| |
| |||||||
Log-Analyse und Auswertung: Email wird als Absender für Spam Emails verwendetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.02.2016, 14:27
| #1 |
| |  Email wird als Absender für Spam Emails verwendet Einen Wunderschönen guten Tag! Nachdem ich heute von einem Kollegen erfahren habe, das er eine Spam Mail von "mir" erhalten hat habe ich mich hier im Forum angemeldet um Hilfe zu finden. Ich habe als erstes mal meinen Postausgang und mein Junk - Ordner geprüft. Im Junk Ordner befinden sich etliche (seit August 2015) nicht Zustellbare Emails bzw. Antworten. Hier einmal die letzte vom heutigen Tag : Code:
ATTFilter This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
daemon@esl.eu
SMTP error from remote mail server after RCPT TO:<daemon@esl.eu>:
host mail.o-byte.com [176.28.16.226]: 550 5.1.1 <daemon@esl.eu>:
Recipient address rejected: User unknown in virtual mailbox table
------ This is a copy of the message, including all the headers. ------
Return-path: <MEINE@EMAIL.DE>
Received: from bba751177.alshamil.net.ae ([92.97.157.99] helo=wrbz.org)
by webserver.totalsolve.nl with esmtpsa (TLSv1:AES256-SHA:256)
(Exim 4.73)
(envelope-from <MEINE@EMAIL.DE>)
id 1aQCfs-0006qb-KO; Mon, 01 Feb 2016 12:29:41 +0100
From: <MEINE@EMAIL.DE>
To: "heike" <EMAIL@BEKANNTERKONTAKT.DE>, "daemon" <daemon@esl.eu>, "Du weit dass Du mal im Rheinhousen warst"
<105179279604816@groups.facebook.com>, "mike699" <mike699@ntlworld.com>,
"mike" <mike@pollock-web.com>
Subject: Fw: new message
Date: Mon, 1 Feb 2016 19:24:16 -0800
Message-ID: <000022081ad0$7c2a50fb$c21029cb$@mike3.de>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_0691C35A.38677AC4"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdFoihjCHOSUzaHrNvSJCDYSxTit+g==
Content-Language: en-us
This is a multipart message in MIME format.
------=_NextPart_000_0001_0691C35A.38677AC4
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hey!
Open message <hxxp://msmega.com.br/started.php?topq0>
MEINE@EMAIL.DE
------=_NextPart_000_0001_0691C35A.38677AC4
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas=
-microsoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:off=
ice:word" xmlns:m=3D"hxxp://schemas.microsoft.com/office/2004/12/omml"=
xmlns=3D"hxxp://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV=3D"C=
ontent-Type" CONTENT=3D"text/html; charset=3Dus-ascii"><meta name=3DGe=
nerator content=3D"Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
=2EMsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN link=3D"#0563=
C1" vlink=3D"#954F72"><div class=3DWordSection1><p class=3DMsoNormal><=
span lang=3DEN-US>Hey!<o:p></o:p></span></p><p class=3DMsoNormal><span=
lang=3DEN-US><o:p> </o:p></span></p><p class=3DMsoNormal><span l=
ang=3DEN-US><b>Open message</b> <a href=3D"hxxp://msmega.com.br/starte=
d.php?topq0">hxxp://msmega.com.br/started.php</a><o:p></o:p></span></p=
> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p><=
p class=3DMsoNormal><span lang=3DEN-US>MEINE@EMAIL.DE<o:p></o:p></span>=
</p></div></body></html>
------=_NextPart_000_0001_0691C35A.38677AC4--
 Ein Scan mit Malwarebytes Anti-Malware habe ich allerdings durchgeführt. Hier sind die Logs dazu : Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 01.02.2016 Suchlaufzeit: 13:30 Protokolldatei: MBAW sscan.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.02.01.03 Rootkit-Datenbank: v2016.01.20.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: ready2go Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 391740 Abgelaufene Zeit: 6 Min., 9 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 3 CrackTool.Agent.Steam, C:\Program Files\Fallout 4\steam_api64.dll, In Quarantäne, [790edc7f0e8b0d29c2fb2534857c817f], PUP.Optional.MindSpark, C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_internetspeedtracker.dl.tb.ask.com_0.localstorage, In Quarantäne, [0d7ab6a5c6d33df9719f2fafa3609f61], PUP.Optional.MindSpark, C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_internetspeedtracker.dl.tb.ask.com_0.localstorage-journal, In Quarantäne, [384fcb909207d66013fd934b689b48b8], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 01.02.2016 13:30, SYSTEM, MIKE, Manual, Remediation Database, 2015.9.16.1, 2016.1.23.1, Update, 01.02.2016 13:30, SYSTEM, MIKE, Manual, Rootkit Database, 2015.9.18.1, 2016.1.20.1, Update, 01.02.2016 13:30, SYSTEM, MIKE, Manual, IP Database, 2015.9.21.2, 2016.1.30.1, Update, 01.02.2016 13:30, SYSTEM, MIKE, Manual, Domain Database, 2015.9.22.3, 2016.1.31.2, Update, 01.02.2016 13:30, SYSTEM, MIKE, Manual, Malware Database, 2015.9.22.5, 2016.2.1.3, Scan, 01.02.2016 13:37, SYSTEM, MIKE, Manual, Start: 01.02.2016 13:30, Dauer: 6 Min. 9 Sek., Bedrohungssuchlauf, Abgeschlossen, 1 Malware-Erkennung, 2 Nicht-Malware-Erkennungen, Error, 01.02.2016 13:38, SYSTEM, MIKE, Protection, IsLicensed, 13, Protection, 01.02.2016 13:38, SYSTEM, MIKE, Protection, Malware Protection, Stopping, Protection, 01.02.2016 13:38, SYSTEM, MIKE, Protection, Malware Protection, Stopped, (end) Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-01-2016
durchgeführt von ready2go (2016-02-01 13:53:32)
Gestartet von C:\Users\ready2go\Desktop
Windows 8.1 Pro (X64) (2015-04-12 12:04:29)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2061736071-1537729749-4263700537-500 - Administrator - Disabled)
Chantal (S-1-5-21-2061736071-1537729749-4263700537-1015 - Limited - Enabled) => C:\Users\Chantal
Gast (S-1-5-21-2061736071-1537729749-4263700537-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2061736071-1537729749-4263700537-1003 - Limited - Enabled)
Media (S-1-5-21-2061736071-1537729749-4263700537-1007 - Limited - Enabled)
ready2go (S-1-5-21-2061736071-1537729749-4263700537-1004 - Administrator - Enabled) => C:\Users\ready2go
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bitvise SSH Client 6.31 (remove only) (HKLM-x32\...\BvSshClient) (Version: - )
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Caster (HKLM-x32\...\Steam App 29800) (Version: - Elecorn)
Catalyst Control Center Next Localization BR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Child of Light (HKLM-x32\...\Steam App 256290) (Version: - Ubisoft Montréal)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Deadlight (HKLM-x32\...\Steam App 211400) (Version: - Tequila Works, S.L.)
Deponia (HKLM-x32\...\Steam App 214340) (Version: - Daedalic Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
EDGE (HKLM-x32\...\Steam App 38740) (Version: - Two Tribes)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout 4 (HKLM\...\ZmFsbG91dDQ=_is1) (Version: 1 - )
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version: - SQUARE ENIX)
Flockers (HKLM-x32\...\Steam App 260330) (Version: - Team17 Digital Ltd)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
FORCED (HKLM-x32\...\Steam App 249990) (Version: - BetaDwarf)
Free YouTube to MP3 Converter version 3.12.60.713 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.60.713 - DVDVideoSoft Ltd.)
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
GetFoldersize 2.6.0 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.6.0 - Michael Thummerer Software Design)
Glary Utilities 5.24 (HKLM-x32\...\Glary Utilities 5) (Version: 5.24.0.43 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version: - Crackshell)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version: - Elias Viglione)
HEX (HKLM-x32\...\{6EDED3CB-CAC5-4200-A534-CCA1732EAF23}_is1) (Version: - Gameforge)
HLSW v1.4.0.2 (HKLM-x32\...\HLSW_is1) (Version: - Stripf Software)
HOARD (HKLM-x32\...\Steam App 63000) (Version: - Big Sandwich Games)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
King Arthur's Gold (HKLM-x32\...\Steam App 219830) (Version: - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Light (HKLM-x32\...\Steam App 271730) (Version: - Just A Pixel Ltd.)
Logitech Gaming Software 8.75 (HKLM\...\Logitech Gaming Software) (Version: 8.75.30 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minimum (HKLM-x32\...\Steam App 214190) (Version: - Human Head Studios)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.6.0 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Orcs Must Die! Unchained (HKLM-x32\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version: - Gameforge 4D GmbH)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Out There Somewhere (HKLM-x32\...\Steam App 263980) (Version: - MiniBoss)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Outland (HKLM-x32\...\Steam App 305050) (Version: - Housemarque)
PAC-MAN Championship Edition DX+ (HKLM-x32\...\Steam App 236450) (Version: - Mine Loader Software Co., Ltd.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PicoScope 6 Automotive (HKLM-x32\...\{990df06c-6210-4d71-896a-a2f011ec0522}) (Version: 6.10.16 - Pico Technology)
PlanetSide 2 (HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\...\DGC-PlanetSide 2) (Version: 1.0.3.191 - Daybreak Game Company)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28129 - Razer Inc.)
Robot Roller-Derby Disco Dodgeball (HKLM-x32\...\Steam App 270450) (Version: - Erik Asmussen)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
RUSH (HKLM-x32\...\Steam App 38720) (Version: - Two Tribes)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SketchUp 2015 (HKLM\...\{A83795B9-570F-40FF-ACB4-710B568EBA22}) (Version: 15.3.331 - Trimble Navigation Limited)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
Talisman: Digital Edition (HKLM-x32\...\Steam App 247000) (Version: - Nomad Games Limited)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version: - Iron Lore Entertainment)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft)
Tom Clancy's The Division Beta (HKLM-x32\...\Uplay Install 2036) (Version: - Ubisoft)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.1 - VMware, Inc)
VMware Workstation (Version: 10.0.1 - VMware, Inc.) Hidden
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D BOY)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version: - Team17 Digital Ltd.)
Worms Ultimate Mayhem (HKLM-x32\...\Steam App 70600) (Version: - Team17 Software Ltd.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2061736071-1537729749-4263700537-1004_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02FBD3FF-B6A7-4850-AB43-B8C7E4FB1953} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {0AA13CC2-E19C-474D-8BAD-1CC9D5080076} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {0E323A3F-850A-4E16-9002-3A5DE37D1873} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {36DC8FFB-E213-4A29-A49E-CC8F70B5D77E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2061736071-1537729749-4263700537-1004Core => C:\Users\ready2go\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {47E4029F-D21F-4BDB-B466-00836F6DD8A4} - \Optimize Start Menu Cache Files-S-1-5-21-2061736071-1537729749-4263700537-1001 -> Keine Datei <==== ACHTUNG
Task: {5103CFE3-8490-4C4E-AAF1-F78421EF683C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2061736071-1537729749-4263700537-1004UA => C:\Users\ready2go\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {68D3430F-BF68-4A8D-8D40-8942F0E522F8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6CD884F0-5BAD-4221-BD8C-3EE0529DD734} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MIKE-ready2go Mike => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {75AF2024-2F48-461A-BF76-D5E77423FB1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12] (Google Inc.)
Task: {98B1C48B-ED07-4EF7-8983-1DFC9DE2BF62} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-04-27] (Glarysoft Ltd)
Task: {B14840D0-5E48-40FB-AA07-D81E677AE60A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B776901E-4A97-47AF-800A-6BDFF7811D78} - System32\Tasks\HP AR Program Upload - ba2cb867568146c3ad41abeb8920119782af320be35f4a28a46ec220bee9312f => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B98BB240-0F7F-40D4-B1E0-40AEF80B0933} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcTrigger
Task: {B9E32F68-79B7-4F47-95BD-95C99942C346} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12] (Google Inc.)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BA6AE8A8-0310-46B8-933D-6862D45665A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C6B0B7D1-1505-42E9-A08A-223A164D1C9F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {E538D954-C3D1-4F00-BBBF-099122F2604C} - System32\Tasks\HP AR Program Upload - af9044ec551743baa517dbc48474b5cbdd49b513ec324d77a2191832bf4bc0e5 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {E96C992E-9C3F-4E65-9BD9-AB3EECD62E87} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-23] (Advanced Micro Devices, Inc.)
Task: {F97BF8D0-4AD8-48CD-9B43-447D987F3683} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-04-27] (Glarysoft Ltd)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2061736071-1537729749-4263700537-1004Core.job => C:\Users\ready2go\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2061736071-1537729749-4263700537-1004UA.job => C:\Users\ready2go\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-11-03 17:12 - 2015-11-03 17:12 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-12-30 23:11 - 2015-12-30 23:11 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-06-23 20:11 - 2015-06-23 20:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-10-18 11:10 - 2013-10-18 11:10 - 14405200 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-04-19 16:39 - 2012-10-25 10:26 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-04-19 16:39 - 2012-10-25 10:26 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-10-14 17:35 - 2015-10-14 17:35 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-10-14 17:35 - 2015-10-14 17:35 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-07-08 07:58 - 2015-07-08 07:58 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-01-29 00:44 - 2016-01-27 19:13 - 02048840 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 00:44 - 2016-01-27 19:13 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2015-04-12 14:33 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-12 14:33 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-12 14:33 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-12 14:33 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-12 14:33 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-18 11:46 - 2013-10-18 11:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-04-12 14:34 - 2015-11-10 20:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-12 14:34 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-12 14:34 - 2015-12-14 21:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-12 14:34 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-12 14:34 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-12 14:34 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-12 14:34 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-12 14:34 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-12 14:34 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-12 14:34 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-12 14:34 - 2015-12-14 21:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 21:24 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-12-12 12:18 - 2015-10-31 01:59 - 00034768 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00022848 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00023352 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00042296 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-12 12:18 - 2015-10-31 01:59 - 00116688 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 12:18 - 2015-10-31 01:59 - 00093640 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 12:18 - 2015-10-31 01:59 - 00018376 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00019760 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00105928 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-12 12:18 - 2015-10-31 01:59 - 00392144 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 12:18 - 2015-12-08 22:36 - 00381752 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 12:18 - 2015-10-31 01:59 - 00692688 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00020816 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00109520 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 01737032 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00020808 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00020800 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00021840 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00038696 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00024528 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00020936 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00114640 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00021320 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00124880 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00030160 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00043472 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00175560 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00028616 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00048592 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00024392 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00036296 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 12:18 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00117056 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00023376 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 12:18 - 2015-10-31 01:59 - 00134608 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-12 12:18 - 2015-10-31 01:59 - 00134088 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00240584 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00020280 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00052024 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00021304 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00350152 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00084792 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-12 12:18 - 2015-12-08 22:36 - 01826608 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 12:18 - 2015-10-31 02:00 - 00083912 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 03891504 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 01950000 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00519984 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00133936 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00225080 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00207672 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00024904 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00486704 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-12 12:18 - 2015-12-08 22:36 - 00357680 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-05-19 22:34 - 2015-10-31 02:01 - 00019920 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-05-19 22:34 - 2015-10-31 02:00 - 00786904 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 17:03 - 2015-10-31 02:00 - 00063448 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-05-19 22:34 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\ready2go\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-10-01 07:28 - 2015-10-01 07:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-04-12 14:34 - 2015-11-17 01:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2015-10-21 21:29 - 2015-10-21 21:29 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2015-10-21 21:29 - 2015-10-21 21:29 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2015-06-27 00:09 - 2015-06-27 00:09 - 00271872 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2016-01-29 01:30 - 2014-11-26 02:12 - 40622592 _____ () C:\Users\ready2go\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2016-01-29 01:30 - 2014-11-26 02:12 - 00911360 _____ () C:\Users\ready2go\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-01-29 01:30 - 2014-11-26 02:12 - 00134144 _____ () C:\Users\ready2go\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-04-12 13:20 - 2016-01-14 22:05 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-04-12 13:20 - 2016-01-14 22:05 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: MozillaMaintenance => 3
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{5CB7C9DD-F0FB-4119-B2AE-481D5431711E}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{807278AC-F0ED-423B-8FDE-F854A5ABE0D0}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{BCB94DAC-8F7F-49F8-8328-387430B4CF56}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{94541B98-3310-4205-A973-5850C6C72F4C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{45480A7C-C0C2-4D45-A8C5-439206F72176}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{698B8FC7-E68B-4E43-BF0C-2D8DB012CA39}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{726B665B-010B-41F2-98E2-DD3DB479E662}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{92E5A6D8-32E2-4E63-B0BA-9F33529EED87}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A5C68B21-CBB5-4D64-8C12-4DBE58E2189A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{971B1A92-E364-4A5C-82B0-0D3B13CC29F1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3C39AA4E-2DF4-497C-86B6-3C61AB08C66A}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{9B565488-EEAF-4A61-8A0E-C7F6AB1C73E6}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{04A74B30-1094-4C2A-8DCA-614428F60481}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{9724D358-BF73-484E-A728-9554A0C49446}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{D61FC593-1801-49EE-8806-3AD9814A7FE3}] => (Allow) H:\Games\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{114A6B8B-2F13-41FB-86DA-C823FB8653D9}] => (Allow) H:\Games\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{47E72678-D2E8-4F1A-942A-2E84BB56274A}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DDAFDD95-C522-4B27-80AB-576DC4EF7EBC}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4A888198-850C-42DB-BAD7-105A39057374}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{FD8BE311-713D-4E43-ABC2-C51A2E8F3B55}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{D4C11D9B-EEDB-445A-B6A5-0CE46A35C9B9}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{720E4A0E-FD47-45AF-989E-1B472F5D2102}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{A78A24A7-C0F0-493B-96B2-FE811533804D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{CC2C1C61-0F76-4E3F-A86D-6F384EC77AE9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{602D2F12-34C2-4BCA-8473-66BB3831345B}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{CA824400-C1EC-4543-910E-72681388AFBA}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{2DC82C37-761E-4474-8CE9-1323CD4420FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{C93B1B80-9BE6-41CC-A598-43C52CC624F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{16014C79-93A5-442E-8B83-068D3106DE70}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{BDF768E7-B7C0-4572-8DAE-AF6CF880D369}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{367162A2-3381-484F-B60C-9BA99CBC47AD}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{058F43DA-0C32-45B7-80D4-229733D2A464}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8CCDA5CE-3651-4E67-A91D-852DFD5DA701}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{44888AAA-9B04-4538-9DF8-523825C72D16}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{2CEFFA39-31B9-4161-A4D3-ABA09F99549E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{3C0ACE70-DDB6-42E8-840F-38C8541B2FDB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{86970E60-094D-433E-9147-557C87DF8DF6}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{1419040D-E2E8-4317-9BD8-FE1A0341947C}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{F8AB15E3-0436-4A1C-9846-908009CAD416}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\WormsXHD\Launcher.exe
FirewallRules: [{DAEB9BD0-98B0-4DA0-B7A8-DF8A2AA9914C}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\WormsXHD\Launcher.exe
FirewallRules: [{7FECD9F0-286F-4B75-ADF0-242473C2C6D6}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{C92DA1CA-78BE-48F6-A9C9-2802C707AA52}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [TCP Query User{E5734E2D-2057-486F-8B1B-1BA924E28578}H:\games\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) H:\games\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{0CF25897-08CB-4324-ADD7-B4DAF59EC542}H:\games\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) H:\games\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{C45DA056-88AC-4F4A-B624-D9C0E271AAE8}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{FF86F27C-777D-459A-81E1-C5A440B9F70F}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{2BB0D9FB-7B01-4FBD-8914-1F7B0714173D}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\SpaceChem\SpaceChem.exe
FirewallRules: [{BBB4D822-DDD0-4983-9FA3-1A21B4737FF7}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\SpaceChem\SpaceChem.exe
FirewallRules: [{49BC7579-76D9-459A-978D-2C2EE92B29DD}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\RUSH\rush.exe
FirewallRules: [{37E4E2F2-16B7-4D68-ADC9-EF2F53DAC0B0}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\RUSH\rush.exe
FirewallRules: [{D49F06D8-B76D-4A91-8723-E678A92F7C5B}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Minimum\Binaries\Win32\MinGame-Win32-F.exe
FirewallRules: [{E01A6557-6AF0-4C03-8478-ADD02AC2C1B0}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Minimum\Binaries\Win32\MinGame-Win32-F.exe
FirewallRules: [{48002949-39AD-489B-8CB1-94ED1E72BF99}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Light\Light.exe
FirewallRules: [{70510864-EDAC-4DF1-9A0C-41000193F101}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Light\Light.exe
FirewallRules: [{1174314A-29AD-469A-BA9A-835C4CA7B933}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{89090E45-6CDD-4530-997F-DACEB4558E11}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{3BC2BC81-44BD-4C0A-8754-45375C6B9790}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\EDGE\edge.exe
FirewallRules: [{160810D3-6A78-497F-97EA-39A26A430A0D}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\EDGE\edge.exe
FirewallRules: [{AF1C02DC-532B-481F-AFD8-4157F1CA5766}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Hoard\win32\Reuben.exe
FirewallRules: [{181FE4A4-F6BA-494D-B1B6-F1FF7441AD21}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Hoard\win32\Reuben.exe
FirewallRules: [{3E79C578-2DD1-4528-BF8F-92C77CF63D81}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Talisman\Talisman.exe
FirewallRules: [{ACF5F90C-EE00-4109-9120-71E90D2D6F7E}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Talisman\Talisman.exe
FirewallRules: [{EEF5FDC1-E0D7-4058-A71D-EF8651F3B850}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{F64637EB-9D62-441E-B073-9B9D1F3CAF9F}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{BE958EA0-0D71-44C9-AC6C-C2D50B7CB709}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{DFD6915B-972E-45BC-BB83-4AECD0172716}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{E087DE90-25DC-4A8D-9F40-80EE0A4C2AFA}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{FA42436C-8433-424A-B384-3B0D44623181}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{C5D1DB8F-99FF-4568-AADF-7BCE380236FB}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{5DFBDCB4-FC09-4874-A8F5-94B7442E0EA0}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{0B2116C0-0B60-4ED0-9521-90BFBC66C1CE}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{E2FFD919-F327-43EE-86E4-3A7E350EF9E3}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{B9DFCA5E-A2A1-40B9-B351-23022E86FE3E}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Flockers\Flockers.exe
FirewallRules: [{0BAA01F6-4E1E-4DB3-A014-167C1CDB5777}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Flockers\Flockers.exe
FirewallRules: [{4B23D9B8-63DD-49C3-BAD5-1FF4EF0AB157}] => (Allow) C:\Users\ready2go\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AD920BC0-52BB-4184-9CB2-EC34A6E35048}] => (Allow) C:\Users\ready2go\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9F1A1F9-7E28-44E0-AB6B-31AA2CE01F7E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E580B793-B0A8-4410-9C23-EAD9BAEC1D73}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4AF3AB91-0369-4039-AF4A-A6138FC5380E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E7247319-0B3B-4875-8E53-8159F1ADB205}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{660CCEB1-A3FB-48A1-8F03-73CA3316CA0E}C:\users\ready2go\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ready2go\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B4606A45-7496-4C0B-ADBA-D47E62C2DC60}C:\users\ready2go\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ready2go\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{C54050E8-1830-4598-A0D6-517373B7F621}H:\_krc\server\left4dead2\left4dead2_official\srcds.exe] => (Allow) H:\_krc\server\left4dead2\left4dead2_official\srcds.exe
FirewallRules: [UDP Query User{789759AD-D1B8-4CBD-882B-7078DB040188}H:\_krc\server\left4dead2\left4dead2_official\srcds.exe] => (Allow) H:\_krc\server\left4dead2\left4dead2_official\srcds.exe
FirewallRules: [TCP Query User{FA952DEA-432A-4C05-A826-10616AAA35B5}H:\_krc\server\l4d2\srcds.exe] => (Allow) H:\_krc\server\l4d2\srcds.exe
FirewallRules: [UDP Query User{E9C7DF89-982B-4272-8B42-223CACF40330}H:\_krc\server\l4d2\srcds.exe] => (Allow) H:\_krc\server\l4d2\srcds.exe
FirewallRules: [TCP Query User{67355E93-3E03-4E6D-881F-64B680E1E203}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe
FirewallRules: [UDP Query User{F1A9E558-97B1-46EA-97B7-878D0B590730}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe
FirewallRules: [TCP Query User{F1EF8F56-CE11-44B0-AB07-A8E1FA30E12A}H:\_krc\server\alt\left4dead2\left4dead2_official\srcds.exe] => (Allow) H:\_krc\server\alt\left4dead2\left4dead2_official\srcds.exe
FirewallRules: [UDP Query User{1E77A0FF-8B70-4929-821E-C19235A4FFDC}H:\_krc\server\alt\left4dead2\left4dead2_official\srcds.exe] => (Allow) H:\_krc\server\alt\left4dead2\left4dead2_official\srcds.exe
FirewallRules: [{8332486B-D969-49C4-98EF-DB00FAFB22AA}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{0E840C79-8B26-4825-A0BB-43F86EAB5300}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{E68DEAD6-D342-47FD-8D6F-CE3B6CDAFC63}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{89CF6755-647C-4259-8331-57E66E8E24FB}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8304B58C-106B-4649-9486-6ADCCEF37B97}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{F1C38BFF-EA82-457C-93DE-4FB812ABC8CA}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{202F7069-7C86-487B-A0EB-460FA2421D89}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{B53AD8C6-08A6-4D60-90EF-258DBB91C038}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{97E4A388-F306-4DEF-99BE-B23CDC316C7D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C1ACB035-0D94-4378-840D-C4A49F8732AE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{7BD5FA49-F094-4AA1-AF6F-0F357C68B5EE}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{361FD226-235E-4B73-8A1B-FB2BE8D7DB12}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{2C07BA00-BD61-46B4-B1C1-97F4C9A1FFEE}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Deponia\deponia.exe
FirewallRules: [{F80D717F-4B69-4CE0-AB83-CAF0E932F710}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Deponia\deponia.exe
FirewallRules: [{2FA72237-2DBF-4A65-A886-24DB8B39B50E}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{B0A650A0-17D1-41D4-9D9F-3B5EF732225E}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{9B722F15-5A68-4696-BDE0-C5532EFE9499}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Outland\Outland.exe
FirewallRules: [{E374D452-11D0-4849-B501-ED8C6E0091EB}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Outland\Outland.exe
FirewallRules: [{A89985B1-E1D4-4CD4-BCA9-8E6230C824B5}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{42DE259B-05FB-441D-ABA8-52F78BFE73B8}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{F782E59C-1855-495C-8AD2-EDFEA0D01878}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Caster\caster.exe
FirewallRules: [{0C24322F-FABC-49E1-B4E7-5AE6A23B8EC0}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Caster\caster.exe
FirewallRules: [{C9951497-43C6-4C39-8D60-109DC68B6E93}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{C60F23C3-0538-431F-9445-57FB87C6A37F}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{7F4BC64C-9946-439C-9952-14C7EADEB8F4}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{681221DF-A82E-4722-A620-EB9F48292CFE}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{656E2F5E-E829-4B20-BCD6-4141AE6285CB}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{82968DBB-51B7-407C-80C7-389D29CBADFB}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{7A7CF431-BA5B-4273-AE42-5CD227DCC7B1}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{57609FBD-8C97-42DC-BCF2-C249042C73E1}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{98034E73-BD77-4C2E-8F19-3452AE74F7D5}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{01D4C790-6793-424C-8512-C54C7516AC49}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{ADE1B937-BF40-41F4-98B7-F25D68F3798D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{9C34A059-F818-4902-BB64-0DAF3D110B28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{C5D32982-0E8B-4BAB-A6C0-BA6A728E22A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{F3A6EA97-5524-4793-895B-527A7FC2364F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{A90EFA67-1CD9-4708-90BA-DEEF3525BC7F}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\outtheresomewhere\ots.exe
FirewallRules: [{6D1A0D95-0781-41C8-80FA-75F1E60CEDFD}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\outtheresomewhere\ots.exe
FirewallRules: [{638C95EF-29DF-4036-9816-2DDC4164DFAE}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\King Arthur's Gold\KAG.exe
FirewallRules: [{ECE6F72B-45F0-428F-9EE4-2B907F8026AC}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\King Arthur's Gold\KAG.exe
FirewallRules: [{15CB3AD2-1293-4682-B71B-F31E1F9589DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7FA35E0B-90DC-4FDA-A564-9E18B6E5D166}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A6F27185-B2A7-46BF-9693-9F5CC81051D4}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{6100D524-B7E5-48FA-A232-F62D9E18A2B9}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{D255028D-4FD3-44B1-8C35-90043304B8EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{46D4F5B3-E4BA-4903-BA29-83369170A0F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{68767636-4C6A-486D-A5A9-5145513FC456}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Beta\RainbowSix.exe
FirewallRules: [{0412011F-7365-4291-B4DD-B3AA64E73722}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Beta\RainbowSix.exe
FirewallRules: [{196E5EC0-C110-4023-A091-9178CCDB8B73}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{4A5082BC-C88A-4140-80EB-44D78EE68CE4}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Orcs Must Die! Unchained\OMDU.exe
FirewallRules: [{345FF120-5E9F-4AF2-AC5D-BC3169CB35B3}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Orcs Must Die! Unchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{AB143B24-E73B-42BC-B15B-4E71EB799684}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Orcs Must Die! Unchained\Binaries\Win64\SpitfireGame.exe
FirewallRules: [{4C964AB1-A0A5-49A8-B3BD-7257410979D0}] => (Allow) C:\Users\ready2go\AppData\Local\Temp\7zS2B2E\HPDiagnosticCoreUI.exe
FirewallRules: [{7358B244-7F35-4754-976D-BE732F7242A0}] => (Allow) C:\Users\ready2go\AppData\Local\Temp\7zS2B2E\HPDiagnosticCoreUI.exe
FirewallRules: [{2E72E1A8-4089-4BCC-B9E3-CA7EC1CEBED5}] => (Allow) C:\Users\ready2go\AppData\Local\Temp\7zS2BB0\HPDiagnosticCoreUI.exe
FirewallRules: [{DE3B5129-0383-4842-B907-FF0B8E98F836}] => (Allow) C:\Users\ready2go\AppData\Local\Temp\7zS2BB0\HPDiagnosticCoreUI.exe
FirewallRules: [{29ECEB87-D7B8-4156-840C-1EDBDF4F741B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{FCF31CC4-C23A-4C0E-8629-4D27EE3C168D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{54DC6FB9-5B82-4C07-B19E-0186C1FA0BD7}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{6C5254D8-E768-484D-BCBF-B39CD6A28482}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{3BA932C5-24F9-4434-BF04-80F024B60AFF}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{88AB68CE-68F2-45F9-A393-2D17BC193212}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D0FD2506-FDED-42C2-8B3F-5034AC735F7C}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{572A0DD3-2C41-4B48-89E6-49CFCE137D81}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{DA32101E-1CF5-4885-B17A-5C38A3B337F0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{1A42AE24-4171-4FEA-99FD-65FBCE3AEC06}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8AB0D685-4064-4B6C-ADCF-FF65BD7AA3B9}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A77B9E4F-9C9F-4474-9418-D04DCAF6719F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{BB8434DA-3236-4FF2-AF2D-C0CE70EC820F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{B9AFD129-4CD5-4896-B40A-C1E815EF4EA6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{6188D9E6-9B87-4A8B-9608-8921606F6229}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BC37D68B-8001-4C07-9B7A-5AC81E12A3EA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0B1E0DB2-0EB3-48AF-BD12-134D104E2A26}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{123C70A4-BCAC-4967-9180-E2C332B758EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F9E56A32-0B13-4311-BB71-981964F43297}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B948CCC2-1C9C-4AD4-BE2C-F6862657A3D3}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{7F082C42-40F8-453D-B734-A6F54EBCFD7D}] => (Allow) H:\Games\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{69D84231-4FDD-4994-BDA6-B6BB2214D177}] => (Allow) H:\Games\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{2CE64E30-365A-48AE-9AA1-16C17FB116E6}] => (Allow) H:\Games\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{A113D3B4-6ED3-472C-8869-CB8AEE18F98D}] => (Allow) H:\Games\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{35350F87-DDEE-419C-8C43-2657063AA210}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disco Dodgeball\Disco Dodgeball.exe
FirewallRules: [{44F23755-4A18-4208-A44E-A0BED0A5029B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disco Dodgeball\Disco Dodgeball.exe
FirewallRules: [{3A14AB1B-54AC-40A8-9AD6-698B45112EAB}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{31A69D05-AD29-40EF-8413-48CC9600FD27}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{D26EC139-31FA-4DC3-8578-E20FFE1C0DD9}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{CD7B912C-8F99-4D46-8A8A-ACB377A8FEAA}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{0B13D842-7BC6-4775-83F9-BC3DD7A8DF66}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{DC5651FD-112C-4743-B326-D29D37EA9CA7}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{64B0D27E-48A4-483C-873B-977A6B0295E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{71B09669-EB3E-44BE-B00F-22956784660E}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{0FD2CE79-59EB-4A79-BBAC-110FB6D87F2B}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{17CECDB3-D445-4CA9-A14D-FAF5EC2EF4FB}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{341E66D3-9B19-4976-9067-197D88D88B8F}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{66F82ACB-34B5-49B8-91E4-4D263E899C4A}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{1C5AFFCD-3B0E-4CF1-BB3D-E789F76AA844}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{985578A3-D30E-452B-ABD5-D19504D8F56E}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Titan Quest\Titan Quest.exe
FirewallRules: [{90EBCC50-B034-4A99-8228-92B7D676031D}] => (Allow) H:\Games\SteamLibrary\SteamApps\common\Titan Quest\Titan Quest.exe
FirewallRules: [TCP Query User{1FE995A0-61C5-41B7-BE09-FD86D14CEA54}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{3A93E30C-2BE2-4FCD-B047-6F338D4E5EAA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{BC97C999-FBC8-4BCF-AF4E-B466D261D871}] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{394B0086-CB97-4338-A3C5-F7C7CD25879A}] => (Block) C:\program files\logitech gaming software\lcore.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
16-01-2016 12:48:44 Geplanter Prüfpunkt
27-01-2016 13:29:50 Geplanter Prüfpunkt
28-01-2016 14:35:43 Installiert Blade & Soul
30-01-2016 02:23:33 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/01/2016 02:30:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (01/31/2016 07:24:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PathOfExileSteam.exe, Version: 0.0.0.0, Zeitstempel: 0x56aac969
Name des fehlerhaften Moduls: wrap_oal.dll, Version: 2.2.0.7, Zeitstempel: 0x4b04488c
Ausnahmecode: 0x40000015
Fehleroffset: 0x00048441
ID des fehlerhaften Prozesses: 0xf4c
Startzeit der fehlerhaften Anwendung: 0xPathOfExileSteam.exe0
Pfad der fehlerhaften Anwendung: PathOfExileSteam.exe1
Pfad des fehlerhaften Moduls: PathOfExileSteam.exe2
Berichtskennung: PathOfExileSteam.exe3
Vollständiger Name des fehlerhaften Pakets: PathOfExileSteam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PathOfExileSteam.exe5
Error: (01/31/2016 04:04:46 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (01/31/2016 04:04:39 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (01/31/2016 02:19:16 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (01/30/2016 02:23:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (01/30/2016 01:55:01 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (01/30/2016 01:54:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (01/30/2016 01:52:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm vmware.exe, Version 10.0.1.41495 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: bd40
Startzeit: 01d15aef10a0f8a3
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
Berichts-ID: c7dde556-c6eb-11e5-82a2-e0cb4eb65e96
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/30/2016 12:44:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm vmware.exe, Version 10.0.1.41495 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b730
Startzeit: 01d15ae398b8adfd
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
Berichts-ID: 49ec2464-c6e2-11e5-82a2-e0cb4eb65e96
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (02/01/2016 01:38:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (01/31/2016 04:04:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (01/30/2016 08:45:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (01/30/2016 08:45:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.01.2016 um 20:25:17 unerwartet heruntergefahren.
Error: (01/30/2016 02:25:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (01/30/2016 02:24:33 AM) (Source: DCOM) (EventID: 10010) (User: MIKE)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (01/30/2016 01:54:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (01/28/2016 05:24:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "DHCP-Client" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (01/28/2016 05:22:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sicherheitscenter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/28/2016 05:22:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verbindungs-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2016-02-01 02:29:47.867
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-31 02:18:54.343
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-30 14:28:26.198
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-21 04:27:38.739
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-18 04:31:56.512
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-09 06:30:57.645
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-08 03:50:22.769
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-07 04:08:47.846
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-27 20:30:00.870
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-22 04:54:42.079
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 955 Processor
Prozentuale Nutzung des RAM: 44%
Installierter physikalischer RAM: 8190.18 MB
Verfügbarer physikalischer RAM: 4560.9 MB
Summe virtueller Speicher: 10046.18 MB
Verfügbarer virtueller Speicher: 5442.35 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:232.54 GB) (Free:13.53 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (Download) (Fixed) (Total:1397.26 GB) (Free:106.14 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive f: (Games, Programs) (Fixed) (Total:931.51 GB) (Free:12.36 GB) NTFS
Drive h: (System HDD) (Fixed) (Total:465.66 GB) (Free:19.44 GB) NTFS
Drive j: (Movies) (Fixed) (Total:3726.01 GB) (Free:2.89 GB) NTFS
Drive k: (Music, Series, Anime, Books) (Fixed) (Total:2794.51 GB) (Free:11.7 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 79F49829)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 50C55458)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: DB96C7FD)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C9ECB951)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 5.
==================== Ende von Addition.txt ============================
Ich habe schon in diversen anderen Threads gelesen, dass es sich durchaus um Spoofing handeln kann. Wenn dies der Fall sein sollte, kann ich Aktiv was dagegen tun und vor allem kann dies für mich weitere Folgen haben? Des weiteren sind manche Kontakte an welche diese Email gehen mir bekannt und sind teilweise von Facebook oder Thunderbird. Wie sind diese Daten gestohlen worden? Vielen dank schonmal im Vorraus! Grüße, Mike |
|
01.02.2016, 15:18
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Email wird als Absender für Spam Emails verwendetZitat:
 Lesestoff:Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
|
01.02.2016, 15:59
| #3 |
| | Email wird als Absender für Spam Emails verwendet So, Spiel wurde Deinstalliert und der Crack somit auch entfernt.
__________________Ich habe MBAW dann nochmal durchlaufen lassen : Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 01.02.2016 Suchlaufzeit: 15:46 Protokolldatei: Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.02.01.03 Rootkit-Datenbank: v2016.01.20.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: ready2go Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 390847 Abgelaufene Zeit: 6 Min., 8 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Mike |
|
01.02.2016, 16:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Email wird als Absender für Spam Emails verwendet Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.02.2016, 16:31
| #5 |
| | Email wird als Absender für Spam Emails verwendet Der Scan ist nun fertig, es wurde nichts gefunden : Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.02.01.04
rootkit: v2016.01.20.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17351
ready2go :: MIKE [administrator]
01.02.2016 16:15:49
mbar-log-2016-02-01 (16-15-49).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 393387
Time elapsed: 12 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Mike |
|
01.02.2016, 16:31
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Email wird als Absender für Spam Emails verwendet Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Email wird als Absender für Spam Emails verwendet |
|
01.02.2016, 18:37
| #7 |
| | Email wird als Absender für Spam Emails verwendet Hier die Logs : AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.032 - Bericht erstellt am 01/02/2016 um 16:47:06
# Aktualisiert am 31/01/2016 von Xplode
# Datenbank : 2016-01-31.1 [Server]
# Betriebssystem : Windows 8.1 Pro (x64)
# Benutzername : ready2go - MIKE
# Gestartet von : C:\Users\ready2go\Desktop\AdwCleaner_5.032.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\Software\OCS
***** [ Internetbrowser ] *****
[-] [C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : europaischer-unfallbericht.softonic.de
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1950 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 Pro x64
Ran by ready2go (Administrator) on 01.02.2016 at 16:59:02,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File)
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F453539F873C887907D155E540871A37 (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.02.2016 at 17:00:02,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
durchgeführt von ready2go (Administrator) auf MIKE (01-02-2016 17:01:04)
Gestartet von C:\Users\ready2go\Desktop
Geladene Profile: ready2go (Verfügbare Profile: ready2go & Chantal)
Platform: Windows 8.1 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4887752 2015-12-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [589976 2015-11-16] (Razer Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-10-18] (VMware, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-04-27] (Glarysoft Ltd)
HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\...\Run: [Dropbox Update] => C:\Users\ready2go\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\...\MountPoints2: {25687b41-e111-11e4-8258-e0cb4eb65e96} - "G:\setup.exe"
HKU\S-1-5-21-2061736071-1537729749-4263700537-1004\...\MountPoints2: {4482dc75-8881-11e5-8277-e0cb4eb65e96} - "L:\setup.exe"
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ready2go\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\ready2go\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\ready2go\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ready2go\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2016-01-17]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk *
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{96CAA7B4-D0C0-49BD-B97F-58D0060C8DFE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B825237C-CFB5-494C-9668-0B5973C7CF93}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\ready2go\AppData\Roaming\Mozilla\Firefox\Profiles\KWTAKbWb.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\ready2go\AppData\Roaming\Mozilla\Firefox\Profiles\KWTAKbWb.default\Extensions\abs@avira.com.xpi [2016-02-01]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.google.com/"
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-12]
CHR Extension: (Google Docs) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-12]
CHR Extension: (Google Drive) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-06]
CHR Extension: (Google-Suche) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Kalender) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-13]
CHR Extension: (Google Tabellen) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-12]
CHR Extension: (FoxyProxy Standard) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-04-12]
CHR Extension: (Google Docs Offline) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (IE Tab) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2016-01-23]
CHR Extension: (CouchPotato) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\jochingjncojldfclaicaomboafaiong [2015-08-12]
CHR Extension: (Image blocker) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhbghdfcdepfhgeklhdhlmdldiiaajp [2015-04-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Google Mail) - C:\Users\ready2go\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-03] (Advanced Micro Devices, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-21] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-12-30] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-12-21] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-12] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-05-10] (Glarysoft Ltd)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 lgLowAudio; C:\Windows\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52320 2015-11-21] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [913408 2009-10-21] (DiBcom)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 RecFltr; C:\Windows\system32\drivers\RecFltr.sys [45440 2007-01-18] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-02-01 17:00 - 2016-02-01 17:00 - 00001005 _____ C:\Users\ready2go\Desktop\JRT.txt
2016-02-01 16:41 - 2016-02-01 16:47 - 00000000 ____D C:\AdwCleaner
2016-02-01 16:40 - 2016-02-01 16:40 - 01609032 _____ (Malwarebytes) C:\Users\ready2go\Desktop\JRT.exe
2016-02-01 16:35 - 2016-02-01 16:35 - 01508352 _____ C:\Users\ready2go\Desktop\AdwCleaner_5.032.exe
2016-02-01 16:15 - 2016-02-01 16:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-01 16:13 - 2016-02-01 16:14 - 00000000 ____D C:\Users\ready2go\Desktop\mbar
2016-02-01 16:12 - 2016-02-01 16:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ready2go\Desktop\mbar-1.09.3.1001.exe
2016-02-01 14:12 - 2016-02-01 14:12 - 00000000 _____ C:\Users\ready2go\Desktop\Thread.txt
2016-02-01 14:07 - 2016-02-01 14:07 - 00000000 _____ C:\Users\ready2go\Desktop\email.txt
2016-02-01 14:01 - 2016-02-01 14:01 - 00001717 _____ C:\Users\ready2go\Desktop\MBAW sscan.txt
2016-02-01 14:01 - 2016-02-01 14:01 - 00000951 _____ C:\Users\ready2go\Desktop\MBAW Schutz.txt
2016-02-01 13:53 - 2016-02-01 17:01 - 00018771 _____ C:\Users\ready2go\Desktop\FRST.txt
2016-02-01 13:53 - 2016-02-01 17:01 - 00000000 ____D C:\FRST
2016-02-01 13:53 - 2016-02-01 13:53 - 00082009 _____ C:\Users\ready2go\Desktop\Addition.txt
2016-02-01 13:52 - 2016-02-01 13:52 - 02370560 _____ (Farbar) C:\Users\ready2go\Desktop\FRST64.exe
2016-02-01 13:29 - 2016-02-01 16:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-01 13:29 - 2016-02-01 16:14 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-01 13:29 - 2016-02-01 13:29 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-02-01 13:29 - 2016-02-01 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-02-01 13:29 - 2016-02-01 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-01 13:29 - 2016-02-01 13:29 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-02-01 13:29 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-01 13:29 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-01 13:15 - 2016-02-01 13:38 - 00000000 ____D C:\Program Files (x86)\Avira
2016-01-31 19:50 - 2016-01-31 19:50 - 00000220 _____ C:\Users\ready2go\Desktop\Titan Quest.url
2016-01-31 19:33 - 2016-01-31 19:33 - 00000222 _____ C:\Users\ready2go\Desktop\The Mighty Quest For Epic Loot.url
2016-01-31 18:58 - 2016-01-31 18:58 - 00000222 _____ C:\Users\ready2go\Desktop\Path of Exile.url
2016-01-29 01:30 - 2016-01-29 01:30 - 00000000 ____D C:\Users\ready2go\AppData\Local\RzStats
2016-01-28 16:26 - 2016-01-28 16:26 - 00000000 ____D C:\Users\ready2go\Documents\BnS
2016-01-28 16:26 - 2016-01-28 16:26 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\Awesomium
2016-01-28 16:26 - 2016-01-28 16:26 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2016-01-28 16:26 - 2016-01-09 16:39 - 03916368 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2016-01-28 16:26 - 2005-01-03 07:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2016-01-28 16:26 - 2003-07-18 22:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2016-01-28 14:36 - 2016-01-28 14:36 - 00001434 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-01-28 14:36 - 2016-01-28 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-01-28 14:35 - 2016-01-28 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-01-28 14:35 - 2016-01-28 14:35 - 00000000 ____D C:\Program Files (x86)\NCWest
2016-01-17 19:03 - 2016-01-17 19:03 - 00000000 ____D C:\Program Files (x86)\AMD
2016-01-17 06:13 - 2016-01-17 06:13 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\bizarre creations
2016-01-16 19:21 - 2015-06-04 14:28 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-16 19:21 - 2015-06-04 14:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-10 22:47 - 2016-01-10 22:47 - 00003534 _____ C:\Windows\System32\Tasks\HP AR Program Upload - af9044ec551743baa517dbc48474b5cbdd49b513ec324d77a2191832bf4bc0e5
2016-01-09 18:59 - 2016-01-09 18:59 - 00001270 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-01-09 18:59 - 2016-01-09 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-01-09 18:56 - 2016-01-29 03:41 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-01-07 21:15 - 2016-01-07 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-01-07 21:15 - 2016-01-07 21:15 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2016-01-07 00:32 - 2016-01-07 00:32 - 00000000 ____D C:\Users\ready2go\Documents\Heroes of the Storm
2016-01-06 20:45 - 2016-01-06 20:45 - 00000000 ____D C:\Users\ready2go\AppData\Local\TeamViewer
2016-01-04 00:05 - 2016-01-04 00:05 - 00000000 ____D C:\Users\ready2go\AppData\LocalLow\82 Apps
2016-01-03 15:03 - 2016-01-03 15:03 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\Trine1
2016-01-03 13:30 - 2016-01-03 13:31 - 00000000 ____D C:\Users\ready2go\Desktop\Psy-Fi Tickets
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-02-01 16:57 - 2015-11-26 21:09 - 00005116 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MIKE-ready2go Mike
2016-02-01 16:57 - 2015-05-19 22:31 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\Dropbox
2016-02-01 16:57 - 2015-05-10 15:00 - 00000350 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2016-02-01 16:57 - 2015-04-12 13:39 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\Raptr
2016-02-01 16:56 - 2015-04-12 14:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-01 16:56 - 2015-04-12 13:28 - 00000000 ____D C:\Users\ready2go\OneDrive
2016-02-01 16:56 - 2015-04-12 13:13 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-01 16:53 - 2014-03-18 11:04 - 01785100 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-01 16:53 - 2014-03-18 10:25 - 00767024 _____ C:\Windows\system32\perfh007.dat
2016-02-01 16:53 - 2014-03-18 10:25 - 00160370 _____ C:\Windows\system32\perfc007.dat
2016-02-01 16:53 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-02-01 16:49 - 2015-06-05 20:45 - 00000000 ____D C:\ProgramData\VMware
2016-02-01 16:49 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-01 16:49 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-01 16:47 - 2015-11-21 11:22 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-02-01 16:43 - 2015-04-12 13:13 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-01 16:39 - 2015-06-18 18:28 - 00001246 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2061736071-1537729749-4263700537-1004UA.job
2016-02-01 16:11 - 2015-04-12 13:09 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2061736071-1537729749-4263700537-1004
2016-02-01 16:06 - 2015-05-10 20:26 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-02-01 16:06 - 2015-05-10 20:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-01 15:05 - 2015-04-13 21:14 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\foobar2000
2016-02-01 13:38 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Registration
2016-02-01 13:36 - 2015-04-17 18:11 - 00000000 ____D C:\Users\ready2go\AppData\Local\Battle.net
2016-02-01 13:31 - 2015-05-31 05:32 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\TS3Client
2016-02-01 13:29 - 2015-04-12 13:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-01 13:19 - 2015-04-12 13:21 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\Mozilla
2016-02-01 13:12 - 2015-04-12 13:11 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18E90DE1-4462-41D2-9CF7-7E80F92DE984}
2016-01-31 20:08 - 2015-10-16 18:31 - 00000000 ____D C:\Users\ready2go\Downloads\Gameforge Live
2016-01-31 19:58 - 2015-05-14 19:57 - 00000000 ____D C:\Users\ready2go\Documents\My Games
2016-01-31 18:56 - 2015-06-05 20:50 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\VMware
2016-01-31 18:56 - 2015-06-05 20:50 - 00000000 ____D C:\Users\ready2go\AppData\Local\VMware
2016-01-31 18:39 - 2015-06-18 18:28 - 00001194 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2061736071-1537729749-4263700537-1004Core.job
2016-01-31 17:15 - 2015-07-01 19:46 - 00000000 ____D C:\ADCDA2
2016-01-31 16:18 - 2015-04-17 18:11 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-31 16:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-30 20:45 - 2015-04-12 13:04 - 00000000 ____D C:\Users\ready2go
2016-01-30 14:46 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-01-30 02:24 - 2014-10-15 09:21 - 07424320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-30 02:24 - 2014-10-15 09:21 - 02696704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 01029632 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 00818624 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 00674512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 00475968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-01-30 02:24 - 2014-10-15 09:21 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 00344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2016-01-30 02:24 - 2014-10-15 09:21 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-30 02:24 - 2014-10-15 08:47 - 02479616 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-01-30 02:24 - 2014-10-15 08:47 - 02030080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-01-30 02:24 - 2014-10-15 08:41 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-01-30 02:24 - 2014-10-15 08:41 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-01-30 02:24 - 2014-10-15 08:41 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-01-30 02:24 - 2014-10-15 08:41 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-01-30 02:24 - 2014-10-15 08:41 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-01-30 02:24 - 2014-10-15 08:41 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-01-30 02:24 - 2014-10-15 08:41 - 00388729 _____ C:\Windows\system32\ApnDatabase.xml
2016-01-30 02:24 - 2014-10-15 08:40 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-01-30 02:24 - 2014-10-15 08:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-01-30 02:24 - 2014-10-15 08:39 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-30 02:24 - 2014-10-15 08:39 - 00180056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-30 02:24 - 2014-03-18 11:13 - 00484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2016-01-30 02:24 - 2014-03-18 11:12 - 00545280 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2016-01-30 02:24 - 2014-03-18 11:12 - 00148824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-01-30 02:24 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2016-01-30 02:24 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-01-30 02:24 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-30 02:24 - 2013-08-22 11:40 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2016-01-30 02:24 - 2013-08-22 11:30 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2016-01-30 02:24 - 2013-08-22 04:15 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2016-01-29 01:30 - 2015-04-12 13:41 - 00000000 ____D C:\Users\ready2go\AppData\Local\Razer
2016-01-29 00:45 - 2015-04-12 13:14 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-28 14:36 - 2015-04-19 16:39 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-01-22 19:59 - 2015-04-12 13:17 - 00000000 ____D C:\Users\ready2go\AppData\Local\IE Tab
2016-01-22 17:28 - 2015-04-12 13:04 - 00000000 ____D C:\Users\ready2go\AppData\Local\Packages
2016-01-17 19:26 - 2015-04-12 13:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-01-17 19:26 - 2015-04-12 13:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-17 19:01 - 2015-04-12 13:41 - 00000000 ____D C:\Users\ready2go\AppData\Local\AMD
2016-01-17 19:01 - 2015-04-12 13:11 - 00000000 ____D C:\Program Files\AMD
2016-01-17 19:00 - 2015-04-12 13:11 - 00000000 ____D C:\AMD
2016-01-16 21:55 - 2015-04-14 20:50 - 00000000 ____D C:\ProgramData\Origin
2016-01-16 19:20 - 2015-04-13 21:14 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\vlc
2016-01-16 19:18 - 2015-04-17 18:11 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\Battle.net
2016-01-16 19:18 - 2015-04-17 18:10 - 00000000 ____D C:\ProgramData\Battle.net
2016-01-16 13:18 - 2015-05-27 20:01 - 00000000 ____D C:\Users\ready2go\AppData\Roaming\HLSW
2016-01-15 02:29 - 2015-09-06 15:12 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-01-14 22:50 - 2015-11-11 12:40 - 00000000 ____D C:\Users\ready2go\Desktop\Saves
2016-01-12 22:28 - 2015-04-13 16:50 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-12 22:28 - 2015-04-13 16:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-08 16:38 - 2015-04-12 14:34 - 00000000 ____D C:\Users\ready2go\AppData\Local\Steam
2016-01-07 21:15 - 2015-12-21 18:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-06-06 20:40 - 2015-06-06 20:49 - 0000600 _____ () C:\Users\ready2go\AppData\Local\PUTTY.RND
2015-10-23 19:11 - 2015-10-23 19:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-23 10:39 - 2015-02-23 10:39 - 0010368 _____ () C:\ProgramData\regid.1996-09.com.picotech_{f62a4cff-4120-4de5-bec0-ed6c61ccd3a1}.swidtag
Einige Dateien in TEMP:
====================
C:\Users\ready2go\AppData\Local\Temp\avgnt.exe
C:\Users\ready2go\AppData\Local\Temp\ose00000.exe
C:\Users\ready2go\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-02-01 02:29
==================== Ende von FRST.txt ============================
Grüße, Mike Hallo, Ich habe gerade nochmal meine Emails gecheckt und hab wieder eine Antwort über eine Nicht Zustellbare Email erhalten : Code:
ATTFilter This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
dessa@mchsi.com
host smtp01.mchsi.com [68.66.77.42]
SMTP error from remote mail server after RCPT TO:<dessa@mchsi.com>:
550 5.1.1 <dessa@mchsi.com>Suspect mail not accepted for Mediacom domains or invalid recipient - POL008
------ This is a copy of the message, including all the headers. ------
Return-path: <<MEINE@EMAIL.DE>
Received: from [195.4.92.141] (helo=mjail1.freenet.de)
by mout1.freenet.de with esmtpa (ID <MEINE@EMAIL.DE) (port 25) (Exim 4.85 #1)
id 1aQHUe-0008C1-7r
for dessa@mchsi.com; Mon, 01 Feb 2016 17:38:24 +0100
Received: from localhost ([::1]:54330 helo=mjail1.freenet.de)
by mjail1.freenet.de with esmtpa (ID <MEINE@EMAIL.DE) (Exim 4.85 #1)
id 1aQHUd-0005LZ-W4
for dessa@mchsi.com; Mon, 01 Feb 2016 17:38:24 +0100
Received: from mx0.freenet.de ([195.4.92.10]:50214)
by mjail1.freenet.de with esmtpa (ID <MEINE@EMAIL.DE) (Exim 4.85 #1)
id 1aQHSR-0002HD-E5
for dessa@mchsi.com; Mon, 01 Feb 2016 17:36:07 +0100
Received: from 47.red-88-10-90.dynamicip.rima-tde.net ([88.10.90.47]:55085 helo=localhost)
by mx0.freenet.de with esmtpsa (ID <MEINE@EMAIL.DE) (TLSv1.2:AES128-SHA:128) (port 465) (Exim 4.85 #1)
id 1aQHSQ-0004tG-LS
for dessa@mchsi.com; Mon, 01 Feb 2016 17:36:07 +0100
Message-ID: <56AF8976.5020908@mike3.de>
Date: Mon, 01 Feb 2016 10:36:06 -0600
From: Karen Hoaglan <MEINE@EMAIL.DE>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
To: Dessa Randall <dessa@mchsi.com>
Subject: Fwd: health
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Antivirus: avast! (VPS 160201-0, 01/02/2016), Outbound message
X-Antivirus-Status: Clean
X-purgate-ID: 149285::1454344567-00000EBB-00307563/0/0
X-Originated-At: 88.10.90.47!55085
please have a look hxxp://karen.grq.y339.ru/health/
;
---
El software de antivirus Avast ha analizado este correo electrónico en busca de virus.
https://www.avast.com/antivirus
;
|
|
02.02.2016, 00:11
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Email wird als Absender für Spam Emails verwendet Passwort zum Mailaccount ändern!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Email wird als Absender für Spam Emails verwendet |
| .dll, converter, cpu-z, datei anhängen, defender, email, explorer, failed, firewall, google, helper, hängen, internet explorer, mp3, neustart, officejet, pixel, proxy, registry, scan, server, spam, stick, tcp, temp, udp, updates, uplay, visual c++ 2015, windows |
Linear-Darstellung
