|
Plagegeister aller Art und deren Bekämpfung: RunDLL Drum PartyWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.12.2015, 16:21 | #1 |
| RunDLL Drum Partydas ist mein problem und ich weiß wirklich nicht weiter was ich machen soll, ich bitte daher um hilfe. |
27.12.2015, 17:58 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | RunDLL Drum PartyMein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
27.12.2015, 19:01 | #3 |
| RunDLL Drum Party Addition
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-12-2015 durchgeführt von GeCore BLokk (2015-12-27 18:57:40) Gestartet von C:\Users\GeCore BLokk\Downloads Windows 10 Home (X64) (2015-08-06 06:21:18) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2430134752-78364981-2157180895-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2430134752-78364981-2157180895-503 - Limited - Disabled) Gast (S-1-5-21-2430134752-78364981-2157180895-501 - Limited - Disabled) GeCore BLokk (S-1-5-21-2430134752-78364981-2157180895-1000 - Administrator - Enabled) => C:\Users\GeCore BLokk ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE) 8GadgetPack (HKLM-x32\...\{CA2865AD-EFF4-44F0-A2C9-DCDC0A90F27E}) (Version: 14.0.0 - Helmut Buhler) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.) AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies) AVG (Version: 16.12.7303 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4489 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.13.1.47453 - AVG Technologies) AVG PC TuneUp (x32 Version: 16.13.3 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.12.7303 - AVG Technologies) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.4.155 - AVG Technologies) AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch) Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward) Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward) CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse Client (HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Drum Party (HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\{0D7FCA75-A845-7102-AADE-724AC3C76D28}) (Version: 1.1.7 - Rest Video corp) <==== ACHTUNG Easy Tune 6 B12.0402.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B12.0402.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden Free M4a to MP3 Converter 8.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation) NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation) NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) Opera Stable 34.0.2036.25 (HKLM-x32\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.5.11.2855 - Electronic Arts, Inc.) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Project CARS (HKLM-x32\...\Steam App 234630) (Version: - Slightly Mad Studios) SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Unity Web Player (HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS) UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 3.64 - UNKNOWN) Warcraft Logs Uploader (x32 Version: 3.64 - UNKNOWN) Hidden Windows Repair Toolbox version 1.1.0.0 (HKLM-x32\...\{A8D7DA31-9E70-437D-97C4-C4887752E029}_is1) (Version: 1.1.0.0 - Alexandre Miguel Canotilho Coelho) WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) World of Warships (HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net) XSplit Gamecaster (HKLM-x32\...\{5D4FFB43-7F0E-45DD-842D-AC50E03D82E5}) (Version: 2.6.1510.0741 - SplitmediaLabs) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2430134752-78364981-2157180895-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\GeCore BLokk\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {04FBA566-EAF8-4C44-8C00-3A0F9BD33D02} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {07026CC2-7725-4610-BFFD-4FE484772248} - System32\Tasks\Drum Party => Rundll32.exe "C:\Users\GeCore BLokk\AppData\Local\Drum Party\{6BA90FA8-DE46-F54C-6E86-EC52DFDC3DD4}\DrumParty.dll",#1 <==== ACHTUNG Task: {13840822-D3B3-405E-A609-26740C71A58C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {159BCA46-0957-4C8F-A8A9-6CCDE6F1C338} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {1668078D-E568-44E3-86FF-2CE56E80754C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {1DC37D0E-FC18-48DC-90A3-B156890633A1} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {217EFC6C-1411-4A78-B707-98C37F1DC9C0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {228A8398-7F24-4C7E-8416-F6C7BAB0DEE4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {24CC227F-097E-4F4A-B1A0-DCB2A5696E27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {25E035A5-6611-4286-A8DF-0DDE435D845E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {262B0C17-6A93-4A10-B20D-60DFD03481B5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {2A900291-247E-42FB-A5CE-453DBEFF168F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {33B5D3B1-598E-4C08-ABD9-5016021563C8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe [2015-12-09] (Adobe Systems Incorporated) Task: {36752F2F-E53E-4A05-A3F6-0C88E0627C97} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {38DCAEA7-52CB-4AA2-AC70-C5578BB15D04} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {3DB3A1E6-6AE4-4B3F-8EBF-95C09AE8457E} - System32\Tasks\Drum Party2 => Rundll32.exe "C:\Users\GeCore BLokk\AppData\Local\Drum Party\{6BA90FA8-DE46-F54C-6E86-EC52DFDC3DD4}\baibwfni.dll",#1 <==== ACHTUNG Task: {406F3C4C-8C13-4A8C-BB7B-AF7469DC9AD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.) Task: {42E86957-8D6F-42E9-8813-512A897C3FDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {55586A92-200F-419D-8D65-1732B28F22D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd) Task: {58310492-62C6-4143-9D29-59D567989A2E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {5AA24C9D-6F65-401F-8C8B-8283E4915E15} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5D214892-FD3D-450B-99FC-9157B8589599} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {642BD9E8-F8B6-4469-B2CC-CA18902FDB0B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {6BDB2E00-6A7B-4424-8204-1FB1B1C1620F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {72D3DE8F-B62B-4932-B565-5752DB438F89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.) Task: {79A612B6-D565-48F4-85B5-527CA9DF2E0F} - System32\Tasks\0915avUpdateInfo => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe Task: {7BE8CB54-DFCC-4644-AF98-DB29BFDFC956} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {7DFBFA5B-4C2D-49CD-B503-0273FF31AB89} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {7F8AD525-CA96-4C50-8DB9-2451338E3D65} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {8CD5DED2-0055-4E01-9AF0-EA6DB1194D45} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {8F2B5B62-6949-494D-B2DF-8EF90959B65B} - System32\Tasks\{37BD870B-DECB-4AE1-A0F9-C3E7899B90B6} => pcalua.exe -a "A:\Gams\Diablo III\Diablo III Launcher.exe" -d "A:\Gams\Diablo III" Task: {97418C94-8A72-46C5-ACAC-3CF7FB837143} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {994A75C3-A943-405D-B835-A6F631001675} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {9E6DD144-2432-467F-9E13-C76054E69C1F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-11] (Microsoft Corporation) Task: {A1F5EA3D-A90C-4021-A131-38A6A3869F67} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {A39FBF9C-CDFC-4A44-8F3D-CCE1F0AADB18} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {C3533D1E-6C80-4FE5-8A8B-6AAC68B0D305} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {D7E424C3-A09C-4BD9-B994-E1CC7804D44B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {DE3020F6-209F-4F5D-A69A-7D667D1B633A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {E8A04904-5A51-44D4-A958-F06897A1449C} - System32\Tasks\Opera scheduled Autoupdate 1443156149 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software) Task: {E8E99F9B-A7D1-4397-8EA7-F69A6ABE37FC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {EA35EFB9-6284-4798-9DDB-683EE3244E0F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {EC947AB1-0C98-4C69-9819-CCB3752E7D15} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {ED40C504-B63C-4CC6-8515-3E78A7329073} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2015-12-11] (AVG Technologies CZ, s.r.o.) Task: {EFED5AAF-3907-4777-94ED-2CE5ECC5D902} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {F1778423-C58B-4BD3-9CC6-9D0A81F5F12D} - System32\Tasks\{92BB67F7-FCF3-446D-B23A-3D31629535DB} => pcalua.exe -a "C:\Program Files (x86)\PriceMinus\H4GZWbWq8r5YtC.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" "" Task: {F781C174-9CA6-42E4-9529-890379AB22D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-08-06 08:11 - 2015-08-06 08:11 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-12-15 20:43 - 2015-12-16 20:43 - 01164688 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe 2015-08-06 07:15 - 2015-12-16 15:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-08-28 15:12 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-12-18 17:38 - 2015-12-09 02:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2015-03-31 19:50 - 2015-11-04 20:26 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2015-10-01 16:36 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-01 16:36 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-10-01 16:36 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 11:59 - 2015-07-10 11:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2015-12-08 20:43 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-12-08 20:43 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-08 20:43 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-01 16:36 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 12:00 - 2015-07-10 17:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2015-08-19 18:10 - 2015-08-19 18:10 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-10-22 08:26 - 2015-10-22 08:26 - 00016384 _____ () C:\Users\GeCore BLokk\AppData\Local\Apps\2.0\J123QM4V.QLY\1NOR458Z.KLZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.WowDb.dll 2015-10-22 08:26 - 2015-10-22 08:26 - 00035840 _____ () C:\Users\GeCore BLokk\AppData\Local\Apps\2.0\J123QM4V.QLY\1NOR458Z.KLZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.Advertising.dll 2015-10-22 08:26 - 2015-10-22 08:26 - 00099840 _____ () C:\Users\GeCore BLokk\AppData\Local\Apps\2.0\J123QM4V.QLY\1NOR458Z.KLZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.CMOD2.dll 2014-02-28 10:14 - 2015-10-22 18:50 - 00175080 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll 2014-08-04 14:43 - 2015-10-22 18:50 - 00103400 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll 2014-08-04 14:43 - 2015-10-22 18:50 - 00108008 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll 2014-08-04 14:46 - 2015-10-22 18:50 - 00312296 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2014-08-04 14:46 - 2015-10-22 18:50 - 00362472 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\lua_plugin.dll 2014-08-04 14:46 - 2015-10-22 18:50 - 00483816 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll 2014-08-04 14:46 - 2015-10-22 18:50 - 00027752 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\test_plugin.dll 2014-06-05 14:48 - 2015-10-05 18:53 - 00317440 _____ () C:\Program Files\TeamSpeak 3 Client\ssleay32.dll 2014-06-05 14:48 - 2015-10-05 18:53 - 01709056 _____ () C:\Program Files\TeamSpeak 3 Client\LIBEAY32.dll 2015-06-15 09:28 - 2015-12-09 02:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-12-15 20:11 - 2015-12-15 20:11 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll 2015-12-10 14:30 - 2015-12-10 14:30 - 61547128 _____ () C:\Program Files (x86)\Opera\34.0.2036.25\opera.dll 2015-12-10 14:30 - 2015-12-10 14:29 - 01983096 _____ () C:\Program Files (x86)\Opera\34.0.2036.25\libglesv2.dll 2015-12-10 14:30 - 2015-12-10 14:29 - 00081528 _____ () C:\Program Files (x86)\Opera\34.0.2036.25\libegl.dll 2015-11-06 16:33 - 2015-11-06 16:33 - 00172032 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a93f0f4ae82ff4f730dd3b3c311656bb\IsdiInterop.ni.dll 2015-03-29 14:25 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-03-29 14:24 - 2011-12-16 09:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\libcef.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\libGLESv2.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00293040 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\ortp.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00909312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\platforms\qwindows.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\libEGL.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\imageformats\qgif.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\imageformats\qico.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\imageformats\qjpeg.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\imageformats\qmng.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\imageformats\qsvg.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\imageformats\qtiff.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00038400 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\audio\qtaudio_windows.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\qml\QtQuick.2\qtquick2plugin.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\qml\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-12-17 06:53 - 2015-12-17 06:53 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6526\qml\QtQml\Models.2\modelsplugin.dll 2015-03-31 16:19 - 2015-11-10 20:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-03-31 16:19 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-03-31 16:19 - 2015-12-14 21:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll 2015-03-31 16:19 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-03-31 16:19 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-03-31 16:19 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-03-31 16:19 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-03-31 16:19 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-03-31 16:19 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-03-31 16:19 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-03-31 16:19 - 2015-12-14 21:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-07-22 05:42 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll 2015-03-31 16:19 - 2015-11-17 01:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-03-31 16:19 - 2015-09-25 00:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2015-12-13 18:47 - 00000895 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2430134752-78364981-2157180895-1000\Control Panel\Desktop\\Wallpaper -> f:\bilder\14c0a541fa4dce25ec7d0e91478e56a0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "Sound+" HKLM\...\StartupApproved\Run: => "3D BubbleSound" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{B6BA4828-27C5-482D-8E28-F4D4BF841E01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{1E207FCD-F3BE-4FFE-A015-23E751AD5961}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{80389C83-CD5B-403A-ADDE-ECAAD0B59536}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{769745E4-D2EB-4ED1-AFE9-E29FCCFA8C52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{89050169-2F70-42BB-8D27-8AFFEDBA8874}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{81E56C26-5DE0-4F81-83AD-26B43D243E06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DE5358A0-AC4E-41CB-B636-46EF96E95B90}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{F182A5EC-8155-43F0-95A3-4C2FEF38250D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{218A4AD9-55EF-4B3F-A927-FC7483DC8D08}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{A0F4938F-78AC-4AB9-B984-36B4E797DFAB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{7E301577-9336-4E03-A69B-5A6FA33F4DCB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{78D654DE-484A-40D6-ADE1-211E023B5327}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F38CCDD5-F3A1-4A35-84A1-108D0D386356}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{5511D361-95F5-48EF-9845-A1DD5CA89058}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{C5562421-995E-42B9-A1AC-D5E5BB0FE901}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B2657F54-D529-4E18-BFFC-3FB6B7FF8E20}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{986E5893-D552-4A58-8B10-71DF409932A2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [UDP Query User{F0E2D565-0FDF-4816-979A-AE69F14F9EA9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{4F2CD84E-8040-4257-93CB-435FC035C9DD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{0829011E-EC75-4BBF-9AB7-7FA46CEFAA79}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{10F632E2-79DF-4E7E-96E2-E08E6A298F49}] => (Allow) A:\World of Warships\WoWSLauncher.exe FirewallRules: [{A128D40A-0B31-499F-BB84-0E99ABFA44F6}] => (Allow) A:\World of Warships\WorldofWarships.exe FirewallRules: [{6811E5F8-F347-48D8-B516-172EE007D21B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{5B21C40D-334C-47F1-B3EB-219A4BB85C5E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{69161853-14A8-45E3-B5A9-C096FB83A648}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{280C3365-47D7-4B2A-8ED6-EA1CB21371DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{DDB6FB12-2910-4976-8BE7-FFC325B01E60}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{714CC4C3-2D96-42A5-952C-1FF1EA39171B}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{02D373BA-84B4-4CC0-BEC2-428688AB8B15}] => (Allow) A:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{14694017-9C80-4E95-AEB9-2BB205C426DC}] => (Allow) A:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{5293907C-73E4-4833-8E44-4BFD942489EC}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{67838459-B3E5-4BC6-9267-96541C140CB9}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{F5B86897-79EE-4A1A-B8C5-D5DD28A7108C}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe FirewallRules: [{60F7B45D-364F-42E0-8E2E-C634554DA782}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe FirewallRules: [{CEAAE771-579A-49D6-AAD2-6C04247D37F3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{5CFB5618-5011-4CA6-9BD6-5F88308D474C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{A1E7BB74-144F-42E7-AC42-19BE4EE7A76E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F9E1281B-698E-47B6-AF5A-57EF11301C7E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{7BC5336D-9FF4-4A62-84F8-702A812A88DF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{76E13E56-6D3E-472E-BBA2-049B40F7DD73}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{BA63DEED-E888-4DAA-9B85-7E1148C58A70}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{60CD6979-C5F2-4359-93DC-6B8A6760DD9A}] => (Allow) A:\Battlefield 4\Battlefield 4\BF4WebHelper.exe FirewallRules: [{45A3EBA3-037C-44FE-BBB6-50A36AFE7710}] => (Allow) A:\Battlefield 4\Battlefield 4\BF4WebHelper.exe FirewallRules: [{C9BE3D28-D42A-4A09-B860-AED947FD63D2}] => (Allow) A:\Battlefield 4\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{26EB1FF3-78BD-46F2-8823-F9AF0062F42F}] => (Allow) A:\Battlefield 4\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{9130F931-84C3-480D-8AD7-3F60DBAAD10B}] => (Allow) A:\SteamLibrary\steamapps\common\pCars\pCARS64.exe FirewallRules: [{47D995A2-9508-4831-A663-3FEAFA253E6D}] => (Allow) A:\SteamLibrary\steamapps\common\pCars\pCARS64.exe FirewallRules: [{C333D068-4BA0-4461-B3CF-99D9FD4A3EFE}] => (Allow) A:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{DD56B918-31BB-4DB5-A363-D7CA5B9EBD70}] => (Allow) A:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{32832C20-3841-43C2-85ED-D1D06AF90E54}] => (Allow) A:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{D29E8DC5-D707-44A6-A822-57C895D35987}] => (Allow) A:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{724DC072-57D6-4596-B6CC-034C623F5CBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{294CDAE8-087E-4B3E-92A7-451D4193EFDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1EF14FE1-506F-471A-8FA3-1061294B6B23}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe FirewallRules: [{08290068-1704-4042-99BF-561E5A5B54FA}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe ==================== Wiederherstellungspunkte ========================= 22-12-2015 17:23:43 Removed XSplit Broadcaster 27-12-2015 10:45:20 Removed League of Legends ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/27/2015 11:11:55 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8 Error: (12/27/2015 11:11:55 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (12/27/2015 11:11:55 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8 Error: (12/27/2015 11:11:55 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll8 Error: (12/27/2015 11:11:55 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\WINDOWS\system32\esentprf.dll8 Error: (12/27/2015 11:11:55 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (12/27/2015 11:11:55 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8 Error: (12/27/2015 11:11:55 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8 Error: (12/27/2015 11:11:55 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (12/27/2015 11:11:54 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8 Systemfehler: ============= Error: (12/27/2015 10:17:51 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Xbox Live Authentifizierungs-Manager" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%0 Error: (12/27/2015 10:12:25 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/27/2015 10:10:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/27/2015 10:09:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/27/2015 10:09:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/27/2015 10:09:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/27/2015 10:09:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/27/2015 10:09:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/27/2015 10:09:43 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%2147749126 Error: (12/27/2015 10:09:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =================================== Date: 2015-12-27 09:53:10.044 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:53:10.027 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:49:41.966 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:49:41.949 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:43:49.577 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:43:49.561 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 23:22:28.893 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 23:22:28.880 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 23:19:06.785 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 23:19:06.772 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz Prozentuale Nutzung des RAM: 20% Installierter physikalischer RAM: 16342.86 MB Verfügbarer physikalischer RAM: 12928.07 MB Summe virtueller Speicher: 32726.86 MB Verfügbarer virtueller Speicher: 28631.36 MB ==================== Laufwerke ================================ Drive a: (Matrix) (Fixed) (Total:931.51 GB) (Free:688.66 GB) NTFS Drive c: (Metal Gear) (Fixed) (Total:111.13 GB) (Free:65.62 GB) NTFS Drive e: (CODS) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32 Drive f: (Musik ect.) (Fixed) (Total:465.66 GB) (Free:417.19 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: DEC9E354) Partition: GPT. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 08087769) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F9759935) Partition 1: (Active) - (Size=100 MB) - (Type=0B) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015 durchgeführt von GeCore BLokk (Administrator) auf GECOREBLOKK-PC (27-12-2015 18:57:16) Gestartet von C:\Users\GeCore BLokk\Downloads Geladene Profile: GeCore BLokk (Verfügbare Profile: GeCore BLokk & DefaultAppPool) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Windows\System32\PnkBstrA.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (© 2015 Microsoft Corporation) C:\Users\GeCore BLokk\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Curse) C:\Users\GeCore BLokk\AppData\Local\Apps\2.0\J123QM4V.QLY\1NOR458Z.KLZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4645\Agent.exe (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.6526\Battle.net.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-12-09] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\Run: [BingSvc] => C:\Users\GeCore BLokk\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd) HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\RunOnce: [Uninstall C:\Users\GeCore BLokk\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeCore BLokk\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei Startup: C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-12-13] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-10-22] () Startup: C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar99.lnk [2015-12-27] ShortcutTarget: Sidebar99.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0f9d61da-d502-4f6a-9246-7f61a29b957a}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130945002121201884&GUID=233519B3-DCEA-458C-9155-940D3F89D85E HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2430134752-78364981-2157180895-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130945002121209840&GUID=233519B3-DCEA-458C-9155-940D3F89D85E SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2430134752-78364981-2157180895-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2430134752-78364981-2157180895-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation) IE Session Restore: HKU\S-1-5-21-2430134752-78364981-2157180895-1000 -> ist aktiviert. Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\GeCore BLokk\AppData\Roaming\Mozilla\Firefox\Profiles\adyotpbg.default-1450026933077 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei] FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin HKU\S-1-5-21-2430134752-78364981-2157180895-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\GeCore BLokk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-15] (Unity Technologies ApS) FF Extension: Video DownloadHelper - C:\Users\GeCore BLokk\AppData\Roaming\Mozilla\Firefox\Profiles\adyotpbg.default-1450026933077\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-20] Chrome: ======= CHR Profile: C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15] CHR Extension: (Google Docs) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-15] CHR Extension: (Google Drive) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04] CHR Extension: (YouTube) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04] CHR Extension: (Google Search) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04] CHR Extension: (Google Sheets) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15] CHR Extension: (Google Docs Offline) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25] CHR Extension: (OkayFreedom) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfnbbbkabnehoejfhcbbhdicagcoobji [2015-12-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-04] CHR Extension: (Gmail) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-11] (Adobe Systems) [Datei ist nicht signiert] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-18] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-11-04] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-10-03] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4377000 2015-12-11] (AVG Technologies CZ, s.r.o.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1791488 2015-07-10] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-16] () S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-05-21] (Disc Soft Ltd) S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [174728 2015-08-06] (AhnLab, Inc.) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-12-31] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-27] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.RTM\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-12-11] (TuneUp Software) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited) U3 idsvc; kein ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-27 18:57 - 2015-12-27 18:57 - 00023257 _____ C:\Users\GeCore BLokk\Downloads\FRST.txt 2015-12-27 18:56 - 2015-12-27 18:57 - 00000000 ____D C:\FRST 2015-12-27 18:56 - 2015-12-27 18:56 - 02370560 _____ (Farbar) C:\Users\GeCore BLokk\Downloads\FRST64.exe 2015-12-27 18:49 - 2015-12-27 18:49 - 00016148 _____ C:\WINDOWS\system32\GECOREBLOKK-PC_GeCore BLokk_HistoryPrediction.bin 2015-12-27 10:06 - 2015-12-27 10:06 - 01743360 _____ C:\Users\GeCore BLokk\Downloads\adwcleaner_5.026.exe 2015-12-27 09:47 - 2015-12-27 18:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-27 09:46 - 2015-12-27 09:46 - 22908888 _____ (Malwarebytes ) C:\Users\GeCore BLokk\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-27 09:46 - 2015-12-27 09:46 - 00001181 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-27 09:46 - 2015-12-27 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-27 09:46 - 2015-12-27 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-27 09:46 - 2015-12-27 09:46 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-27 09:46 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-27 09:46 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-27 09:46 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-27 08:40 - 2015-12-27 08:40 - 00000000 ____D C:\Users\GeCore BLokk\Documents\My Cheat Tables 2015-12-27 08:40 - 2015-12-27 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4 2015-12-27 08:40 - 2015-12-27 08:40 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4 2015-12-27 08:38 - 2015-12-27 08:40 - 09052432 _____ (Cheat Engine ) C:\Users\GeCore BLokk\Downloads\CheatEngine64.exe 2015-12-26 18:00 - 2015-12-26 18:00 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Mozilla 2015-12-26 17:48 - 2015-12-26 17:48 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Mozilla 2015-12-26 16:21 - 2015-12-26 17:12 - 00000000 ____D C:\Users\GeCore BLokk\Documents\ETS2MP 2015-12-26 16:11 - 2015-12-26 16:11 - 17231230 _____ (ETS2MP Team ) C:\Users\GeCore BLokk\Downloads\Install ETS2MP.exe 2015-12-25 22:55 - 2015-12-25 22:55 - 00000000 ____D C:\Users\GeCore BLokk\Downloads\23Klikk - Nichtz Zu Verschenken 8 (2015) 2015-12-25 18:46 - 2015-12-25 18:46 - 00000000 ____D C:\Users\GeCore BLokk\Documents\AdobeStockPhotos 2015-12-25 18:40 - 2015-12-27 08:40 - 00000000 ____D C:\Users\GeCore BLokk\Downloads\stram alles 2015-12-25 17:38 - 2015-12-25 17:44 - 321773287 _____ C:\Users\GeCore BLokk\Downloads\Open Broadcaster Software Tutorial Deutsch OBS 2014.mp4 2015-12-25 15:02 - 2015-12-27 16:58 - 00000000 ____D C:\Users\GeCore BLokk\Documents\Euro Truck Simulator 2 2015-12-23 11:42 - 2015-12-16 15:54 - 00523384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2015-12-23 11:42 - 2015-12-16 15:54 - 00075056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2015-12-23 11:42 - 2015-12-16 15:19 - 00103216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2015-12-23 11:41 - 2015-12-23 11:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-12-23 11:41 - 2015-12-16 17:59 - 42976888 _____ C:\WINDOWS\system32\nvcompiler.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 37608568 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 31098488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 24923768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 21131424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 20672376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 17568432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 17164160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 17123736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 02560816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 02214192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 01915512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436143.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 01564976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436143.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00938104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00872056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00786688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00735024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00681592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00601936 _____ C:\WINDOWS\system32\nvmcumd.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00541000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00445728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00416560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00378784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00376440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00370992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00339760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00316960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2015-12-22 17:26 - 2015-12-27 00:08 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\OBS 2015-12-22 17:26 - 2015-12-22 17:26 - 00001014 _____ C:\Users\GeCore BLokk\Desktop\Open Broadcaster Software.lnk 2015-12-22 17:26 - 2015-12-22 17:26 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2015-12-22 17:26 - 2015-12-22 17:26 - 00000000 ____D C:\Program Files\OBS 2015-12-22 17:26 - 2015-12-22 17:26 - 00000000 ____D C:\Program Files (x86)\OBS 2015-12-22 09:21 - 2015-12-22 09:21 - 00000000 ____D C:\ProgramData\HitmanPro 2015-12-22 08:46 - 2015-12-22 09:22 - 00000000 ____D C:\Windows_Repair_Toolbox 2015-12-22 08:46 - 2015-12-22 08:46 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Alexandre_Miguel_Canotilh 2015-12-22 08:46 - 2015-12-22 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Repair Toolbox 2015-12-20 21:46 - 2015-12-20 21:46 - 65125191 _____ C:\Users\GeCore BLokk\Downloads\KC Rebell - ENTSCHEIDUNG [prod. by JUH-DEE] official Video.mp4 2015-12-18 12:46 - 2015-12-09 02:51 - 00111520 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2015-12-17 13:38 - 2015-12-17 13:38 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance 2015-12-16 15:11 - 2015-12-26 16:17 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\CrashDumps 2015-12-16 14:36 - 2015-12-16 14:36 - 00000000 ____D C:\Users\GeCore BLokk\Downloads\Neuer Ordner 2015-12-16 14:26 - 2015-12-16 14:44 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\NPE 2015-12-16 14:26 - 2015-12-16 14:26 - 00000000 ____D C:\ProgramData\Norton 2015-12-15 20:43 - 2015-12-16 20:43 - 00000000 ____D C:\Program Files\AVG Web TuneUp 2015-12-15 20:43 - 2015-12-16 20:43 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp 2015-12-15 20:43 - 2015-12-15 20:43 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\AVG Web TuneUp 2015-12-15 20:43 - 2015-12-15 20:43 - 00000000 ____D C:\ProgramData\AVG Web TuneUp 2015-12-15 20:39 - 2015-12-15 20:39 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk 2015-12-15 20:39 - 2015-12-11 15:39 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe 2015-12-15 20:39 - 2015-12-11 15:33 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll 2015-12-15 20:39 - 2015-12-11 15:33 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll 2015-12-15 20:14 - 2015-12-15 20:14 - 00000000 ___HD C:\$AVG 2015-12-15 20:14 - 2015-12-15 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-12-15 20:12 - 2015-12-15 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-12-15 20:11 - 2015-12-15 20:39 - 00000000 ____D C:\Program Files (x86)\AVG 2015-12-13 18:53 - 2015-12-13 18:53 - 00000000 ____D C:\Users\Public\Documents\Baidu 2015-12-13 18:48 - 2015-12-13 18:47 - 00000895 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-12-13 18:30 - 2015-12-13 18:30 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\master131 2015-12-13 18:22 - 2015-12-27 10:09 - 00000000 ____D C:\AdwCleaner 2015-12-13 17:54 - 2015-12-13 17:54 - 00003302 _____ C:\WINDOWS\System32\Tasks\Drum Party2 2015-12-13 17:54 - 2015-12-13 17:54 - 00003302 _____ C:\WINDOWS\System32\Tasks\Drum Party 2015-12-11 22:50 - 2015-12-11 22:52 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Steganos VPN 2015-12-11 22:47 - 2015-12-12 07:22 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Steganos 2015-12-11 19:35 - 2015-12-11 19:36 - 00000000 ____D C:\Users\GeCore BLokk\Documents\Xspliter 2015-12-11 18:22 - 2015-12-11 18:22 - 00002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk 2015-12-11 18:22 - 2015-12-11 18:22 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF 2015-12-11 18:21 - 2015-12-11 18:21 - 00002150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk 2015-12-11 18:21 - 2015-12-11 18:21 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk 2015-12-11 18:21 - 2015-12-11 18:21 - 00002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk 2015-12-11 18:21 - 2015-12-11 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2015-12-11 18:16 - 2015-12-11 18:16 - 00000000 ____D C:\PS_CS2_Gr_NonRet 2015-12-11 14:45 - 2015-12-11 14:45 - 00000000 ____D C:\Users\GeCore BLokk\Documents\MEGAsync Downloads 2015-12-11 14:44 - 2015-12-11 14:44 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Mega Limited 2015-12-10 19:24 - 2015-12-10 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys 2015-12-10 19:24 - 2015-12-10 19:24 - 00000000 ____D C:\Program Files (x86)\Lavalys 2015-12-08 20:43 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-08 20:43 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2015-12-08 20:43 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-12-08 20:43 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-12-08 20:43 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-08 20:43 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-08 20:43 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-12-08 20:43 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-12-08 20:43 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2015-12-08 20:43 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-08 20:43 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-08 20:43 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-08 20:43 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2015-12-08 20:43 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-08 20:43 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-12-08 20:43 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-08 20:43 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-08 20:43 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-08 20:43 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2015-12-08 20:43 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-08 20:43 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-12-08 20:43 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-08 20:43 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2015-12-08 20:43 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll 2015-12-08 20:43 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll 2015-12-08 20:43 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-08 20:43 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-08 20:43 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-08 20:43 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-08 20:43 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys 2015-12-08 20:43 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-08 20:43 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2015-12-08 20:43 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-08 20:43 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll 2015-12-08 20:43 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll 2015-12-08 20:43 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-08 20:43 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2015-12-08 20:43 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-08 20:43 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2015-12-08 20:43 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-08 20:43 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-08 20:43 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-12-08 20:43 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2015-12-08 20:43 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-08 20:43 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-12-08 20:43 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2015-12-08 20:43 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-08 20:43 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-08 20:43 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-08 20:43 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-08 20:43 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-08 20:43 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll 2015-12-08 20:43 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-08 20:43 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-08 20:43 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-08 20:43 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-08 20:43 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-12-08 20:43 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-12-08 20:43 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-08 20:43 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-08 20:43 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-08 20:43 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2015-12-08 20:43 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-08 20:43 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2015-12-08 20:43 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-08 20:43 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-08 20:43 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-08 20:43 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-08 20:43 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2015-12-08 20:43 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2015-12-08 20:43 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-08 20:43 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-08 20:43 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll 2015-12-08 20:43 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-08 20:43 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-08 20:43 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-08 20:43 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-08 20:43 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-08 20:43 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-08 20:43 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls 2015-12-08 17:19 - 2015-12-08 17:19 - 00000000 ____D C:\Program Files\SiSoftware 2015-12-06 14:43 - 2015-12-06 14:43 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\SplitmediaLabs 2015-12-06 14:36 - 2015-12-22 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit 2015-12-06 14:36 - 2015-12-09 14:46 - 00000000 ____D C:\Program Files (x86)\SplitmediaLabs 2015-12-06 14:36 - 2015-12-09 14:45 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\SplitmediaLabs 2015-12-06 14:36 - 2015-12-06 14:36 - 00000000 ____D C:\ProgramData\SplitMediaLabs 2015-12-02 17:54 - 2015-12-02 17:54 - 00000000 ____D C:\Users\GeCore BLokk\Documents\Ghost Games 2015-12-02 12:51 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2015-12-02 06:55 - 2015-11-25 00:07 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435906.dll 2015-12-02 06:55 - 2015-11-25 00:07 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435906.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-27 18:57 - 2015-04-03 15:24 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-27 18:56 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-27 18:49 - 2015-03-29 16:40 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Battle.net 2015-12-27 18:34 - 2015-05-12 20:10 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\TS3Client 2015-12-27 18:17 - 2015-10-30 15:02 - 00001148 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-27 18:12 - 2015-10-22 08:26 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Deployment 2015-12-27 18:00 - 2015-08-29 10:00 - 00038598 _____ C:\Users\GeCore BLokk\Network_Meter_Data.js 2015-12-27 17:57 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-27 17:10 - 2015-03-31 16:11 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-27 16:57 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-27 16:51 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-27 16:40 - 2015-03-29 18:03 - 00000000 ____D C:\ProgramData\MFAData 2015-12-27 14:42 - 2015-09-24 05:31 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{37C0FCCA-9427-43E6-B459-A6AE47F12069} 2015-12-27 10:19 - 2015-08-06 07:16 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-27 10:19 - 2015-07-10 17:34 - 00883584 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-27 10:19 - 2015-07-10 17:34 - 00195718 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-27 10:18 - 2015-03-29 16:40 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-12-27 10:12 - 2015-08-29 09:44 - 00019332 _____ C:\Users\GeCore BLokk\IP_Log_Data.js 2015-12-27 10:11 - 2015-10-30 15:02 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-27 10:10 - 2015-08-06 07:15 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-27 10:10 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-27 10:10 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-27 00:44 - 2015-08-29 15:58 - 00000027 _____ C:\Users\GeCore BLokk\AppData\Roaming\Network Meter_Usage.ini 2015-12-27 00:11 - 2015-10-30 15:02 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-12-25 23:49 - 2015-03-31 16:19 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Steam 2015-12-25 18:52 - 2015-03-29 17:10 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Adobe 2015-12-25 18:44 - 2015-11-12 19:47 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\SimulationCraft 2015-12-23 11:42 - 2015-08-06 07:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-12-23 11:42 - 2015-06-15 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-12-22 20:30 - 2015-07-10 10:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-12-22 09:29 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-21 14:55 - 2015-08-06 07:16 - 00000000 ____D C:\Users\GeCore BLokk 2015-12-20 21:46 - 2015-03-31 15:52 - 00000000 ____D C:\Users\GeCore BLokk\dwhelper 2015-12-19 03:37 - 2015-03-29 15:42 - 00000000 ____D C:\ProgramData\Origin 2015-12-18 22:07 - 2015-04-22 19:01 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Skype 2015-12-18 14:01 - 2015-03-29 15:42 - 00000000 ____D C:\Program Files (x86)\Origin 2015-12-18 12:46 - 2015-04-16 17:48 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\NVIDIA Corporation 2015-12-18 09:48 - 2015-10-08 16:34 - 12426896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2015-12-17 09:26 - 2015-10-30 15:02 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-17 09:26 - 2015-10-30 15:02 - 00003436 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-16 17:59 - 2015-10-08 16:34 - 19727624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2015-12-16 17:59 - 2015-10-08 16:34 - 17104016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2015-12-16 17:59 - 2015-10-08 16:34 - 14103608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2015-12-16 17:59 - 2015-10-08 16:34 - 03603368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2015-12-16 17:59 - 2015-10-08 16:34 - 03184152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2015-12-16 17:59 - 2015-07-23 03:02 - 00035775 _____ C:\WINDOWS\system32\nvinfo.pb 2015-12-16 16:38 - 2015-03-29 11:37 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\VirtualStore 2015-12-16 15:54 - 2015-08-06 07:15 - 06359672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2015-12-16 15:54 - 2015-08-06 07:15 - 02985264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2015-12-16 15:54 - 2015-08-06 07:15 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2015-12-16 15:54 - 2015-08-06 07:15 - 01256240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2015-12-16 15:54 - 2015-08-06 07:15 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2015-12-16 15:54 - 2015-08-06 07:15 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2015-12-16 15:49 - 2015-08-06 07:15 - 06090019 _____ C:\WINDOWS\system32\nvcoproc.bin 2015-12-16 01:39 - 2015-07-10 13:20 - 00189368 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-15 20:41 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-12-15 20:39 - 2015-10-25 10:29 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\AVG 2015-12-15 20:39 - 2015-10-25 10:28 - 00000000 ____D C:\ProgramData\Avg 2015-12-15 20:39 - 2015-10-25 10:25 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\AvgSetupLog 2015-12-15 20:39 - 2015-06-09 21:09 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Avg 2015-12-15 20:14 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-12-14 16:37 - 2015-08-06 07:22 - 00002414 _____ C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-14 16:37 - 2015-08-06 07:22 - 00000000 ___RD C:\Users\GeCore BLokk\OneDrive 2015-12-13 18:25 - 2015-05-29 06:14 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\FileAdvisor 2015-12-13 18:01 - 2015-09-25 05:42 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-12-13 18:00 - 2015-08-06 07:40 - 00001051 _____ C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk 2015-12-13 18:00 - 2015-08-06 07:21 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-13 17:56 - 2015-10-30 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-12-13 15:10 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-12-13 14:54 - 2015-03-29 22:42 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2015-12-13 14:54 - 2015-03-29 22:42 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2015-12-11 18:31 - 2015-05-13 09:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-11 18:31 - 2015-05-13 09:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-11 18:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-11 18:29 - 2015-04-03 15:24 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Adobe 2015-12-11 18:22 - 2015-10-23 06:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-12-11 18:21 - 2015-10-23 06:18 - 00000000 ____D C:\ProgramData\Adobe 2015-12-11 14:30 - 2015-03-29 16:13 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-11 14:28 - 2015-03-29 16:13 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-10 14:30 - 2015-09-25 05:42 - 00003990 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1443156149 2015-12-10 14:30 - 2015-09-25 05:42 - 00000000 ____D C:\Program Files (x86)\Opera 2015-12-09 19:57 - 2015-10-30 15:02 - 00004082 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-12-09 16:06 - 2015-05-13 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-09 02:51 - 2015-06-15 09:28 - 01846016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-12-09 02:51 - 2015-06-15 09:28 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-12-09 02:51 - 2015-06-15 09:28 - 01530240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-12-09 02:51 - 2015-06-15 09:28 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-12-08 17:19 - 2015-03-31 19:31 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-04 21:10 - 2015-06-15 07:38 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Google 2015-12-04 12:03 - 2015-08-06 07:21 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Packages 2015-12-03 20:52 - 2015-04-22 19:01 - 00000000 ____D C:\ProgramData\Skype 2015-12-01 20:53 - 2015-10-23 06:26 - 00000773 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft Logs Uploader.lnk 2015-12-01 01:32 - 2015-07-10 12:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 01:32 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-29 19:38 - 2015-09-22 07:18 - 00000000 ____D C:\Users\GeCore BLokk\.junique 2015-11-29 19:37 - 2015-08-29 09:51 - 00001474 _____ C:\Users\GeCore BLokk\AppData\Roaming\Network Meter_Settings.ini ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-29 09:46 - 2015-08-29 09:47 - 0000282 _____ () C:\Users\GeCore BLokk\AppData\Roaming\GPU MeterV2_Settings.ini 2015-08-29 09:51 - 2015-11-29 19:37 - 0001474 _____ () C:\Users\GeCore BLokk\AppData\Roaming\Network Meter_Settings.ini 2015-08-29 15:58 - 2015-12-27 00:44 - 0000027 _____ () C:\Users\GeCore BLokk\AppData\Roaming\Network Meter_Usage.ini 2015-09-20 20:18 - 2015-11-14 16:27 - 0000122 _____ () C:\Users\GeCore BLokk\AppData\Roaming\System Monitor II_UptimeRecord.ini Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\GeCore BLokk\IP_Log_Data.js C:\Users\GeCore BLokk\Network_Meter_Data.js Einige Dateien in TEMP: ==================== C:\Users\GeCore BLokk\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-20 14:52 ==================== Ende von FRST.txt ============================ |
27.12.2015, 19:25 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | RunDLL Drum Party Poste mal bitte einen Screenshot von der Fehlermeldung alleine.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
27.12.2015, 19:55 | #5 |
| RunDLL Drum Party hier |
28.12.2015, 09:35 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | RunDLL Drum Party Ich meine nur das Fehlerfenster. Damit man auch gut lesen kann was da steht...
__________________ --> RunDLL Drum Party |
28.12.2015, 11:18 | #7 |
| RunDLL Drum Party sry bei mir sah man alles aber hoffe jetzt ist besser |
28.12.2015, 17:23 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | RunDLL Drum Party Hi, danke. Kein Problem. Bekommen wir hin... Schritt 1 Bitte deinstalliere folgende Programme: Drum Party Versuche es bei Windows 10 mit der Windowstaste + X über . Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter. Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus: Neuer Download des Adwcleaners. Bitte "Lösch-Scan" genau nach Anleitung durchführen. Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3
Schritt 4 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
28.12.2015, 18:40 | #9 |
| RunDLL Drum PartyCode:
ATTFilter # AdwCleaner v5.026 - Bericht erstellt am 28/12/2015 um 18:27:51 # Aktualisiert am 21/12/2015 von Xplode # Datenbank : 2015-12-23.1 [Server] # Betriebssystem : Windows 10 Home (x64) # Benutzername : GeCore BLokk - GECOREBLOKK-PC # Gestartet von : C:\Users\GeCore BLokk\Downloads\AdwCleaner_5.026.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Chrome Richtlinien gelöscht ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [820 Bytes] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 28.12.2015 Suchlaufzeit: 18:31 Protokolldatei: Neues Textdokument.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.28.06 Rootkit-Datenbank: v2015.12.26.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: GeCore BLokk Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 426785 Abgelaufene Zeit: 5 Min., 57 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:28-12-2015 durchgeführt von GeCore BLokk (2015-12-28 18:39:39) Gestartet von C:\Users\GeCore BLokk\Downloads Windows 10 Home (X64) (2015-08-06 06:21:18) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2430134752-78364981-2157180895-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2430134752-78364981-2157180895-503 - Limited - Disabled) Gast (S-1-5-21-2430134752-78364981-2157180895-501 - Limited - Disabled) GeCore BLokk (S-1-5-21-2430134752-78364981-2157180895-1000 - Administrator - Enabled) => C:\Users\GeCore BLokk ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE) 8GadgetPack (HKLM-x32\...\{CA2865AD-EFF4-44F0-A2C9-DCDC0A90F27E}) (Version: 14.0.0 - Helmut Buhler) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.) AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies) AVG (Version: 16.12.7303 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4489 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.13.1.47453 - AVG Technologies) AVG PC TuneUp (x32 Version: 16.13.3 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.12.7303 - AVG Technologies) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.4.155 - AVG Technologies) AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch) Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward) Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward) CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse Client (HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Easy Tune 6 B12.0402.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B12.0402.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software) Euro Truck Simulator 2 Multiplayer 0.2.0.5.1 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.0.5.1 Alpha - ETS2MP Team) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden Free M4a to MP3 Converter 8.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation) NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation) NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) Opera Stable 34.0.2036.25 (HKLM-x32\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.5.11.2855 - Electronic Arts, Inc.) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Project CARS (HKLM-x32\...\Steam App 234630) (Version: - Slightly Mad Studios) SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Unity Web Player (HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS) UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 3.64 - UNKNOWN) Warcraft Logs Uploader (x32 Version: 3.64 - UNKNOWN) Hidden Windows Repair Toolbox version 1.1.0.0 (HKLM-x32\...\{A8D7DA31-9E70-437D-97C4-C4887752E029}_is1) (Version: 1.1.0.0 - Alexandre Miguel Canotilho Coelho) WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) World of Warships (HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net) XSplit Gamecaster (HKLM-x32\...\{5D4FFB43-7F0E-45DD-842D-AC50E03D82E5}) (Version: 2.6.1510.0741 - SplitmediaLabs) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2430134752-78364981-2157180895-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\GeCore BLokk\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {04FBA566-EAF8-4C44-8C00-3A0F9BD33D02} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {07026CC2-7725-4610-BFFD-4FE484772248} - System32\Tasks\Drum Party => Rundll32.exe "C:\Users\GeCore BLokk\AppData\Local\Drum Party\{6BA90FA8-DE46-F54C-6E86-EC52DFDC3DD4}\DrumParty.dll",#1 <==== ACHTUNG Task: {13840822-D3B3-405E-A609-26740C71A58C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {159BCA46-0957-4C8F-A8A9-6CCDE6F1C338} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {1668078D-E568-44E3-86FF-2CE56E80754C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {1DC37D0E-FC18-48DC-90A3-B156890633A1} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {217EFC6C-1411-4A78-B707-98C37F1DC9C0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {228A8398-7F24-4C7E-8416-F6C7BAB0DEE4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {24CC227F-097E-4F4A-B1A0-DCB2A5696E27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {25E035A5-6611-4286-A8DF-0DDE435D845E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {262B0C17-6A93-4A10-B20D-60DFD03481B5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {2A900291-247E-42FB-A5CE-453DBEFF168F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {33B5D3B1-598E-4C08-ABD9-5016021563C8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe [2015-12-09] (Adobe Systems Incorporated) Task: {36752F2F-E53E-4A05-A3F6-0C88E0627C97} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {38DCAEA7-52CB-4AA2-AC70-C5578BB15D04} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {3DB3A1E6-6AE4-4B3F-8EBF-95C09AE8457E} - System32\Tasks\Drum Party2 => Rundll32.exe "C:\Users\GeCore BLokk\AppData\Local\Drum Party\{6BA90FA8-DE46-F54C-6E86-EC52DFDC3DD4}\baibwfni.dll",#1 <==== ACHTUNG Task: {406F3C4C-8C13-4A8C-BB7B-AF7469DC9AD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.) Task: {42E86957-8D6F-42E9-8813-512A897C3FDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {55586A92-200F-419D-8D65-1732B28F22D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd) Task: {58310492-62C6-4143-9D29-59D567989A2E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {5AA24C9D-6F65-401F-8C8B-8283E4915E15} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5D214892-FD3D-450B-99FC-9157B8589599} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {642BD9E8-F8B6-4469-B2CC-CA18902FDB0B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {6BDB2E00-6A7B-4424-8204-1FB1B1C1620F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {72D3DE8F-B62B-4932-B565-5752DB438F89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.) Task: {79A612B6-D565-48F4-85B5-527CA9DF2E0F} - System32\Tasks\0915avUpdateInfo => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe Task: {7BE8CB54-DFCC-4644-AF98-DB29BFDFC956} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {7DFBFA5B-4C2D-49CD-B503-0273FF31AB89} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {7F8AD525-CA96-4C50-8DB9-2451338E3D65} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {8CD5DED2-0055-4E01-9AF0-EA6DB1194D45} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {8F2B5B62-6949-494D-B2DF-8EF90959B65B} - System32\Tasks\{37BD870B-DECB-4AE1-A0F9-C3E7899B90B6} => pcalua.exe -a "A:\Gams\Diablo III\Diablo III Launcher.exe" -d "A:\Gams\Diablo III" Task: {97418C94-8A72-46C5-ACAC-3CF7FB837143} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {994A75C3-A943-405D-B835-A6F631001675} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {A1F5EA3D-A90C-4021-A131-38A6A3869F67} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {A39FBF9C-CDFC-4A44-8F3D-CCE1F0AADB18} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {C3533D1E-6C80-4FE5-8A8B-6AAC68B0D305} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {D01E5F6B-7115-4B03-821B-CDB26B211AF7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-11] (Microsoft Corporation) Task: {D7E424C3-A09C-4BD9-B994-E1CC7804D44B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {DE3020F6-209F-4F5D-A69A-7D667D1B633A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {E8A04904-5A51-44D4-A958-F06897A1449C} - System32\Tasks\Opera scheduled Autoupdate 1443156149 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software) Task: {E8E99F9B-A7D1-4397-8EA7-F69A6ABE37FC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {EA35EFB9-6284-4798-9DDB-683EE3244E0F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {EC947AB1-0C98-4C69-9819-CCB3752E7D15} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {ED40C504-B63C-4CC6-8515-3E78A7329073} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2015-12-11] (AVG Technologies CZ, s.r.o.) Task: {EFED5AAF-3907-4777-94ED-2CE5ECC5D902} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {F1778423-C58B-4BD3-9CC6-9D0A81F5F12D} - System32\Tasks\{92BB67F7-FCF3-446D-B23A-3D31629535DB} => pcalua.exe -a "C:\Program Files (x86)\PriceMinus\H4GZWbWq8r5YtC.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" "" Task: {F781C174-9CA6-42E4-9529-890379AB22D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-08-06 08:11 - 2015-08-06 08:11 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-12-15 20:43 - 2015-12-16 20:43 - 01164688 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe 2015-08-06 07:15 - 2015-12-16 15:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-08-28 15:12 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-12-18 17:38 - 2015-12-09 02:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2015-03-31 19:50 - 2015-11-04 20:26 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2015-10-01 16:36 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-01 16:36 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-10-01 16:36 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-12-08 20:43 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-12-08 20:43 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-08 20:43 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-01 16:36 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 12:00 - 2015-07-10 17:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2015-08-19 18:10 - 2015-08-19 18:10 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-10-22 08:26 - 2015-10-22 08:26 - 00016384 _____ () C:\Users\GeCore BLokk\AppData\Local\Apps\2.0\J123QM4V.QLY\1NOR458Z.KLZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.WowDb.dll 2015-10-22 08:26 - 2015-10-22 08:26 - 00035840 _____ () C:\Users\GeCore BLokk\AppData\Local\Apps\2.0\J123QM4V.QLY\1NOR458Z.KLZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.Advertising.dll 2015-10-22 08:26 - 2015-10-22 08:26 - 00099840 _____ () C:\Users\GeCore BLokk\AppData\Local\Apps\2.0\J123QM4V.QLY\1NOR458Z.KLZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.CMOD2.dll 2015-06-15 09:28 - 2015-12-09 02:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-12-15 20:11 - 2015-12-15 20:11 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll 2015-12-10 14:30 - 2015-12-10 14:30 - 61547128 _____ () C:\Program Files (x86)\Opera\34.0.2036.25\opera.dll 2015-12-10 14:30 - 2015-12-10 14:29 - 01983096 _____ () C:\Program Files (x86)\Opera\34.0.2036.25\libglesv2.dll 2015-12-10 14:30 - 2015-12-10 14:29 - 00081528 _____ () C:\Program Files (x86)\Opera\34.0.2036.25\libegl.dll 2015-11-06 16:33 - 2015-11-06 16:33 - 00172032 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a93f0f4ae82ff4f730dd3b3c311656bb\IsdiInterop.ni.dll 2015-03-29 14:25 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-03-29 14:24 - 2011-12-16 09:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-12-28 18:33 - 2015-12-28 18:33 - 00011264 _____ () C:\Users\GeCore BLokk\AppData\Local\Temp\nsnF153.tmp\System.dll 2015-12-28 18:33 - 2015-12-28 18:33 - 00013312 _____ () C:\Users\GeCore BLokk\AppData\Local\Temp\nsnF153.tmp\UAC.dll 2015-12-28 18:33 - 2015-12-28 18:33 - 00011264 _____ () C:\Users\GeCore BLokk\AppData\Local\Temp\nsfF5F7.tmp\System.dll 2015-12-28 18:33 - 2015-12-28 18:33 - 00013312 _____ () C:\Users\GeCore BLokk\AppData\Local\Temp\nsfF5F7.tmp\UAC.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2015-12-13 18:47 - 00000895 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2430134752-78364981-2157180895-1000\Control Panel\Desktop\\Wallpaper -> f:\bilder\14c0a541fa4dce25ec7d0e91478e56a0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "Sound+" HKLM\...\StartupApproved\Run: => "3D BubbleSound" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{B6BA4828-27C5-482D-8E28-F4D4BF841E01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{1E207FCD-F3BE-4FFE-A015-23E751AD5961}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{80389C83-CD5B-403A-ADDE-ECAAD0B59536}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{769745E4-D2EB-4ED1-AFE9-E29FCCFA8C52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{89050169-2F70-42BB-8D27-8AFFEDBA8874}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{81E56C26-5DE0-4F81-83AD-26B43D243E06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DE5358A0-AC4E-41CB-B636-46EF96E95B90}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{F182A5EC-8155-43F0-95A3-4C2FEF38250D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{218A4AD9-55EF-4B3F-A927-FC7483DC8D08}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{A0F4938F-78AC-4AB9-B984-36B4E797DFAB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{7E301577-9336-4E03-A69B-5A6FA33F4DCB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{78D654DE-484A-40D6-ADE1-211E023B5327}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F38CCDD5-F3A1-4A35-84A1-108D0D386356}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{5511D361-95F5-48EF-9845-A1DD5CA89058}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{C5562421-995E-42B9-A1AC-D5E5BB0FE901}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B2657F54-D529-4E18-BFFC-3FB6B7FF8E20}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{986E5893-D552-4A58-8B10-71DF409932A2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [UDP Query User{F0E2D565-0FDF-4816-979A-AE69F14F9EA9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{4F2CD84E-8040-4257-93CB-435FC035C9DD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{0829011E-EC75-4BBF-9AB7-7FA46CEFAA79}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{10F632E2-79DF-4E7E-96E2-E08E6A298F49}] => (Allow) A:\World of Warships\WoWSLauncher.exe FirewallRules: [{A128D40A-0B31-499F-BB84-0E99ABFA44F6}] => (Allow) A:\World of Warships\WorldofWarships.exe FirewallRules: [{6811E5F8-F347-48D8-B516-172EE007D21B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{5B21C40D-334C-47F1-B3EB-219A4BB85C5E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{69161853-14A8-45E3-B5A9-C096FB83A648}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{280C3365-47D7-4B2A-8ED6-EA1CB21371DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{DDB6FB12-2910-4976-8BE7-FFC325B01E60}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{714CC4C3-2D96-42A5-952C-1FF1EA39171B}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{02D373BA-84B4-4CC0-BEC2-428688AB8B15}] => (Allow) A:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{14694017-9C80-4E95-AEB9-2BB205C426DC}] => (Allow) A:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{5293907C-73E4-4833-8E44-4BFD942489EC}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{67838459-B3E5-4BC6-9267-96541C140CB9}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{F5B86897-79EE-4A1A-B8C5-D5DD28A7108C}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe FirewallRules: [{60F7B45D-364F-42E0-8E2E-C634554DA782}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe FirewallRules: [{CEAAE771-579A-49D6-AAD2-6C04247D37F3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{5CFB5618-5011-4CA6-9BD6-5F88308D474C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{A1E7BB74-144F-42E7-AC42-19BE4EE7A76E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F9E1281B-698E-47B6-AF5A-57EF11301C7E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{7BC5336D-9FF4-4A62-84F8-702A812A88DF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{76E13E56-6D3E-472E-BBA2-049B40F7DD73}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{BA63DEED-E888-4DAA-9B85-7E1148C58A70}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{60CD6979-C5F2-4359-93DC-6B8A6760DD9A}] => (Allow) A:\Battlefield 4\Battlefield 4\BF4WebHelper.exe FirewallRules: [{45A3EBA3-037C-44FE-BBB6-50A36AFE7710}] => (Allow) A:\Battlefield 4\Battlefield 4\BF4WebHelper.exe FirewallRules: [{C9BE3D28-D42A-4A09-B860-AED947FD63D2}] => (Allow) A:\Battlefield 4\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{26EB1FF3-78BD-46F2-8823-F9AF0062F42F}] => (Allow) A:\Battlefield 4\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{9130F931-84C3-480D-8AD7-3F60DBAAD10B}] => (Allow) A:\SteamLibrary\steamapps\common\pCars\pCARS64.exe FirewallRules: [{47D995A2-9508-4831-A663-3FEAFA253E6D}] => (Allow) A:\SteamLibrary\steamapps\common\pCars\pCARS64.exe FirewallRules: [{C333D068-4BA0-4461-B3CF-99D9FD4A3EFE}] => (Allow) A:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{DD56B918-31BB-4DB5-A363-D7CA5B9EBD70}] => (Allow) A:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{32832C20-3841-43C2-85ED-D1D06AF90E54}] => (Allow) A:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{D29E8DC5-D707-44A6-A822-57C895D35987}] => (Allow) A:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{724DC072-57D6-4596-B6CC-034C623F5CBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{294CDAE8-087E-4B3E-92A7-451D4193EFDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1EF14FE1-506F-471A-8FA3-1061294B6B23}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe FirewallRules: [{08290068-1704-4042-99BF-561E5A5B54FA}] => (Allow) A:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe ==================== Wiederherstellungspunkte ========================= 22-12-2015 17:23:43 Removed XSplit Broadcaster 27-12-2015 10:45:20 Removed League of Legends 28-12-2015 18:19:35 Revo Uninstaller's restore point - Drum Party ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/28/2015 06:19:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (12/28/2015 04:17:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GECOREBLOKK-PC) Description: Bei der Aktivierung der App „Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/28/2015 12:12:47 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8 Error: (12/28/2015 12:12:47 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (12/28/2015 12:12:47 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll8 Error: (12/28/2015 12:12:47 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\WINDOWS\system32\esentprf.dll8 Error: (12/28/2015 12:12:47 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (12/28/2015 12:12:47 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8 Error: (12/28/2015 12:12:47 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8 Error: (12/28/2015 12:12:46 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Systemfehler: ============= Error: (12/28/2015 06:35:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Xbox Live Authentifizierungs-Manager" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%0 Error: (12/28/2015 06:28:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/28/2015 06:28:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/28/2015 06:28:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/28/2015 06:28:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/28/2015 06:28:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/28/2015 06:27:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/28/2015 06:27:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/28/2015 06:27:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/28/2015 06:27:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. CodeIntegrity: =================================== Date: 2015-12-27 20:09:12.617 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 20:09:12.577 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:53:10.044 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:53:10.027 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:49:41.966 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:49:41.949 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:43:49.577 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-27 09:43:49.561 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 23:22:28.893 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 23:22:28.880 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz Prozentuale Nutzung des RAM: 17% Installierter physikalischer RAM: 16342.86 MB Verfügbarer physikalischer RAM: 13448.27 MB Summe virtueller Speicher: 32726.86 MB Verfügbarer virtueller Speicher: 29465.51 MB ==================== Laufwerke ================================ Drive a: (Matrix) (Fixed) (Total:931.51 GB) (Free:688.36 GB) NTFS Drive c: (Metal Gear) (Fixed) (Total:111.13 GB) (Free:65.01 GB) NTFS Drive e: (CODS) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32 Drive f: (Musik ect.) (Fixed) (Total:465.66 GB) (Free:416.98 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: DEC9E354) Partition: GPT. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 08087769) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F9759935) Partition 1: (Active) - (Size=100 MB) - (Type=0B) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:28-12-2015 durchgeführt von GeCore BLokk (Administrator) auf GECOREBLOKK-PC (28-12-2015 18:39:18) Gestartet von C:\Users\GeCore BLokk\Downloads Geladene Profile: GeCore BLokk (Verfügbare Profile: GeCore BLokk & DefaultAppPool) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Opera) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Windows\System32\PnkBstrA.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (© 2015 Microsoft Corporation) C:\Users\GeCore BLokk\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Curse) C:\Users\GeCore BLokk\AppData\Local\Apps\2.0\J123QM4V.QLY\1NOR458Z.KLZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (PortableApps.com) C:\Users\GeCore BLokk\Downloads\RevoUninstallerPortable\RevoUninstallerPortable.exe (PortableApps.com) C:\Users\GeCore BLokk\Downloads\RevoUninstallerPortable\RevoUninstallerPortable.exe (VS Revo Group) C:\Users\GeCore BLokk\Downloads\RevoUninstallerPortable\App\RevoUninstaller\Revouninstaller.exe (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-12-09] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\Run: [BingSvc] => C:\Users\GeCore BLokk\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd) HKU\S-1-5-21-2430134752-78364981-2157180895-1000\...\RunOnce: [Uninstall C:\Users\GeCore BLokk\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeCore BLokk\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei Startup: C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-12-13] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-10-22] () Startup: C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar815.lnk [2015-12-28] ShortcutTarget: Sidebar815.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0f9d61da-d502-4f6a-9246-7f61a29b957a}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130945002121201884&GUID=233519B3-DCEA-458C-9155-940D3F89D85E HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2430134752-78364981-2157180895-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130945002121209840&GUID=233519B3-DCEA-458C-9155-940D3F89D85E SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2430134752-78364981-2157180895-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2430134752-78364981-2157180895-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation) IE Session Restore: HKU\S-1-5-21-2430134752-78364981-2157180895-1000 -> ist aktiviert. Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\GeCore BLokk\AppData\Roaming\Mozilla\Firefox\Profiles\adyotpbg.default-1450026933077 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei] FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin HKU\S-1-5-21-2430134752-78364981-2157180895-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\GeCore BLokk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-15] (Unity Technologies ApS) FF Extension: Video DownloadHelper - C:\Users\GeCore BLokk\AppData\Roaming\Mozilla\Firefox\Profiles\adyotpbg.default-1450026933077\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-20] Chrome: ======= CHR Profile: C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15] CHR Extension: (Google Docs) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-15] CHR Extension: (Google Drive) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04] CHR Extension: (YouTube) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04] CHR Extension: (Google Search) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04] CHR Extension: (Google Sheets) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15] CHR Extension: (Google Docs Offline) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25] CHR Extension: (OkayFreedom) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfnbbbkabnehoejfhcbbhdicagcoobji [2015-12-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-04] CHR Extension: (Gmail) - C:\Users\GeCore BLokk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15] Opera: ======= OPR Extension: (FVD Video Downloader) - C:\Users\GeCore BLokk\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2015-12-27] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-11] (Adobe Systems) [Datei ist nicht signiert] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-18] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-11-04] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-10-03] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4377000 2015-12-11] (AVG Technologies CZ, s.r.o.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1791488 2015-07-10] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-16] () S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-05-21] (Disc Soft Ltd) S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [174728 2015-08-06] (AhnLab, Inc.) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-12-31] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-28] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.RTM\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-12-11] (TuneUp Software) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited) U3 idsvc; kein ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-28 18:39 - 2015-12-28 18:39 - 00023247 _____ C:\Users\GeCore BLokk\Downloads\FRST.txt 2015-12-28 18:38 - 2015-12-28 18:38 - 02370560 _____ (Farbar) C:\Users\GeCore BLokk\Downloads\FRST64.exe 2015-12-28 18:37 - 2015-12-28 18:37 - 00001203 _____ C:\Users\GeCore BLokk\Downloads\Neues Textdokument.txt 2015-12-28 18:28 - 2015-12-28 18:28 - 00016148 _____ C:\WINDOWS\system32\GECOREBLOKK-PC_GeCore BLokk_HistoryPrediction.bin 2015-12-28 18:24 - 2015-12-28 18:24 - 01743360 _____ C:\Users\GeCore BLokk\Downloads\AdwCleaner_5.026.exe 2015-12-28 18:13 - 2015-12-28 18:13 - 00000000 ____D C:\Users\GeCore BLokk\Downloads\RevoUninstallerPortable 2015-12-28 17:43 - 2015-12-28 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer 2015-12-27 18:56 - 2015-12-28 18:39 - 00000000 ____D C:\FRST 2015-12-27 09:47 - 2015-12-28 18:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-27 09:46 - 2015-12-27 09:46 - 00001181 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-27 09:46 - 2015-12-27 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-27 09:46 - 2015-12-27 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-27 09:46 - 2015-12-27 09:46 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-27 09:46 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-27 09:46 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-27 09:46 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-27 08:40 - 2015-12-27 08:40 - 00000000 ____D C:\Users\GeCore BLokk\Documents\My Cheat Tables 2015-12-26 18:00 - 2015-12-26 18:00 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Mozilla 2015-12-26 17:48 - 2015-12-26 17:48 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Mozilla 2015-12-26 16:21 - 2015-12-26 17:12 - 00000000 ____D C:\Users\GeCore BLokk\Documents\ETS2MP 2015-12-25 18:46 - 2015-12-25 18:46 - 00000000 ____D C:\Users\GeCore BLokk\Documents\AdobeStockPhotos 2015-12-25 18:40 - 2015-12-27 08:40 - 00000000 ____D C:\Users\GeCore BLokk\Downloads\stram alles 2015-12-25 15:02 - 2015-12-28 17:44 - 00000000 ____D C:\Users\GeCore BLokk\Documents\Euro Truck Simulator 2 2015-12-23 11:42 - 2015-12-16 15:54 - 00523384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2015-12-23 11:42 - 2015-12-16 15:54 - 00075056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2015-12-23 11:42 - 2015-12-16 15:19 - 00103216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2015-12-23 11:41 - 2015-12-23 11:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-12-23 11:41 - 2015-12-16 17:59 - 42976888 _____ C:\WINDOWS\system32\nvcompiler.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 37608568 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 31098488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 24923768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 21131424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 20672376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 17568432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 17164160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 17123736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 02560816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 02214192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 01915512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436143.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 01564976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436143.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00938104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00872056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00786688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00735024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00681592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00601936 _____ C:\WINDOWS\system32\nvmcumd.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00541000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00445728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00416560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00378784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00376440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00370992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00339760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00316960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2015-12-23 11:41 - 2015-12-16 17:59 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2015-12-22 17:26 - 2015-12-27 20:48 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\OBS 2015-12-22 17:26 - 2015-12-22 17:26 - 00001014 _____ C:\Users\GeCore BLokk\Desktop\Open Broadcaster Software.lnk 2015-12-22 17:26 - 2015-12-22 17:26 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2015-12-22 17:26 - 2015-12-22 17:26 - 00000000 ____D C:\Program Files\OBS 2015-12-22 17:26 - 2015-12-22 17:26 - 00000000 ____D C:\Program Files (x86)\OBS 2015-12-22 09:21 - 2015-12-22 09:21 - 00000000 ____D C:\ProgramData\HitmanPro 2015-12-22 08:46 - 2015-12-22 09:22 - 00000000 ____D C:\Windows_Repair_Toolbox 2015-12-22 08:46 - 2015-12-22 08:46 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Alexandre_Miguel_Canotilh 2015-12-22 08:46 - 2015-12-22 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Repair Toolbox 2015-12-18 12:46 - 2015-12-09 02:51 - 00111520 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2015-12-17 13:38 - 2015-12-17 13:38 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance 2015-12-16 15:11 - 2015-12-27 22:51 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\CrashDumps 2015-12-16 14:26 - 2015-12-16 14:44 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\NPE 2015-12-16 14:26 - 2015-12-16 14:26 - 00000000 ____D C:\ProgramData\Norton 2015-12-15 20:43 - 2015-12-16 20:43 - 00000000 ____D C:\Program Files\AVG Web TuneUp 2015-12-15 20:43 - 2015-12-16 20:43 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp 2015-12-15 20:43 - 2015-12-15 20:43 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\AVG Web TuneUp 2015-12-15 20:43 - 2015-12-15 20:43 - 00000000 ____D C:\ProgramData\AVG Web TuneUp 2015-12-15 20:39 - 2015-12-15 20:39 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk 2015-12-15 20:39 - 2015-12-11 15:39 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe 2015-12-15 20:39 - 2015-12-11 15:33 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll 2015-12-15 20:39 - 2015-12-11 15:33 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll 2015-12-15 20:14 - 2015-12-15 20:14 - 00000000 ___HD C:\$AVG 2015-12-15 20:14 - 2015-12-15 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-12-15 20:12 - 2015-12-15 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-12-15 20:11 - 2015-12-15 20:39 - 00000000 ____D C:\Program Files (x86)\AVG 2015-12-13 18:53 - 2015-12-13 18:53 - 00000000 ____D C:\Users\Public\Documents\Baidu 2015-12-13 18:48 - 2015-12-13 18:47 - 00000895 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-12-13 18:30 - 2015-12-13 18:30 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\master131 2015-12-13 18:22 - 2015-12-28 18:27 - 00000000 ____D C:\AdwCleaner 2015-12-13 17:54 - 2015-12-13 17:54 - 00003302 _____ C:\WINDOWS\System32\Tasks\Drum Party2 2015-12-13 17:54 - 2015-12-13 17:54 - 00003302 _____ C:\WINDOWS\System32\Tasks\Drum Party 2015-12-11 22:50 - 2015-12-11 22:52 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Steganos VPN 2015-12-11 22:47 - 2015-12-12 07:22 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Steganos 2015-12-11 19:35 - 2015-12-11 19:36 - 00000000 ____D C:\Users\GeCore BLokk\Documents\Xspliter 2015-12-11 18:22 - 2015-12-11 18:22 - 00002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk 2015-12-11 18:22 - 2015-12-11 18:22 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF 2015-12-11 18:21 - 2015-12-11 18:21 - 00002150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk 2015-12-11 18:21 - 2015-12-11 18:21 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk 2015-12-11 18:21 - 2015-12-11 18:21 - 00002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk 2015-12-11 18:21 - 2015-12-11 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2015-12-11 18:16 - 2015-12-11 18:16 - 00000000 ____D C:\PS_CS2_Gr_NonRet 2015-12-11 14:45 - 2015-12-11 14:45 - 00000000 ____D C:\Users\GeCore BLokk\Documents\MEGAsync Downloads 2015-12-11 14:44 - 2015-12-11 14:44 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Mega Limited 2015-12-10 19:24 - 2015-12-10 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys 2015-12-10 19:24 - 2015-12-10 19:24 - 00000000 ____D C:\Program Files (x86)\Lavalys 2015-12-08 20:43 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-08 20:43 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2015-12-08 20:43 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-12-08 20:43 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-12-08 20:43 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-08 20:43 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-08 20:43 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-12-08 20:43 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-12-08 20:43 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2015-12-08 20:43 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-08 20:43 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-08 20:43 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-08 20:43 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2015-12-08 20:43 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-08 20:43 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-12-08 20:43 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-08 20:43 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-08 20:43 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-08 20:43 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2015-12-08 20:43 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-08 20:43 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-12-08 20:43 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-08 20:43 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2015-12-08 20:43 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll 2015-12-08 20:43 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll 2015-12-08 20:43 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-08 20:43 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-08 20:43 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-08 20:43 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-08 20:43 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys 2015-12-08 20:43 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-08 20:43 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2015-12-08 20:43 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-08 20:43 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll 2015-12-08 20:43 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll 2015-12-08 20:43 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-08 20:43 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2015-12-08 20:43 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-08 20:43 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2015-12-08 20:43 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-08 20:43 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-08 20:43 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-12-08 20:43 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2015-12-08 20:43 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-08 20:43 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-12-08 20:43 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2015-12-08 20:43 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-08 20:43 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-08 20:43 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-08 20:43 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-08 20:43 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-08 20:43 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll 2015-12-08 20:43 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-08 20:43 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-08 20:43 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-08 20:43 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-08 20:43 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-12-08 20:43 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-12-08 20:43 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-08 20:43 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-08 20:43 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-08 20:43 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2015-12-08 20:43 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-08 20:43 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2015-12-08 20:43 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-08 20:43 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-08 20:43 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-08 20:43 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-08 20:43 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2015-12-08 20:43 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2015-12-08 20:43 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-08 20:43 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-08 20:43 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll 2015-12-08 20:43 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-08 20:43 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-08 20:43 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-08 20:43 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-08 20:43 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-08 20:43 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-08 20:43 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls 2015-12-08 17:19 - 2015-12-08 17:19 - 00000000 ____D C:\Program Files\SiSoftware 2015-12-06 14:43 - 2015-12-06 14:43 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\SplitmediaLabs 2015-12-06 14:36 - 2015-12-22 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit 2015-12-06 14:36 - 2015-12-09 14:46 - 00000000 ____D C:\Program Files (x86)\SplitmediaLabs 2015-12-06 14:36 - 2015-12-09 14:45 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\SplitmediaLabs 2015-12-06 14:36 - 2015-12-06 14:36 - 00000000 ____D C:\ProgramData\SplitMediaLabs 2015-12-02 17:54 - 2015-12-02 17:54 - 00000000 ____D C:\Users\GeCore BLokk\Documents\Ghost Games 2015-12-02 12:51 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2015-12-02 06:55 - 2015-11-25 00:07 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435906.dll 2015-12-02 06:55 - 2015-11-25 00:07 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435906.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-28 18:37 - 2015-08-06 07:16 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-28 18:37 - 2015-07-10 17:34 - 00883584 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-28 18:37 - 2015-07-10 17:34 - 00195718 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-28 18:37 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-28 18:29 - 2015-10-30 15:02 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-28 18:29 - 2015-10-22 08:26 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Deployment 2015-12-28 18:29 - 2015-08-29 09:44 - 00019605 _____ C:\Users\GeCore BLokk\IP_Log_Data.js 2015-12-28 18:28 - 2015-08-06 07:15 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-28 18:28 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-28 18:28 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-28 18:27 - 2015-03-29 18:03 - 00000000 ____D C:\ProgramData\MFAData 2015-12-28 18:21 - 2015-08-29 15:58 - 00000027 _____ C:\Users\GeCore BLokk\AppData\Roaming\Network Meter_Usage.ini 2015-12-28 18:21 - 2015-05-12 20:10 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\TS3Client 2015-12-28 18:17 - 2015-10-30 15:02 - 00001148 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-28 18:17 - 2015-03-29 16:40 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Battle.net 2015-12-28 18:00 - 2015-08-29 10:00 - 00039027 _____ C:\Users\GeCore BLokk\Network_Meter_Data.js 2015-12-28 17:57 - 2015-04-03 15:24 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-28 17:43 - 2015-03-31 16:11 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-28 17:21 - 2015-09-24 05:31 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{37C0FCCA-9427-43E6-B459-A6AE47F12069} 2015-12-28 16:25 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-28 11:14 - 2015-03-29 16:40 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-12-27 18:57 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-27 16:51 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-27 00:11 - 2015-10-30 15:02 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-12-25 23:49 - 2015-03-31 16:19 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Steam 2015-12-25 18:52 - 2015-03-29 17:10 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Adobe 2015-12-25 18:44 - 2015-11-12 19:47 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\SimulationCraft 2015-12-23 11:42 - 2015-08-06 07:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-12-23 11:42 - 2015-06-15 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-12-22 20:30 - 2015-07-10 10:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-12-22 09:29 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-21 14:55 - 2015-08-06 07:16 - 00000000 ____D C:\Users\GeCore BLokk 2015-12-20 21:46 - 2015-03-31 15:52 - 00000000 ____D C:\Users\GeCore BLokk\dwhelper 2015-12-19 03:37 - 2015-03-29 15:42 - 00000000 ____D C:\ProgramData\Origin 2015-12-18 22:07 - 2015-04-22 19:01 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\Skype 2015-12-18 14:01 - 2015-03-29 15:42 - 00000000 ____D C:\Program Files (x86)\Origin 2015-12-18 12:46 - 2015-04-16 17:48 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\NVIDIA Corporation 2015-12-18 09:48 - 2015-10-08 16:34 - 12426896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2015-12-17 09:26 - 2015-10-30 15:02 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-17 09:26 - 2015-10-30 15:02 - 00003436 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-16 17:59 - 2015-10-08 16:34 - 19727624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2015-12-16 17:59 - 2015-10-08 16:34 - 17104016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2015-12-16 17:59 - 2015-10-08 16:34 - 14103608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2015-12-16 17:59 - 2015-10-08 16:34 - 03603368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2015-12-16 17:59 - 2015-10-08 16:34 - 03184152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2015-12-16 17:59 - 2015-07-23 03:02 - 00035775 _____ C:\WINDOWS\system32\nvinfo.pb 2015-12-16 16:38 - 2015-03-29 11:37 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\VirtualStore 2015-12-16 15:54 - 2015-08-06 07:15 - 06359672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2015-12-16 15:54 - 2015-08-06 07:15 - 02985264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2015-12-16 15:54 - 2015-08-06 07:15 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2015-12-16 15:54 - 2015-08-06 07:15 - 01256240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2015-12-16 15:54 - 2015-08-06 07:15 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2015-12-16 15:54 - 2015-08-06 07:15 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2015-12-16 15:49 - 2015-08-06 07:15 - 06090019 _____ C:\WINDOWS\system32\nvcoproc.bin 2015-12-16 01:39 - 2015-07-10 13:20 - 00189368 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-15 20:41 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-12-15 20:39 - 2015-10-25 10:29 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\AVG 2015-12-15 20:39 - 2015-10-25 10:28 - 00000000 ____D C:\ProgramData\Avg 2015-12-15 20:39 - 2015-10-25 10:25 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\AvgSetupLog 2015-12-15 20:39 - 2015-06-09 21:09 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Avg 2015-12-15 20:14 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-12-14 16:37 - 2015-08-06 07:22 - 00002414 _____ C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-14 16:37 - 2015-08-06 07:22 - 00000000 ___RD C:\Users\GeCore BLokk\OneDrive 2015-12-13 18:25 - 2015-05-29 06:14 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Roaming\FileAdvisor 2015-12-13 18:01 - 2015-09-25 05:42 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-12-13 18:00 - 2015-08-06 07:40 - 00001051 _____ C:\Users\GeCore BLokk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk 2015-12-13 18:00 - 2015-08-06 07:21 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-13 17:56 - 2015-10-30 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-12-13 15:10 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-12-13 14:54 - 2015-03-29 22:42 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2015-12-13 14:54 - 2015-03-29 22:42 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2015-12-11 18:31 - 2015-05-13 09:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-11 18:31 - 2015-05-13 09:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-11 18:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-11 18:29 - 2015-04-03 15:24 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Adobe 2015-12-11 18:22 - 2015-10-23 06:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-12-11 18:21 - 2015-10-23 06:18 - 00000000 ____D C:\ProgramData\Adobe 2015-12-11 14:30 - 2015-03-29 16:13 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-11 14:28 - 2015-03-29 16:13 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-10 14:30 - 2015-09-25 05:42 - 00003990 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1443156149 2015-12-10 14:30 - 2015-09-25 05:42 - 00000000 ____D C:\Program Files (x86)\Opera 2015-12-09 19:57 - 2015-10-30 15:02 - 00004082 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-12-09 16:06 - 2015-05-13 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-09 02:51 - 2015-06-15 09:28 - 01846016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-12-09 02:51 - 2015-06-15 09:28 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-12-09 02:51 - 2015-06-15 09:28 - 01530240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-12-09 02:51 - 2015-06-15 09:28 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-12-08 17:19 - 2015-03-31 19:31 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-04 21:10 - 2015-06-15 07:38 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Google 2015-12-04 12:03 - 2015-08-06 07:21 - 00000000 ____D C:\Users\GeCore BLokk\AppData\Local\Packages 2015-12-03 20:52 - 2015-04-22 19:01 - 00000000 ____D C:\ProgramData\Skype 2015-12-01 20:53 - 2015-10-23 06:26 - 00000773 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft Logs Uploader.lnk 2015-12-01 01:32 - 2015-07-10 12:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 01:32 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-29 19:38 - 2015-09-22 07:18 - 00000000 ____D C:\Users\GeCore BLokk\.junique 2015-11-29 19:37 - 2015-08-29 09:51 - 00001474 _____ C:\Users\GeCore BLokk\AppData\Roaming\Network Meter_Settings.ini ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-29 09:46 - 2015-08-29 09:47 - 0000282 _____ () C:\Users\GeCore BLokk\AppData\Roaming\GPU MeterV2_Settings.ini 2015-08-29 09:51 - 2015-11-29 19:37 - 0001474 _____ () C:\Users\GeCore BLokk\AppData\Roaming\Network Meter_Settings.ini 2015-08-29 15:58 - 2015-12-28 18:21 - 0000027 _____ () C:\Users\GeCore BLokk\AppData\Roaming\Network Meter_Usage.ini 2015-09-20 20:18 - 2015-11-14 16:27 - 0000122 _____ () C:\Users\GeCore BLokk\AppData\Roaming\System Monitor II_UptimeRecord.ini Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\GeCore BLokk\IP_Log_Data.js C:\Users\GeCore BLokk\Network_Meter_Data.js Einige Dateien in TEMP: ==================== C:\Users\GeCore BLokk\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-20 14:52 ==================== Ende von FRST.txt ============================ |
29.12.2015, 09:29 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | RunDLL Drum Party Hi, Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses: Task: {07026CC2-7725-4610-BFFD-4FE484772248} - System32\Tasks\Drum Party => Task: {1668078D-E568-44E3-86FF-2CE56E80754C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei Task: {24CC227F-097E-4F4A-B1A0-DCB2A5696E27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei Task: {25E035A5-6611-4286-A8DF-0DDE435D845E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei Task: {36752F2F-E53E-4A05-A3F6-0C88E0627C97} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei Task: {38DCAEA7-52CB-4AA2-AC70-C5578BB15D04} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei C:\Users\GeCore BLokk\AppData\Local\Drum Party Task: {3DB3A1E6-6AE4-4B3F-8EBF-95C09AE8457E} - System32\Tasks\Drum Party2 => Task: {642BD9E8-F8B6-4469-B2CC-CA18902FDB0B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei Task: {6BDB2E00-6A7B-4424-8204-1FB1B1C1620F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei Task: {7DFBFA5B-4C2D-49CD-B503-0273FF31AB89} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei Task: {7F8AD525-CA96-4C50-8DB9-2451338E3D65} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei Task: {8CD5DED2-0055-4E01-9AF0-EA6DB1194D45} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei Task: {EC947AB1-0C98-4C69-9819-CCB3752E7D15} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Jetzt bitte Suchscan durchführen: Schritt 2 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
29.12.2015, 11:11 | #11 |
| RunDLL Drum Party guten morgen ich habe keine möglichkeit es mir auszusuchen das ich das als Fixlist.txt speichern kann wie geht das ? |
29.12.2015, 11:14 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | RunDLL Drum Party
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
29.12.2015, 11:21 | #13 |
| RunDLL Drum Party ... Geändert von GeCorePerver (29.12.2015 um 12:15 Uhr) |
29.12.2015, 11:40 | #14 |
/// TB-Ausbilder /// Anleitungs-Guru | RunDLL Drum Party Du musst es aber in dem Format abspeichern wie ich es gepostet habe.Bei Dir ist es ja nur eine Zeile.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
29.12.2015, 14:07 | #15 |
| RunDLL Drum PartyCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:28-12-2015 durchgeführt von GeCore BLokk (2015-12-29 12:10:25) Run:2 Gestartet von C:\Users\GeCore BLokk\Downloads\frst Geladene Profile: GeCore BLokk (Verfügbare Profile: GeCore BLokk & DefaultAppPool) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** CloseProcesses: Task: {07026CC2-7725-4610-BFFD-4FE484772248} - System32\Tasks\Drum Party => Task: {1668078D-E568-44E3-86FF-2CE56E80754C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei Task: {24CC227F-097E-4F4A-B1A0-DCB2A5696E27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei Task: {25E035A5-6611-4286-A8DF-0DDE435D845E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei Task: {36752F2F-E53E-4A05-A3F6-0C88E0627C97} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei Task: {38DCAEA7-52CB-4AA2-AC70-C5578BB15D04} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei C:\Users\GeCore BLokk\AppData\Local\Drum Party Task: {3DB3A1E6-6AE4-4B3F-8EBF-95C09AE8457E} - System32\Tasks\Drum Party2 => Task: {642BD9E8-F8B6-4469-B2CC-CA18902FDB0B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei Task: {6BDB2E00-6A7B-4424-8204-1FB1B1C1620F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei Task: {7DFBFA5B-4C2D-49CD-B503-0273FF31AB89} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei Task: {7F8AD525-CA96-4C50-8DB9-2451338E3D65} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei Task: {8CD5DED2-0055-4E01-9AF0-EA6DB1194D45} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei Task: {EC947AB1-0C98-4C69-9819-CCB3752E7D15} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = ***************** Prozess erfolgreich geschlossen. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07026CC2-7725-4610-BFFD-4FE484772248}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07026CC2-7725-4610-BFFD-4FE484772248}" => Schlüssel erfolgreich entfernt C:\WINDOWS\System32\Tasks\Drum Party => => nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Drum Party => => Schlüssel nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1668078D-E568-44E3-86FF-2CE56E80754C}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1668078D-E568-44E3-86FF-2CE56E80754C}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24CC227F-097E-4F4A-B1A0-DCB2A5696E27}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24CC227F-097E-4F4A-B1A0-DCB2A5696E27}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25E035A5-6611-4286-A8DF-0DDE435D845E}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25E035A5-6611-4286-A8DF-0DDE435D845E}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36752F2F-E53E-4A05-A3F6-0C88E0627C97}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36752F2F-E53E-4A05-A3F6-0C88E0627C97}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38DCAEA7-52CB-4AA2-AC70-C5578BB15D04}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38DCAEA7-52CB-4AA2-AC70-C5578BB15D04}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt "C:\Users\GeCore BLokk\AppData\Local\Drum Party" => nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3DB3A1E6-6AE4-4B3F-8EBF-95C09AE8457E}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DB3A1E6-6AE4-4B3F-8EBF-95C09AE8457E}" => Schlüssel erfolgreich entfernt C:\WINDOWS\System32\Tasks\Drum Party2 => => nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Drum Party2 => => Schlüssel nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{642BD9E8-F8B6-4469-B2CC-CA18902FDB0B}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{642BD9E8-F8B6-4469-B2CC-CA18902FDB0B}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BDB2E00-6A7B-4424-8204-1FB1B1C1620F}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BDB2E00-6A7B-4424-8204-1FB1B1C1620F}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DFBFA5B-4C2D-49CD-B503-0273FF31AB89}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DFBFA5B-4C2D-49CD-B503-0273FF31AB89}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F8AD525-CA96-4C50-8DB9-2451338E3D65}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F8AD525-CA96-4C50-8DB9-2451338E3D65}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CD5DED2-0055-4E01-9AF0-EA6DB1194D45}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CD5DED2-0055-4E01-9AF0-EA6DB1194D45}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC947AB1-0C98-4C69-9819-CCB3752E7D15}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC947AB1-0C98-4C69-9819-CCB3752E7D15}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => Schlüssel erfolgreich entfernt HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Schlüssel nicht gefunden. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => Schlüssel erfolgreich entfernt HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => Schlüssel nicht gefunden. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => Schlüssel erfolgreich entfernt HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => Schlüssel nicht gefunden. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => Schlüssel erfolgreich entfernt HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Schlüssel nicht gefunden. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => Schlüssel erfolgreich entfernt HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => Schlüssel nicht gefunden. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => Schlüssel erfolgreich entfernt HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt Das System musste neu gestartet werden. ==== Ende von Fixlog 12:10:26 ==== Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=562a06d7880d474c8c9cdf3cf7d1990e # end=init # utc_time=2015-12-29 11:07:14 # local_time=2015-12-29 12:07:14 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 27402 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=562a06d7880d474c8c9cdf3cf7d1990e # end=updated # utc_time=2015-12-29 11:09:17 # local_time=2015-12-29 12:09:17 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=562a06d7880d474c8c9cdf3cf7d1990e # end=init # utc_time=2015-12-29 11:12:36 # local_time=2015-12-29 12:12:36 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 27402 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=562a06d7880d474c8c9cdf3cf7d1990e # end=updated # utc_time=2015-12-29 11:12:47 # local_time=2015-12-29 12:12:47 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=562a06d7880d474c8c9cdf3cf7d1990e # end=restart # utc_time=2015-12-29 11:51:09 # local_time=2015-12-29 12:51:09 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # compatibility_mode_1='AVG AntiVirus Free Edition' # compatibility_mode=1057 16777213 100 100 225601 2742117 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 1187109 14863881 0 0 # scanned=398352 # found=7 # cleaned=0 # scan_time=2302 sh=34B73971C4A79AB5C1722D23F95393A1D5017023 ft=1 fh=fcf2f12d9c53e3dc vn="Variante von Win64/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe.vir" sh=6C436668B9C0B8A1230BAD440FD037ACC1489E1D ft=1 fh=a9d9ed7d9bb022e5 vn="Variante von Win64/SBWatchman.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbiw.sys.vir" sh=909BEA89BA235AF63F713E233E23F23FE23FBE48 ft=1 fh=630ebc6aeabacdcf vn="Variante von Win32/Toptools.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScreenSnapshotTool\1.1.0.11070\InstallHelper.exe.vir" sh=29600168B036C62699BF66096A0CB831F45017D0 ft=1 fh=5692ebc8643dbc8c vn="Variante von Win32/Toptools.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScreenSnapshotTool\1.1.0.11070\ScreenSnapshot.exe.vir" sh=915E6C17958B52948EE7B0AA400AB6C50D188AD3 ft=1 fh=7565d96ec5681b38 vn="Variante von Win32/ELEX.FO evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SSFK.exe.vir" sh=62CE66E2F9C9F7E723D60274B9A5D11C2C068CD7 ft=1 fh=fce2b8c04801995b vn="Variante von Win32/SpeedBit.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir" sh=0FFFB070AEA9A23FBA4DED929655731A8756F1F1 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Adload.NPA Trojaner" ac=I fn="C:\Program Files (x86)\Windows 7 Activator\install7activator.bat" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=562a06d7880d474c8c9cdf3cf7d1990e # end=init # utc_time=2015-12-29 11:54:32 # local_time=2015-12-29 12:54:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 27402 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=562a06d7880d474c8c9cdf3cf7d1990e # end=updated # utc_time=2015-12-29 11:54:50 # local_time=2015-12-29 12:54:50 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=562a06d7880d474c8c9cdf3cf7d1990e # engine=27402 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-29 12:30:10 # local_time=2015-12-29 01:30:10 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='AVG AntiVirus Free Edition' # compatibility_mode=1057 16777213 100 100 227942 2744458 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 1189450 14866222 0 0 # scanned=410091 # found=7 # cleaned=7 # scan_time=2119 sh=34B73971C4A79AB5C1722D23F95393A1D5017023 ft=1 fh=fcf2f12d9c53e3dc vn="Variante von Win64/SBWatchman.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe.vir" sh=6C436668B9C0B8A1230BAD440FD037ACC1489E1D ft=1 fh=a9d9ed7d9bb022e5 vn="Variante von Win64/SBWatchman.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbiw.sys.vir" sh=909BEA89BA235AF63F713E233E23F23FE23FBE48 ft=1 fh=630ebc6aeabacdcf vn="Variante von Win32/Toptools.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScreenSnapshotTool\1.1.0.11070\InstallHelper.exe.vir" sh=29600168B036C62699BF66096A0CB831F45017D0 ft=1 fh=5692ebc8643dbc8c vn="Variante von Win32/Toptools.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScreenSnapshotTool\1.1.0.11070\ScreenSnapshot.exe.vir" sh=915E6C17958B52948EE7B0AA400AB6C50D188AD3 ft=1 fh=7565d96ec5681b38 vn="Variante von Win32/ELEX.FO evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SSFK.exe.vir" sh=62CE66E2F9C9F7E723D60274B9A5D11C2C068CD7 ft=1 fh=fce2b8c04801995b vn="Variante von Win32/SpeedBit.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir" sh=0FFFB070AEA9A23FBA4DED929655731A8756F1F1 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Adload.NPA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Windows 7 Activator\install7activator.bat" Geändert von GeCorePerver (29.12.2015 um 12:12 Uhr) |
Themen zu RunDLL Drum Party |
dll, file, hilfe, nicht, party, problem, rundll, wirklich |