|
Log-Analyse und Auswertung: Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.12.2015, 13:08 | #1 |
| Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. Wenn ich meinen Pc starte erscheint kurz nach dem Hochfahren ein Fenster, welches mich auffordert ein Programm auszuwählen, mit dem ich eine Datei öffnen soll. (ich habe aber keine Ahnung was das für eine Datei ist). Zudem ist mein Pc zunehmend langsamer geworden. FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:19-12-2015 durchgeführt von Dean Bönkendorf (Administrator) auf MININT-NCPHE64 (19-12-2015 12:59:05) Gestartet von C:\Users\Dean Bönkendorf\Desktop Geladene Profile: Dean Bönkendorf (Verfügbare Profile: Dean Bönkendorf) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-07-04] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-18] (NVIDIA Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.) HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [9135984 2015-11-23] (Emsisoft Ltd) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.) HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\Run: [Spotify Web Helper] => C:\Users\Dean Bönkendorf\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-14] (Spotify Ltd) HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC) HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\Run: [BingSvc] => C:\Users\Dean Bönkendorf\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-12-15] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-12-11] ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{19138F64-D0A2-442A-BE73-96BCF77C3D04}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Internet Explorer: ================== HKU\S-1-5-21-330146135-2436004342-2132212847-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-330146135-2436004342-2132212847-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-330146135-2436004342-2132212847-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-de SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) FireFox: ======== FF ProfilePath: C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: google.de FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q= FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-330146135-2436004342-2132212847-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dean Bönkendorf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-27] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-330146135-2436004342-2132212847-1001: electronicarts.com/GameFacePlugin -> C:\Users\Dean Bönkendorf\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts) FF Extension: NoScript - C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-23] FF Extension: Bing Search - C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-11-26] FF Extension: YouTube Unblocker - C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\Extensions\youtubeunblocker@unblocker.yt [2015-12-02] FF Extension: Adblock Plus - C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15] FF HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR Profile: C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10] CHR Extension: (Google Docs) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10] CHR Extension: (Google Drive) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10] CHR Extension: (YouTube) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10] CHR Extension: (Google-Suche) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-10] CHR Extension: (Google Tabellen) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10] CHR Extension: (Avira Browserschutz) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-10] CHR Extension: (SoundCloud Downloader Free) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-02-10] CHR Extension: (Google Wallet) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-10] CHR Extension: (Google Mail) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-10] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [10768560 2015-11-23] (Emsisoft Ltd) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] () S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-10] () S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-13] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-13] (Dropbox, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S3 Origin Client Service; D:\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts) R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2015-02-20] () S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] () S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 epp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-11-12] (Emsisoft Ltd) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia) R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-06-01] (SteelSeries ApS) R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2015-11-13] (SteelSeries ApS) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [132160 2014-08-19] (Yamaha Corporation) S3 AIDA64Driver; \??\C:\Users\Administrator.MININT-NCPHE64\Desktop\X13\Aida64Business\kerneld.x64 [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S3 WinRing0_1_2_0; \??\C:\Users\Administrator.MININT-NCPHE64\Desktop\X13\OpenHardwareMonitor\OpenHardwareMonitor.sys [X] S3 xhunter1; \??\C:\windows\xhunter1.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-19 12:59 - 2015-12-19 12:59 - 00019672 _____ C:\Users\Dean Bönkendorf\Desktop\FRST.txt 2015-12-19 12:59 - 2015-12-19 12:59 - 00000000 ____D C:\FRST 2015-12-19 12:58 - 2015-12-19 12:58 - 02370048 _____ (Farbar) C:\Users\Dean Bönkendorf\Desktop\FRST64.exe 2015-12-17 18:09 - 2015-12-17 18:12 - 00015102 _____ C:\Users\Dean Bönkendorf\Desktop\Essensplan.odt 2015-12-13 22:39 - 2015-12-13 22:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2015-12-13 22:39 - 2015-12-13 22:39 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack 2015-12-13 18:12 - 2015-12-19 12:49 - 00000000 ___RD C:\Users\Dean Bönkendorf\Dropbox 2015-12-13 18:12 - 2015-12-13 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-13 18:11 - 2015-12-13 18:11 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\Dropbox 2015-12-13 18:10 - 2015-12-19 12:49 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Local\Dropbox 2015-12-13 18:10 - 2015-12-19 12:47 - 00001228 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-12-13 18:10 - 2015-12-19 00:15 - 00001232 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-12-13 18:10 - 2015-12-13 18:12 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-12-13 18:10 - 2015-12-13 18:10 - 00004228 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA 2015-12-13 18:10 - 2015-12-13 18:10 - 00003976 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore 2015-12-13 18:10 - 2015-12-13 18:10 - 00000000 ____D C:\ProgramData\Dropbox 2015-12-09 19:20 - 2015-12-09 19:20 - 09498816 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2015-12-09 18:19 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2015-12-09 18:19 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2015-12-09 18:19 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll 2015-12-09 18:19 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2015-12-09 18:19 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2015-12-09 18:19 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2015-12-09 18:19 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll 2015-12-09 18:19 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2015-12-09 18:19 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-12-09 18:19 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-12-09 18:19 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll 2015-12-09 18:19 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll 2015-12-09 18:19 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll 2015-12-09 18:19 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll 2015-12-09 18:19 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-12-09 18:19 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-12-09 18:19 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-12-09 18:19 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-12-09 18:19 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-12-09 18:19 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-12-09 18:19 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-12-09 18:19 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2015-12-09 18:19 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2015-12-09 18:19 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll 2015-12-09 18:19 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2015-12-09 18:19 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll 2015-12-09 18:19 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-12-09 18:19 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-12-09 18:19 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-12-09 18:19 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2015-12-09 18:19 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-12-09 18:19 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2015-12-09 18:19 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2015-12-09 18:19 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-12-09 18:19 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-12-09 18:19 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2015-12-09 18:19 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-12-09 18:19 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-12-09 18:19 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-12-09 18:19 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-12-09 18:19 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-09 18:19 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2015-12-09 18:19 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-12-09 18:19 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2015-12-09 18:19 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2015-12-09 18:19 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-12-09 18:19 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-12-09 18:19 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2015-12-09 18:19 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-12-09 18:19 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-12-09 18:19 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-12-09 18:19 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-12-09 18:19 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-12-09 18:19 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-12-09 18:19 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-12-09 18:19 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-12-09 18:19 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-12-09 18:19 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-12-09 18:19 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-12-09 18:19 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-12-09 18:19 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-12-09 18:19 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-12-09 18:19 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-12-09 18:19 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-12-09 18:19 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-12-09 18:19 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-12-09 18:19 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-12-09 18:19 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-12-09 18:19 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-12-09 18:19 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 18:19 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-12-09 18:19 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-12-09 18:19 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2015-12-09 18:19 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2015-12-09 18:19 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-12-09 18:19 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-12-09 18:19 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-12-09 18:19 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-12-09 18:19 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-12-09 18:19 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-12-09 18:19 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-12-09 18:19 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-12-09 18:19 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll 2015-12-09 18:19 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll 2015-12-09 18:19 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2015-12-09 18:19 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2015-12-09 18:19 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys 2015-12-09 18:19 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2015-12-09 18:19 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll 2015-12-09 18:19 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll 2015-12-09 18:19 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL 2015-12-09 18:19 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll 2015-12-09 18:19 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL 2015-12-09 18:19 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL 2015-12-09 18:19 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll 2015-12-09 18:19 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL 2015-12-09 18:19 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll 2015-12-09 18:19 - 2015-10-08 20:13 - 00419928 _____ C:\windows\SysWOW64\locale.nls 2015-12-09 18:19 - 2015-10-08 19:52 - 00419928 _____ C:\windows\system32\locale.nls 2015-12-09 18:18 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll 2015-12-09 18:18 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll 2015-11-29 02:37 - 2015-11-29 02:37 - 00000000 ___DL C:\Users\Dean Bönkendorf\AppData\LocalLow\PlayReady 2015-11-29 02:20 - 2015-12-10 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-29 02:20 - 2015-12-10 00:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-11-29 02:20 - 2015-12-10 00:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-11-25 13:18 - 2015-11-25 13:18 - 00000000 ____D C:\Users\Public\Documents\sun 2015-11-22 22:51 - 2015-11-22 23:55 - 00000000 ____D C:\Users\Dean Bönkendorf\Documents\FIFA 16 2015-11-22 22:18 - 2015-12-11 17:15 - 00000832 _____ C:\Users\Public\Desktop\FIFA 16.lnk 2015-11-22 22:18 - 2015-11-22 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16 2015-11-19 19:24 - 2015-12-15 12:40 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-11-19 19:20 - 2015-11-19 19:20 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-19 12:59 - 2014-12-15 20:58 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2015-12-19 12:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-12-19 12:51 - 2014-09-10 11:55 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-12-19 12:51 - 2014-09-10 11:55 - 00001081 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-12-19 12:51 - 2014-09-10 11:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-19 12:50 - 2015-05-09 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-19 12:48 - 2009-07-14 05:45 - 00032336 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-19 12:48 - 2009-07-14 05:45 - 00032336 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-19 12:47 - 2014-09-05 15:06 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-19 12:47 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-12-19 00:46 - 2014-06-12 08:30 - 01592628 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2015-12-19 00:46 - 2011-04-12 08:43 - 00699092 _____ C:\windows\system32\perfh007.dat 2015-12-19 00:46 - 2011-04-12 08:43 - 00149232 _____ C:\windows\system32\perfc007.dat 2015-12-19 00:46 - 2009-07-14 06:13 - 01592628 _____ C:\windows\system32\PerfStringBackup.INI 2015-12-19 00:46 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf 2015-12-19 00:45 - 2015-04-04 02:00 - 00000000 ___SD C:\windows\SysWOW64\GWX 2015-12-19 00:45 - 2015-04-04 02:00 - 00000000 ___SD C:\windows\system32\GWX 2015-12-19 00:44 - 2014-10-02 18:06 - 00000000 ____D C:\ProgramData\Origin 2015-12-19 00:20 - 2015-04-20 21:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2015-12-18 22:32 - 2014-09-10 12:12 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-17 21:25 - 2015-07-26 17:45 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\neuerstuff 2015-12-17 21:25 - 2015-06-24 21:49 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\Studium 2015-12-17 21:25 - 2015-05-07 23:41 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\RNBshit 2015-12-17 21:25 - 2015-01-10 19:57 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\eigene mukke 2015-12-17 21:25 - 2014-09-10 12:29 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\PcSachen 2015-12-17 21:03 - 2014-09-10 13:40 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\TS3Client 2015-12-17 18:12 - 2015-10-27 17:58 - 00249344 ___SH C:\Users\Dean Bönkendorf\Desktop\Thumbs.db 2015-12-13 22:42 - 2014-10-05 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-12-13 22:42 - 2014-10-05 19:02 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\DVDVideoSoft 2015-12-13 18:12 - 2014-09-10 11:47 - 00000000 ____D C:\Users\Dean Bönkendorf 2015-12-13 17:36 - 2014-10-02 18:24 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Local\Spotify 2015-12-13 17:33 - 2014-09-10 19:11 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\Spotify 2015-12-12 12:43 - 2015-05-16 23:49 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\ich 2015-12-11 22:48 - 2015-01-09 18:26 - 00000000 ____D C:\Users\Dean Bönkendorf\Documents\Cubase LE AI Elements Projects 2015-12-11 18:37 - 2015-10-05 01:26 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\steelseries-engine-3-client 2015-12-11 18:34 - 2014-10-30 19:53 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\anstehendes 2015-12-11 15:09 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache 2015-12-10 15:12 - 2009-07-14 05:45 - 00368536 _____ C:\windows\system32\FNTCACHE.DAT 2015-12-10 00:53 - 2014-06-12 08:37 - 00000000 ____D C:\windows\system32\MRT 2015-12-10 00:50 - 2014-06-12 08:37 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-12-09 19:20 - 2015-04-20 21:03 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-12-09 19:20 - 2014-09-10 19:14 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-12-09 19:20 - 2014-09-10 19:14 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2015-11-28 22:09 - 2014-09-10 13:37 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-11-26 22:48 - 2015-10-30 22:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-22 22:18 - 2014-06-17 11:30 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-22 22:18 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-11-20 18:49 - 2014-09-10 11:51 - 00104048 _____ C:\Users\Dean Bönkendorf\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-19 19:20 - 2014-10-16 18:27 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-12-12 21:40 - 2014-12-12 21:40 - 0000148 _____ () C:\Users\Dean Bönkendorf\AppData\Roaming\tmp_register.bat 2014-10-16 20:22 - 2014-10-16 20:22 - 0000874 _____ () C:\Users\Dean Bönkendorf\AppData\Local\recently-used.xbel 2014-09-05 14:58 - 2014-09-05 14:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\windows\system32\winlogon.exe => Datei ist digital signiert C:\windows\system32\wininit.exe => Datei ist digital signiert C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\windows\explorer.exe => Datei ist digital signiert C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\windows\system32\svchost.exe => Datei ist digital signiert C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\windows\system32\services.exe => Datei ist digital signiert C:\windows\system32\User32.dll => Datei ist digital signiert C:\windows\SysWOW64\User32.dll => Datei ist digital signiert C:\windows\system32\userinit.exe => Datei ist digital signiert C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\windows\system32\rpcss.dll => Datei ist digital signiert C:\windows\system32\dnsapi.dll => Datei ist digital signiert C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-11 15:02 ==================== Ende von FRST.txt ============================ Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:19-12-2015 durchgeführt von Dean Bönkendorf (2015-12-19 12:59:49) Gestartet von C:\Users\Dean Bönkendorf\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2014-09-10 10:47:37) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-330146135-2436004342-2132212847-500 - Administrator - Disabled) Dean Bönkendorf (S-1-5-21-330146135-2436004342-2132212847-1001 - Administrator - Enabled) => C:\Users\Dean Bönkendorf Gast (S-1-5-21-330146135-2436004342-2132212847-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-330146135-2436004342-2132212847-1003 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.) Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.) Canon MX470 series Benutzerregistrierung (HKLM-x32\...\Canon MX470 series Benutzerregistrierung) (Version: - *Canon Inc.) Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.) Canon MX470 series On-screen Manual (HKLM-x32\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DRAGON BALL XENOVERSE (HKLM-x32\...\Steam App 323470) (Version: - DIMPS) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts) EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts) eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.1.1169 - Steinberg Media Technologies GmbH) Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd) FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.4.64673.4 - Electronic Arts) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free Audio Converter (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.71.1211 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.46.923 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.) G-sonique Alien303 VSTi (HKLM-x32\...\G-sonique Alien303 VSTi) (Version: - ) H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.) Mortal Kombat X (HKLM-x32\...\Steam App 307780) (Version: - NetherRealm Studios) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 42.0 (x64 de) (HKLM\...\Mozilla Firefox 42.0 (x64 de)) (Version: 42.0 - Mozilla) Mozilla Firefox 43.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 de)) (Version: 43.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0 - Mozilla) NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version: - CyberConnect 2) NARUTO SHIPPUDEN: Ultimate Ninja STORM Revolution (HKLM-x32\...\Steam App 272510) (Version: - CyberConnect2 Co., Ltd.) Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version: - ) Native Instruments Kontakt 3 (HKLM-x32\...\Native Instruments Kontakt 3) (Version: - ) NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.60 - NVIDIA Corporation) NVIDIA Grafiktreiber 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.) Pro-Sounds PS-1 (HKLM-x32\...\Pro-Sounds PS-1) (Version: 1.2 - Pro-Sounds) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7255 - Realtek Semiconductor Corp.) Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia) Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) SteelSeries Engine 3.6.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.2 - SteelSeries ApS) Steinberg Cubase LE AI Elements 7 64bit (HKLM\...\{67E7C608-D0EA-4273-B374-50ABE42FBE08}) (Version: 7.0.80 - Steinberg Media Technologies GmbH) Steinberg Cubase LE AI Elements 8 64bit (HKLM\...\{C801D1E6-30E3-46BE-368D-0106B42CCE17}) (Version: 8.0.20 - Steinberg Media Technologies GmbH) Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH) Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.2.0 - Steinberg Media Technologies GmbH) Steinberg Groove Agent SE Acoustic Agent (HKLM-x32\...\{F34EA13C-F078-4003-AE21-43EAB2680EC5}) (Version: 1.0.1 - Steinberg Media Technologies GmbH) Steinberg Groove Agent SE Content (HKLM-x32\...\{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}) (Version: 1.2.1 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 2.0.1 - Steinberg Media Technologies GmbH) Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH) Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH) Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH) Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH) Sublime Text 2.0.2 (HKLM-x32\...\Sublime Text 2_is1) (Version: - ) Syncrosofts Lizenz Kontrolle (HKLM-x32\...\Syncrosoft's License Control) (Version: - Syncrosoft Hard- Und Software GmbH) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED) Unity Web Player (HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft) Voxengo Voxformer (HKLM\...\Voxengo Voxformer_is1) (Version: 2.9 - Voxengo) VPNAutoconnect (HKLM-x32\...\{8E557F21-99AE-440D-8058-CD8CB3302E13}) (Version: 1.15 - globalip) Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol) WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) Xleaner v4.28.1368 (HKLM-x32\...\{72D84E46-E633-4729-8A77-2347C8CD4096}_is1) (Version: - More Than A Cleaner.de) Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{905A4D64-E752-4BC1-9D18-F7747F4C7D87}) (Version: 1.9.0 - Yamaha Corporation) Yamaha Steinberg USB Driver (Version: 1.9.0 - Yamaha Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 11-12-2015 17:15:07 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 11-12-2015 18:35:04 DirectX wurde installiert 14-12-2015 18:32:46 Windows Update 18-12-2015 00:06:40 Windows Update 19-12-2015 00:45:04 Windows Update ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2014-12-13 12:49 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {187D9DC8-1A69-4008-BE52-D594B8052520} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-13] (Dropbox, Inc.) Task: {3954EF81-194D-4CC2-B281-F0EEC8CA78C9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {3C29ECE2-184F-47A3-9D92-656307001381} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {4E704D28-DCEF-4CD0-A777-64802F32DA65} - System32\Tasks\{B0DE84C7-555B-4C99-93F4-F2C37F6A2D68} => pcalua.exe -a "C:\Users\Administrator.MININT-M7F55PD\Desktop\DX C++ PhysX .NET\dotnetfx35\dotnetfx35.exe" -d "C:\Users\Administrator.MININT-M7F55PD\Desktop\DX C++ PhysX .NET\dotnetfx35" Task: {567811F8-BBD7-4ACE-A757-2F1AC97C4CF3} - System32\Tasks\{24F23C0E-A6E4-4B1F-BFB9-C44C17279C8F} => pcalua.exe -a "C:\Users\Dean Bönkendorf\Desktop\Adobe\Audition 3.0\Adobe Audition 3.0\Audition 3.0 Setup.exe" -d "C:\Users\Dean Bönkendorf\Desktop\Adobe\Audition 3.0\Adobe Audition 3.0" Task: {70E7DEEC-9730-487B-B895-B4F862A8F228} - System32\Tasks\{F3AABC01-EFDF-4727-B845-1C95B339B863} => pcalua.exe -a "C:\Users\Dean Bönkendorf\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=cvs <==== ACHTUNG Task: {A62B3250-CD48-4BE6-8FD9-4380A8EA346B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {BB4A8036-BB32-4E8D-A890-39BE20225735} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-13] (Dropbox, Inc.) Task: {EF3C3B0C-C67D-4555-972E-DE0AD66718E7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {F97312F6-9754-4413-9959-196881B4C72F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {FE24FC64-C3BA-4D32-B86D-A5F622AC1892} - System32\Tasks\{F9A8AE91-7B97-4F34-A29A-7D6D7F8A0D74} => pcalua.exe -a "C:\Users\Dean Bönkendorf\Desktop\Waves Diamond Bundle 5.2\setup.exe" -d "C:\Users\Dean Bönkendorf\Desktop\Waves Diamond Bundle 5.2" (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-09-05 15:01 - 2015-08-07 05:34 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-09-05 14:57 - 2014-01-28 04:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2014-09-10 19:37 - 2015-02-20 19:10 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe 2014-09-05 14:58 - 2015-12-19 12:47 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2014-09-05 14:57 - 2014-01-28 04:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2015-05-19 14:26 - 2015-08-18 00:31 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-12-13 18:11 - 2015-10-31 01:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd 2015-12-13 18:11 - 2015-10-31 01:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2015-12-13 18:11 - 2015-10-31 01:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2015-12-13 18:11 - 2015-10-31 01:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2015-12-13 18:11 - 2015-10-31 01:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2015-12-13 18:11 - 2015-12-08 22:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2015-12-13 18:11 - 2015-10-31 01:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2015-12-13 18:11 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-13 18:11 - 2015-10-31 01:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2015-12-13 18:11 - 2015-10-31 01:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2015-12-13 18:11 - 2015-12-08 22:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2015-12-13 18:11 - 2015-10-31 02:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2015-12-13 18:11 - 2015-12-08 22:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2015-12-13 18:11 - 2015-10-31 02:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-12-13 18:11 - 2015-10-31 02:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-12-13 18:11 - 2015-10-31 02:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-12-13 18:11 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\sony.com -> sony.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\100sexlinks.com -> 100sexlinks.com Da befinden sich 5317 mehr Seiten. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-330146135-2436004342-2132212847-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 - 192.168.0.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{07C6887B-D5F0-4339-ACFD-8DBB78AED186}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BF293E57-6786-4BE0-B97C-C7159C7A691D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E524293E-BAFE-4B0F-9590-2C8C5EFC9AE2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AF6FA032-5B70-4EFD-8AB8-6F03A72072F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{D0FECF6C-1869-462A-8F76-49B2C8B31B3D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{42079083-1025-4B67-BC68-9C3F7CA0C6CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{6FE0BE82-4A3A-41B9-BB73-FF3FBDCA5742}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E7AA90E4-80A6-4086-ACF1-AE4FDCEA09EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\C9\C9MappingAccount.exe FirewallRules: [{6406F2A4-FE15-42B5-BC76-E55C1AC13B5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\C9\C9MappingAccount.exe FirewallRules: [{D2A60AD1-11F2-4304-8E93-D9CE5AB65C35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{1A28CE93-7294-43FE-BA9B-A09B660D68EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B652B5B2-9DF7-46F0-80A0-5BA06A82976B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{58C77B66-FBB0-4071-B9A4-6C4B8A3A0BB1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{4FD5F3CD-DF89-46AB-972F-CE8B2E11A35F}C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{20F768CB-7D36-4C71-AB58-D8B533ECCA86}C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{4515E5B6-A4F1-47DE-B504-F20A51B44681}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe FirewallRules: [UDP Query User{DFA87477-9FAA-4B64-B38E-8AFABF6F4F8D}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe FirewallRules: [TCP Query User{31DDCAE7-6B1D-48C1-90A5-6096865DBF34}C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{CAEE8DB0-B0F4-426F-9473-D921035707FA}C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe FirewallRules: [{766ADAD8-9FF8-4786-93B1-21D9723EBE9C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe FirewallRules: [{C8B7DEA8-DDF0-40EB-B70B-ADACB67FA4CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe FirewallRules: [{C45D9D57-EB17-4111-8C6D-BFA3B41BA703}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{4C080B56-48B3-41CC-B34F-8FAA29B96BBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{E2EF9ED1-AA67-44EF-AAEA-00F2AD60FEE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{399ED6A1-BA1F-4A5C-95B9-F0D1229D6768}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{AD0958B6-13C5-4089-902E-73D67A372BCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{D19DB2F2-C096-467E-864D-FDCF1BB15E17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{760C835D-F7E8-42F9-8DF0-8FE586F62B5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{EA261A0C-D431-4E8D-BB96-9C45B3F6C132}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [TCP Query User{E46FF65C-6E6E-42D0-A972-AB087F4F84AD}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [UDP Query User{0216E924-4746-4AC1-B574-C081C54D977D}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [TCP Query User{CBD2993A-8316-4FB3-9AC3-EFB42DDBA4B9}D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Block) D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe FirewallRules: [UDP Query User{3AE420D1-B6CE-4475-AB18-36341BC3D55D}D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Block) D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe FirewallRules: [TCP Query User{970474E5-E4DE-4789-8607-0E404909B742}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [UDP Query User{9F1A704E-2215-4166-A136-B7B4750921BD}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [TCP Query User{49373530-0462-4A55-AB1F-AD6A3633A9B5}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Block) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [UDP Query User{84B7CE7A-2A99-40E4-9FAC-7A472337BE13}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Block) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [{92086F8B-E01E-465A-8D5D-9983265A1376}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{12170B29-CB2B-408B-9353-7AAB2BAB3B5E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{E390E860-1420-4DF9-953A-0F23D629D16D}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [UDP Query User{57241E43-09CB-4702-ACC2-9F4F170A1584}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [{6B6141A3-BB1A-41BF-BCC3-9F20267008BF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{844FD5E4-CFB9-47C0-BAE4-F37563B616A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3F03719D-0D70-49F9-BE31-9B961C594AF3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe FirewallRules: [{8C2F8CEF-97A4-4BC9-AC38-ACD7600FC450}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe FirewallRules: [TCP Query User{60D97222-60C8-4721-A549-F2BC8CE0D9F6}C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe FirewallRules: [UDP Query User{E41C662D-A144-45A7-A79D-4F28CFDD6366}C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe FirewallRules: [TCP Query User{21397792-FFFF-484A-B053-83685DF2CE4E}C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe FirewallRules: [UDP Query User{DDC14A35-D927-4729-89BB-E3C04F4690B3}C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe FirewallRules: [TCP Query User{D9760706-6E38-477F-A5AA-765C25EFBABC}C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe FirewallRules: [UDP Query User{6EB0377E-BA3D-49FC-A414-A45ECA1EE984}C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe FirewallRules: [{8552312C-24D0-4F08-A387-B6F239E08173}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C1D56AFB-646F-4EA9-BBDE-8BA17A9F2273}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F708BCFC-F7AF-4F9B-B7FB-089DA8D1EECF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\H1Z1\LaunchPad.exe FirewallRules: [{73D6BD9A-0FCC-4F84-942D-CC3FDBAD100A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\H1Z1\LaunchPad.exe FirewallRules: [TCP Query User{1D118656-026F-4CE9-A27F-B2F486D5A53E}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe FirewallRules: [UDP Query User{AA7BF51D-3402-4E56-A534-1E752155766A}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe FirewallRules: [{37019DC9-570B-4CCC-B94C-50897D2DA95D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{25DF0D29-1B44-4D02-B585-FCDF0486C3F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{75A949E1-0134-4D74-8BDC-71B8F95DFCB0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{3CA40634-32B4-444A-ABB2-FE3232AB8D0D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{F50FA406-D8F1-44D7-B9F3-18257AF67200}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{2E5AF936-9942-44B3-A3D3-5D20E14B249D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{66A59B80-49CB-453B-A66C-D97104987A5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{AFFF18AF-5D33-4F6D-A13C-E2925AC197C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{3AF5ED32-46B1-4D4E-A083-FF49BD7A14C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{F21BC914-5482-4FE0-87EA-A52196CCEAB6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{0D8EC4FF-DFF3-4168-900A-3FC1F15C3C23}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{EB165A94-521D-41C6-A91A-F8B2B70D637C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{40879B58-6BD6-4105-8FE4-16B9FBDCBA4F}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{F9C58152-F2D7-4BA8-832D-4838BFF3717F}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{5BFF197C-C321-43FE-9236-18AD10024E15}] => (Allow) D:\SteamLibrary\steamapps\common\DB Xenoverse\DBXV.exe FirewallRules: [{E55D0710-5D1A-44A5-9932-7BF1FDAEB93C}] => (Allow) D:\SteamLibrary\steamapps\common\DB Xenoverse\DBXV.exe FirewallRules: [TCP Query User{6D34A749-4F0D-480D-8F35-7183C0C11C8D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{9DB582BC-ABFE-4396-93FB-439F9EA5814A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{5649FFB7-471D-445A-9341-ACC98272399F}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{17FF3C34-1AF7-4E06-BFF8-C70F86B952AF}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe FirewallRules: [{1C607BE2-95CE-470D-85CD-B467C27EB5C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rise_of_Incarnates\exe\roi.exe FirewallRules: [{BC8E521D-4121-4916-B2F5-FA082013E20B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rise_of_Incarnates\exe\roi.exe FirewallRules: [{0EEC40A1-5E9E-4511-B111-039452DF95E0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{1CBB0977-084C-4C71-85F7-81CDB34A0ECF}] => (Allow) LPort=2869 FirewallRules: [{F2FF8E45-2A75-41BE-A836-0C09B3988C26}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{377A54A0-1BF9-40FD-8B2C-EBEDFF8FD693}D:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3.exe FirewallRules: [UDP Query User{0AD374A8-F4DC-4527-A9A2-0766762EDD7C}D:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3.exe FirewallRules: [{0445D3B0-F1E4-4487-B99F-CB8366490FC4}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{DECE0114-7C14-4B7C-98DA-561BC74AD1C5}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{D9E2514E-2AFF-40D4-B5AF-991EC74C5985}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{92F4A586-1EA7-4704-8E1D-93413A8B42F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{B640279F-3966-4428-AC82-3E90B423AEDB}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [{A99ED824-8967-42C8-9350-DBA9DB9DA797}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [TCP Query User{A74416E9-F5ED-48A7-8562-675CEA3AC4E5}D:\steamlibrary\steamapps\common\naruto shippuden ultimate ninja storm revolution\nsunsr.exe] => (Allow) D:\steamlibrary\steamapps\common\naruto shippuden ultimate ninja storm revolution\nsunsr.exe FirewallRules: [UDP Query User{2507676A-1817-4E5F-B663-785D817B0157}D:\steamlibrary\steamapps\common\naruto shippuden ultimate ninja storm revolution\nsunsr.exe] => (Allow) D:\steamlibrary\steamapps\common\naruto shippuden ultimate ninja storm revolution\nsunsr.exe FirewallRules: [{476361C1-A6C3-4964-A669-D8582903BDE1}] => (Allow) D:\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MK10.exe FirewallRules: [{F8C6AE0A-B9B6-4460-B9CD-D313ECA4DC68}] => (Allow) D:\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MK10.exe FirewallRules: [{9FB4B405-4929-4243-9377-DFF441BBB95E}] => (Allow) D:\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe FirewallRules: [{20A82327-B2D9-488C-9CE3-418E1C969D60}] => (Allow) D:\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe FirewallRules: [TCP Query User{263F73BD-C904-4A79-AF49-FD1EC8E5B3AA}D:\record\aufmweeknd\cubase 8\cubase le ai elements 8.exe] => (Allow) D:\record\aufmweeknd\cubase 8\cubase le ai elements 8.exe FirewallRules: [UDP Query User{9FE91F89-4AC9-4FDE-87FD-08A57658965C}D:\record\aufmweeknd\cubase 8\cubase le ai elements 8.exe] => (Allow) D:\record\aufmweeknd\cubase 8\cubase le ai elements 8.exe FirewallRules: [TCP Query User{8D768759-68FA-416A-914F-2B9AEA0220BE}D:\record\aufmweeknd\cubase 8\components\vstbridgeapp.exe] => (Allow) D:\record\aufmweeknd\cubase 8\components\vstbridgeapp.exe FirewallRules: [UDP Query User{1DB0B156-8005-4AD5-ADA7-37A471F7DF4E}D:\record\aufmweeknd\cubase 8\components\vstbridgeapp.exe] => (Allow) D:\record\aufmweeknd\cubase 8\components\vstbridgeapp.exe FirewallRules: [TCP Query User{DB5132A5-140F-4B98-8A7C-997BDAD59FDD}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Block) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [UDP Query User{03AC3A54-6A7D-420E-8BFC-349C04DC45E3}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Block) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [{5C24AB19-79DE-4E33-9FC1-2AADB192318B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{14F164FD-7073-48D0-B075-A4847297E187}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BAC0E481-4854-46CB-A7CA-E2C2E0526A5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F76FD1E5-9102-4364-A387-4C8D7B6799BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{06EA2D63-06E8-417C-96EB-9FF46642AE93}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{BB5651F9-00BC-4543-BD54-6F45A878D4EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{B348501C-0AB5-4C06-B398-446ED4C822D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{A6FADAC1-A831-4F7A-B8DC-8B44B5EA8178}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [UDP Query User{161A845C-9CAE-4726-B6A9-CC3480575C7A}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [{C8C713FC-3805-401A-882D-D398F6F69691}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [{DFEA3B01-2974-48F0-88A2-CBC0B2F79A98}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [{4AEA6D0E-5B6F-46AD-B1E8-E5F00EF233A3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/19/2015 12:53:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Ausnahmecode: 0x40000015 Fehleroffset: 0x00093534 ID des fehlerhaften Prozesses: 0x924 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Error: (12/19/2015 12:49:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/18/2015 06:58:11 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (12/18/2015 06:07:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Ausnahmecode: 0x40000015 Fehleroffset: 0x00093534 ID des fehlerhaften Prozesses: 0x830 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Error: (12/18/2015 06:03:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/17/2015 06:05:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (12/17/2015 05:26:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Ausnahmecode: 0x40000015 Fehleroffset: 0x00093534 ID des fehlerhaften Prozesses: 0x718 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Error: (12/17/2015 05:21:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/16/2015 10:41:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Ausnahmecode: 0x40000015 Fehleroffset: 0x00093534 ID des fehlerhaften Prozesses: 0x9dc Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Error: (12/16/2015 10:36:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Systemfehler: ============= Error: (12/19/2015 12:59:53 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus. Error: (12/19/2015 12:53:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/19/2015 12:47:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Digital Wave Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (12/19/2015 12:45:03 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus. Error: (12/18/2015 07:18:54 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus. Error: (12/18/2015 06:07:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/18/2015 06:02:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Digital Wave Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (12/18/2015 12:06:40 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus. Error: (12/17/2015 05:26:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/17/2015 05:19:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Digital Wave Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 CodeIntegrity: =================================== Date: 2015-07-28 10:54:27.570 Description: Die Integrität der Datei "\Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2015-07-28 10:54:27.453 Description: Die Integrität der Datei "\Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2015-07-28 10:54:27.300 Description: Die Integrität der Datei "\Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2015-07-28 10:54:27.185 Description: Die Integrität der Datei "\Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2014-12-13 12:49:25.557 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-12-13 12:49:25.526 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz Prozentuale Nutzung des RAM: 18% Installierter physikalischer RAM: 16320.14 MB Verfügbarer physikalischer RAM: 13228.61 MB Summe virtueller Speicher: 32638.48 MB Verfügbarer virtueller Speicher: 29459.02 MB ==================== Laufwerke ================================ Drive c: (OSDisk) (Fixed) (Total:200 GB) (Free:23.26 GB) NTFS Drive d: () (Fixed) (Total:731.02 GB) (Free:541.09 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F1AD0888) Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=731 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
20.12.2015, 16:23 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor.Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Bitte Screenshot posten.
__________________ |
20.12.2015, 18:18 | #3 |
| Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. hi, danke schonmal!
__________________Screenshot ist im Anhang |
20.12.2015, 18:32 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. Deinstalliere mal bitte Microsoft Security Essentials. Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
20.12.2015, 19:55 | #5 |
| Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor.Code:
ATTFilter # AdwCleaner v5.025 - Bericht erstellt am 20/12/2015 um 19:51:23 # Aktualisiert am 13/12/2015 von Xplode # Datenbank : 2015-12-13.2 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Dean Bönkendorf - MININT-NCPHE64 # Gestartet von : C:\Users\Dean Bönkendorf\Desktop\AdwCleaner_5.025.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** [-] Ordner Gelöscht : C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [-] Ordner Gelöscht : C:\Users\Dean Bönkendorf\AppData\Roaming\Windows Open Service [-] Ordner Gelöscht : C:\Users\Dean Bönkendorf\AppData\Roaming\RPEng ***** [ Dateien ] ***** [-] Datei Gelöscht : C:\END [-] Datei Gelöscht : C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\foxydeal.sqlite [-] Datei Gelöscht : C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\invalidprefs.js ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Internetbrowser ] ***** [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("CT1561552.UserID", "UN35862532522784022"); [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("CT1561552.dum", "2"); [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("CT1561552.fullUserID", "UN35862532522784022.IN.20150223232414"); [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("CT1561552.installerVersion", "1.11.0.11"); [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("CT1561552.toolbarInstallDate", "23-02-2015 23:24:14"); [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("CT1561552.versionFromInstaller", "10.37.0.8"); [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("CT1561552.xpeMode", "1"); [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"1485f3d06c42ed-06cac9f380ffd-41534136-0-1485f3d06c567a\""); [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"28f6a9d05e631d7ada9937dda0875014db6db3c9\""); [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"ec3465178027e3b3399086c8b3d5fae259e7a412\""); [-] [C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\prefs.js] [Preference] Gelöscht : user_pref("smartbar.machineId", "PVNN6OTH3CQCTGIV5JKNA3AA8SCJVSYWFZDSZHV8HMLMOLPFKDGCZTCWF5IZWUID4WHAPCIC9NJT2BGP0/4B6A"); [-] [C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : libedajeiljdoodmokbppgapcfbignci ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Chrome Richtlinien gelöscht ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3806 Bytes] ########## |
21.12.2015, 19:03 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. Schritt 1
Schritt 2 ESET Online Scanner
__________________ --> Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. |
22.12.2015, 15:37 | #7 |
| Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor.Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 22.12.2015 Suchlaufzeit: 13:14 Protokolldatei: mbamlog.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.22.03 Rootkit-Datenbank: v2015.12.18.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Dean Bönkendorf Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 427879 Abgelaufene Zeit: 13 Min., 24 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=303b1502cae8ae47a13bc3e141ce943b # end=init # utc_time=2015-12-22 12:32:20 # local_time=2015-12-22 01:32:20 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 27312 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=303b1502cae8ae47a13bc3e141ce943b # end=updated # utc_time=2015-12-22 12:35:42 # local_time=2015-12-22 01:35:42 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=303b1502cae8ae47a13bc3e141ce943b # engine=27312 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-22 01:51:55 # local_time=2015-12-22 02:51:55 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 7017 202422165 0 0 # scanned=299364 # found=4 # cleaned=0 # scan_time=4572 sh=BB89C711C445463AF268C647B17F1E4A56F9A291 ft=1 fh=07e8ec5c583ec831 vn="Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dean Bönkendorf\AppData\Roaming\Windows Open Service\OpenService.exe.vir" sh=19D4959C0A0C57B9DFF03C61E9F4DDA560D33679 ft=1 fh=b23557869e15bdc5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dean Bönkendorf\Downloads\Notepad - CHIP-Installer.exe" sh=E567E66E927EE403F047EB739E7A0D039FF00B09 ft=1 fh=918c27eb6633031b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dean Bönkendorf\Downloads\Sublime Text 2 - CHIP-Installer.exe" sh=16714534232C63B22C439E8A69DD083E1EC2A846 ft=1 fh=40849a6985947c00 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\HSS-3.42-install-hss-691-conduit.exe" |
22.12.2015, 20:59 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
24.12.2015, 14:20 | #9 |
| Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. Es läuft alles wieder speedomäßig, vielen dank dafür. Nur das Fenster am Anfang öffnet sich immernoch. |
24.12.2015, 19:10 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. Frohe Weihnachten! Poste bitte nochmal frische Logs: Schritt 1 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
25.12.2015, 17:28 | #11 |
| Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor.Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015 durchgeführt von Dean Bönkendorf (Administrator) auf MININT-NCPHE64 (25-12-2015 17:25:45) Gestartet von C:\Users\Dean Bönkendorf\Desktop Geladene Profile: Dean Bönkendorf (Verfügbare Profile: Dean Bönkendorf) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\Dean Bönkendorf\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe (DVDVideoSoft Ltd.) C:\Users\Dean Bönkendorf\AppData\Local\Temp\is-9RPNL.tmp\netlogger.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-07-04] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-18] (NVIDIA Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.) HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [9135984 2015-11-23] (Emsisoft Ltd) HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\Run: [Spotify Web Helper] => C:\Users\Dean Bönkendorf\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-14] (Spotify Ltd) HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC) HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\Run: [BingSvc] => C:\Users\Dean Bönkendorf\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-12-15] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-12-11] ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{19138F64-D0A2-442A-BE73-96BCF77C3D04}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Internet Explorer: ================== HKU\S-1-5-21-330146135-2436004342-2132212847-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-330146135-2436004342-2132212847-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-330146135-2436004342-2132212847-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-de SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) FireFox: ======== FF ProfilePath: C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: google.de FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q= FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-330146135-2436004342-2132212847-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dean Bönkendorf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-27] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-330146135-2436004342-2132212847-1001: electronicarts.com/GameFacePlugin -> C:\Users\Dean Bönkendorf\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts) FF Extension: NoScript - C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-23] FF Extension: Bing Search - C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-11-26] FF Extension: YouTube Unblocker - C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\Extensions\youtubeunblocker@unblocker.yt [2015-12-02] FF Extension: Adblock Plus - C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15] FF HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR Profile: C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10] CHR Extension: (Google Docs) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10] CHR Extension: (Google Drive) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10] CHR Extension: (YouTube) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10] CHR Extension: (Google-Suche) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-10] CHR Extension: (Google Tabellen) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10] CHR Extension: (Avira Browserschutz) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-10] CHR Extension: (Google Wallet) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-10] CHR Extension: (Google Mail) - C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-10] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [10768560 2015-11-23] (Emsisoft Ltd) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] () S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-10] () S3 Origin Client Service; D:\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts) R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2015-02-20] () S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] () S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 epp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-11-12] (Emsisoft Ltd) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia) R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-06-01] (SteelSeries ApS) R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2015-11-13] (SteelSeries ApS) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [132160 2014-08-19] (Yamaha Corporation) S3 AIDA64Driver; \??\C:\Users\Administrator.MININT-NCPHE64\Desktop\X13\Aida64Business\kerneld.x64 [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S3 WinRing0_1_2_0; \??\C:\Users\Administrator.MININT-NCPHE64\Desktop\X13\OpenHardwareMonitor\OpenHardwareMonitor.sys [X] S3 xhunter1; \??\C:\windows\xhunter1.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-25 17:25 - 2015-12-25 17:25 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\FRST-OlderVersion 2015-12-22 13:31 - 2015-12-22 13:31 - 00001221 _____ C:\mbamlog.txt 2015-12-22 13:31 - 2015-12-22 13:31 - 00000500 _____ C:\Users\Dean Bönkendorf\Desktop\mbamlog.lnk 2015-12-22 13:30 - 2015-12-22 13:30 - 00001226 _____ C:\Users\Dean Bönkendorf\Desktop\malwarebytes.txt 2015-12-22 13:16 - 2015-12-22 13:16 - 02870984 _____ (ESET) C:\Users\Dean Bönkendorf\Desktop\esetsmartinstaller_deu.exe 2015-12-22 13:13 - 2015-12-22 13:13 - 22908888 _____ (Malwarebytes ) C:\Users\Dean Bönkendorf\Desktop\mbam-setup-2.2.0.1024.exe 2015-12-22 13:13 - 2015-12-22 13:13 - 00001108 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-20 19:50 - 2015-12-20 19:51 - 00000000 ____D C:\AdwCleaner 2015-12-20 19:46 - 2015-12-20 19:46 - 01740288 _____ C:\Users\Dean Bönkendorf\Desktop\AdwCleaner_5.025.exe 2015-12-20 19:44 - 2015-12-20 19:44 - 00000222 _____ C:\Users\Dean Bönkendorf\Desktop\Rocket League.url 2015-12-19 12:59 - 2015-12-25 17:26 - 00016264 _____ C:\Users\Dean Bönkendorf\Desktop\FRST.txt 2015-12-19 12:59 - 2015-12-25 17:25 - 00000000 ____D C:\FRST 2015-12-19 12:59 - 2015-12-19 13:00 - 00060291 _____ C:\Users\Dean Bönkendorf\Desktop\Addition.txt 2015-12-19 12:58 - 2015-12-25 17:25 - 02370560 _____ (Farbar) C:\Users\Dean Bönkendorf\Desktop\FRST64.exe 2015-12-17 18:09 - 2015-12-17 18:12 - 00015102 _____ C:\Users\Dean Bönkendorf\Desktop\Essensplan.odt 2015-12-13 22:39 - 2015-12-13 22:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2015-12-13 22:39 - 2015-12-13 22:39 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack 2015-12-13 18:12 - 2015-12-23 17:29 - 00000000 ___RD C:\Users\Dean Bönkendorf\Dropbox 2015-12-13 18:11 - 2015-12-13 18:11 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\Dropbox 2015-12-13 18:10 - 2015-12-24 12:00 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-12-13 18:10 - 2015-12-23 17:29 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Local\Dropbox 2015-12-13 18:10 - 2015-12-13 18:10 - 00000000 ____D C:\ProgramData\Dropbox 2015-12-09 19:20 - 2015-12-09 19:20 - 09498816 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2015-12-09 18:19 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2015-12-09 18:19 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2015-12-09 18:19 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2015-12-09 18:19 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll 2015-12-09 18:19 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2015-12-09 18:19 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2015-12-09 18:19 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2015-12-09 18:19 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll 2015-12-09 18:19 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2015-12-09 18:19 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-12-09 18:19 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-12-09 18:19 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll 2015-12-09 18:19 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll 2015-12-09 18:19 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll 2015-12-09 18:19 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll 2015-12-09 18:19 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-12-09 18:19 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-12-09 18:19 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-12-09 18:19 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-12-09 18:19 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-12-09 18:19 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-12-09 18:19 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-12-09 18:19 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2015-12-09 18:19 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2015-12-09 18:19 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll 2015-12-09 18:19 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2015-12-09 18:19 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll 2015-12-09 18:19 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-12-09 18:19 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-12-09 18:19 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-12-09 18:19 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2015-12-09 18:19 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-12-09 18:19 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2015-12-09 18:19 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2015-12-09 18:19 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-12-09 18:19 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-12-09 18:19 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2015-12-09 18:19 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-12-09 18:19 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-12-09 18:19 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-12-09 18:19 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-12-09 18:19 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-09 18:19 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2015-12-09 18:19 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-12-09 18:19 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2015-12-09 18:19 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2015-12-09 18:19 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-12-09 18:19 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-12-09 18:19 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2015-12-09 18:19 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-12-09 18:19 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-12-09 18:19 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-12-09 18:19 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-12-09 18:19 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-12-09 18:19 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-12-09 18:19 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-12-09 18:19 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-12-09 18:19 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-12-09 18:19 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-12-09 18:19 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-12-09 18:19 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-12-09 18:19 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-12-09 18:19 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-12-09 18:19 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-12-09 18:19 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-12-09 18:19 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-12-09 18:19 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-12-09 18:19 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-12-09 18:19 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-12-09 18:19 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-12-09 18:19 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 18:19 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-12-09 18:19 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-12-09 18:19 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2015-12-09 18:19 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2015-12-09 18:19 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-12-09 18:19 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-12-09 18:19 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-12-09 18:19 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-12-09 18:19 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-12-09 18:19 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-12-09 18:19 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-12-09 18:19 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-12-09 18:19 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll 2015-12-09 18:19 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll 2015-12-09 18:19 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2015-12-09 18:19 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2015-12-09 18:19 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys 2015-12-09 18:19 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2015-12-09 18:19 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll 2015-12-09 18:19 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll 2015-12-09 18:19 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL 2015-12-09 18:19 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll 2015-12-09 18:19 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL 2015-12-09 18:19 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL 2015-12-09 18:19 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll 2015-12-09 18:19 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL 2015-12-09 18:19 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll 2015-12-09 18:19 - 2015-10-08 20:13 - 00419928 _____ C:\windows\SysWOW64\locale.nls 2015-12-09 18:19 - 2015-10-08 19:52 - 00419928 _____ C:\windows\system32\locale.nls 2015-12-09 18:18 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll 2015-12-09 18:18 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll 2015-11-29 02:37 - 2015-11-29 02:37 - 00000000 ___DL C:\Users\Dean Bönkendorf\AppData\LocalLow\PlayReady 2015-11-29 02:20 - 2015-12-10 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-29 02:20 - 2015-12-10 00:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-11-29 02:20 - 2015-12-10 00:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-11-25 13:18 - 2015-11-25 13:18 - 00000000 ____D C:\Users\Public\Documents\sun ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-25 17:26 - 2014-12-15 20:58 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2015-12-25 17:20 - 2015-04-20 21:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2015-12-25 16:55 - 2009-07-14 05:45 - 00032336 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-25 16:55 - 2009-07-14 05:45 - 00032336 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-25 16:45 - 2014-09-10 12:12 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-25 16:42 - 2015-05-09 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-25 16:42 - 2014-09-10 11:55 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-12-25 16:42 - 2014-09-10 11:55 - 00001081 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-12-25 16:42 - 2014-09-10 11:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-25 16:39 - 2014-09-05 15:06 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-25 16:39 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-12-25 05:59 - 2014-09-10 13:40 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\TS3Client 2015-12-25 05:08 - 2014-10-02 18:24 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Local\Spotify 2015-12-25 04:56 - 2014-09-10 19:11 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\Spotify 2015-12-23 17:27 - 2015-09-11 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 8 64bit 2015-12-23 17:27 - 2015-08-16 19:19 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 8 64bit 2015-12-23 17:26 - 2015-09-25 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-sonique Alien303 VSTi 2015-12-23 02:38 - 2015-10-05 01:26 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\steelseries-engine-3-client 2015-12-22 13:14 - 2014-12-14 14:06 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-22 13:13 - 2014-12-14 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-22 13:13 - 2014-12-14 14:06 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-20 20:15 - 2014-11-18 01:29 - 00000000 ____D C:\Users\Dean Bönkendorf\Documents\My Games 2015-12-20 19:48 - 2014-09-05 15:08 - 00001912 _____ C:\windows\epplauncher.mif 2015-12-20 18:14 - 2015-10-27 17:58 - 00257024 ___SH C:\Users\Dean Bönkendorf\Desktop\Thumbs.db 2015-12-20 18:11 - 2014-10-02 18:06 - 00000000 ____D C:\ProgramData\Origin 2015-12-19 21:01 - 2015-01-09 18:26 - 00000000 ____D C:\Users\Dean Bönkendorf\Documents\Cubase LE AI Elements Projects 2015-12-19 13:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-12-19 00:46 - 2014-06-12 08:30 - 01592628 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2015-12-19 00:46 - 2011-04-12 08:43 - 00699092 _____ C:\windows\system32\perfh007.dat 2015-12-19 00:46 - 2011-04-12 08:43 - 00149232 _____ C:\windows\system32\perfc007.dat 2015-12-19 00:46 - 2009-07-14 06:13 - 01592628 _____ C:\windows\system32\PerfStringBackup.INI 2015-12-19 00:46 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf 2015-12-19 00:45 - 2015-04-04 02:00 - 00000000 ___SD C:\windows\SysWOW64\GWX 2015-12-19 00:45 - 2015-04-04 02:00 - 00000000 ___SD C:\windows\system32\GWX 2015-12-17 21:25 - 2015-07-26 17:45 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\neuerstuff 2015-12-17 21:25 - 2015-06-24 21:49 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\Studium 2015-12-17 21:25 - 2015-05-07 23:41 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\RNBshit 2015-12-17 21:25 - 2015-01-10 19:57 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\eigene mukke 2015-12-17 21:25 - 2014-09-10 12:29 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\PcSachen 2015-12-15 12:40 - 2015-11-19 19:24 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-12-13 22:42 - 2014-10-05 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-12-13 22:42 - 2014-10-05 19:02 - 00000000 ____D C:\Users\Dean Bönkendorf\AppData\Roaming\DVDVideoSoft 2015-12-13 18:12 - 2014-09-10 11:47 - 00000000 ____D C:\Users\Dean Bönkendorf 2015-12-12 12:43 - 2015-05-16 23:49 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\ich 2015-12-11 18:34 - 2014-10-30 19:53 - 00000000 ____D C:\Users\Dean Bönkendorf\Desktop\anstehendes 2015-12-11 17:15 - 2015-11-22 22:18 - 00000832 _____ C:\Users\Public\Desktop\FIFA 16.lnk 2015-12-11 15:09 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache 2015-12-10 15:12 - 2009-07-14 05:45 - 00368536 _____ C:\windows\system32\FNTCACHE.DAT 2015-12-10 00:53 - 2014-06-12 08:37 - 00000000 ____D C:\windows\system32\MRT 2015-12-10 00:50 - 2014-06-12 08:37 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-12-09 19:20 - 2015-04-20 21:03 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-12-09 19:20 - 2014-09-10 19:14 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-12-09 19:20 - 2014-09-10 19:14 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-02 13:18 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2015-11-28 22:09 - 2014-09-10 13:37 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-11-26 22:48 - 2015-10-30 22:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-12-12 21:40 - 2014-12-12 21:40 - 0000148 _____ () C:\Users\Dean Bönkendorf\AppData\Roaming\tmp_register.bat 2014-10-16 20:22 - 2014-10-16 20:22 - 0000874 _____ () C:\Users\Dean Bönkendorf\AppData\Local\recently-used.xbel 2014-09-05 14:58 - 2014-09-05 14:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Dean Bönkendorf\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\windows\system32\winlogon.exe => Datei ist digital signiert C:\windows\system32\wininit.exe => Datei ist digital signiert C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\windows\explorer.exe => Datei ist digital signiert C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\windows\system32\svchost.exe => Datei ist digital signiert C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\windows\system32\services.exe => Datei ist digital signiert C:\windows\system32\User32.dll => Datei ist digital signiert C:\windows\SysWOW64\User32.dll => Datei ist digital signiert C:\windows\system32\userinit.exe => Datei ist digital signiert C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\windows\system32\rpcss.dll => Datei ist digital signiert C:\windows\system32\dnsapi.dll => Datei ist digital signiert C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-20 04:12 ==================== Ende von FRST.txt ============================ addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-12-2015 durchgeführt von Dean Bönkendorf (2015-12-25 17:26:18) Gestartet von C:\Users\Dean Bönkendorf\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2014-09-10 10:47:37) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-330146135-2436004342-2132212847-500 - Administrator - Disabled) Dean Bönkendorf (S-1-5-21-330146135-2436004342-2132212847-1001 - Administrator - Enabled) => C:\Users\Dean Bönkendorf Gast (S-1-5-21-330146135-2436004342-2132212847-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-330146135-2436004342-2132212847-1003 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9} AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.) Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.) Canon MX470 series Benutzerregistrierung (HKLM-x32\...\Canon MX470 series Benutzerregistrierung) (Version: - *Canon Inc.) Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.) Canon MX470 series On-screen Manual (HKLM-x32\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DRAGON BALL XENOVERSE (HKLM-x32\...\Steam App 323470) (Version: - DIMPS) EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts) EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts) eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.1.1169 - Steinberg Media Technologies GmbH) Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd) FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.4.64673.4 - Electronic Arts) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free Audio Converter (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.71.1211 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.46.923 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.) H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.) Mortal Kombat X (HKLM-x32\...\Steam App 307780) (Version: - NetherRealm Studios) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 42.0 (x64 de) (HKLM\...\Mozilla Firefox 42.0 (x64 de)) (Version: 42.0 - Mozilla) Mozilla Firefox 43.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 de)) (Version: 43.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0 - Mozilla) NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version: - CyberConnect 2) NARUTO SHIPPUDEN: Ultimate Ninja STORM Revolution (HKLM-x32\...\Steam App 272510) (Version: - CyberConnect2 Co., Ltd.) NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.60 - NVIDIA Corporation) NVIDIA Grafiktreiber 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7255 - Realtek Semiconductor Corp.) Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix) Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia) Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) SteelSeries Engine 3.6.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.2 - SteelSeries ApS) Steinberg Cubase LE AI Elements 7 64bit (HKLM\...\{67E7C608-D0EA-4273-B374-50ABE42FBE08}) (Version: 7.0.80 - Steinberg Media Technologies GmbH) Steinberg Cubase LE AI Elements 8 64bit (HKLM\...\{C801D1E6-30E3-46BE-368D-0106B42CCE17}) (Version: 8.0.20 - Steinberg Media Technologies GmbH) Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH) Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.2.0 - Steinberg Media Technologies GmbH) Steinberg Groove Agent SE Acoustic Agent (HKLM-x32\...\{F34EA13C-F078-4003-AE21-43EAB2680EC5}) (Version: 1.0.1 - Steinberg Media Technologies GmbH) Steinberg Groove Agent SE Content (HKLM-x32\...\{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}) (Version: 1.2.1 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 2.0.1 - Steinberg Media Technologies GmbH) Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH) Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH) Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH) Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH) Syncrosofts Lizenz Kontrolle (HKLM-x32\...\Syncrosoft's License Control) (Version: - Syncrosoft Hard- Und Software GmbH) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED) Unity Web Player (HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft) Voxengo Voxformer (HKLM\...\Voxengo Voxformer_is1) (Version: 2.9 - Voxengo) VPNAutoconnect (HKLM-x32\...\{8E557F21-99AE-440D-8058-CD8CB3302E13}) (Version: 1.15 - globalip) Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol) WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) Xleaner v4.28.1368 (HKLM-x32\...\{72D84E46-E633-4729-8A77-2347C8CD4096}_is1) (Version: - More Than A Cleaner.de) Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{905A4D64-E752-4BC1-9D18-F7747F4C7D87}) (Version: 1.9.0 - Yamaha Corporation) Yamaha Steinberg USB Driver (Version: 1.9.0 - Yamaha Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {3C29ECE2-184F-47A3-9D92-656307001381} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {3CF7D207-A028-418E-918C-C1540FD1F3FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {4E704D28-DCEF-4CD0-A777-64802F32DA65} - System32\Tasks\{B0DE84C7-555B-4C99-93F4-F2C37F6A2D68} => pcalua.exe -a "C:\Users\Administrator.MININT-M7F55PD\Desktop\DX C++ PhysX .NET\dotnetfx35\dotnetfx35.exe" -d "C:\Users\Administrator.MININT-M7F55PD\Desktop\DX C++ PhysX .NET\dotnetfx35" Task: {567811F8-BBD7-4ACE-A757-2F1AC97C4CF3} - System32\Tasks\{24F23C0E-A6E4-4B1F-BFB9-C44C17279C8F} => pcalua.exe -a "C:\Users\Dean Bönkendorf\Desktop\Adobe\Audition 3.0\Adobe Audition 3.0\Audition 3.0 Setup.exe" -d "C:\Users\Dean Bönkendorf\Desktop\Adobe\Audition 3.0\Adobe Audition 3.0" Task: {70E7DEEC-9730-487B-B895-B4F862A8F228} - System32\Tasks\{F3AABC01-EFDF-4727-B845-1C95B339B863} => pcalua.exe -a "C:\Users\Dean Bönkendorf\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=cvs <==== ACHTUNG Task: {A62B3250-CD48-4BE6-8FD9-4380A8EA346B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {C78890F6-AC0C-41D6-A9E8-30B53CC8EA4C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {F97312F6-9754-4413-9959-196881B4C72F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {FE24FC64-C3BA-4D32-B86D-A5F622AC1892} - System32\Tasks\{F9A8AE91-7B97-4F34-A29A-7D6D7F8A0D74} => pcalua.exe -a "C:\Users\Dean Bönkendorf\Desktop\Waves Diamond Bundle 5.2\setup.exe" -d "C:\Users\Dean Bönkendorf\Desktop\Waves Diamond Bundle 5.2" (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-09-05 15:01 - 2015-08-07 05:34 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-09-05 14:57 - 2014-01-28 04:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2014-09-10 19:37 - 2015-02-20 19:10 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe 2014-09-05 14:58 - 2015-12-25 16:40 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2014-09-05 14:57 - 2014-01-28 04:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2015-05-19 14:26 - 2015-08-18 00:31 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2014-09-10 12:13 - 2015-11-10 20:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 19:35 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 19:35 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 19:35 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-09-10 12:13 - 2015-12-14 21:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll 2014-09-10 12:13 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-09-10 12:13 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-09-10 12:13 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-09-10 12:13 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-09-10 12:13 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-09-10 12:13 - 2015-12-14 21:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-07-26 14:54 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll 2014-09-10 12:13 - 2015-11-17 01:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-01-20 19:35 - 2015-09-25 00:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2015-12-09 19:20 - 2015-12-09 19:20 - 17647296 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\sony.com -> sony.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-330146135-2436004342-2132212847-1001\...\100sexlinks.com -> 100sexlinks.com Da befinden sich 5317 mehr Seiten. ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2014-12-13 12:49 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-330146135-2436004342-2132212847-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 - 192.168.0.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{07C6887B-D5F0-4339-ACFD-8DBB78AED186}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BF293E57-6786-4BE0-B97C-C7159C7A691D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E524293E-BAFE-4B0F-9590-2C8C5EFC9AE2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AF6FA032-5B70-4EFD-8AB8-6F03A72072F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{D0FECF6C-1869-462A-8F76-49B2C8B31B3D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{42079083-1025-4B67-BC68-9C3F7CA0C6CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{6FE0BE82-4A3A-41B9-BB73-FF3FBDCA5742}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E7AA90E4-80A6-4086-ACF1-AE4FDCEA09EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\C9\C9MappingAccount.exe FirewallRules: [{6406F2A4-FE15-42B5-BC76-E55C1AC13B5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\C9\C9MappingAccount.exe FirewallRules: [{D2A60AD1-11F2-4304-8E93-D9CE5AB65C35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{1A28CE93-7294-43FE-BA9B-A09B660D68EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B652B5B2-9DF7-46F0-80A0-5BA06A82976B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{58C77B66-FBB0-4071-B9A4-6C4B8A3A0BB1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{4FD5F3CD-DF89-46AB-972F-CE8B2E11A35F}C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{20F768CB-7D36-4C71-AB58-D8B533ECCA86}C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{4515E5B6-A4F1-47DE-B504-F20A51B44681}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe FirewallRules: [UDP Query User{DFA87477-9FAA-4B64-B38E-8AFABF6F4F8D}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe FirewallRules: [TCP Query User{31DDCAE7-6B1D-48C1-90A5-6096865DBF34}C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{CAEE8DB0-B0F4-426F-9473-D921035707FA}C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dean bönkendorf\appdata\roaming\spotify\spotify.exe FirewallRules: [{766ADAD8-9FF8-4786-93B1-21D9723EBE9C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe FirewallRules: [{C8B7DEA8-DDF0-40EB-B70B-ADACB67FA4CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe FirewallRules: [{C45D9D57-EB17-4111-8C6D-BFA3B41BA703}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{4C080B56-48B3-41CC-B34F-8FAA29B96BBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{E2EF9ED1-AA67-44EF-AAEA-00F2AD60FEE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{399ED6A1-BA1F-4A5C-95B9-F0D1229D6768}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{AD0958B6-13C5-4089-902E-73D67A372BCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{D19DB2F2-C096-467E-864D-FDCF1BB15E17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{760C835D-F7E8-42F9-8DF0-8FE586F62B5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{EA261A0C-D431-4E8D-BB96-9C45B3F6C132}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [TCP Query User{E46FF65C-6E6E-42D0-A972-AB087F4F84AD}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [UDP Query User{0216E924-4746-4AC1-B574-C081C54D977D}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [TCP Query User{CBD2993A-8316-4FB3-9AC3-EFB42DDBA4B9}D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Block) D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe FirewallRules: [UDP Query User{3AE420D1-B6CE-4475-AB18-36341BC3D55D}D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Block) D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe FirewallRules: [TCP Query User{970474E5-E4DE-4789-8607-0E404909B742}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [UDP Query User{9F1A704E-2215-4166-A136-B7B4750921BD}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [TCP Query User{49373530-0462-4A55-AB1F-AD6A3633A9B5}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Block) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [UDP Query User{84B7CE7A-2A99-40E4-9FAC-7A472337BE13}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Block) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [{92086F8B-E01E-465A-8D5D-9983265A1376}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{12170B29-CB2B-408B-9353-7AAB2BAB3B5E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{E390E860-1420-4DF9-953A-0F23D629D16D}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [UDP Query User{57241E43-09CB-4702-ACC2-9F4F170A1584}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [{6B6141A3-BB1A-41BF-BCC3-9F20267008BF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{844FD5E4-CFB9-47C0-BAE4-F37563B616A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3F03719D-0D70-49F9-BE31-9B961C594AF3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe FirewallRules: [{8C2F8CEF-97A4-4BC9-AC38-ACD7600FC450}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe FirewallRules: [TCP Query User{60D97222-60C8-4721-A549-F2BC8CE0D9F6}C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe FirewallRules: [UDP Query User{E41C662D-A144-45A7-A79D-4F28CFDD6366}C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe FirewallRules: [TCP Query User{21397792-FFFF-484A-B053-83685DF2CE4E}C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe FirewallRules: [UDP Query User{DDC14A35-D927-4729-89BB-E3C04F4690B3}C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe FirewallRules: [TCP Query User{D9760706-6E38-477F-A5AA-765C25EFBABC}C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe FirewallRules: [UDP Query User{6EB0377E-BA3D-49FC-A414-A45ECA1EE984}C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe FirewallRules: [{8552312C-24D0-4F08-A387-B6F239E08173}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C1D56AFB-646F-4EA9-BBDE-8BA17A9F2273}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F708BCFC-F7AF-4F9B-B7FB-089DA8D1EECF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\H1Z1\LaunchPad.exe FirewallRules: [{73D6BD9A-0FCC-4F84-942D-CC3FDBAD100A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\H1Z1\LaunchPad.exe FirewallRules: [TCP Query User{1D118656-026F-4CE9-A27F-B2F486D5A53E}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe FirewallRules: [UDP Query User{AA7BF51D-3402-4E56-A534-1E752155766A}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe FirewallRules: [{37019DC9-570B-4CCC-B94C-50897D2DA95D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{25DF0D29-1B44-4D02-B585-FCDF0486C3F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{75A949E1-0134-4D74-8BDC-71B8F95DFCB0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{3CA40634-32B4-444A-ABB2-FE3232AB8D0D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{F50FA406-D8F1-44D7-B9F3-18257AF67200}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{2E5AF936-9942-44B3-A3D3-5D20E14B249D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{66A59B80-49CB-453B-A66C-D97104987A5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{AFFF18AF-5D33-4F6D-A13C-E2925AC197C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{3AF5ED32-46B1-4D4E-A083-FF49BD7A14C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{F21BC914-5482-4FE0-87EA-A52196CCEAB6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{0D8EC4FF-DFF3-4168-900A-3FC1F15C3C23}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{EB165A94-521D-41C6-A91A-F8B2B70D637C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{40879B58-6BD6-4105-8FE4-16B9FBDCBA4F}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{F9C58152-F2D7-4BA8-832D-4838BFF3717F}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{5BFF197C-C321-43FE-9236-18AD10024E15}] => (Allow) D:\SteamLibrary\steamapps\common\DB Xenoverse\DBXV.exe FirewallRules: [{E55D0710-5D1A-44A5-9932-7BF1FDAEB93C}] => (Allow) D:\SteamLibrary\steamapps\common\DB Xenoverse\DBXV.exe FirewallRules: [TCP Query User{6D34A749-4F0D-480D-8F35-7183C0C11C8D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{9DB582BC-ABFE-4396-93FB-439F9EA5814A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{5649FFB7-471D-445A-9341-ACC98272399F}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{17FF3C34-1AF7-4E06-BFF8-C70F86B952AF}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe FirewallRules: [{1C607BE2-95CE-470D-85CD-B467C27EB5C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rise_of_Incarnates\exe\roi.exe FirewallRules: [{BC8E521D-4121-4916-B2F5-FA082013E20B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rise_of_Incarnates\exe\roi.exe FirewallRules: [{0EEC40A1-5E9E-4511-B111-039452DF95E0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{1CBB0977-084C-4C71-85F7-81CDB34A0ECF}] => (Allow) LPort=2869 FirewallRules: [{F2FF8E45-2A75-41BE-A836-0C09B3988C26}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{377A54A0-1BF9-40FD-8B2C-EBEDFF8FD693}D:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3.exe FirewallRules: [UDP Query User{0AD374A8-F4DC-4527-A9A2-0766762EDD7C}D:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3.exe FirewallRules: [{0445D3B0-F1E4-4487-B99F-CB8366490FC4}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{DECE0114-7C14-4B7C-98DA-561BC74AD1C5}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{D9E2514E-2AFF-40D4-B5AF-991EC74C5985}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{92F4A586-1EA7-4704-8E1D-93413A8B42F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{B640279F-3966-4428-AC82-3E90B423AEDB}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [{A99ED824-8967-42C8-9350-DBA9DB9DA797}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [TCP Query User{A74416E9-F5ED-48A7-8562-675CEA3AC4E5}D:\steamlibrary\steamapps\common\naruto shippuden ultimate ninja storm revolution\nsunsr.exe] => (Allow) D:\steamlibrary\steamapps\common\naruto shippuden ultimate ninja storm revolution\nsunsr.exe FirewallRules: [UDP Query User{2507676A-1817-4E5F-B663-785D817B0157}D:\steamlibrary\steamapps\common\naruto shippuden ultimate ninja storm revolution\nsunsr.exe] => (Allow) D:\steamlibrary\steamapps\common\naruto shippuden ultimate ninja storm revolution\nsunsr.exe FirewallRules: [{476361C1-A6C3-4964-A669-D8582903BDE1}] => (Allow) D:\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MK10.exe FirewallRules: [{F8C6AE0A-B9B6-4460-B9CD-D313ECA4DC68}] => (Allow) D:\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MK10.exe FirewallRules: [{9FB4B405-4929-4243-9377-DFF441BBB95E}] => (Allow) D:\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe FirewallRules: [{20A82327-B2D9-488C-9CE3-418E1C969D60}] => (Allow) D:\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe FirewallRules: [TCP Query User{263F73BD-C904-4A79-AF49-FD1EC8E5B3AA}D:\record\aufmweeknd\cubase 8\cubase le ai elements 8.exe] => (Allow) D:\record\aufmweeknd\cubase 8\cubase le ai elements 8.exe FirewallRules: [UDP Query User{9FE91F89-4AC9-4FDE-87FD-08A57658965C}D:\record\aufmweeknd\cubase 8\cubase le ai elements 8.exe] => (Allow) D:\record\aufmweeknd\cubase 8\cubase le ai elements 8.exe FirewallRules: [TCP Query User{8D768759-68FA-416A-914F-2B9AEA0220BE}D:\record\aufmweeknd\cubase 8\components\vstbridgeapp.exe] => (Allow) D:\record\aufmweeknd\cubase 8\components\vstbridgeapp.exe FirewallRules: [UDP Query User{1DB0B156-8005-4AD5-ADA7-37A471F7DF4E}D:\record\aufmweeknd\cubase 8\components\vstbridgeapp.exe] => (Allow) D:\record\aufmweeknd\cubase 8\components\vstbridgeapp.exe FirewallRules: [TCP Query User{DB5132A5-140F-4B98-8A7C-997BDAD59FDD}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Block) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [UDP Query User{03AC3A54-6A7D-420E-8BFC-349C04DC45E3}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Block) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [{5C24AB19-79DE-4E33-9FC1-2AADB192318B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{14F164FD-7073-48D0-B075-A4847297E187}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BAC0E481-4854-46CB-A7CA-E2C2E0526A5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F76FD1E5-9102-4364-A387-4C8D7B6799BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{06EA2D63-06E8-417C-96EB-9FF46642AE93}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{BB5651F9-00BC-4543-BD54-6F45A878D4EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{B348501C-0AB5-4C06-B398-446ED4C822D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{A6FADAC1-A831-4F7A-B8DC-8B44B5EA8178}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [UDP Query User{161A845C-9CAE-4726-B6A9-CC3480575C7A}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [{C8C713FC-3805-401A-882D-D398F6F69691}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [{DFEA3B01-2974-48F0-88A2-CBC0B2F79A98}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [{307F54D6-0EB4-470C-B3C7-A1E84A4E8D15}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{52182D40-FD05-4679-8506-4FA61B977422}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe ==================== Wiederherstellungspunkte ========================= 19-12-2015 00:45:04 Windows Update 22-12-2015 12:47:07 Windows Update 25-12-2015 16:42:31 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/25/2015 04:44:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Ausnahmecode: 0x40000015 Fehleroffset: 0x00093534 ID des fehlerhaften Prozesses: 0x550 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Error: (12/25/2015 04:41:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/25/2015 12:21:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (12/24/2015 11:27:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Ausnahmecode: 0x40000015 Fehleroffset: 0x00093534 ID des fehlerhaften Prozesses: 0x754 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Error: (12/24/2015 11:25:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/24/2015 02:01:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Ausnahmecode: 0x40000015 Fehleroffset: 0x00093534 ID des fehlerhaften Prozesses: 0x594 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Error: (12/24/2015 01:58:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/24/2015 12:02:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/23/2015 11:39:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (12/23/2015 03:03:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Ausnahmecode: 0x40000015 Fehleroffset: 0x00093534 ID des fehlerhaften Prozesses: 0xa9c Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Systemfehler: ============= Error: (12/25/2015 05:26:36 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy3" den Befehl "chkdsk" aus. Error: (12/25/2015 04:44:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/25/2015 04:42:31 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy3" den Befehl "chkdsk" aus. Error: (12/25/2015 04:40:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Digital Wave Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (12/24/2015 11:27:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/24/2015 11:23:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Digital Wave Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (12/24/2015 03:39:07 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy3" den Befehl "chkdsk" aus. Error: (12/24/2015 02:01:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/24/2015 01:56:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Digital Wave Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (12/24/2015 12:00:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Digital Wave Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 CodeIntegrity: =================================== Date: 2015-07-28 10:54:27.570 Description: Die Integrität der Datei "\Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2015-07-28 10:54:27.453 Description: Die Integrität der Datei "\Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2015-07-28 10:54:27.300 Description: Die Integrität der Datei "\Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2015-07-28 10:54:27.185 Description: Die Integrität der Datei "\Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2014-12-13 12:49:25.557 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-12-13 12:49:25.526 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz Prozentuale Nutzung des RAM: 21% Installierter physikalischer RAM: 16320.14 MB Verfügbarer physikalischer RAM: 12803.96 MB Summe virtueller Speicher: 32638.48 MB Verfügbarer virtueller Speicher: 28676.3 MB ==================== Laufwerke ================================ Drive c: (OSDisk) (Fixed) (Total:200 GB) (Free:24.74 GB) NTFS Drive d: () (Fixed) (Total:731.02 GB) (Free:538.06 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F1AD0888) Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=731 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
25.12.2015, 17:40 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. Bitte noch den Scan machen: Schritt 1 Bitte lade Dir herdprotect von Reason Software (portable edition) auf Deinen Desktop.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
26.12.2015, 04:16 | #13 |
| Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor.Code:
ATTFilter Saved date: 26.12.2015 04:16:04 Files detected: 18 Files scanned: 2.054 Processes scanned: 61 Modules scanned: 641 ASEPs scanned: 398 Downloads scanned: 0 Deep analysis: 2/0 --------------------------------------------------------------------------------- Files --------------------------------------------------------------------------------- File path: c:\program files (x86)\asus\axsp\1.02.00\pebiosinterface32.dll Publisher: MD5: 77215e13f2051f71a7b0dc9ec2bc8818 SHA-1: 64f544b51adaa5e87ee92c1531a0b45379d08ea8 Created: 05.09.2014 15:58:00 Detections: 2 Determination: Inconclusive - Trend Micro House Call as PAK_Generic.005 (Ignore) - Trend Micro as PAK_Generic.005 (Ignore) --------------------------------------------------------------------------------- File path: c:\windows\system32\drivers\taphss6.sys Publisher: Anchorfree Inc. Signer: AnchorFree Inc MD5: bcf5e78e87d258088346e399e406e501 SHA-1: 288edfcbc6a26a3fad917aeb6523a686880f9bbe Created: 17.05.2014 02:42:38 Detections: 1 Determination: Adware - Reason Heuristics as PUP.Optional.AnchorFree.K (Adware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\appdata\local\temp\is-9rpnl.tmp\netlogger.exe Publisher: DVDVideoSoft Ltd. Signer: DVDVideoSoft Ltd. MD5: 181679fb675cb7c5bd667c8a2337f97b SHA-1: 10cade20a25e2e42ace7d9f40f4fe452a541d90d Created: 25.12.2015 17:25:10 Detections: 2 Determination: Inconclusive - Malwarebytes as PUP.Optional.DVDVideoSoft.A (Adware) - Dr.Web as Adware.Toolbar.270 (Adware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\appdata\local\temp\is-rlb4i.tmp\dvssyshelper.dll Publisher: DVDVideoSoft Ltd. Signer: Digital Wave Ltd MD5: 64d3bbdc6f52e6aad7b63acb49cfb3f1 SHA-1: 7b00d22f6d7ea65bb89a7fb28d62dd0eecc2a308 Created: 13.12.2015 22:38:33 Detections: 1 Determination: Inconclusive - AVG as Generic (Undefined malware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\appdata\local\temp\is-rlb4i.tmp\tier0.dll Publisher: DVDVideoSoft Ltd. Signer: Digital Wave Ltd MD5: 8aa389ad2a44218d597165dd924cc0dc SHA-1: 5cf1519718b14e733751bc106560cfe3ff9b4cb9 Created: 13.12.2015 22:38:34 Detections: 1 Determination: Inconclusive - AVG as Generic (Undefined malware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\appdata\local\temp\is-qbfom.tmp\dvssyshelper.dll Publisher: DVDVideoSoft Ltd. Signer: Digital Wave Ltd MD5: 64d3bbdc6f52e6aad7b63acb49cfb3f1 SHA-1: 7b00d22f6d7ea65bb89a7fb28d62dd0eecc2a308 Created: 13.12.2015 22:41:32 Detections: 1 Determination: Inconclusive - AVG as Generic (Undefined malware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\appdata\local\temp\is-qbfom.tmp\tier0.dll Publisher: DVDVideoSoft Ltd. Signer: Digital Wave Ltd MD5: 8aa389ad2a44218d597165dd924cc0dc SHA-1: 5cf1519718b14e733751bc106560cfe3ff9b4cb9 Created: 13.12.2015 22:41:33 Detections: 1 Determination: Inconclusive - AVG as Generic (Undefined malware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\appdata\local\temp\is-9rpnl.tmp\ocsetuphlp.dll Publisher: OpenCandy, Inc. Signer: OpenCandy Inc MD5: d878f5bbaa7c874e43bac478f7c65c53 SHA-1: 844eea84f0e8d58a212af8766755472ac449efa8 Created: 25.12.2015 17:25:29 Detections: 4 Determination: Adware - Reason Heuristics as PUP.Installer.OpenCandy.K (Adware) - ESET NOD32 as Win32/OpenCandy.A potentially unsafe application (Adware) - Malwarebytes as PUP.Optional.OpenCandy (Adware) - AhnLab V3 Security as PUP/Win32.OpenCandy (Adware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\appdata\local\microsoft\windows\temporary internet files\content.ie5\9hvcyvlr\frst64[1].exe Publisher: Farbar MD5: c2141bf2ec15512d82ca9ccbec8e7702 SHA-1: 9d54ba2e80c704ac7fcf599d7f820ae1ce4603b3 Created: 25.12.2015 17:25:05 Detections: 3 Determination: Inconclusive - Zillya! Antivirus as Trojan.Disfa.Win32.41659 (Undefined malware) - McAfee Web Gateway as BehavesLike.Win64.Generic.vc (Undefined malware) - Jiangmin as Trojan.Autoit.aw (Undefined malware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\downloads\notepad - chip-installer.exe Publisher: Signer: CHIP Digital GmbH MD5: efbc9db91f5564bd88438a679e878836 SHA-1: 19d4959c0a0c57b9dff03c61e9f4dda560d33679 Created: 16.09.2015 17:49:10 Detections: 1 Determination: Adware - Reason Heuristics as Win32.Generic (Undefined malware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\downloads\sublime text 2 - chip-installer.exe Publisher: Signer: CHIP Digital GmbH MD5: 891c470dee07cd1192fb0ff2ebdab341 SHA-1: e567e66e927ee403f047eb739e7a0d039ff00b09 Created: 16.09.2015 17:42:07 Detections: 1 Determination: Adware - Reason Heuristics as Win32.Generic (Undefined malware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\desktop\adwcleaner_5.025.exe Publisher: MD5: 1d749fc1137c46737f14edd47219fda3 SHA-1: fd75f0d79d772ae4c86d1bf281c9db9f06a52c93 Created: 20.12.2015 19:46:28 Detections: 2 Determination: Inconclusive - Bkav FE as W32.HfsAtITA (Undefined malware) - Qihoo 360 Security as HEUR/QVM11.1.Malware.Gen (Undefined malware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\desktop\frst64.exe Publisher: Farbar MD5: c2141bf2ec15512d82ca9ccbec8e7702 SHA-1: 9d54ba2e80c704ac7fcf599d7f820ae1ce4603b3 Created: 19.12.2015 12:58:35 Detections: 3 Determination: Inconclusive - Zillya! Antivirus as Trojan.Disfa.Win32.41659 (Undefined malware) - McAfee Web Gateway as BehavesLike.Win64.Generic.vc (Undefined malware) - Jiangmin as Trojan.Autoit.aw (Undefined malware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\desktop\mukke\prosounds ps-1 performance synthesizer v1.2\pro-sounds ps-1 v1.2 setup.exe Publisher: MD5: be9e8bbccb024a73cc19e1ba9140ac10 SHA-1: 54b20104e1ae02007922855aac6290e776ddce4b Created: 23.11.2014 22:18:37 Detections: 1 Determination: Inconclusive - Comodo Security as Heur.Packed.Unknown (Ignore) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\desktop\mukke\cubase ai 7\cubase le ai elements 7 for windows\additional content\copy protection driver\elicensercontrolsetup.exe Publisher: Steinberg Media Technologies GmbH Signer: Steinberg Media Technologies GmbH MD5: 3e51f8d205c9e3ecc04728e0d762a3c5 SHA-1: 5f608efc1f4e9eb024ce52e80405aa5993b4ff45 Created: 09.01.2015 18:13:21 Detections: 1 Determination: Inconclusive - Antiy Labs AVL as Trojan/Win32.TSGeneric (Undefined malware) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\desktop\frst-olderversion\frst64.exe Publisher: Farbar MD5: 2c8254127392f6141b50918fab337eb0 SHA-1: 0b361c4a164d2d7f2ed2a8c5eb7705f6cae7d7ea Created: 19.12.2015 12:58:35 Detections: 3 Determination: Inconclusive - Avira AntiVirus as TR/Dropper.Gen (Undefined malware) - Zillya! Antivirus as Trojan.Disfa.Win32.41659 (Undefined malware) - Jiangmin as Trojan.Autoit.aw (Undefined malware) --------------------------------------------------------------------------------- File path: c:\programdata\installmate\{6a206a04-6bc1-411b-aa04-4e52edeeadf2}\tsudll.dll Publisher: Tarma Software Research Pty Ltd Signer: Tarma Software Research Pty Ltd MD5: 1857130611ec555f0d0ca0ed34731121 SHA-1: fccd9eba37d3c0dd0d60713263527c15c62edea3 Created: 15.12.2014 20:55:51 Detections: 1 Determination: Inconclusive - Rising Antivirus as PE:Malware.XPACK/RDM!5.1 (Ignore) --------------------------------------------------------------------------------- File path: c:\users\dean bönkendorf\appdata\local\punkbuster\fc3\pb\pbcl.dll Publisher: MD5: a882b128e266a1084bd85e679fe2b496 SHA-1: 74c6186b50ed21f65f8142283c1b7d9284cd4a47 Created: 18.11.2014 01:30:04 Detections: 1 Determination: Inconclusive - Bkav FE as HW32.CDB (Undefined malware) |
26.12.2015, 17:10 | #14 | |
/// TB-Ausbilder /// Anleitungs-Guru | Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. Schritt 1 Download von ZOEK (by Smeenk)
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
26.12.2015, 18:57 | #15 |
| Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor.Code:
ATTFilter Zoek.exe v5.0.0.1 Updated 24-December-2015 Tool run by Dean Bönkendorf on 26.12.2015 at 18:17:16,92. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Dean Bönkendorf\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 26.12.2015 18:18:05 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Avira deleted successfully C:\PROGRA~2\Hi-Rez Studios deleted successfully C:\PROGRA~2\WinRAR deleted successfully C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\Hi-Rez Studios deleted successfully C:\Users\Dean Bönkendorf\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Dean Bönkendorf\AppData\Local\EmieSiteList deleted successfully C:\Users\Dean Bönkendorf\AppData\Local\EmieUserList deleted successfully C:\Users\Dean Bönkendorf\AppData\Local\Secunia PSI deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-330146135-2436004342-2132212847-1001\Software\Mozilla\Firefox\Extensions\cliqz@cliqz.com deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\DEANBN~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default user.js not found ---- Lines yahoo removed from prefs.js ---- user_pref("browser.search.hiddenOneOffs", "Yahoo,Amazon.de,eBay,LEO Eng-Deu,Wikipedia (de),DuckDuckGo"); ---- Lines smartbar removed from prefs.js ---- user_pref("smartbar.machineId", "PVNN6OTH3CQCTGIV5JKNA3AA8SCJVSYWFZDSZHV8HMLMOLPFKDGCZTCWF5IZWUID4WHAPCIC9NJT2BGP0/4B6A"); ---- FireFox user.js and prefs.js backups ---- prefs__1828_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Avira not found C:\PROGRA~2\Hi-Rez Studios not found C:\PROGRA~2\WinRAR not found C:\PROGRA~2\VstPlugins deleted C:\Users\Dean Bönkendorf\AppData\Roaming\Sublime Text 2 deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\Users\Dean Bönkendorf\AppData\Roaming\tmp_register.bat deleted C:\PROGRA~3\Lavasoft\Web Companion deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Users\Dean Bönkendorf\AppData\Local\Unity deleted C:\Users\Dean Bönkendorf\AppData\LocalLow\Unity deleted C:\windows\SysNative\config\systemprofile\Searches deleted C:\windows\Syswow64\Hotspot Shield deleted C:\Users\DEANBN~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\foxydeal.json deleted C:\Users\DEANBN~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\jetpack deleted C:\Users\DEANBN~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\CT1561552 deleted C:\Users\DEANBN~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default\extensions\youtubeunblocker@unblocker.yt deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 16321 MB CPU Info: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz CPU Speed: 3292,8 MHz Sound Card: Lautsprecher (Realtek High Defi | Realtek Digital Output (Realtek | Line (5- Steinberg UR22) | Display Adapters: NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; PnP-Monitor (Standard) | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SH-224DB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 200,0GB | D: 731,0GB Hard Disks - Free: C: 24,2GB | D: 538,1GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 06/16/14 | ALASKA - 1072009 Time Zone: Mitteleuropäische Zeit Motherboard *: ASUSTeK COMPUTER INC. H81M-PLUS Country: Deutschland Language: DEU ==== System Specs (Software) ====================== AV: Emsisoft Anti-Malware *Enabled/Updated* {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9} SP: Emsisoft Anti-Malware *Enabled/Updated* {9425001D-A331-13F4-34E6-D05C71B96A74} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Firefox 42.0 Internet Explorer Version: 11.0.9600.18124 Mozilla Firefox version: 43.0 (x86 de) Adobe Reader version: 15.9.20077.160923 Flash Player version: 20.0.0.235 ==== Files Recently Created / Modified ====================== ====== C:\windows ==== ====== C:\Users\DEANBN~1\AppData\Local\Temp ==== 2015-12-22 12:33:13 560EDC0912BDB68290930E2542823A24 135760 ----a-w- C:\Users\Dean Bönkendorf\AppData\Local\Temp\ehdrv.sys 2015-12-13 12:25:22 4424E0212B64F6A00743A4A88C53B436 573440 ----a-r- C:\Users\Dean Bönkendorf\AppData\Local\Temp\Rar$DRa0.776\RoomMachine844\RoomMachine844.dll ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== ====== C:\windows\Sysnative\drivers ===== 2015-12-09 17:19:16 5BD6B1EC997FF3DD779D62E05D2079A8 146944 ----a-w- C:\windows\Sysnative\drivers\rmcast.sys ====== C:\windows\Tasks ====== ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2015-12-25 22:35:36 -------- d-----w- C:\Program Files\Reason 2015-11-29 01:20:17 -------- d-----w- C:\Program Files\Microsoft Silverlight ======= C:\PROGRA~2 ===== 2015-12-13 21:39:26 -------- d-----w- C:\PROGRA~2\FreeCodecPack 2015-12-13 21:39:24 -------- d-----w- C:\PROGRA~2\DVDVideoSoft 2015-12-13 17:10:40 -------- d-----w- C:\PROGRA~2\Dropbox 2015-11-29 01:20:17 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight ======= C: ===== ====== C:\Users\Dean Bönkendorf\AppData\Roaming ====== 2015-12-13 17:11:14 -------- d-----w- C:\Users\Dean Bönkendorf\AppData\Roaming\Dropbox 2015-12-13 17:10:30 -------- d-----w- C:\Users\Dean Bönkendorf\AppData\Local\Dropbox ====== C:\Users\Dean Bönkendorf ====== 2015-12-26 03:13:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect 2015-12-26 03:13:41 BD8367441E171C264561DD57A799851F 2210096 ----a-w- C:\Users\Dean Bönkendorf\Desktop\herdProtectScan_32Setup.exe 2015-12-26 00:17:35 E8CD7D40AC25AB4E28DF71CCB55B0579 2827152 ----a-w- C:\Users\Dean Bönkendorf\Desktop\herdProtectScan_Portable.exe 2015-12-22 12:16:12 87A629D7463BCEB2A02CA143EB2DEFF8 2870984 ----a-w- C:\Users\Dean Bönkendorf\Desktop\esetsmartinstaller_deu.exe 2015-12-22 12:13:16 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\Dean Bönkendorf\Desktop\mbam-setup-2.2.0.1024.exe 2015-12-20 18:46:28 1D749FC1137C46737F14EDD47219FDA3 1740288 ----a-w- C:\Users\Dean Bönkendorf\Desktop\AdwCleaner_5.025.exe 2015-12-19 11:58:35 C2141BF2EC15512D82CA9CCBEC8E7702 2370560 ----a-w- C:\Users\Dean Bönkendorf\Desktop\FRST64.exe 2015-12-13 17:12:42 -------- d-----r- C:\Users\Dean Bönkendorf\Dropbox 2015-12-13 17:10:30 -------- d-----w- C:\ProgramData\Dropbox 2015-11-29 01:20:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ====== C: exe-files == 2015-12-26 17:14:53 FB43242146FF12BD2C286A764CD1C41E 147624 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe 2015-12-26 17:14:01 74E9B5DEE99CF751FEE42D5B053FBD54 4010016 ----a-w- C:\Program Files (x86)\Secunia\PSI\SUA\7a6b18f2599b22530bbb77ea127e4ef288ffb292\PSISetup.exe 2015-12-26 17:13:58 91C61932F3FC184AA837F46A8F7E782A 85381120 ----a-w- C:\Program Files (x86)\Secunia\PSI\SUA\24189fa47a6733b8c1ca882a15cab70826d5525c\Firefox_43.0-38.5.0esr_de_32-bit_SPS.exe 2015-12-26 03:13:47 764BB9BB1B7EE64AC713920B79E7AA7F 134311 ----a-w- C:\Program Files\Reason\herdProtect\Scanner\Uninstall.exe 2015-12-26 03:13:41 BD8367441E171C264561DD57A799851F 2210096 ----a-w- C:\Users\Dean Bönkendorf\Desktop\herdProtectScan_32Setup.exe 2015-12-26 00:17:35 E8CD7D40AC25AB4E28DF71CCB55B0579 2827152 ----a-w- C:\Users\Dean Bönkendorf\Desktop\herdProtectScan_Portable.exe 2015-12-26 00:16:37 7850E96B6B8196E13B1F0DB8A376EC21 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-330146135-2436004342-2132212847-1001\$IMGUDJQ.exe 2015-12-25 22:35:10 E8CD7D40AC25AB4E28DF71CCB55B0579 2827152 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-330146135-2436004342-2132212847-1001\$RMGUDJQ.exe 2015-12-25 16:25:05 C2141BF2EC15512D82CA9CCBEC8E7702 2370560 ----a-w- C:\Users\Dean Bönkendorf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HVCYVLR\FRST64[1].exe 2015-12-25 04:08:08 3C1C36E83606D277DEB2E8B7E1BAA98A 48452208 ----a-w- C:\Users\Dean Bönkendorf\AppData\Local\Spotify\Update\spotify_installer-1.0.20.101.ge6957e14-48.exe 2015-12-24 22:29:35 DD3A361397510929971971961205B406 600080 ----a-w- C:\Users\Dean Bönkendorf\AppData\Local\NVIDIA\NvBackend\Packages\00008472\CoProc update.20288251.exe 2015-12-22 13:16:37 A217C899ADEE4D9112E629782B02FE09 1268256 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\H1Z1\BattlEye\BEService_x64.exe 2015-12-22 13:16:37 6A797BF5C382517EFD7368A68BD20176 597536 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\H1Z1\H1Z1_BE.exe 2015-12-22 12:16:12 87A629D7463BCEB2A02CA143EB2DEFF8 2870984 ----a-w- C:\Users\Dean Bönkendorf\Desktop\esetsmartinstaller_deu.exe 2015-12-22 12:13:16 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\Dean Bönkendorf\Desktop\mbam-setup-2.2.0.1024.exe 2015-12-20 18:46:28 1D749FC1137C46737F14EDD47219FDA3 1740288 ----a-w- C:\Users\Dean Bönkendorf\Desktop\AdwCleaner_5.025.exe === C: other files == 2015-12-25 18:18:39 FC51A50126851A05FE24C11C818E7DB5 69675 ----a-w- C:\Users\Dean Bönkendorf\AppData\Roaming\TS3Client\crashdumps\ts3dump_1451067519478.zip 2015-12-22 12:33:13 560EDC0912BDB68290930E2542823A24 135760 ----a-w- C:\Users\Dean Bönkendorf\AppData\Local\Temp\ehdrv.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-330146135-2436004342-2132212847-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Dean Bönkendorf\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "WinPatrol"="C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot" "BingSvc"="C:\Users\Dean Bönkendorf\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon" "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Dean Bönkendorf\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "WinPatrol"="C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot" "BingSvc"="C:\Users\Dean Bönkendorf\AppData\Local\Microsoft\BingSvc\BingSvc.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d=60" ==== Startup Folders ====================== 2014-12-15 19:56:33 1112 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk 2015-04-08 13:48:49 2234 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\DEANBN~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default user_pref("browser.startup.homepage", "google.de"); user_pref("browser.search.selectedEngine", "Bing "); user_pref("keyword.URL", "hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q="); ==== Firefox Extensions ====================== ProfilePath: C:\Users\DEANBN~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default - Bing Search - %ProfilePath%\extensions\bingsearch.full@microsoft.com.xpi - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Dean Bönkendorf\AppData\Roaming\Mozilla\Firefox\Profiles\wvv62h7l.default 5DF56521E8985BFD8F21A3D97A4D4574 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions flliilndjeohchalpbbcdekjklbdgfkk - No path found[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-de" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-de" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - hxxp://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== shortcuts on Users Desktops ====================== C:\Users\Dean Bönkendorf\Desktop\Cubase LE AI Elements 8 64bit.lnk - D:\record\aufmweeknd\Cubase 8\Cubase LE AI Elements 8.exe C:\Users\Dean Bönkendorf\Desktop\mbamlog.lnk - C:\mbamlog.txt C:\Users\Dean Bönkendorf\Desktop\Spotify.lnk - C:\Users\Dean Bönkendorf\AppData\Roaming\Spotify\spotify.exe C:\Users\Dean Bönkendorf\Desktop\eigene mukke\eigene mukke - Verknüpfung.lnk - C:\Users\Dean Bönkendorf\Desktop\eigene mukke C:\Users\Dean Bönkendorf\Desktop\GAMES\Dragon Age Origins.lnk - D:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe C:\Users\Dean Bönkendorf\Desktop\GAMES\FIFA 15.lnk - D:\Program Files (x86)\Origin Games\FIFA 15\fifa15.exe C:\Users\Dean Bönkendorf\Desktop\GAMES\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe C:\Users\Dean Bönkendorf\Desktop\GAMES\Heroes of the Storm.lnk - C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe C:\Users\Dean Bönkendorf\Desktop\GAMES\Metin2.lnk - C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe "C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\Metin2.exe" -start Metin2 C:\Users\Dean Bönkendorf\Desktop\PcSachen\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Avira Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\SecurityCenter.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Avira.lnk - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui C:\Users\Dean Bönkendorf\Desktop\PcSachen\BPM Counter.lnk - C:\Program Files (x86)\Abyssmedia\BPM Counter\bpmcounter.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Browserwahl.lnk - C:\Windows\System32\browserchoice.exe /launch C:\Users\Dean Bönkendorf\Desktop\PcSachen\Canon MX470 series On-Screen-Handbuch.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MX470 SERIES\German\Info.egv" C:\Users\Dean Bönkendorf\Desktop\PcSachen\Canon Quick Menu.lnk - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE C:\Users\Dean Bönkendorf\Desktop\PcSachen\Cubase LE AI Elements 7 64bit.lnk - C:\Program Files (x86)\Steinberg\Cubase LE AI Elements 7\Cubase LE AI Elements 7.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Dropbox.lnk - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /home C:\Users\Dean Bönkendorf\Desktop\PcSachen\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\eLicenser Control Center.lnk - C:\Program Files (x86)\eLicenser\eLCC\eLCC.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Free Audio Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Audio Converter\FreeAudioConverter.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Gameforge Live.lnk - C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Hotspot Shield.lnk - C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.285\mcuicnt.exe SecurityScanner.dll C:\Users\Dean Bönkendorf\Desktop\PcSachen\OpenOffice 4.1.1.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\OpenOffice 4.1.2.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Origin.lnk - D:\Origin\Origin.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Skype.lnk - C:\windows\Installer\{6A0549A9-1B96-498C-ACBC-3943001FEB19}\SkypeIcon.exe C:\Users\Dean Bönkendorf\Desktop\PcSachen\Uplay.lnk - D:\Ubisoft Game Launcher\Uplay.exe C:\Users\Dean Bönkendorf\Desktop\SAUBERESACHE\ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe C:\Users\Dean Bönkendorf\Desktop\SAUBERESACHE\Xleaner.lnk - D:\Xleaner\Xleaner.exe C:\Users\Dean Bönkendorf\Desktop\SAUBERESACHE\Emisoft\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe C:\Users\Dean Bönkendorf\Desktop\SAUBERESACHE\Malswarebytes\ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe C:\Users\Dean Bönkendorf\Desktop\SAUBERESACHE\spywareblaster\SpywareBlaster.lnk - C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\FIFA 16.lnk - D:\Program Files (x86)\Origin Games\FIFA 16\fifa16.exe C:\Users\Public\Desktop\herdProtect.lnk - C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\TeamSpeak 3 Client\ts3client_win64.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\windows\Installer\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free Audio Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Audio Converter\FreeAudioConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\PremiumMembershipOffer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16\FIFA 16 Endbenutzer-Lizenzvertrag.lnk - D:\Program Files (x86)\Origin Games\FIFA 16\Support\eula\de_DE_eula.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16\FIFA 16.lnk - D:\Program Files (x86)\Origin Games\FIFA 16\fifa16.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16\Kundendienst.lnk - D:\Program Files (x86)\Origin Games\FIFA 16\Support\EA Help\Kundendienst.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16\Readme.lnk - D:\Program Files (x86)\Origin Games\FIFA 16\Support\readme\readme.de.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FIFA 16.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect\herdProtect Scanner.lnk - C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect\Uninstall herdProtect.lnk - C:\Program Files\Reason\herdProtect\Scanner\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\de.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Base.lnk - C:\Program Files (x86)\OpenOffice 4\program\sbase.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Calc.lnk - C:\Program Files (x86)\OpenOffice 4\program\scalc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Draw.lnk - C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Impress.lnk - C:\Program Files (x86)\OpenOffice 4\program\simpress.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Math.lnk - C:\Program Files (x86)\OpenOffice 4\program\smath.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Writer.lnk - C:\Program Files (x86)\OpenOffice 4\program\swriter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="C:\ProgramData\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine 3\SteelSeries Engine 3.lnk - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="C:\ProgramData\SteelSeries\SteelSeries Engine 3" -dbEnv=production C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine 3\Uninstall SteelSeries Engine 3.lnk - C:\Program Files\SteelSeries\SteelSeries Engine 3\uninst.exe ==== shortcuts in Quick Launch ====================== C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk - C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Spotify.lnk - C:\Users\Dean Bönkendorf\AppData\Roaming\Spotify\spotify.exe C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TeamSpeak 3 Client.lnk - D:\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Dean Bönkendorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dean Bönkendorf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dean Bönkendorf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Dean Bönkendorf\AppData\Local\Mozilla\Firefox\Profiles\wvv62h7l.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Dean Bönkendorf\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1787 folders=188 96458841 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\temp emptied successfully C:\Users\Dean Bönkendorf\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\DEANBN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on 26.12.2015 at 18:55:58,36 ====================== |
Themen zu Bei PC-Start öffnet sich immer ein Fenster. Pc ist langsamer als zuvor. |
avira, bonjour, combofix, converter, cubase, defender, dnsapi.dll, downloader, firefox, flash player, gesperrt, home, homepage, installmanager.exe, mozilla, programm, prozesse, realtek, registry, scan, security, services.exe, software, svchost.exe, system, temp, udp, windows |