43 - 2015-06-15 22:27 - 00000000 ____D C:\Users\RalfN\AppData\Local\G DATA 2015-12-10 11:26 - 2015-05-07 17:25 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-10 11:02 - 2014-11-06 00:39 - 00000000 ____D C:\Windows\Panther 2015-12-10 10:50 - 2015-06-15 15:59 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2015-12-10 10:47 - 2015-08-05 20:42 - 00007612 _____ C:\Users\RalfN\AppData\Local\Resmon.ResmonCfg 2015-12-10 10:42 - 2015-10-20 21:24 - 00002008 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2015-12-10 10:42 - 2015-06-15 15:52 - 00069120 _____ (G DATA Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2015-12-10 10:42 - 2015-06-15 15:51 - 00000000 ____D C:\Windows\ELAMBKUP 2015-12-10 10:42 - 2015-04-29 20:17 - 00000000 ____D C:\ProgramData\G Data 2015-12-10 10:42 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-10 09:51 - 2015-04-29 21:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-06 14:03 - 2015-04-29 19:10 - 00000000 ____D C:\Users\RalfN\AppData\Local\VirtualStore 2015-12-06 13:46 - 2015-04-30 14:27 - 00000000 ____D C:\Users\RalfN\AppData\Local\HP 2015-12-06 13:45 - 2015-04-30 13:09 - 00000000 ____D C:\Program Files (x86)\HP 2015-12-06 13:45 - 2015-04-29 22:09 - 00000000 ____D C:\ProgramData\HP 2015-12-03 19:19 - 2015-04-29 21:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-12-02 06:38 - 2015-04-30 15:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-12-01 18:19 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-01 18:19 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-01 09:25 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-11-28 21:56 - 2015-04-30 17:53 - 00000000 ____D C:\Users\RalfN\Documents\Euro Truck Simulator 2 2015-11-27 21:17 - 2015-08-04 10:28 - 00077600 _____ C:\Users\RalfN\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-27 16:42 - 2015-04-29 20:51 - 00000001 _____ C:\Users\Public\Documents\dgc.txt 2015-11-25 20:17 - 2015-05-05 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-11-25 20:17 - 2015-05-05 18:15 - 00000000 ____D C:\Program Files\Logitech 2015-11-25 15:47 - 2015-05-01 14:45 - 00000000 ____D C:\Program Files (x86)\Euro Truck Simulator 2 2015-11-15 07:01 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData 2015-11-15 06:57 - 2015-04-30 14:23 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-11-15 06:57 - 2015-04-30 14:23 - 00000000 ____D C:\Windows\system32\appraiser ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-10-28 12:13 - 2015-10-28 12:13 - 0020457 _____ () C:\Users\RalfN\AppData\Local\recently-used.xbel 2015-08-05 20:42 - 2015-12-10 10:47 - 0007612 _____ () C:\Users\RalfN\AppData\Local\Resmon.ResmonCfg 2015-12-06 13:45 - 2015-12-06 13:45 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-04-30 13:09 - 2015-10-14 15:01 - 0007764 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-12 09:00 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
durchgeführt von RalfN (2015-12-13 16:32:17)
Gestartet von C:\Users\RalfN\Desktop
Windows 8.1 (X64) (2015-04-29 18:09:56)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2852321177-494340521-2433802200-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2852321177-494340521-2433802200-501 - Limited - Disabled)
RalfN (S-1-5-21-2852321177-494340521-2433802200-1001 - Administrator - Enabled) => C:\Users\RalfN
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version: - Ubisoft)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
Boot Configure (HKLM-x32\...\{5563D674-6B02-43F4-B9D0-C2A944E84F3C}) (Version: 20.014.12127 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1408.201 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1410.1301 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1410.1301 - Micro-Star International Co., Ltd.) Hidden
EditPad Pro 7 DE DEMO 7.3.8 (HKLM\...\EditPad Pro 7) (Version: DE DEMO 7.3.8 - Just Great Software)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.5.2 - SCS Software)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Fraps (HKLM-x32\...\Fraps) (Version: - )
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.10 - G DATA Software AG)
GIANTS Editor 6.0.3 64-bit (HKLM-x32\...\giants_editor_6.0.3_win64_is1) (Version: 6.0.3 - GIANTS Software GmbH)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP ENVY 7640 series - Grundlegende Software für das Gerät (HKLM\...\{1BA4A70C-4AD1-404B-BBB0-67AABB8A6171}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
Intel Processor Diagnostic Tool 64bit (HKLM\...\{F24BC99D-3FC1-4503-BEFA-5DDD16C6265A}) (Version: 2.20.0.0 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.4.1.0 - GIANTS Software)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Options (HKLM\...\LogiOptions) (Version: - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 de)) (Version: 38.4.0 - Mozilla)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1412.1801 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1412.1801 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
NVIDIA 3D Vision Treiber 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Grafiktreiber 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 358.87 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Opera Stable 33.0.1990.115 (HKLM-x32\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Qualcomm Atheros 11AC Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.400 - Qualcomm Atheros)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1058 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7344 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
SCM (HKLM\...\{9BC0C4F3-ACBB-42DF-9559-93175E3B4095}) (Version: 13.014.10147 - Application)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 2.0.1412.1501 - Application)
Sizing Options (x32 Version: 2.0.1412.1501 - Application) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.) Hidden
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.06 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{9F9A13D5-D72F-4531-AEE9-F5EAFFD9B902}) (Version: 1.9.1409.0112 - SplitmediaLabs)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
11-12-2015 16:47:33 Removed Google Earth
12-12-2015 23:12:01 Windows Live Essentials
12-12-2015 23:12:09 WLSetup
13-12-2015 09:16:47 JRT Pre-Junkware Removal
13-12-2015 11:41:31 JRT Pre-Junkware Removal
13-12-2015 12:42:36 JRT Pre-Junkware Removal
13-12-2015 15:06:02 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {087A3226-B257-4BE6-AE0A-E421F8F22361} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
Task: {0AE8602E-0848-4503-A13F-E3E286E246F6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {10D11C5A-9740-4F85-B250-F5DEAA42E977} - System32\Tasks\Opera scheduled Autoupdate 1449849322 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
Task: {1694266E-E718-4AAC-9D68-00889DAC9D3A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
Task: {3CA7659B-0E84-4BF6-90D8-5E9356A85954} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {42C8EA18-F899-4967-8844-4A50F9024EA2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {4B6E17C2-8B2D-4F91-A5E2-9FA0BE809171} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\Windows\system32\GWX\GWX.exe
Task: {4F14A05B-A038-478A-9EE0-32093D9444D4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {5E23BA03-44DC-40B9-8B5D-694699A1270C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {639F8AFC-C487-4894-92EA-033902050591} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {6AFEE23D-257D-4563-930A-D80E87685F91} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {6D364A77-15FA-4A4F-A0AD-0B6F20FF35F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {A159013F-676F-4B43-BA31-956F40B05784} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
Task: {A597087B-FFBC-49BB-9A7B-B1A9B7F82D1B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-12] (Microsoft Corporation)
Task: {B8AE1A9E-7867-4C47-9BA4-98EE3C438E77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B99B0A56-100B-4011-9F12-4B98F68F0ED2} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)
Task: {BE529FF5-67B8-49B6-B33D-1E6EA10335AB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {C2933788-B7E4-4647-B3B2-FD2D2CF9B6DF} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {C4F25192-8004-449F-B62F-C8F79DA47BA7} - System32\Tasks\SUPERAntiSpyware Scheduled Task c5328900-c6dc-4171-b6b9-0a0e4f234d25 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {DA2C5A99-80BD-4DD6-977A-AE5815BB390E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-12-24] (Synaptics Incorporated)
Task: {DB9A8047-FFDA-493A-99EB-949499266B87} - System32\Tasks\SUPERAntiSpyware Scheduled Task cfc299b0-4e2e-4279-b4b9-c12c4342c460 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {DEF4850E-99C2-4DBD-A03B-842ECD97FCC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {FD738E22-AC9E-4CAB-9879-570CF350799E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c5328900-c6dc-4171-b6b9-0a0e4f234d25.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cfc299b0-4e2e-4279-b4b9-c12c4342c460.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-12-25 04:10 - 2015-11-02 14:22 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-09-22 03:44 - 2015-09-22 03:44 - 00387192 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-12-25 04:25 - 2014-02-21 20:21 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-12-25 04:25 - 2014-02-21 20:19 - 00366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-01-22 19:44 - 2014-01-22 19:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2013-05-23 18:15 - 2013-05-23 18:15 - 00025600 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\CoreAudioApi.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-09-20 01:15 - 2014-09-20 01:15 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-06-10 23:01 - 2015-10-12 04:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-09-06 10:18 - 2014-10-31 15:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-09-06 10:18 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-12-25 04:08 - 2013-12-10 00:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2852321177-494340521-2433802200-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2852321177-494340521-2433802200-1001\...\StartupApproved\StartupFolder: => "simplicheck.lnk"
HKU\S-1-5-21-2852321177-494340521-2433802200-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4351B0B2-E819-4804-B8B5-CD0D7C3181B5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F6105CE8-B70F-4070-A2F6-8ACCD1A49328}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{76C429E9-3955-4512-A5D5-76ABFD4E475C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{AFA8683C-FE85-4A78-9CCA-F5D407FBE8A7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{30680677-1B3D-44FA-8670-0BA7FBDE0D4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45320F0D-9A24-4039-8EF7-C2D0AA199412}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20E63EBA-E0B0-43BD-B1B4-9CA7FE5D7F89}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{04581031-50F6-4AF9-9AB0-AD79B5297600}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E2894D15-D53E-4208-83FF-EE60607B9C06}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3ABAA410-830D-4469-BD36-27C3D19C33D4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{342C007A-84D4-4B93-8B9E-7F8DE17FBBD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D57E3F32-4299-4CA7-90E6-F2FC65F3E8A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8A57BA6A-D9B8-4D70-824C-D06F25B56F18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B516147D-296B-49D5-8A09-6D4E4EA6C8DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3C392352-000B-4F14-BBE6-E4D3AC41344F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E6466C52-FE9A-44F9-AA01-498805105FEE}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{D380A5CB-9A23-42F1-A839-7E2419C293D7}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{D2AA86D6-E111-4EC3-8AB6-8021F53073D4}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{9266E227-E853-44C7-AB50-C9B6FE5FFE71}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{37F3E236-9B5E-4440-8066-0D2773B911E3}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{B065B90B-AF42-48F5-9872-869351356FCB}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{96D338E7-A12B-468B-81F3-66FDF11C7EDA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [{99F2A38D-F464-447E-9EF5-C2A4D877CE22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8921D7AE-F220-45B3-9390-2E0035EAF9DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3D7DD7F7-27B5-4FEE-AE41-9926D07520C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{9E25E37A-EECE-407A-A8A1-B24260B3BD7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{C07F9500-AF25-4F7A-9FE3-74AC4051B8F9}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe
FirewallRules: [{BEA12A80-EE32-437C-8798-742B35C6FDDD}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe
FirewallRules: [{1D2C07F0-0F7E-420B-9D10-A24AFE944539}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe
FirewallRules: [{6D661771-2EE0-4E14-9E96-A224ADD97737}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe
FirewallRules: [{BA97F709-E549-411E-9773-639D5F545E48}] => (Allow) LPort=5357
FirewallRules: [{A47D5C00-CC15-4229-9EA4-9163FC8793D6}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/13/2015 12:42:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (12/13/2015 12:00:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (12/13/2015 11:54:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (12/13/2015 11:53:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (12/13/2015 11:53:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (12/13/2015 09:23:56 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (12/12/2015 10:08:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: thunderbird.exe, Version: 38.4.0.5801, Zeitstempel: 0x564de93a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00000fd
Fehleroffset: 0xd52b2cd0
ID des fehlerhaften Prozesses: 0x2e8
Startzeit der fehlerhaften Anwendung: 0xthunderbird.exe0
Pfad der fehlerhaften Anwendung: thunderbird.exe1
Pfad des fehlerhaften Moduls: thunderbird.exe2
Berichtskennung: thunderbird.exe3
Vollständiger Name des fehlerhaften Pakets: thunderbird.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: thunderbird.exe5
Error: (12/12/2015 01:41:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: thunderbird.exe, Version: 38.4.0.5801, Zeitstempel: 0x564de93a
Name des fehlerhaften Moduls: xul.dll, Version: 38.4.0.5801, Zeitstempel: 0x564dea14
Ausnahmecode: 0x80000003
Fehleroffset: 0x01341f92
ID des fehlerhaften Prozesses: 0xc58
Startzeit der fehlerhaften Anwendung: 0xthunderbird.exe0
Pfad der fehlerhaften Anwendung: thunderbird.exe1
Pfad des fehlerhaften Moduls: thunderbird.exe2
Berichtskennung: thunderbird.exe3
Vollständiger Name des fehlerhaften Pakets: thunderbird.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: thunderbird.exe5
Error: (12/12/2015 09:00:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WinRE tools" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (12/12/2015 08:51:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13ac
Startzeit: 01d134b1aec0a74e
Endzeit: 0
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 186e9890-a0a5-11e5-82a1-c038962fa304
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (12/13/2015 03:06:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/13/2015 12:06:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Description" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/13/2015 12:06:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/13/2015 12:06:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Description" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/13/2015 12:06:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/13/2015 12:06:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "DelayedAutostart" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/13/2015 12:06:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Description" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/13/2015 12:06:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/13/2015 12:01:41 PM) (Source: DCOM) (EventID: 10010) (User: Ralf)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/13/2015 12:01:11 PM) (Source: DCOM) (EventID: 10010) (User: Ralf)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 16336.83 MB
Verfügbarer physikalischer RAM: 13189.64 MB
Summe virtueller Speicher: 18768.83 MB
Verfügbarer virtueller Speicher: 15299.88 MB
==================== Laufwerke ================================
Drive c: (OS_Install) (Fixed) (Total:237.47 GB) (Free:122.36 GB) NTFS
Drive d: (Data) (Fixed) (Total:909.37 GB) (Free:907.46 GB) NTFS
Drive e: (FarmingSimulator) (CDROM) (Total:1.91 GB) (Free:0 GB) CDFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 5BA96E0B)
Partition: GPT.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 5BA96DF5)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
13.12.2015, 16:44
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Malwarebytes meldet Outbond Data Camp Limited GDATA vorübergehend deaktivieren: Schritt 1  Bitte lade Dir herdprotect von Reason Software (portable edition) auf Deinen Desktop.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
13.12.2015, 17:19
| #5 |
| | Malwarebytes meldet Outbond Data Camp Limited herdprotect Code:
ATTFilter Saved date: 13.12.2015 17:17:29
Files detected: 19
Files scanned: 10.442
Processes scanned: 93
Modules scanned: 807
ASEPs scanned: 537
Downloads scanned: 0
Deep analysis: 6/2
--------------------------------------------------------------------------------
-
Files
--------------------------------------------------------------------------------
-
File path: c:\program files (x86)\common files\steam
\steamservice.exe
Publisher: Valve Corporation
Signer: Valve
MD5: 5852d5fadd589643b6c1b5be9d257a50
SHA-1: c426c242b908a73dcc9b0d5e79c9aa232e93109b
Created: 07.05.2015 18:25:38
Detections: 1
Determination: Ignore detections (false positive)
- Avira AntiVirus as TR/Dropper.Gen (Undefined)
--------------------------------------------------------------------------------
-
File path: c:\windows\updreg.exe
Publisher: Creative Technology Ltd.
MD5: c419df63e0121d72411285780c2fc6cc
SHA-1: 1b9682064bc79c310c7b253d0cef2f4fa440a80d
Created: 25.12.2014 04:25:43
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as
Optional.Startup.CreativeTechnology.G
--------------------------------------------------------------------------------
-
File path: c:\program files (x86)\cyberlink
\powerdvd10\pdvdlaunchpolicy.exe
Publisher: CyberLink Corp.
Signer: CyberLink Corp.
MD5: a6f41bf69b7648d3a545f08cb187378a
SHA-1: b2b07a455fdd1da15076540b8d07b215d4f858f0
Created: 09.03.2013 00:18:52
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)
--------------------------------------------------------------------------------
-
File path: c:\users\ralfn\appdata\roaming\mozilla\firefox\profiles
\xt5ypgsy.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
Publisher:
MD5: 9c5713265042dc96c906b30eea21f9ec
SHA-1: 89a41f6d2ad56c96bc06bf0bb8e514a01893d9f1
Created: 29.04.2015 22:40:46
Detections: 2
Determination: Ignore detections (false positive)
- Trend Micro as HEUR_HTJS.HDJSFN (Undefined)
- Fortinet FortiGate as JS/Obfuscus.AACA!tr (Undefined)
--------------------------------------------------------------------------------
-
File path: c:\users\ralfn\downloads\frst64.exe
Publisher: Farbar
MD5: 5af29d8fdda9e4f0916ef3bf64ba8507
SHA-1: 51c7e63f4b865bf41a0d387a5297f56942effe23
Created: 12.12.2015 20:33:15
Detections: 3
Determination: Ignore detections (false positive)
- Zillya! Antivirus as Trojan.Disfa.Win32.41659
(Undefined)
- Jiangmin as Trojan/Autoit.urp (Undefined)
- IKARUS anti.virus as Trojan.MSIL.Bladabindi
(Undefined)
--------------------------------------------------------------------------------
-
File path: c:\users\ralfn\desktop\dyeable_color_pickerfs15.exe
Publisher:
MD5: c2a175a7c8714c3866897363924acfd6
SHA-1: 43b64bdc5a35cfe19c242a415656c1639a3db876
Created: 11.10.2015 23:54:32
Detections: 2
Determination: Ignore detections (false positive)
- NANO AntiVirus as Trojan.Win32.Zapchast.dfhoix
(Undefined)
- IKARUS anti.virus as Trojan.Inject2 (Undefined)
--------------------------------------------------------------------------------
-
File path: c:\users\ralfn\desktop\frst64.exe
Publisher: Farbar
MD5: 5af29d8fdda9e4f0916ef3bf64ba8507
SHA-1: 51c7e63f4b865bf41a0d387a5297f56942effe23
Created: 13.12.2015 16:31:32
Detections: 3
Determination: Ignore detections (false positive)
- Zillya! Antivirus as Trojan.Disfa.Win32.41659
(Undefined)
- Jiangmin as Trojan/Autoit.urp (Undefined)
- IKARUS anti.virus as Trojan.MSIL.Bladabindi
(Undefined)
--------------------------------------------------------------------------------
-
File path: c:\windows\syswow64\ext-ms-win-cluster-clusapi-l1-1-
1.dll
Publisher: Microsoft Corporation
MD5: 6f5557e3f97cb2a957da5dcdaf1e22c1
SHA-1: c2a27e776fbfc3666642425dcc5f2b34bb41cb10
Created: 22.08.2013 06:14:14
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Backdoor/Bifrose.fxu (Undefined)
--------------------------------------------------------------------------------
-
File path: c:\windows\syswow64\igdrcl32.dll
Publisher: Intel Corporation
MD5: 5d7a702c5dc8c2a4087b7be235f95524
SHA-1: 72e4401452f52639ae7c2e674fdf8f6b5da1d09a
Created: 24.12.2014 08:21:55
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as Troj.W32.Gen (Undefined)
--------------------------------------------------------------------------------
-
File path: c:\windows\syswow64\kbdcherp.dll
Publisher: Microsoft Corporation
MD5: f992fe1d923f59f806442449f3ea557b
SHA-1: d216f5bc5d466c1c9d94aa57a28c5226b214bdbc
Created: 22.08.2013 06:15:06
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Kryptik.ahcy (Undefined)
--------------------------------------------------------------------------------
-
File path: c:\programdata\application data\logishrd\logioptions
\software\3.20.35\uninstaller.exe
Publisher: Logitech Inc.
MD5: 368ad52de516c60072f6d01cfd852aee
SHA-1: ccea1a28382351d3a561f5a9c6676ede1b9f0a42
Created: 24.11.2015 06:40:49
Detections: 1
Determination: Inconclusive
- F-Secure as Riskware.Gen:Variant.Application.Bundler
(Adware)
--------------------------------------------------------------------------------
-
File path: c:\programdata\application data\nvidia corporation
\geforce experience\update\gfexperience.nvstreamsrv\amd64\server\nvinject.dll
Publisher: NVIDIA Corporation
Signer: NVIDIA Corporation PE Sign v2014
MD5: 8af72680093bf0d9bff5331f6f0c1de2
SHA-1: c069dd017b93a7b5087ac1df3e3948d712a5ae43
Created: 27.10.2015 22:59:20
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.Kuluoz!6.1EFA
(Undefined)
--------------------------------------------------------------------------------
-
File path: c:\programdata\application data\nvidia corporation
\geforce experience\update\gfexperience.nvstreamsrv\x86\server\nvinject.dll
Publisher: NVIDIA Corporation
Signer: NVIDIA Corporation PE Sign v2014
MD5: a810cda37542326021fa6c5b40bb8148
SHA-1: 4b3b96d7d3dc699ed902d893f1a2db1f68c9a0a1
Created: 27.10.2015 22:59:20
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.Kuluoz!6.1EFA
(Undefined)
--------------------------------------------------------------------------------
-
File path: c:\programdata\logishrd\logioptions\software
\3.20.35\uninstaller.exe
Publisher: Logitech Inc.
MD5: 368ad52de516c60072f6d01cfd852aee
SHA-1: ccea1a28382351d3a561f5a9c6676ede1b9f0a42
Created: 24.11.2015 06:40:49
Detections: 1
Determination: Inconclusive
- F-Secure as Riskware.Gen:Variant.Application.Bundler
(Adware)
--------------------------------------------------------------------------------
-
File path: c:\programdata\nvidia corporation\geforce experience
\update\gfexperience.nvstreamsrv\amd64\server\nvinject.dll
Publisher: NVIDIA Corporation
Signer: NVIDIA Corporation PE Sign v2014
MD5: 8af72680093bf0d9bff5331f6f0c1de2
SHA-1: c069dd017b93a7b5087ac1df3e3948d712a5ae43
Created: 27.10.2015 22:59:20
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.Kuluoz!6.1EFA
(Undefined)
--------------------------------------------------------------------------------
-
File path: c:\programdata\nvidia corporation\geforce experience
\update\gfexperience.nvstreamsrv\x86\server\nvinject.dll
Publisher: NVIDIA Corporation
Signer: NVIDIA Corporation PE Sign v2014
MD5: a810cda37542326021fa6c5b40bb8148
SHA-1: 4b3b96d7d3dc699ed902d893f1a2db1f68c9a0a1
Created: 27.10.2015 22:59:20
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.Kuluoz!6.1EFA
(Undefined)
--------------------------------------------------------------------------------
-
File path: c:\program files\ccleaner\lang\lang-1059.dll
Publisher:
MD5: 72eeebe4ee126c315c06d5a4a98b4757
SHA-1: a34b7840e566e66fe773bcdc0071006660b526cf
Created: 16.09.2015 21:34:08
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/PSW.Kates.bw (Undefined)
--------------------------------------------------------------------------------
-
File path: c:\program files\difx\d29fe547208fe130\dpinst.exe
Publisher: Microsoft Corporation
MD5: 4192a5b905374e423ec1e545599aa86e
SHA-1: 908c09de28bb3cc09601da5d4e1f44becc9df18f
Created: 25.12.2014 04:14:55
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Android.Riskware.Nandrobox
(Undefined)
--------------------------------------------------------------------------------
-
File path: c:\program files\gimp 2\bin\libhunspell-1.3-0.dll
Publisher:
MD5: ea9af63fb11bb51f5b0c6eae7a500b3b
SHA-1: 12a73ff4dd7ca24224d1c585470e2eef43290eab
Created: 07.09.2015 19:20:29
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Trojan.Malware.Obscu.Gen.009
(Undefined)
2 uninstaller.exe von Logitech und 1 datei zur farbwahl beim modden für LS15 |
|
13.12.2015, 17:34
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Malwarebytes meldet Outbond Data Camp Limited Installiere das mal bitte: Firefox: https://addons.mozilla.org/de/firefo.../adblock-plus/ Opera: https://addons.opera.com/extensions/...gcdocjalghfpkp Danach sollte Ruhe sein.
__________________ --> Malwarebytes meldet Outbond Data Camp Limited |
|
13.12.2015, 17:40
| #7 |
| | Malwarebytes meldet Outbond Data Camp Limited Ich habe vor Installation von Ublock als Adblocker Adblock plus installiert gehabt und bewusst deinstalliert weil ich genau da ein Problem vermutet hatte. |
|
13.12.2015, 17:52
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Malwarebytes meldet Outbond Data Camp Limited Wenn auf der Seite irgendwelche Werbebanner sind, dann mault MBAM. Hat aber nichts mit Deinem PC zu tun.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
13.12.2015, 17:54
| #9 |
| | Malwarebytes meldet Outbond Data Camp Limited OK, dann versuche ich es erst nochmal mit Adblock plus. Vorschläge für bestimmte Filterlisten? Danke dir!  |
|
13.12.2015, 18:09
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Malwarebytes meldet Outbond Data Camp Limited Nö. Mich würden die Meldungen von MBAM auch nicht stören. Dafür hast ja den Web-Schutz aktiviert.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
13.12.2015, 18:25
| #11 |
| | Malwarebytes meldet Outbond Data Camp Limited na das liegt daran dass ich unsicher bin dass das eben durch ein Fiesling im Browser initiiert werden könnte. wenn dem nicht so ist, dann störts mich auch nicht. kurioserweise macht der desktop PC meiner frau, ebenfalls mit Gdata und Mbam das eben nicht |
|
13.12.2015, 18:59
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Malwarebytes meldet Outbond Data Camp Limited Im Firefox ist nur das suspekt: web Plugin Plus Aber das ist schon länger installiert. Wenn nicht benötigt oder bekannt, deinstallieren. In Opera sieht man nichts. Mach das mal bitte und berichte ob MBAM noch mault: Firefox in safe mode: 
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
13.12.2015, 19:06
| #13 |
| | Malwarebytes meldet Outbond Data Camp Limited web plugin war ohnehin deaktiviert und hab ich gerade gelöscht und da ich gerade wieder Ruhe habe, das heißt Mbam zeigt nichts an, bringts wohl kaum was momentan ohne Addons zu propieren. teste es aber sollten die meldungen wieder auftauchen |
|
13.12.2015, 19:15
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Malwarebytes meldet Outbond Data Camp Limited OK.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
13.12.2015, 22:19
| #15 |
| | Malwarebytes meldet Outbond Data Camp Limited Irgendwas ist hier faul... wieder ne zeitlang Ruhe und dann gings wieder los. Keine Ahnung was das Ganze auslöst. Nachdem es vermehrt aufgetreten ist habe ich erneut JRT laufen lassen und siehe da, heute Mittag noch ohne Befund habe ich dies nun Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64
Ran by RalfN (Administrator) on 13.12.2015 at 21:46:32,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Successfully deleted: C:\Users\RalfN\AppData\Roaming\Mozilla\Firefox\Profiles\xt5ypgsy.default\extensions\staged (Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.12.2015 at 21:48:04,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
| Themen zu Malwarebytes meldet Outbond Data Camp Limited |
| aufruf, code, connection, data, detected, failed, files, firefox, geblockt, installiert, internet, log, malwarebytes, meldung, meldungen, mozilla, opera, port, problem, scan, seite, spyware, system, update, version |
Linear-Darstellung
