| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.Optional.Amonetize / Systweak.A und weitere Viren gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.02.2016, 01:57
| #1 |
 |  PUP.Optional.Amonetize / Systweak.A und weitere Viren gefunden Hallo, Ich habe seit einer Woche Probleme mit meinen Rechner. Habe ausversehen in einer email einen Link angeklickt gehabt. Passiert mir normaler weise eigentlich nicht aber im Eifer des Gefechts bin ich draufgekommen. Habe direkt danach Karspersky drüber laufen lassen und hatte nichts gefunden. Dachte ich habe mir dann nichts eingefangen. Die Probleme fingen aber dann erst an .Der Zugriff auf meine externen Festplatte war nicht mehr möglich aufgrund eines "Treiberfehlers" durch belegten Arbeitsspeicher. Gleichzeitig bekam ich ständig Werbung aufgeblockt wenn ich im mozilla unterwegs war. Durch noch dazukommenden Start Problemen von Windows habe ich dann Malwarebytes rüber laufen lassen. Was dann auch gleich was gefunden hat. Eset hatte auch anschließend was gefunden.Windows Defender hatte beim Start vom PC auch eine Meldung gebracht das ein unerwünschtes Programm gefunden wurde allerdings habe ich keinen Zugriff auf den Defender wird mir als deaktiviert angezeigt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 25.02.2016 Suchlaufzeit: 10:32 Protokolldatei: 1.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.02.25.02 Rootkit-Datenbank: v2016.02.17.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: xxxx Suchlauftyp: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 838782 Abgelaufene Zeit: 1 Std., 17 Min., 21 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 9 PUP.Optional.TaskRNDM, HKU\S-1-5-21-2735528503-4219931892-3930568497-1001\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, In Quarantäne, [7cbe0f2f0c8de84e8b84bdcd33cf3fc1], PUP.Optional.TaskRNDM, HKU\S-1-5-21-2735528503-4219931892-3930568497-1001\SOFTWARE\APPDATALOW\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, In Quarantäne, [7cbe0f2f0c8de84e8b84bdcd33cf3fc1], PUP.Optional.CouponMarvel, HKLM\SOFTWARE\Flashbeat, In Quarantäne, [e456f44a673265d1483344ec679d8a76], PUP.Optional.CouponMarvel, HKLM\SOFTWARE\WOW6432NODE\Flashbeat, In Quarantäne, [42f89ca2a8f1d95d85f6fc3438cc12ee], PUP.Optional.MySites123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\mysites123Software, In Quarantäne, [ed4d320c7f1a92a471bd83593cc6df21], PUP.Optional.CouponMarvel, HKLM\SOFTWARE\WOW6432NODE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, In Quarantäne, [81b93d01950438feb69fcc32da29bc44], PUP.Optional.CouponMarvel, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FlashBeat, In Quarantäne, [b8826ed0ff9aa98d1c0a47eaf60e3cc4], PUP.Optional.TrailerTime, HKU\S-1-5-21-2735528503-4219931892-3930568497-1001\SOFTWARE\APPDATALOW\SOFTWARE\TrailerTime, In Quarantäne, [c2781727237616208f7740fc80841ae6], PUP.Optional.DeskCut, HKU\S-1-5-21-2735528503-4219931892-3930568497-1001\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [f84298a6445563d3edd59133d132956b], Registrierungswerte: 2 PUP.Optional.DeskCut, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|deskCutv2@gmail.com, C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com, In Quarantäne, [1f1bbd81f0a93cfa4c77c2022ad95fa1] PUP.Optional.DeskCut, HKU\S-1-5-21-2735528503-4219931892-3930568497-1001\SOFTWARE\MOZILLA\EXTENDS|appid, deskCutv2@gmail.com, In Quarantäne, [f84298a6445563d3edd59133d132956b] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 38 PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\index-dir, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Local Storage, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\include, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\module, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\en, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\en-US, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\es, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\es-419, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\fr, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-BE, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CA, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CH, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-LU, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\it, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\it-CH, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\pl, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\pt-BR, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\ru, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\ru-MO, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\tr, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\vi, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-CN, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-TW, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\defaults, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\defaults\preferences, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.CouponMarvel, C:\ProgramData\FlashBeat, In Quarantäne, [b585013ddbbea88e67c52ca9e81a26da], Dateien: 137 PUP.Optional.Elex, C:\Program Files (x86)\TData\Raydld.exe, In Quarantäne, [44f6af8f8f0ab482f3bae5d4aa57ad53], PUP.Optional.CouponMarvel, C:\ProgramData\FlashBeat\RULJBMQ32.dll.old.20160126095351.33, In Quarantäne, [bd7d90ae06938ea810ac099f89789a66], PUP.Optional.CouponMarvel, C:\ProgramData\FlashBeat\RULJBMQ64.dll.old.20160126095351.55, In Quarantäne, [e3572f0f297081b5a814624617ea31cf], PUP.Optional.Amonetize, C:\Users\xxxx\AppData\Local\Temp\amipixel.cfg, In Quarantäne, [29bdf96b9cfdd75f313bae761ee7fb05], PUP.Optional.CouponMarvel, C:\Users\xxxx\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [6cceb08e5b3e2511543a0b87a8590000], PUP.Optional.CouponMarvel, C:\Users\xxxx\AppData\Local\Temp\nsf9608.tmp\NSISHelper.dll, In Quarantäne, [82b8a599178282b4a01c9b0d976a5fa1], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\cookies, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\cookies-journal, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Web Data, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Web Data-journal, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\013ecb74df4c674c_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\08c26c996b42a0b6_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\0aed9fa0d4e242c7_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\0fc3db66b9cbe75d_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\13be6486b71d5e97_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\234986793e71f265_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\26968e7a0c71776d_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\28fb7e0c464dbf7b_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\2ad46c9e9573fd35_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\34b8793cb2057ebd_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\4493140be29f0909_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\46b87681ecd2e447_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\54c7c4bd81913865_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\5578a2e84f3820e2_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\5cc9511b851bc164_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\8b62b05d51f740fb_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\8bbce6afa9aafacf_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\90e6aa2aaa210594_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\9d0528bd1575706b_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\a58c1fe23e6f2102_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\a5d2a2de5f550ae0_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\a5dfe37e02011bae_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\aa2dee8a3e1ba32a_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\ac8fec72f44f3ef6_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\b19600b30866b901_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\b3edef432256edd5_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\b66087594e0dc481_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\b7ce437743446608_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\b8f83405530600e2_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\be104a3a602e2429_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\c07d870f1d48469d_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\cb25400f1d01788b_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\ce6b57f9ccbba326_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\d42d35561ed086f0_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\d62e6000cfdfd5dd_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\d997e976c5717de1_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\e3708ac498f0bb8a_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\e45841fbf11f0a83_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\e5dcd7aecb294485_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\e6d4090cb7a4ebdd_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\e8abad28d8d43647_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\f65505002621ca8a_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\fd7cb55c373c2df5_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\fe824b31c4f9a9f4_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\index, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\5ede7465ad814101_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\62994b7d4d2ec3b0_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\66f296ed7a350251_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\72052f585789028e_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\769d76d0e428d70d_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\7c68233653fd2c54_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\7cc9adae5002f7ce_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\7d1e59b3d859d400_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\80175eee626d7c75_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\8289a2ee2104a365_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\894ed7f090bc1592_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\8a096b452433e4f2_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\8a16fbe58c3c242b_0, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Cache\index-dir\the-real-index, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Local Storage\file__0.localstorage, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Local Storage\file__0.localstorage-journal, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Local Storage\http_www.imdb.com_0.localstorage, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.TrailerTime, C:\Users\xxxx\AppData\Local\TrailerTime\Local Storage\http_www.imdb.com_0.localstorage-journal, In Quarantäne, [bf7b3e00346526105d2dcc6fbc48629e], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome.manifest, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\install.rdf, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\index.html, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\quick_start.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin\icon.png, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin\loading.gif, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin\logo.png, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin\luck.png, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin\simple.css, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\chrome\skin\style.css, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules\addonmanager.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules\aes.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules\config.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules\dialogs.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules\last_tab.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules\misc.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules\properties.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules\remoterequest.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules\restoreprefs.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\extensions\deskCutv2@gmail.com\modules\settings.js, In Quarantäne, [f248e45a5445f2440d4e4473ee14da26], PUP.Optional.MySites123.ShrtCln, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.mysites123.com/newtab/?type=nt&ts=1453797204&z=a9d9e0a805a19187256927dg9z5wac0metcm7o9e1z&from=amt&uid=corsairxforcex3xssd_12038203000010280aeb");), Ersetzt,[f1496cd2c8d141f58caafcf0cf356b95] PUP.Optional.DeskCut, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\prefs.js, Gut: (), Schlecht: (deskCutv2@gmail.com), Ersetzt,[a09a320cc8d14aec84b534bf10f4cd33] PUP.Optional.MySites123.ShrtCln, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\prefs.js, Gut: (), Schlecht: (mysites123.com), Ersetzt,[db5fbf7f019838fe2b20b83b43c157a9] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0677b0767ae29d479fa6981a1b0e6e68
# end=init
# utc_time=2016-02-27 11:29:14
# local_time=2016-02-28 12:29:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 28335
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0677b0767ae29d479fa6981a1b0e6e68
# end=updated
# utc_time=2016-02-27 11:31:14
# local_time=2016-02-28 12:31:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0677b0767ae29d479fa6981a1b0e6e68
# engine=28335
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-02-27 11:53:25
# local_time=2016-02-28 12:53:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1302 16777213 100 100 97655 84196035 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 231643 10431348 0 0
# scanned=339094
# found=2
# cleaned=1
# scan_time=1329
sh=7D5331E26F9AE2799ED9F79405A80CCB08141BE0 ft=1 fh=1e66b4c72772de7d vn="Win32/Systweak.U evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2735528503-4219931892-3930568497-1001\$RMIP7PQ.exe"
sh=411EEA18ADEE58E0236270152CEF1D842412AA6C ft=1 fh=a87b79873f3237d3 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Windows\System32\roboot64.exe"
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
durchgeführt von xxxx (Administrator) auf DESKTOP-9BK7TQO (28-02-2016 01:52:54)
Gestartet von C:\Users\xxxx\Downloads
Geladene Profile: xxxx (Verfügbare Profile: xxxx)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2016-01-27] (Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-2735528503-4219931892-3930568497-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-2735528503-4219931892-3930568497-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{67ca2d62-3551-4727-ad44-3fc97663e11a}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-2735528503-4219931892-3930568497-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-2735528503-4219931892-3930568497-1001 -> {28D12D5B-A808-456A-BD38-5E29C02F70E8} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-06] (Oracle Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-06] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-06] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-06] ()
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\user.js [2014-10-30]
FF SearchPlugin: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\searchplugins\11-suche.xml [2014-10-30]
FF SearchPlugin: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\searchplugins\englische-ergebnisse.xml [2014-10-30]
FF SearchPlugin: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\searchplugins\gmx-suche.xml [2014-10-30]
FF SearchPlugin: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\searchplugins\google-images.xml [2014-10-30]
FF SearchPlugin: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\searchplugins\google-maps.xml [2014-10-30]
FF SearchPlugin: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\searchplugins\webde-suche.xml [2014-10-30]
FF SearchPlugin: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\searchplugins\yahoo-ysp.xml [2015-10-23]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-06] [ist nicht signiert]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-06] [ist nicht signiert]
FF Extension: YouTube Unblocker - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\Extensions\youtubeunblocker__web@unblocker.yt [2015-12-03]
FF Extension: Video DownloadHelper - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\e21opw8y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-06] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-09] (Kaspersky Lab ZAO)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1785128 2016-01-26] (Micro-Star INT'L CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-09] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-09] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-09] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [817848 2015-10-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-09] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-11] (Kaspersky Lab ZAO)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 lgLowAudio; C:\Windows\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-02-28 01:52 - 2016-02-28 01:53 - 00016263 _____ C:\Users\xxxx\Downloads\FRST.txt
2016-02-28 01:52 - 2016-02-28 01:52 - 00000000 ____D C:\FRST
2016-02-28 01:51 - 2016-02-28 01:52 - 02371072 _____ (Farbar) C:\Users\xxxx\Downloads\FRST64.exe
2016-02-28 00:44 - 2016-02-28 00:44 - 00001278 _____ C:\2.txt
2016-02-28 00:37 - 2016-02-28 00:44 - 00033914 _____ C:\1.txt
2016-02-28 00:29 - 2016-02-28 00:29 - 00000000 ____D C:\Program Files (x86)\ESET
2016-02-28 00:28 - 2016-02-28 00:28 - 02870984 _____ (ESET) C:\Users\xxxx\Downloads\esetsmartinstaller_deu.exe
2016-02-26 22:48 - 2016-02-26 22:48 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-02-26 22:48 - 2016-02-26 22:48 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-26 22:48 - 2016-02-26 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-02-26 22:48 - 2016-02-26 22:48 - 00000000 ____D C:\Program Files\CCleaner
2016-02-26 22:43 - 2016-02-26 22:45 - 00001656 _____ C:\WINDOWS\system32\ASOROSet.bin
2016-02-26 22:42 - 2016-02-26 22:43 - 00000000 ____D C:\WINDOWS\system32\config\RCCBakup
2016-02-26 22:35 - 2016-02-26 22:52 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Solvusoft
2016-02-26 22:27 - 2016-02-26 22:27 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-02-26 22:25 - 2016-02-26 22:25 - 00000000 ____D C:\Program Files\DIFX
2016-02-10 17:55 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 17:55 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 17:55 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 17:55 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 17:55 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 17:55 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 17:55 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 17:55 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 17:55 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 17:55 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 17:55 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 17:55 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 17:55 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 17:55 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 17:55 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 17:55 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 17:55 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 17:55 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 17:55 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 17:55 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 17:55 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 17:55 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 17:55 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 17:55 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 17:55 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 17:55 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 17:55 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 17:55 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 17:55 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 17:55 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 17:55 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 17:55 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 17:55 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 17:55 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 17:55 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 17:55 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 17:55 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 17:55 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 17:55 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 17:55 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 17:55 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 17:55 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 17:55 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 17:55 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 17:55 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 17:55 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 17:55 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 17:55 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 17:55 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 17:55 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 17:55 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 17:55 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 17:55 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 17:55 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 17:55 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 17:55 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 17:55 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 17:55 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 17:55 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 17:55 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 17:55 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 17:55 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 17:55 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 17:55 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 17:55 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-08 07:06 - 2016-02-08 06:32 - 484101792 _____ C:\Users\xxxx\Desktop\FILE1482.mov
2016-02-08 07:05 - 2016-02-08 06:27 - 472167536 _____ C:\Users\xxxx\Desktop\FILE1481.mov
2016-02-08 06:53 - 2016-02-08 06:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-02-08 06:52 - 2016-02-08 06:52 - 00000000 ____D C:\Program Files (x86)\MSI
2016-02-07 15:37 - 2016-02-07 15:37 - 00052556 _____ C:\Users\xxxx\Downloads\Lebenslauf neu.pdf
2016-02-07 14:18 - 2013-10-30 22:23 - 00078738 _____ C:\Users\xxxx\Desktop\Lebenslauf neu.pdf
2016-02-07 14:17 - 2016-02-25 09:55 - 00000000 ____D C:\Program Files (x86)\PDF Editor 5
2016-02-07 14:17 - 2016-02-07 14:17 - 00087704 _____ C:\WINDOWS\cadkasdeinst01.exe
2016-02-07 14:17 - 2016-02-07 14:17 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\CAD-KAS
2016-02-07 14:10 - 2016-02-07 14:10 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Nitro
2016-02-07 14:10 - 2016-02-07 14:10 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\FileOpen
2016-02-07 14:10 - 2016-02-07 14:10 - 00000000 ____D C:\ProgramData\FileOpen
2016-02-07 14:09 - 2016-02-07 14:09 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Downloaded Installations
2016-02-07 14:09 - 2016-02-07 14:09 - 00000000 ____D C:\ProgramData\Nitro
2016-02-06 07:38 - 2016-02-06 07:37 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2016-02-02 14:57 - 2016-02-05 12:00 - 00000000 ____D C:\WINDOWS\SysWOW64\LiveUpdate
2016-01-30 18:09 - 2016-01-30 16:46 - 235819388 _____ C:\Users\xxxx\Desktop\FILE1408.mov
2016-01-30 18:09 - 2016-01-30 16:43 - 486921128 _____ C:\Users\xxxx\Desktop\FILE1407.mov
2016-01-30 18:09 - 2016-01-30 16:43 - 00165178 _____ C:\Users\xxxx\Desktop\FILE1407.nmea
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-02-28 01:46 - 2015-08-06 00:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-28 00:57 - 2015-08-13 21:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-28 00:41 - 2016-01-26 10:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-28 00:30 - 2015-08-06 22:44 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\vlc
2016-02-27 23:12 - 2015-11-30 23:02 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-27 20:07 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-26 22:53 - 2015-08-11 23:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-26 22:52 - 2015-10-30 19:35 - 00775524 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-26 22:52 - 2015-10-30 19:35 - 00155338 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-26 22:52 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-26 22:52 - 2015-08-11 23:39 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-26 22:52 - 2015-08-06 00:28 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-26 22:50 - 2016-01-02 04:09 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-26 22:50 - 2015-12-15 17:19 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\TS3Client
2016-02-26 22:45 - 2016-01-02 04:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-26 22:45 - 2016-01-02 04:12 - 00000000 ____D C:\Users\xxxx
2016-02-26 22:45 - 2015-10-30 07:28 - 71041024 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2016-02-26 22:45 - 2015-10-30 07:28 - 18087936 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2016-02-26 22:45 - 2015-10-30 07:28 - 00040960 _____ C:\WINDOWS\system32\config\SECURITY.bak
2016-02-26 22:43 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-26 22:33 - 2015-09-10 14:39 - 00000000 ____D C:\Users\xxxx\AppData\Local\ElevatedDiagnostics
2016-02-26 22:28 - 2015-08-06 00:31 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-26 21:52 - 2015-08-25 14:37 - 00000000 ____D C:\Users\xxxx\dwhelper
2016-02-26 18:35 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-25 09:54 - 2015-08-06 00:27 - 00000000 ____D C:\Users\xxxx\AppData\Local\Packages
2016-02-17 23:05 - 2015-09-18 11:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-13 07:46 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-13 06:58 - 2015-09-14 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-13 06:58 - 2015-08-06 01:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-11 13:58 - 2015-08-06 00:27 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-10 20:26 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 20:07 - 2015-11-15 16:40 - 00000000 ____D C:\Users\xxxx\Downloads\x64
2016-02-10 19:22 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-08 06:53 - 2015-08-06 01:10 - 00002032 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2016-02-08 06:52 - 2015-08-06 01:10 - 00000000 ____D C:\MSI
2016-02-06 09:13 - 2015-08-06 09:09 - 00000000 ____D C:\ProgramData\Oracle
2016-02-06 07:38 - 2015-08-06 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-06 07:38 - 2015-08-06 09:10 - 00000000 ____D C:\Program Files\Java
2016-02-06 07:38 - 2015-08-06 09:09 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-06 07:37 - 2016-01-21 22:51 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-06 07:37 - 2015-08-27 15:02 - 00000000 ____D C:\Users\xxxx\.oracle_jre_usage
2016-02-06 07:37 - 2015-08-06 09:10 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-09 11:07 - 2015-08-09 11:07 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2015-12-12 22:49 - 2016-01-26 09:49 - 0007600 _____ () C:\Users\xxxx\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-02-26 05:30
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-02-2016
durchgeführt von xxxx (2016-02-28 01:53:14)
Gestartet von C:\Users\xxxx\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-02 03:17:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2735528503-4219931892-3930568497-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2735528503-4219931892-3930568497-503 - Limited - Disabled)
Gast (S-1-5-21-2735528503-4219931892-3930568497-501 - Limited - Disabled)
xxxx (S-1-5-21-2735528503-4219931892-3930568497-1001 - Administrator - Enabled) => C:\Users\xxxx
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
DVD Profiler Version 3.9.1 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.396 - Kaspersky Lab) Hidden
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.011 - MSI)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version: - MachineGames)
Worms World Party Remastered (HKLM-x32\...\Steam App 270910) (Version: - Team17 Digital Ltd)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2735528503-4219931892-3930568497-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {14059868-D8C8-4E88-B901-A8E74916A58D} - System32\Tasks\{5F227A78-3EC6-4735-ACBE-CB494AFB47E7} => pcalua.exe -a C:\ProgramData\FlashBeat\uninstall.exe
Task: {316459AC-DCCC-4724-985C-1A267119F798} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-26] (Microsoft Corporation)
Task: {57C2686A-98EB-4459-A3FC-5D2B1BC96425} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {5A041EBE-8C1D-4429-9930-FA441DF273D6} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {6E801D2E-3525-4355-BA6E-779FF3D67404} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {A9D4D9A2-379A-438C-8FE4-A522678DE5B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {EA6EEF05-E259-46B1-8CE3-782526893878} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-02-26] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-02 04:08 - 2016-01-02 04:08 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-02 04:08 - 2016-01-02 04:08 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-02 04:08 - 2016-01-02 04:08 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-01-02 04:08 - 2016-01-02 04:08 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-11-20 22:41 - 2015-11-20 22:41 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-11-20 22:41 - 2015-11-20 22:41 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-01-15 21:44 - 2016-01-15 21:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-01-26 09:48 - 2016-01-26 09:48 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 15:21 - 2015-12-15 15:21 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-26 09:52 - 2016-01-26 09:52 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-13 16:09 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 16:09 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 19:27 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 19:27 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-12-23 15:54 - 2014-12-23 15:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2016-02-08 06:52 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2016-01-26 09:52 - 2016-01-26 09:52 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-26 09:52 - 2016-01-26 09:52 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-12-23 15:54 - 2014-12-23 15:54 - 00502056 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-23 15:54 - 2014-12-23 15:54 - 00338216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-12-23 15:54 - 2014-12-23 15:54 - 00608040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2735528503-4219931892-3930568497-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run32: => "Live Update"
HKU\S-1-5-21-2735528503-4219931892-3930568497-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{81FC1D6D-15EA-4B06-B332-163F15097621}] => (Allow) D:\Programme\Steam\SteamApps\common\Wolfenstein.The.New.Order.DE\WolfNewOrder_x64.exe
FirewallRules: [{0C3A2D17-DE7A-4905-8E31-EC55A6DFC77F}] => (Allow) D:\Programme\Steam\SteamApps\common\Wolfenstein.The.New.Order.DE\WolfNewOrder_x64.exe
FirewallRules: [{3B849D31-D75B-44AB-8F5B-DAFC31C916C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{78BAD010-6360-49A8-8145-89E55D4F3270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{5B00BC29-25E0-4D37-BAF1-7475F96480F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsWorldParty\w2.exe
FirewallRules: [{3D3C6E5F-A756-4075-BC6C-D5C6C04AB5CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsWorldParty\w2.exe
FirewallRules: [{CFC6CB47-2399-454E-BEA8-A80F2E260ED4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFCA2927-5A4A-4B4E-B1B9-0EC4A4FC85AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{397F2CE3-AF42-453F-9EFB-71F888D98CA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{1899C1C7-634C-4548-95C3-201D97196501}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7AEDC508-29D3-4FAD-90BB-E368C08B4101}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9B5B430C-94FC-45B8-AC64-3053075DD8FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B6236F63-E3F4-4AB1-AD63-CCB55692CB7B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{61A7F02A-6E30-48CE-BB44-296C5F0D1F02}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C2591C9A-E9D3-42B7-BF1B-4D734F6A3DAF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A69AF6EE-9FB1-4F75-9134-1AD40C653913}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B55C966E-4386-42D5-870B-9BE2558A8FA0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
10-02-2016 19:22:23 Windows Update
14-02-2016 14:34:13 Windows Update
17-02-2016 22:56:04 Windows Update
21-02-2016 23:38:39 Windows Update
26-02-2016 00:11:40 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: High Definition Audio Bus
Description: High Definition Audio Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/28/2016 01:41:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (02/28/2016 12:29:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (02/28/2016 12:29:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (02/28/2016 12:28:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Error: (02/27/2016 12:53:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (02/26/2016 10:27:04 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (02/26/2016 12:39:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (02/26/2016 12:11:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/25/2016 12:22:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (02/23/2016 11:45:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Systemfehler:
=============
Error: (02/28/2016 12:53:26 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xxxx\AppData\Local\Temp\ehdrv.sys
Error: (02/28/2016 12:53:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/28/2016 12:53:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/28/2016 12:53:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xxxx\AppData\Local\Temp\ehdrv.sys
Error: (02/28/2016 12:53:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/28/2016 12:53:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xxxx\AppData\Local\Temp\ehdrv.sys
Error: (02/28/2016 12:53:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xxxx\AppData\Local\Temp\ehdrv.sys
Error: (02/28/2016 12:53:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/28/2016 12:53:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/28/2016 12:53:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xxxx\AppData\Local\Temp\ehdrv.sys
CodeIntegrity:
===================================
Date: 2016-02-11 15:58:12.960
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-11 13:58:14.453
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-28 13:35:02.680
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-26 11:27:10.356
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-26 11:27:10.350
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-26 11:27:10.345
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-26 11:27:10.339
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-26 11:27:10.333
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-26 11:27:10.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-26 11:26:21.031
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 16336.21 MB
Verfügbarer physikalischer RAM: 12679.43 MB
Summe virtueller Speicher: 18768.21 MB
Verfügbarer virtueller Speicher: 14673.5 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:223.03 GB) (Free:111.78 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:216.21 GB) NTFS
Drive e: (DVD_VIDEO_RECORDER) (CDROM) (Total:22.56 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 97274773)
Partition 1: (Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C313631B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Geändert von Rene1988 (28.02.2016 um 02:04 Uhr) |
| Themen zu PUP.Optional.Amonetize / Systweak.A und weitere Viren gefunden |
| dnsapi.dll, flash player, homepage, internet, kaspersky, launch, mozilla, pup.optional.amonetize, pup.optional.couponmarvel, pup.optional.deskcut, pup.optional.elex, pup.optional.mysites123.shrtcln, pup.optional.taskrndm, pup.optional.trailertime, security, services.exe, software, svchost.exe, werbung, win32/systweak.u, win64/systweak.a, windows, windowsapps, winlogon.exe |
Baum-Darstellung