| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Proxy stellt sich von selbst auf Port 8118 umWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.05.2016, 17:03
| #16 |
 |  Proxy stellt sich von selbst auf Port 8118 um Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-05-2016
durchgeführt von Admin (2016-05-11 17:58:51) Run:2
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin (Verfügbare Profile: Admin)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
FF Extension: Filter Results - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y9f2qjhb.default-1438036783058\Extensions\{c2846f1b-7d7e-4f8d-966b-f1c6260ae03e}.xpi [2015-08-30] [ist nicht signiert]
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\PrivoxyService
FF NetworkProxy: "user_pref("network.proxy.type", 5)
Task: {1511F4D8-4F23-4733-BC0E-3C253FE9CE10} - System32\Tasks\{8F3953B0-DF3B-4686-BA59-C17332EC8A3C} => pcalua.exe -a C:\Users\Admin\Downloads\setup.exe -d C:\Users\Admin\Downloads
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y9f2qjhb.default-1438036783058\Extensions\{c2846f1b-7d7e-4f8d-966b-f1c6260ae03e}.xpi => erfolgreich verschoben
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\PrivoxyService => Schlüssel erfolgreich entfernt
Firefox Proxy-Einstellungen wurden zurückgesetzt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1511F4D8-4F23-4733-BC0E-3C253FE9CE10}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1511F4D8-4F23-4733-BC0E-3C253FE9CE10}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{8F3953B0-DF3B-4686-BA59-C17332EC8A3C} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F3953B0-DF3B-4686-BA59-C17332EC8A3C}" => Schlüssel erfolgreich entfernt
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Auflճungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur£kgesetzt.
Sie m³sen den Computer neu starten, um den Vorgang abzuschlie⦮.
========= Ende von CMD: =========
EmptyTemp: => 355.4 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 17:59:10 ====
|
|
11.05.2016, 17:08
| #17 |
| /// TB-Ausbilder   | Proxy stellt sich von selbst auf Port 8118 um Gut gemacht.
__________________ Fehlen nur noch die anderen Schritte. |
|
11.05.2016, 21:12
| #18 |
| | Proxy stellt sich von selbst auf Port 8118 um Eset:
__________________Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ef1c097777268e40bc2a15f91d6572f1
# end=init
# utc_time=2016-05-11 04:04:11
# local_time=2016-05-11 06:04:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29441
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ef1c097777268e40bc2a15f91d6572f1
# end=updated
# utc_time=2016-05-11 04:22:29
# local_time=2016-05-11 06:22:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ef1c097777268e40bc2a15f91d6572f1
# engine=29441
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-11 07:40:22
# local_time=2016-05-11 09:40:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 18479 6846945 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2786518 214625472 0 0
# scanned=502500
# found=8
# cleaned=0
# scan_time=11873
sh=BAD1D0FC1598CD0F5D6848EC3B051A24D991D852 ft=1 fh=c90e90cca025973d vn="Variante von Win32/Techsnab.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\IT Viewer\astask.exe.vir"
sh=C872AFF27DF21BB45837C7F931584D12EE29D674 ft=1 fh=79aaaf5d5fcb19a5 vn="Variante von Win32/Techsnab.W evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Audio Defender\AudioDefender.exe"
sh=EF21E1232FA621C6105A394BC58F84719F417E9D ft=1 fh=69f8fe48140d21ef vn="Variante von Win32/Techsnab.AB evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Omega Protector\amjob.exe"
sh=BBCA1230A743D5EDA172FC36C1858A2D0D40B338 ft=1 fh=e98ceaaf886c8a1a vn="Variante von Win32/Techsnab.AB evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Admin\AppData\Roaming\Fenix Updater\Fenix Updater.exe"
sh=18C800F7516DD7D63602E34E1ACF6E5DBFA03951 ft=0 fh=0000000000000000 vn="JS/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y9f2qjhb.default-1438036783058\Extensions\{c2846f1b-7d7e-4f8d-966b-f1c6260ae03e}.xpi.xBAD"
sh=50D6546084BF5A56048C278B3F5266B8193A291F ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida verdächtige Datei" ac=I fn="C:\Users\Admin\Documents\Backup\Textdokumente\Downloads\Crap\uKnofensa.zip"
sh=2E90546E93863AE71DE55816DF8B9E80C39293F9 ft=1 fh=a364376a3e767b87 vn="Variante von Win32/Packed.Themida verdächtige Datei" ac=I fn="C:\Users\Admin\Documents\Backup\Textdokumente\xSicht\Ring0Test.exe"
sh=218F07894A591670662A6596488BD342276744E9 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida verdächtige Datei" ac=I fn="C:\Users\Admin\Documents\Backup\Textdokumente\xSicht\Stuff\Ring0Test.zip"
Code:
ATTFilter HitmanPro 3.7.14.265
www.hitmanpro.com
Computer name . . . . : ADMIN-PC
Windows . . . . . . . : 6.1.1.7601.X64/6
User name . . . . . . : Admin-PC\Admin
UAC . . . . . . . . . : Disabled
License . . . . . . . : Free
Scan date . . . . . . : 2016-05-11 21:56:03
Scan mode . . . . . . : Normal
Scan duration . . . . : 8m 59s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 1
Traces . . . . . . . : 11
Objects scanned . . . : 2.795.037
Files scanned . . . . : 124.032
Remnants scanned . . : 1.025.267 files / 1.645.738 keys
Malware _____________________________________________________________________
C:\Users\Admin\Downloads\SVP\SVP130373\Keygen.exe
Size . . . . . . . : 4.002.304 bytes
Age . . . . . . . : 252.5 days (2015-09-02 11:05:28)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 070D93A1442F2F4B0C1D248CB43EB2372900FFB83877BC7B2F392EC5713DFB08
> Bitdefender . . . : Application.Keygen.EZ
Fuzzy . . . . . . : 114.0
Suspicious files ____________________________________________________________
C:\Users\Admin\Desktop\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2.379.264 bytes
Age . . . . . . . : 7.2 days (2016-05-04 16:44:55)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 87FBF1A3EA732E39FAFCE6E348EF141693D5C79B56C1A9472ABD94CC18D5501D
Needs elevation . : Yes
Fuzzy . . . . . . : 23.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
C:\Users\Admin\Desktop\FRST64.exe
Size . . . . . . . : 2.381.312 bytes
Age . . . . . . . : 1.1 days (2016-05-10 20:09:32)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 1CA0034CA00C4197E3BA9112F61D854AAA72C6D21EAA7C199E4B4BC1A1E0327A
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}\ (FilterResults)
HKLM\SOFTWARE\Classes\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}\ (FilterResults)
HKLM\SOFTWARE\Classes\f\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}\ (FilterResults)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}\ (FilterResults)
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-05-2016
durchgeführt von Admin (2016-05-11 22:10:58)
Gestartet von C:\Users\Admin\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-03-27 13:26:06)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Admin (S-1-5-21-3980298719-2773488239-3045808690-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3980298719-2773488239-3045808690-500 - Administrator - Disabled)
Gast (S-1-5-21-3980298719-2773488239-3045808690-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3980298719-2773488239-3045808690-1004 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP640 series Benutzerregistrierung (HKLM-x32\...\Canon MP640 series Benutzerregistrierung) (Version: - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Curse Client (HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dungeon Defenders II (HKLM-x32\...\Steam App 236110) (Version: - Trendy Entertainment)
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.0323.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.75 (HKLM\...\Logitech Gaming Software) (Version: 8.75.30 - Logitech Inc.)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.10 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Spotify (HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\...\Spotify) (Version: 1.0.23.90.g42187855 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SteelSeries Engine 3.7.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.7.3 - SteelSeries ApS)
Super Meat Boy (HKLM\...\Steam App 40800) (Version: - Team Meat)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
TP-LINK TL-WN821N Driver (HKLM-x32\...\{26B52E5B-1620-4676-9B46-B6C56B8105CE}) (Version: 1.2.1 - TP-LINK)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.8.1 (HKLM\...\VulkanRT1.0.8.1) (Version: 1.0.8.1 - LunarG, Inc.)
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 3.67 - UNKNOWN)
Warcraft Logs Uploader (x32 Version: 3.67 - UNKNOWN) Hidden
WARMODE (HKLM-x32\...\Steam App 391460) (Version: - WARTEAM)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version: - Blizzard Entertainment)
XSplit Broadcaster (HKLM-x32\...\{9ACDB4FF-FF71-4525-89F5-B33B6DBDA864}) (Version: 2.0.1411.2714 - SplitmediaLabs)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1F2FE331-E450-4D46-8707-0156C03E35FE} - System32\Tasks\{BAC16272-FB36-45A7-A676-50A3B1859DCC} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\TowerofGuns\Binaries\UnSetup.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\TowerofGuns\Binaries\Win32\..\" -c /EULA
Task: {286ECE19-C527-4663-972C-06F0BAF39911} - System32\Tasks\AdobeAAMUpdater-1.0-Admin-PC-Admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {3203D58B-448A-472C-B1B4-A7FE974AA772} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26] (Google Inc.)
Task: {88C69E9B-7A20-4106-8F2A-6651EF65F8A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26] (Google Inc.)
Task: {B4EDCAE6-8D3D-48B6-8CBE-FD3A59A7336C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {EA703C66-7D04-44A1-AEF3-C2DCBAB1C5E3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {F915ED72-C5C2-40C8-B181-04B8AC15DB18} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation)
Task: {FA4C2509-6F83-4E7B-966E-0CA477CC1CA6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-03-28 09:20 - 2016-04-27 13:51 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-02 19:16 - 2016-01-12 06:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-10-14 18:35 - 2015-10-14 18:35 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-10-14 18:35 - 2015-10-14 18:35 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-02-28 11:14 - 2016-04-26 17:43 - 00174872 _____ () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-08-04 15:43 - 2016-04-26 17:43 - 00103192 _____ () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 15:43 - 2016-04-26 17:43 - 00107800 _____ () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-12-01 22:08 - 2014-01-18 21:44 - 00020992 _____ () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client\plugins\TS3MassMover.dll
2014-08-04 15:46 - 2016-04-26 17:43 - 00312088 _____ () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2015-12-08 18:31 - 2015-12-08 18:31 - 00486912 _____ () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client\plugins\soundboard.dll
2014-08-04 15:46 - 2016-04-26 17:43 - 00485656 _____ () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2016-04-29 20:13 - 2016-04-29 20:13 - 01334760 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net Helper.exe
2015-07-06 01:19 - 2016-01-12 06:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-04-29 20:13 - 2016-04-29 20:13 - 00293040 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7208\ortp.dll
2016-04-29 20:13 - 2016-04-29 20:13 - 37241856 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7208\libcef.dll
2016-04-29 20:13 - 2016-04-29 20:13 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7208\libEGL.dll
2016-04-29 20:13 - 2016-04-29 20:13 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7208\libGLESv2.dll
2016-04-29 20:13 - 2016-04-29 20:13 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7208\libglesv2.dll
2016-04-29 20:13 - 2016-04-29 20:13 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7208\libegl.dll
2016-04-29 20:13 - 2016-04-29 20:13 - 00984576 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7208\ffmpegsumo.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-04-29 13:21 - 2016-04-28 01:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-04-29 13:21 - 2016-04-28 01:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-07 01:42 - 2015-05-20 23:33 - 02873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-31 15:44 - 2015-07-31 15:45 - 00000851 ____A C:\Windows\system32\Drivers\etc\hosts
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: WsAppService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SteelSeries Engine 3.lnk => C:\Windows\pss\SteelSeries Engine 3.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShareX.lnk => C:\Windows\pss\ShareX.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira System Speedup User Starter => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: join.me.launcher => C:\Users\Admin\AppData\Local\join.me.launcher\join.me.launcher.exe
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: puush => C:\Program Files (x86)\puush\puush.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Spotify => "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{EFD342E4-5748-4755-B003-B7A1C49540E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{08643B5D-14BF-440A-A225-5725B59A91E6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7A32D133-0C15-4C8E-A9BE-44A116A8DE41}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A43CB1DE-6727-473D-82F4-411CBF4723A0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6FA47252-A112-4C52-8263-3FD2585521FC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A3426B3C-95A0-4C55-AC8C-74AE3B039621}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{9136EB34-4F38-4A49-ABF4-69844093761B}C:\program files (x86)\tmunitedforever\tmforever.exe] => (Allow) C:\program files (x86)\tmunitedforever\tmforever.exe
FirewallRules: [UDP Query User{CB2CDB31-3A4E-4E38-A915-0EF3BAD1CD4F}C:\program files (x86)\tmunitedforever\tmforever.exe] => (Allow) C:\program files (x86)\tmunitedforever\tmforever.exe
FirewallRules: [{D29C1E7F-5A39-49D7-A0E4-BE6A2BFFC97C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{3B7BB04A-F6F9-4E71-ACE4-753F0F022F3F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{C2871816-6775-4650-9028-40E9821A7FFC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{D5AC1E18-483D-4779-A6E4-C53CA888DCCD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{6D46FC4C-10FC-4964-9E4A-52D56C3490A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{86D48185-2DD7-40D3-9AD8-C50DDDE0826D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1E6040C5-6D48-4E47-A5DD-BFE3C2233BDE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DD3E6438-3E25-4BED-91F4-1918C77F3237}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{22920733-D6F8-430B-B16E-D58B1C4AC7C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{A8E40236-8B6B-4498-9FC7-B4BF133632E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{AE75B637-6A5B-45B3-A044-094B532119AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{46D2119E-7E79-4722-B259-1EBA865C63FF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{57168137-1CB2-4A66-BC03-37C7D7F0156F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{87163870-939D-46D2-A284-41A17BC032EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{011E2E08-94FA-4A84-87AC-1C1E7561917E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{F9A72B45-6C96-43A3-983D-A8921537484C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{E0113649-9E45-4961-B312-9763D967EFB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{B045641A-A674-44C5-8606-C10B31BAA844}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [TCP Query User{25F876F5-BD59-493A-A0D1-4CB96A85A104}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3F58C85D-DFCA-403A-9092-E10563ABF34F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{FF9C2E8F-9A9D-4E96-A934-FF55A5A06C89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{7A103339-7B2D-4A1D-A68A-A16EA1053BA6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{E291B94B-D427-414F-A90B-674F71733011}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{91042958-7356-47D0-B7C3-AC6308C4D86C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{80A15EA6-8E98-4628-91CF-F3B6E16AF35F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{C06E13F7-7DD7-4F21-B3A1-40F8BEE59DFE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{B0310695-D980-43FD-919A-FF3BEE8C9DC6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{DD3BE9E2-17CF-4E5C-B125-60C004A4C99F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{CE388F24-F470-4A3B-A837-57D478D1F25D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A5A66EF4-80C2-4E96-9FC6-054BDEA8701B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{BF0BE0F2-3D15-4CB2-B1A5-321BC4275AB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{A4466B4D-60AE-4E7B-B361-D75FEA32270E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{138CDFDC-CC22-47A3-87B1-825D28A1B35F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{937EA9A1-C133-4D41-9A68-1397FBB28161}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{E4E51F04-4777-4C8D-9F35-A6228F623A76}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [TCP Query User{C804815D-194B-465A-AB18-793B3DC84A85}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{D07D6AA2-505B-4AFA-B9A6-87B0522478B3}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{10654850-BA83-4009-B67F-74CF8C6E319F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{6D02D457-75D1-4ADF-BDF8-1ADC7D8BB748}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{CCB56CD6-2C40-4A7D-AFAD-7D0F996AF88C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{8534DB81-FB89-4FF6-992C-69E0C17F0B84}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0076784B-8275-4352-8345-59EFBBE497BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{5032E3AB-E6F0-420B-9BF1-149C4E15B242}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{559FC124-DF05-4C35-BD5F-BFC961F4B5C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{F6F51D33-97C2-48ED-8A53-D3BF7F86DF21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{F9D095AB-B049-4420-BE5E-9BDF02AD92E3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{B59EA635-F417-4A61-92CF-06D41DA6E20D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{4D1FD42C-14C0-4FE9-ADE0-89E881ECB210}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{642C9BCE-1EEF-45C6-A382-2F3CF6FF8F88}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{3A1D9987-F881-4C5F-859F-3953AB746F7F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{B12B4323-4F9A-46BA-A19F-3DABDEF9FEC9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{19A31C6A-9308-4D35-9C66-69DE7CBA4E63}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{DAFFA852-B058-4DD5-97B3-1BB775C29E7A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{7BA8B3D1-50F3-4BC3-B6CF-E1F496707CFC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{8F2566CF-0D60-406B-80EF-52913F68C725}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{6C7BEB28-D8B3-4D76-AB99-13585718F97A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{0A91D364-144C-4499-933E-0E87EA7C7748}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{BFA617C4-F303-4E7A-A320-C61DAC2BF415}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{6B1D4B5A-E31B-46AF-B598-68F18DBCB3D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{9816C4AB-07C6-4347-A56F-F7860032310D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{9569EF2E-5A30-4202-9B39-1F5128C4233D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{30B75221-7075-41BE-AE99-E6D469380B18}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{73EDEB9E-49A2-4B4A-A13C-7BDFCF21BF73}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{830EB8E2-DB03-4CB8-AA0B-FA28DE892F6A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{956267ED-C2F7-415B-A43C-9BD5E5413850}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{D68A522E-2B3C-46AA-BFAB-8D10B3E4AB4F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8747E71A-792F-41DF-99C8-A4686B759CE7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CF297ED7-6AEC-42B9-8E9E-4BD4245301B8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E102A1A1-A3BB-4C8C-BE57-59BC6C2498D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{402DB35F-B4D7-46FD-8A47-FBBF90FF2FD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{E4636D23-CA42-400F-8450-23A85D685B09}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{E6643D44-FA90-434C-80CD-2C2A21D8554E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4AE62EFE-9901-4DDB-BCF0-D5640885EA15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{17B5AD19-A795-4838-91B4-F1D2BD3D97D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4925FEED-BD8B-4D6F-99F3-214CB7841D02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C1AC965D-F260-446B-AE7D-FD3458730461}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F064AA04-C6D4-4503-A461-EEFBCFAD22CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2654F1AF-BACB-465D-93EC-CB49C009EE58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{95C5E484-B9B2-450D-83C1-740B0EB58B03}C:\users\admin\appdata\local\join.me\join.me.exe] => (Allow) C:\users\admin\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{37706EBB-83CC-493F-B5CF-54227FF3D67B}C:\users\admin\appdata\local\join.me\join.me.exe] => (Allow) C:\users\admin\appdata\local\join.me\join.me.exe
FirewallRules: [TCP Query User{EA7B252A-B075-47EE-BE76-D7B3F5C6BFC8}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe
FirewallRules: [UDP Query User{E1DB3B2C-3011-4C4C-8B96-C84662B47D8F}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe
FirewallRules: [TCP Query User{72D4A12E-73D3-4308-BFB4-BE2CEE264BF3}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{6FCB5524-E96E-421D-BDD6-A1488B4D7F69}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{5E314162-F0D9-456D-8295-B7330146AE71}C:\warcraft iii\war3.exe] => (Allow) C:\warcraft iii\war3.exe
FirewallRules: [UDP Query User{67C05027-E800-437F-A1B6-6EEBB530C05F}C:\warcraft iii\war3.exe] => (Allow) C:\warcraft iii\war3.exe
FirewallRules: [TCP Query User{15C81547-C5A2-438F-B45B-E1C443F44871}C:\program files\warcraft iii\war3.exe] => (Allow) C:\program files\warcraft iii\war3.exe
FirewallRules: [UDP Query User{BC1ABF4E-D9E8-446F-AA10-93FDC528F626}C:\program files\warcraft iii\war3.exe] => (Allow) C:\program files\warcraft iii\war3.exe
FirewallRules: [TCP Query User{44651769-801D-4C2C-B22C-A2C97C6A61F4}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{BA0FDF79-7262-4BA4-A67E-05083B1281C4}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{FFD2B945-29D3-4D29-8F75-01FF2C5CF2FC}C:\users\admin\desktop\lancraft\lancraft.exe] => (Allow) C:\users\admin\desktop\lancraft\lancraft.exe
FirewallRules: [UDP Query User{FFA2D240-265D-40F4-A2FF-AEF267F89C2D}C:\users\admin\desktop\lancraft\lancraft.exe] => (Allow) C:\users\admin\desktop\lancraft\lancraft.exe
FirewallRules: [TCP Query User{9F0EF51A-C075-4A0D-B94B-410B12110020}C:\users\admin\desktop\wc3proxy.exe] => (Allow) C:\users\admin\desktop\wc3proxy.exe
FirewallRules: [UDP Query User{5DCC9BA1-F68F-4D7F-A6E9-2E5667F9A1A3}C:\users\admin\desktop\wc3proxy.exe] => (Allow) C:\users\admin\desktop\wc3proxy.exe
FirewallRules: [TCP Query User{0A3A5F2E-7B3F-4892-B236-E3E5D17FA1D4}C:\users\admin\downloads\wc3proxy.exe] => (Allow) C:\users\admin\downloads\wc3proxy.exe
FirewallRules: [UDP Query User{FBB59D07-2945-4742-BA96-C979053F9EA7}C:\users\admin\downloads\wc3proxy.exe] => (Allow) C:\users\admin\downloads\wc3proxy.exe
FirewallRules: [{6E51CACB-542F-4AD2-8E06-5E764AFFBE04}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{7285727F-6B3C-432B-9B3D-C50ADF43493E}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{26BFCBC4-58B5-42C1-986D-997C7ADBC274}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{031814A3-91AD-4CF6-AB16-3477E95AE64A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9B2B40FF-F6A2-460A-9E4A-429D017402E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{61A8323A-6571-4C38-8DA0-C4F176CE4014}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{724D2D28-4D2D-4548-B944-A9AC5ABC8E2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{D486295C-E044-4CEA-8E5E-DECDD947C95D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [TCP Query User{E44C5050-3E97-4DDF-B9EF-C3EACC4C232C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{DA08953C-4886-4C45-935C-6AE01ECB103C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{7E0A9CBC-4289-4063-9408-CF1492F1CBEB}C:\program files\adobe\adobe after effects cc\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc\support files\afterfx.exe
FirewallRules: [UDP Query User{85FD4F72-CEDC-4E7A-BF3B-142AD827D15D}C:\program files\adobe\adobe after effects cc\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc\support files\afterfx.exe
FirewallRules: [TCP Query User{49E3347E-0078-4E4E-BB20-C712804F7A5C}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{924228BB-4938-4486-8540-155D85C37668}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{0C81C189-1510-4D3E-92A0-93975CFAEA27}] => (Allow) C:\Users\Admin\AppData\Local\Apps\2.0\QNCQ2DG5.R29\NZZYL4GL.387\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{9CE1604E-E7AF-4E05-84DF-D2EA3D98F4DE}] => (Allow) C:\Users\Admin\AppData\Local\Apps\2.0\QNCQ2DG5.R29\NZZYL4GL.387\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{999AA27D-E9DD-4A56-BB72-065440830272}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{45F6674C-505E-467A-8A76-2E441FE68B2C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{F7B08973-C177-4A37-9668-ADDAAFB82A71}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{0E4B31F5-F6BF-4B4B-9099-D5B7DB362A12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{E84E30A4-EBA1-43F6-B078-7782F1DF6092}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{F28E3A39-58BA-45A4-B265-097CAC729189}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{3968E14C-EC39-4CB1-A646-F35CAEC3C0F9}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{82E103D0-528B-4328-94FA-CAEC2DC8EBF0}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1898205E-FA80-4478-8AAB-626CFC59BECC}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{23E60606-EFEA-42BC-947F-794B16B986D9}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{060BA8B4-B2FC-43F6-87A8-D497C69B442B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{3E9F4716-191D-4E20-BD39-7B4E385BA3BF}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{EA0DBF73-B8C7-4D52-B06E-A30AFF3DDBC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WARMODE\warmode.exe
FirewallRules: [{3F573427-07D5-40BB-8357-39DCFEA2DB95}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WARMODE\warmode.exe
FirewallRules: [{009A4A76-5A92-4124-A3B7-FDE53A0D6AE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D8520030-4832-4F70-944B-D65EC511052B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{ADF86DC9-4090-44E0-BCFF-4911BCEFAF12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{853ADE23-E1C2-42EA-B550-0E07CF8E1541}] => (Allow) C:\Users\Admin\AppData\Local\Apps\2.0\QNCQ2DG5.R29\NZZYL4GL.387\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{28709FA1-5360-42E9-8FEB-A92F656F4406}] => (Allow) C:\Users\Admin\AppData\Local\Apps\2.0\QNCQ2DG5.R29\NZZYL4GL.387\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
==================== Wiederherstellungspunkte =========================
06-05-2016 22:36:58 Windows Update
10-05-2016 20:03:44 JRT Pre-Junkware Removal
10-05-2016 22:57:52 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/11/2016 09:52:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (05/11/2016 06:03:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (05/11/2016 06:01:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/11/2016 04:21:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2016 10:14:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2016 07:08:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2016 05:13:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2016 06:22:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2016 12:40:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2016 09:42:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (05/11/2016 06:22:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2016 06:22:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (05/11/2016 06:22:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2016 06:22:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (05/11/2016 06:22:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2016 06:22:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (05/11/2016 06:05:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2016 06:05:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (05/11/2016 06:05:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2016 06:05:10 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
==================== Speicherinformationen ===========================
Prozessor: AMD FX(tm)-6300 Six-Core Processor
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 8189.55 MB
Verfügbarer physikalischer RAM: 4487.53 MB
Summe virtueller Speicher: 16377.3 MB
Verfügbarer virtueller Speicher: 12271.78 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:383.21 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 76629545)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
11.05.2016, 21:14
| #19 |
| | Proxy stellt sich von selbst auf Port 8118 um FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
durchgeführt von Admin (Administrator) auf ADMIN-PC (11-05-2016 22:10:04)
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin (Verfügbare Profile: Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(TeamSpeak Systems GmbH) C:\Users\Admin\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4931\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\...\MountPoints2: {4c8f4f44-2579-11e4-af2e-74d435789fb7} - E:\pushinst.exe
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\...\MountPoints2: {db57892a-3e09-11e4-9acf-74d435789fb7} - E:\setup.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2016-04-20]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{20224643-0089-48B8-8588-34364B07FDD3}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{49BD75BD-B60B-432A-8D46-7B3B270886B1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{99C77B1B-992A-4D0A-A471-EB462974AB61}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{C9991F10-0D7C-40B4-A9F1-D4BC13CE08FC}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130854451575208271&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3980298719-2773488239-3045808690-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3980298719-2773488239-3045808690-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y9f2qjhb.default-1438036783058
FF NetworkProxy: "user_pref("network.proxy.type", 5)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [Keine Datei]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-06-03] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y9f2qjhb.default-1438036783058\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => nicht gefunden
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-05-06]
CHR Extension: (Google Präsentationen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-30]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-30]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-30]
CHR Extension: (Avira Browserschutz) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-12]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Oddshot) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnoeeagkgpkplnhmnnlgodjnjgckhja [2016-05-10]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
S3 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
S3 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [25736 2016-05-02] (Avira Operations GmbH & Co. KG)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.7.1\WsAppService.exe [404480 2016-02-17] (Wondershare) [Datei ist nicht signiert]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone für Android\DriverInstall.exe [115976 2016-01-28] (Wondershare)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-02-22] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-07-06] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-07] (REALiX(tm))
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-16] (Apple Inc.) [Datei ist nicht signiert]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation )
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2016-03-09] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-02-02] (SteelSeries ApS)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [Datei ist nicht signiert]
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
U2 TMAgent; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-11 21:55 - 2016-05-11 22:06 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-11 21:55 - 2016-05-11 21:55 - 11438608 _____ (SurfRight B.V.) C:\Users\Admin\Desktop\HitmanPro_x64.exe
2016-05-11 18:03 - 2016-05-11 18:03 - 02870984 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
2016-05-10 22:16 - 2016-05-10 22:20 - 00063502 _____ C:\Users\Admin\Desktop\SystemLook.txt
2016-05-10 22:16 - 2016-05-10 22:16 - 00165376 _____ C:\Users\Admin\Desktop\SystemLook_x64.exe
2016-05-10 22:15 - 2016-05-10 22:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ProductData
2016-05-10 22:11 - 2016-05-11 17:59 - 00003134 _____ C:\Users\Admin\Desktop\Fixlog.txt
2016-05-10 20:07 - 2016-05-10 20:07 - 00005822 _____ C:\Users\Admin\Desktop\JRT.txt
2016-05-10 20:00 - 2016-05-10 20:00 - 00001589 _____ C:\Users\Admin\Desktop\mbam.txt
2016-05-10 19:02 - 2016-05-10 19:06 - 00000000 ____D C:\AdwCleaner
2016-05-10 19:02 - 2016-05-10 19:03 - 01610816 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT.exe
2016-05-10 19:01 - 2016-05-10 19:02 - 03640384 _____ C:\Users\Admin\Desktop\AdwCleaner_5.116.exe
2016-05-09 18:04 - 2016-05-09 18:04 - 00103286 _____ C:\Users\Admin\Desktop\dT1hSFIwY0Rvdkx6TmpMV2R0ZUMxc2FYWmxMbk5sY25abGNpNXNZVzR2YldGcGJDOWpiR2xsYm5RdmFXNTBaWEp1WVd3dllYUjBZV05vYldWdWRDOWtiM2R1Ykc5aFpDOTBZWFIwTUY4eExTMHRkRzFoYVRFME5HTm1NV0UxWkRWaFltSTRORE03YW5ObGMzTnBiMjVwWkQwMU5VWXhSVVZHUkVVNFFVW
2016-05-09 17:53 - 2016-05-09 18:05 - 00219146 _____ C:\TDSSKiller.3.1.0.9_09.05.2016_17.53.11_log.txt
2016-05-09 17:52 - 2016-05-09 17:52 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2016-05-08 12:44 - 2016-05-10 22:23 - 00051894 _____ C:\Users\Admin\Desktop\Addition.txt
2016-05-08 12:43 - 2016-05-11 22:10 - 00020277 _____ C:\Users\Admin\Desktop\FRST.txt
2016-05-08 12:42 - 2016-05-10 20:09 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2016-05-08 12:42 - 2016-05-08 12:42 - 00000000 _____ C:\Users\Admin\Desktop\windowsID.txt
2016-05-05 10:14 - 2016-05-05 10:14 - 00001143 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-05-05 10:14 - 2016-05-05 10:14 - 00000000 ____D C:\Users\Admin\AppData\Local\AviraSpeedup
2016-05-05 10:14 - 2016-05-05 10:14 - 00000000 ____D C:\Users\Admin\AppData\Local\Avira
2016-05-05 10:11 - 2016-05-10 17:12 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-05-04 16:45 - 2016-05-11 22:10 - 00000000 ____D C:\FRST
2016-05-04 16:44 - 2016-05-10 20:09 - 02381312 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2016-05-02 20:54 - 2016-04-27 13:31 - 00112184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-05-02 20:54 - 2016-04-16 00:53 - 00130328 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-02 20:54 - 2016-04-16 00:53 - 00040216 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-02 20:54 - 2016-04-16 00:52 - 00130840 _____ C:\Windows\system32\vulkan-1.dll
2016-05-02 20:54 - 2016-04-16 00:52 - 00045336 _____ C:\Windows\system32\vulkaninfo.exe
2016-05-02 20:53 - 2016-05-02 20:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-02 20:53 - 2016-04-27 13:51 - 00530880 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-02 20:53 - 2016-04-27 13:51 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 42923576 _____ C:\Windows\system32\nvcompiler.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 37567424 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 31558080 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 25322552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 21355760 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 20897608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 17749736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 17343096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 12539960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-05-02 20:50 - 2016-04-27 16:35 - 10550736 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 08659472 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 03235896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 02810936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436510.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436510.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00957888 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00889400 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00751552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00694208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00678704 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00501896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00473592 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00391816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-05-02 20:50 - 2016-04-27 16:35 - 00175552 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00129024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-05-02 20:50 - 2016-04-27 16:35 - 00000139 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-02 20:50 - 2016-04-27 16:35 - 00000139 _____ C:\Windows\system32\nv-vk64.json
2016-05-02 19:17 - 2016-01-12 06:40 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-05-02 19:16 - 2015-12-18 08:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-02 19:16 - 2015-12-18 08:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-01 15:29 - 2016-05-01 15:29 - 00000221 _____ C:\Users\Admin\Desktop\Super Meat Boy.url
2016-05-01 13:05 - 2016-05-01 13:05 - 00000000 ____D C:\Windows\Cnxt
2016-05-01 13:05 - 2016-05-01 13:05 - 00000000 ____D C:\ProgramData\Conexant
2016-05-01 12:47 - 2016-05-01 12:49 - 103757624 _____ C:\Users\Admin\Desktop\SteelSeriesEngine3.7.3Setup.exe
2016-04-29 21:12 - 2016-04-29 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simulationcraft(x64)
2016-04-29 21:11 - 2016-04-29 21:12 - 49706900 _____ (Simulationcraft ) C:\Users\Admin\Desktop\SimcSetup-623-02-Win64.exe
2016-04-25 13:46 - 2016-04-25 13:46 - 00002191 _____ C:\Users\Public\Desktop\Wondershare Dr.Fone für Android.lnk
2016-04-25 13:45 - 2016-04-01 15:42 - 00000000 ____D C:\Users\Admin\Desktop\Wondershare Dr.Fone for Android 5.7.0.9
2016-04-25 13:33 - 2016-04-25 13:44 - 45996081 _____ C:\Users\Admin\Desktop\wdrfoneforandroid5709.zip
2016-04-25 13:23 - 2016-04-25 13:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GetGo Software
2016-04-25 13:23 - 2016-04-25 13:23 - 00000000 ____D C:\Users\Admin\AppData\Local\GetGo
2016-04-25 13:11 - 2016-04-25 13:11 - 00000000 _____ C:\Users\Admin\Downloads\Dr.Fone Android Crack.exe.0hhvi6o.partial
2016-04-25 13:10 - 2016-04-25 13:10 - 00000000 ____D C:\ProgramData\wsr
2016-04-25 12:59 - 2016-04-25 13:46 - 00000000 ___HD C:\Program Files (x86)\DrFoneAndroid_Temp
2016-04-25 12:59 - 2015-02-27 10:35 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2016-04-25 12:58 - 2016-04-25 12:58 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-04-25 11:56 - 2016-04-25 12:03 - 00000000 ____D C:\Users\Admin\Documents\Handy 25.04
2016-04-24 13:59 - 2016-04-24 14:00 - 00000000 ____D C:\ProgramData\Sophos
2016-04-24 13:58 - 2016-04-24 13:58 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-04-24 13:58 - 2016-04-24 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-24 13:55 - 2016-04-24 13:56 - 147995808 _____ (Sophos Limited) C:\Users\Admin\Desktop\Sophos Virus Removal Tool.exe
2016-04-24 13:26 - 2016-05-06 18:18 - 05153456 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-23 13:45 - 2016-05-05 10:12 - 00148528 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-19 17:42 - 2016-04-19 17:42 - 00001271 _____ C:\Users\Public\Desktop\TSMApplication.lnk
2016-04-19 17:42 - 2016-04-19 17:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TradeSkillMaster
2016-04-19 17:42 - 2016-04-19 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2016-04-19 17:42 - 2016-04-19 17:42 - 00000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2016-04-16 00:53 - 2016-04-16 00:53 - 00130328 _____ C:\Windows\SysWOW64\vulkan-1-1-0-8-1.dll
2016-04-16 00:53 - 2016-04-16 00:53 - 00040216 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-8-1.exe
2016-04-16 00:52 - 2016-04-16 00:52 - 00130840 _____ C:\Windows\system32\vulkan-1-1-0-8-1.dll
2016-04-16 00:52 - 2016-04-16 00:52 - 00045336 _____ C:\Windows\system32\vulkaninfo-1-1-0-8-1.exe
2016-04-13 19:07 - 2016-04-04 20:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 19:07 - 2016-04-04 20:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 19:07 - 2016-04-02 15:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 19:07 - 2016-03-29 19:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 19:07 - 2016-03-23 16:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 19:07 - 2016-03-18 01:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 19:07 - 2016-03-18 01:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 19:07 - 2016-03-18 01:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 19:07 - 2016-03-18 01:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 19:07 - 2016-03-18 01:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 19:07 - 2016-03-18 01:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 19:07 - 2016-03-18 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 19:07 - 2016-03-18 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 19:07 - 2016-03-18 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 19:07 - 2016-03-18 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 19:07 - 2016-03-18 00:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 19:07 - 2016-03-18 00:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 19:07 - 2016-03-18 00:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 19:07 - 2016-03-18 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 19:07 - 2016-03-18 00:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 19:07 - 2016-03-18 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 19:07 - 2016-03-18 00:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 19:07 - 2016-03-18 00:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 19:07 - 2016-03-18 00:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 19:07 - 2016-03-18 00:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 19:07 - 2016-03-18 00:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 19:07 - 2016-03-18 00:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 19:07 - 2016-03-18 00:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 19:07 - 2016-03-18 00:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 19:07 - 2016-03-18 00:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 19:07 - 2016-03-18 00:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 19:07 - 2016-03-18 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 19:07 - 2016-03-18 00:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 19:07 - 2016-03-18 00:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 19:07 - 2016-03-18 00:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 19:07 - 2016-03-18 00:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 19:07 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 19:07 - 2016-03-18 00:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 19:07 - 2016-03-18 00:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 19:07 - 2016-03-18 00:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 19:07 - 2016-03-18 00:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 19:07 - 2016-03-18 00:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 19:07 - 2016-03-18 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 19:07 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 19:07 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 19:07 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 19:07 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 19:07 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 19:07 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 19:07 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 19:07 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 19:07 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 19:07 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 19:07 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 19:07 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 19:07 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 19:07 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 19:07 - 2016-03-17 23:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 19:07 - 2016-03-17 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 19:07 - 2016-03-17 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 19:07 - 2016-03-17 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 19:07 - 2016-03-17 23:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 19:07 - 2016-03-17 23:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 19:07 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 19:07 - 2016-03-17 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 19:07 - 2016-03-17 23:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 19:07 - 2016-03-17 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 19:07 - 2016-03-17 23:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 19:07 - 2016-03-17 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 19:07 - 2016-03-17 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 19:07 - 2016-03-17 23:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 19:07 - 2016-03-17 23:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 19:07 - 2016-03-17 23:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 19:07 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 19:07 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 19:07 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 19:07 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 19:07 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 19:07 - 2016-03-17 20:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 19:07 - 2016-03-17 20:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 19:07 - 2016-03-17 20:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 19:07 - 2016-03-17 20:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 19:07 - 2016-03-16 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 19:07 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 19:07 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 19:07 - 2016-03-16 02:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 19:07 - 2016-03-16 02:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 19:07 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 19:07 - 2016-03-11 20:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 19:07 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 19:07 - 2016-03-06 20:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 19:07 - 2016-03-06 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 19:07 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 19:07 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-13 19:07 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 19:07 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 19:07 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-13 19:07 - 2016-02-02 20:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 19:07 - 2016-01-21 02:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 19:07 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-13 19:01 - 2016-03-31 21:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 19:01 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 19:01 - 2016-03-31 02:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 19:01 - 2016-03-31 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 19:01 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 19:01 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 19:01 - 2016-03-31 02:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 19:01 - 2016-03-31 02:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 19:01 - 2016-03-31 02:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 19:01 - 2016-03-31 02:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 19:01 - 2016-03-31 02:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 19:01 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 19:01 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 19:01 - 2016-03-31 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 19:01 - 2016-03-31 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 19:01 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 19:01 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 19:01 - 2016-03-31 01:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 19:01 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 19:01 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 19:01 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 19:01 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 19:01 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 19:01 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 19:01 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 19:01 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 19:01 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 19:01 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 19:01 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 19:01 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 19:01 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 19:01 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 19:01 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 19:01 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 19:01 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 19:01 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 19:01 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 19:01 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 19:01 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 19:01 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 19:01 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 19:01 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 19:01 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 19:01 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 19:01 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 19:01 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 19:01 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 19:00 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 19:00 - 2016-03-31 02:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 19:00 - 2016-03-31 02:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 19:00 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 19:00 - 2016-03-31 02:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 19:00 - 2016-03-31 02:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 19:00 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 19:00 - 2016-03-31 02:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 19:00 - 2016-03-31 02:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 19:00 - 2016-03-31 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 19:00 - 2016-03-31 01:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 19:00 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 19:00 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 19:00 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 19:00 - 2016-03-31 01:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 19:00 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 19:00 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 19:00 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 19:00 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-11 22:24 - 2016-04-11 22:24 - 02333193 _____ C:\Users\Admin\Downloads\BW.zip
2016-04-11 22:07 - 2016-04-11 22:07 - 00159937 _____ C:\Users\Admin\Desktop\Ace3-Release-r1134.zip
2016-04-11 21:53 - 2016-04-11 21:53 - 09867854 _____ C:\Users\Admin\Desktop\WowB-64.zip
2016-04-11 21:51 - 2016-04-11 21:51 - 02148098 _____ C:\Users\Admin\Desktop\BigWigs-r13741.zip
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-11 22:07 - 2014-08-17 00:48 - 00000000 ____D C:\Users\Admin\AppData\Local\Battle.net
2016-05-11 21:59 - 2014-08-16 23:36 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-05-11 21:58 - 2009-07-14 06:45 - 00036080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-11 21:58 - 2009-07-14 06:45 - 00036080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-11 21:50 - 2014-08-17 00:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TS3Client
2016-05-11 21:42 - 2015-08-31 00:13 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 21:27 - 2014-12-10 04:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-11 18:44 - 2014-08-17 01:19 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-05-11 18:00 - 2015-08-31 00:13 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 18:00 - 2014-03-28 09:22 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-11 18:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-11 17:37 - 2015-08-31 00:13 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 17:37 - 2015-08-31 00:13 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-11 16:31 - 2014-09-22 21:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2016-05-10 20:00 - 2014-10-28 20:00 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-10 17:46 - 2016-01-13 23:51 - 00000000 ____D C:\Program Files (x86)\World of Warcraft Beta
2016-05-10 06:21 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-07 21:16 - 2014-08-24 21:31 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-06 22:38 - 2015-04-07 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 22:38 - 2015-04-07 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-06 22:37 - 2014-12-11 05:03 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-05 10:29 - 2014-12-13 17:13 - 00000000 ____D C:\Windows\pss
2016-05-05 10:26 - 2015-09-02 17:12 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2016-05-05 10:26 - 2014-08-30 14:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2016-05-05 10:25 - 2015-12-31 22:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\sp6_log
2016-05-05 10:25 - 2015-09-05 21:31 - 00000000 ____D C:\Users\Admin\Desktop\gopeoooo
2016-05-05 10:25 - 2015-09-02 08:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Sony
2016-05-05 10:25 - 2015-08-29 15:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HLSW
2016-05-05 10:25 - 2015-06-18 21:21 - 00000000 ____D C:\Users\Admin\AppData\Local\join.me.launcher
2016-05-05 10:25 - 2015-01-26 01:13 - 00000000 ____D C:\Program Files (x86)\GTA San Andreas
2016-05-05 10:25 - 2014-10-29 19:25 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Trend Micro
2016-05-05 10:25 - 2014-09-12 16:14 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-05-05 10:25 - 2014-08-17 15:49 - 00000000 ____D C:\Users\Admin\AppData\Local\Logitech
2016-05-05 10:25 - 2014-08-17 00:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-05 10:25 - 2014-08-17 00:46 - 00000000 ____D C:\Users\Admin\AppData\Local\TeamSpeak 3 Client
2016-05-05 10:25 - 2014-03-28 00:14 - 00000000 ____D C:\Windows\Panther
2016-05-05 10:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-05-05 10:14 - 2016-04-09 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-05 10:11 - 2016-04-09 15:32 - 00000000 ____D C:\ProgramData\Avira
2016-05-05 10:11 - 2016-04-09 15:32 - 00000000 ____D C:\Program Files (x86)\Avira
2016-05-05 10:00 - 2014-08-17 01:11 - 00000000 ____D C:\Users\Admin\AppData\Local\Deployment
2016-05-05 09:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\schemas
2016-05-04 18:40 - 2016-03-05 22:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-05-03 22:28 - 2014-10-03 22:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-05-02 20:55 - 2014-03-28 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-02 20:55 - 2014-03-28 09:19 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-02 20:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-02 20:52 - 2014-03-28 09:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-05-02 20:24 - 2015-11-10 20:22 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-05-02 20:17 - 2015-04-25 17:46 - 00000000 ____D C:\Users\Admin\AppData\Local\Spotify
2016-05-02 19:25 - 2015-04-25 17:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Spotify
2016-05-02 19:17 - 2014-03-28 09:23 - 00000000 ____D C:\Users\Admin\AppData\Local\NVIDIA
2016-05-01 15:29 - 2014-08-24 21:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-01 13:07 - 2016-01-01 02:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\steelseries-engine-3-client
2016-04-30 10:51 - 2015-03-05 17:44 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-04-29 22:31 - 2014-09-15 21:02 - 00000000 ____D C:\Users\Admin\AppData\Roaming\SimulationCraft
2016-04-29 21:12 - 2015-01-03 03:50 - 00000000 ____D C:\Simulationcraft(x64)
2016-04-29 13:21 - 2015-12-26 03:07 - 00002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-27 22:58 - 2014-03-27 15:26 - 00000000 ____D C:\Users\Admin
2016-04-27 16:35 - 2015-08-17 01:17 - 19007480 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-04-27 16:35 - 2014-08-17 02:29 - 16450472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-04-27 16:35 - 2014-08-17 02:29 - 14129544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-04-27 16:35 - 2014-08-17 02:29 - 03286664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-04-27 16:35 - 2014-08-16 19:16 - 17248216 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-04-27 16:35 - 2014-08-16 19:16 - 00037091 _____ C:\Windows\system32\nvinfo.pb
2016-04-27 16:35 - 2014-06-20 11:15 - 03714472 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-04-27 16:35 - 2014-03-28 09:18 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-04-27 13:51 - 2014-03-28 09:20 - 06371384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-04-27 13:51 - 2014-03-28 09:20 - 02993088 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-04-27 13:51 - 2014-03-28 09:20 - 02561472 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-04-27 13:51 - 2014-03-28 09:20 - 01264064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-04-27 13:51 - 2014-03-28 09:20 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-04-27 13:51 - 2014-03-28 09:20 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-04-26 17:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-04-25 21:04 - 2015-08-30 03:34 - 00000000 ____D C:\Users\Admin\Documents\ShareX
2016-04-25 13:46 - 2015-07-03 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-04-25 13:46 - 2015-01-01 19:16 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-04-25 11:52 - 2015-01-26 00:41 - 00000000 ____D C:\Users\Admin\Documents\Backup
2016-04-25 08:33 - 2014-03-28 09:20 - 06381278 _____ C:\Windows\system32\nvcoproc.bin
2016-04-23 16:03 - 2014-12-22 05:40 - 00000000 ____D C:\Users\Admin\AppData\Local\fabi.me
2016-04-22 12:31 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-04-20 22:00 - 2015-08-30 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2016-04-20 22:00 - 2015-08-30 03:34 - 00000000 ____D C:\Program Files\ShareX
2016-04-20 18:30 - 2016-02-07 16:17 - 00000000 ____D C:\Program Files (x86)\Creative
2016-04-20 18:27 - 2015-08-30 23:45 - 00000000 ____D C:\Users\Admin\AppData\Local\JDownloader v2.0
2016-04-15 23:49 - 2014-03-28 00:13 - 00703010 _____ C:\Windows\system32\perfh007.dat
2016-04-15 23:49 - 2014-03-28 00:13 - 00150650 _____ C:\Windows\system32\perfc007.dat
2016-04-15 23:49 - 2014-03-27 15:48 - 01602980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-15 23:49 - 2009-07-14 07:13 - 01602980 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-14 22:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-14 00:00 - 2014-03-28 09:54 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 23:56 - 2014-03-28 09:54 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-09-22 21:50 - 2016-03-14 00:02 - 0000132 _____ () C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-12-22 06:44 - 2015-12-23 16:39 - 0000786 _____ () C:\Users\Admin\AppData\Roaming\burnaware.ini
2015-11-24 19:40 - 2015-11-24 19:40 - 0000054 _____ () C:\Users\Admin\AppData\Roaming\updater.cfg
2014-12-11 17:16 - 2014-12-11 17:16 - 0000032 _____ () C:\Users\Admin\AppData\Roaming\UserIdentity.dat
2015-11-20 18:35 - 2015-11-20 18:35 - 229844370 _____ () C:\Users\Admin\AppData\Local\ACCCx3_4_0_177.zip.aamdownload
2015-11-20 18:35 - 2015-11-20 18:35 - 0002657 _____ () C:\Users\Admin\AppData\Local\ACCCx3_4_0_177.zip.aamdownload.aamd
2014-10-28 21:54 - 2014-10-28 21:54 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
Einige Dateien in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-05-06 19:06
==================== Ende von FRST.txt ============================
 Aber seit dem dritten mal FRST kam der Proxy-Fehler nichtmehr auf und in den Diensten lässt sich auch kein PrivoxyService mehr finden. Scheint gut zu sein, nehm ich mal an. |
|
12.05.2016, 16:12
| #20 | ||||||||||
| /// TB-Ausbilder | Proxy stellt sich von selbst auf Port 8118 um Servus, gleich haben wir es geschafft... Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
CMD: reg query "HKLM\SOFTWARE\Classes\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}" /s
CMD: reg query "HKLM\SOFTWARE\Classes\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}" /s
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}
DeleteKey: HKLM\SOFTWARE\Classes\f
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}
DeleteKey: HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
DeleteKey: HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
DeleteKey: HKU\S-1-5-21-3980298719-2773488239-3045808690-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Unlock: C:\FRST
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Rückmeldung
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
12.05.2016, 16:46
| #21 |
| | Proxy stellt sich von selbst auf Port 8118 um Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-05-2016
durchgeführt von Admin (2016-05-12 17:45:21) Run:3
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin (Verfügbare Profile: Admin)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
CMD: reg query "HKLM\SOFTWARE\Classes\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}" /s
CMD: reg query "HKLM\SOFTWARE\Classes\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}" /s
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}
DeleteKey: HKLM\SOFTWARE\Classes\f
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}
DeleteKey: HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
DeleteKey: HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
DeleteKey: HKU\S-1-5-21-3980298719-2773488239-3045808690-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Unlock: C:\FRST
Reboot:
end
*****************
Prozess erfolgreich geschlossen.
========= reg query "HKLM\SOFTWARE\Classes\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}" /s =========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}
LocalService REG_SZ Update Mgr FilterResults
========= Ende von CMD: =========
========= reg query "HKLM\SOFTWARE\Classes\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}" /s =========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}
LocalService REG_SZ Service Mgr FilterResults
========= Ende von CMD: =========
HKLM\SOFTWARE\Classes\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\AppID\{cd5da489-3013-4cd1-be62-f18393deab33} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\f => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\f => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{cd5da489-3013-4cd1-be62-f18393deab33} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => Schlüssel nicht gefunden.
"C:\FRST" => wurde entsperrt
Das System musste neu gestartet werden.
==== Ende von Fixlog 17:45:25 ====
|
|
12.05.2016, 19:54
| #22 |
| /// TB-Ausbilder | Proxy stellt sich von selbst auf Port 8118 um Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Proxy stellt sich von selbst auf Port 8118 um |
| 127.0.0.1, ahnung, avira, beitrag, ebenfalls, frage, fragen, geblockt, gen, knapp, link, neue, neuen, nichts, port, problem, programme, proxy, scan, seite, seiten, versuche, viren, werbung, worte |
Linear-Darstellung
