| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Browser öffnen auf Klick hin adware SeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2016, 19:34
| #46 |
| /// Malwareteam  |  Browser öffnen auf Klick hin adware Seiten Hmm.. knifflig. Wir veruschen mal ZOEK. Schritt # 1: ZOEK Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Und bitte noch ein frisches FRST-Log. |
|
12.06.2016, 16:48
| #47 |
 | Browser öffnen auf Klick hin adware Seiten Ist es normal dass immer noch diese Sachen da stehen?:
__________________Code:
ATTFilter --- Create Environment Variables 0:37:00.24
--- Create System Restore Point 0:37:07.54
--- Checking Input 0:37:25.11
Ich hab jetzt einen Timer zum Runterfahren auf 40 min gesetzt weil ich auch langsam mal ins bett möchte. Mal schauen Also langsam bezweifle ich, dass das Programm richtig funktioniert. Gestern ist es nicht fertig geworden und deshalb hab ich um 10:41 gestartet und seit dem steht das dort: Code:
ATTFilter Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Marlin on 12-Jun-16 at 10:41:01.97.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marlin\Desktop\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 10:41:11.81 =====
--- Create Environment Variables 10:41:12.93
--- Checking Input 10:41:20.68
Also da kann doch was nicht stimmen. Ich habe jetzt das Programm jetzt 7 Stunden (von 10:41 Uhr bis 17:47 Uhr) ohne Unterbrechung laufen gelassen und es zeigt immer noch das gleiche an. Geändert von Kieran (12.06.2016 um 00:51 Uhr) |
|
12.06.2016, 19:00
| #48 |
| /// Malwareteam | Browser öffnen auf Klick hin adware Seiten Hi,
__________________jo da geb ich dir recht, ZOEK hängt wohl. Dann lassen wir das mal. Jetzt wirds mühsam. Mach mal bitte einen Clean Boot, dann lass nochmal meine Batch von oben laufen und poste mir das Ergebnis.
__________________ |
|
13.06.2016, 07:44
| #49 |
| | Browser öffnen auf Klick hin adware Seiten Hi. Jetzt bekomm ich das: Code:
ATTFilter The operation completed successfully.
ERROR: The system was unable to find the specified registry key or value.
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
durchgeführt von Marlin (Administrator) auf BLACKMAGIC (13-06-2016 08:41:11)
Gestartet von C:\Users\Marlin\Desktop
Geladene Profile: Marlin (Verfügbare Profile: Marlin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: German (Germany)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cepstral, LLC) C:\Program Files (x86)\Cepstral\bin\CepstralLicSrv.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) D:\Programme\Razer Cortex\RzKLService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lynx Technology) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
(LogMeIn Inc.) K:\Programme\Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(LogMeIn, Inc.) K:\Programme\Hamachi\LMIGuardianSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LogMeIn Inc.) K:\Programme\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) K:\Programme\Hamachi\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamSpeak Systems GmbH) D:\Teamspeak\ts3client_win64.exe
(Valve Corporation) D:\Games etc\Steam\Steam.exe
(Spotify Ltd) C:\Users\Marlin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Marlin\AppData\Roaming\Spotify\Spotify.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() D:\Programme\Puush\puush.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Roccat GmbH) D:\Roccat Kova+\Kova[+]Monitor.exe
(Spotify Ltd) C:\Users\Marlin\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Spotify Ltd) C:\Users\Marlin\AppData\Roaming\Spotify\Spotify.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Spotify Ltd) C:\Users\Marlin\AppData\Roaming\Spotify\Spotify.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Razer, Inc.) C:\Users\Marlin\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Valve Corporation) D:\Games etc\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6603520 2016-06-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => "D:\Programme\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 2015-12-04] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [895960 2016-06-04] (Webroot)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [298776 2015-12-18] (Intel Corporation)
HKLM-x32\...\Run: [RoccatKova+] => D:\Roccat Kova+\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-05-24] (Razer Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-06-07] (Plays.tv, LLC)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => K:\Programme\Hamachi\hamachi-2-ui.exe [5565960 2016-06-08] (LogMeIn Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Run: [TeamSpeak 3 Client] => D:\Teamspeak\ts3client_win64.exe [11480344 2016-04-26] (TeamSpeak Systems GmbH)
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Run: [Steam] => D:\Games etc\Steam\steam.exe [2917456 2016-06-10] (Valve Corporation)
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Run: [Spotify Web Helper] => C:\Users\Marlin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-05-29] (Spotify Ltd)
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Run: [Spotify] => C:\Users\Marlin\AppData\Roaming\Spotify\Spotify.exe [6859888 2016-05-29] (Spotify Ltd)
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Run: [puush] => D:\Programme\Puush\puush.exe [568904 2015-03-30] ()
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Run: [EasyHideIPVPN] => K:\Programme\Easy-Hide-IP VPN\vpn.client.exe
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\MountPoints2: G - G:\Setup.exe
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\MountPoints2: H - H:\Setup.exe
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\MountPoints2: {246a3911-507e-11e4-9626-d0509928e910} - E:\LGAutoRun.exe
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\MountPoints2: {9da0785c-3c05-11e4-8df1-d0509928e910} - E:\pushinst.exe
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\...\MountPoints2: {c581b910-3c1e-11e4-9aa5-806e6f6e6963} - F:\ASRSetup.exe
HKU\S-1-5-21-3419645104-3717089636-2781738795-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SYSTEM32\sspipes.scr [610304 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Marlin\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Marlin\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Marlin\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Marlin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Marlin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Marlin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-03-18] ()
Startup: C:\Users\Marlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-01-19] ()
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1D0F9C4D-A3C9-4219-AAA5-578087290EDC}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{33A5DE98-AE1F-4277-A4DE-87238A8E3C7A}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130938236596445570&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-28] (Oracle Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2016-05-24] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-10] (Webroot)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-28] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2016-05-24] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-10] (Webroot)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2016-05-24] (Webroot)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2016-05-24] (Webroot)
Toolbar: HKU\S-1-5-21-3419645104-3717089636-2781738795-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF DefaultSearchEngine: Google
FF SelectedSearchEngine:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3419645104-3717089636-2781738795-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)
FF Extension: Amazon-Icon - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\bywxuxu9.default\Extensions\amazon-icon@giga.de [2015-06-21] [ist nicht signiert]
FF Extension: Furaffinity Download extension for Firefox - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\bywxuxu9.default\Extensions\fuerholz@gmx.net.xpi [2015-12-15]
FF Extension: InkBunny Downloader - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\bywxuxu9.default\Extensions\jid1-A9hxZPPMAhCzdQ@jetpack.xpi [2015-12-16] [ist nicht signiert]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\bywxuxu9.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2015-12-12]
FF Extension: ChatZilla - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\bywxuxu9.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-12-20]
FF Extension: Webroot Password Manager - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\bywxuxu9.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-05-24]
FF Extension: Tamper Data - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\bywxuxu9.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-11-20]
FF Extension: Web Developer - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\bywxuxu9.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-12-20]
FF Extension: InkBunny Downloader - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@ib_downloader.xpi [2016-04-27] [ist nicht signiert]
FF Extension: Amazon-Icon - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\amazon-icon@giga.de [2016-01-25] [ist nicht signiert]
FF Extension: Furaffinity Download extension for Firefox - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\fuerholz@gmx.net.xpi [2015-12-15]
FF Extension: InkBunny Downloader - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\jid1-A9hxZPPMAhCzdQ@jetpack.xpi [2015-12-16] [ist nicht signiert]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2015-12-12]
FF Extension: ChatZilla - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-01-25]
FF Extension: Webroot Password Manager - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-05-24]
FF Extension: Tamper Data - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-11-20]
FF Extension: Web Developer - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-12-20]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2016-06-10]
StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://forum.temeraire.net/de/index.php","hxxp://draconic.twilightrealm.com/","hxxp://twokinds.keenspot.com/","hxxps://web.whatsapp.com/","hxxps://www.webshell.de/de/forum","hxxp://awsw.yuku.com/"
CHR DefaultSearchURL: Default -> hxxps://www.google.com/search?q={searchTerms}
CHR Profile: C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-05-07]
CHR Extension: (Google Präsentationen) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MEGA) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-06-01]
CHR Extension: (YouTube) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02]
CHR Extension: (Google-Suche) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dropbox für Gmail) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-04]
CHR Extension: (Kaspersky Protection) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-19]
CHR Extension: (Freefall Tournament) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\encjogopgacdjlkmpdknhlfnanoihodh [2015-03-19]
CHR Extension: (Aurelion Sol Build Guide) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fceobikcedidphjfgmjjjolgeoiakhnc [2016-05-04]
CHR Extension: (Google Tabellen) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-06-09]
CHR Extension: (Webroot Password Manager) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2016-05-24]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Passwort-Warnung) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhfklnnep [2016-06-01]
CHR Extension: (ProxPrice) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopgehbobniifpngnhmljfojnkkopbje [2016-03-04]
CHR Extension: (Google Code Archive - Long-term stora...) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmbhclbceeoiegfpidanbkkflbfpiig [2016-04-26]
CHR Extension: (Virtual Keyboard) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2015-12-02]
CHR Extension: (Google Mail) - C:\Users\Marlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-11-18] (Kaspersky Lab ZAO)
R2 Cepstral License Server; C:\Program Files (x86)\Cepstral\bin\CepstralLicSrv.exe [57344 2007-03-15] (Cepstral, LLC) [Datei ist nicht signiert]
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
S4 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-12-26] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; K:\Programme\Hamachi\hamachi-2.exe [2552840 2016-06-08] (LogMeIn Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [253528 2015-07-09] ()
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [19552 2015-08-14] (Olof Lagerkvist)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-04-03] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
S4 Origin Client Service; D:\Games etc\Origin\OriginClientService.exe [2120712 2016-04-30] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-06-07] (Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-08-24] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-08-24] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 RzKLService; D:\Programme\Razer Cortex\RzKLService.exe [129168 2015-08-21] (Razer Inc.)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4255232 2016-02-15] (A-Volute) [Datei ist nicht signiert]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [1923120 2015-10-08] (Lynx Technology)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [895960 2016-06-04] (Webroot)
S2 EasyRedirect; K:\Programme\Easy-Hide-IP VPN\rdr\EasyRedirect.exe [X]
S3 MediaFire Desktop Updater Service; C:\Program Files (x86)\MediaFire Desktop\bin\UpdaterLocalCOM.exe [X]
S2 SEVPNCLIENT; "D:\Programme\SoftEther VPN Client\vpnclient_x64.exe" /service [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
S4 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-04-17] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [21048 2015-08-06] (Olof Lagerkvist)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-03] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-10-07] (Echobit, LLC)
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-12-08] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-02-26] (Intel Corporation)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [49104 2015-08-14] (Olof Lagerkvist)
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-04-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-03-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-11-18] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-05-25] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-05-25] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-05-25] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-18] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [31744 2008-09-07] (hxxp://libusb-win32.sourceforge.net) [Datei ist nicht signiert]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-04-17] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0118.sys [38432 2016-03-22] (SoftEther Corporation)
S3 Neo_VPN2; C:\Windows\System32\DRIVERS\Neo_0096.sys [38432 2016-03-22] (SoftEther Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows (R) Win 7 DDK provider)
S3 SEE; C:\Windows\System32\drivers\see.sys [50208 2016-01-02] (SoftEther Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-02-04] (Duplex Secure Ltd.)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2016-01-19] (Oracle Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-06-13] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [54512 2016-06-10] (Webroot)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2015-02-02] (Wondershare)
R3 ALSysIO; \??\C:\Users\Marlin\AppData\Local\Temp\ALSysIO64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
U0 SR; kein ImagePath
U2 srservice; kein ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Code:
ATTFilter
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-13 08:41 - 2016-06-13 08:41 - 00047953 _____ C:\Users\Marlin\Desktop\FRST.txt
2016-06-13 08:40 - 2016-06-13 08:40 - 00000000 ____D C:\Users\Marlin\Desktop\FRST-OlderVersion
2016-06-12 20:31 - 2016-06-12 20:37 - 00000273 _____ C:\Users\Marlin\Desktop\bat.bat
2016-06-12 13:07 - 2016-06-12 13:07 - 00014592 _____ C:\Users\Marlin\AppData\Local\recently-used.xbel
2016-06-12 10:41 - 2016-06-12 10:41 - 00000402 _____ C:\runcheck.txt
2016-06-12 00:36 - 2016-06-12 00:36 - 00000000 ____D C:\zoek_backup
2016-06-11 01:30 - 2016-06-11 01:30 - 00000710 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2016-06-11 01:30 - 2016-06-11 01:30 - 00000708 _____ C:\Users\Marlin\Desktop\Toribash.lnk
2016-06-10 19:51 - 2015-11-13 23:38 - 12101120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx64.dll
2016-06-10 19:51 - 2015-11-13 23:38 - 01479768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx64.dll
2016-06-10 19:51 - 2015-11-13 23:37 - 10226528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-06-10 13:52 - 2016-06-10 13:52 - 00000466 _____ C:\Users\Marlin\Desktop\New Text Document.txt
2016-06-10 13:51 - 2013-07-21 17:41 - 00013760 _____ C:\Windows\system32\Drivers\DRHMSR64.sys
2016-06-10 13:51 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\Windows\system32\Drivers\DRHARD64.sys
2016-06-09 19:33 - 2016-06-06 18:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-09 19:33 - 2016-06-06 18:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-09 19:33 - 2016-06-03 15:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-09 19:33 - 2016-05-27 15:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-09 19:33 - 2016-05-27 15:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-09 19:33 - 2016-05-27 15:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-09 19:33 - 2016-05-27 15:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-09 19:33 - 2016-05-22 15:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-08 18:28 - 2016-06-08 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-06-06 21:35 - 2016-06-06 21:35 - 00000000 _____ C:\Users\Marlin\Desktop\adsdasds
2016-06-06 21:27 - 2015-11-13 23:37 - 10226528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\SET4CF7.tmp
2016-06-06 20:54 - 2016-06-06 20:54 - 00000000 ____D C:\Program Files (x86)\AMD
2016-06-06 20:46 - 2016-06-06 20:46 - 00000000 ____D C:\Users\Marlin\AppData\Local\CrashRpt
2016-06-05 17:42 - 2016-06-05 17:42 - 00001270 _____ C:\Users\Marlin\Desktop\sspipes.scr - Shortcut.lnk
2016-06-04 15:48 - 2016-06-04 15:48 - 00000000 ____D C:\Users\Marlin\Documents\StarCraft II
2016-06-04 13:13 - 2016-06-13 08:40 - 02385408 _____ (Farbar) C:\Users\Marlin\Desktop\FRST64.exe
2016-06-03 20:24 - 2016-06-03 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-03 19:42 - 2016-06-03 19:42 - 00004155 _____ C:\Users\Marlin\Desktop\ddclient.conf
2016-06-02 23:14 - 2016-06-02 23:14 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00141280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-06-02 23:11 - 2016-06-02 23:11 - 00297216 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-06-02 23:08 - 2016-06-02 23:08 - 26990080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-06-02 23:02 - 2016-06-02 23:02 - 48616960 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-06-02 23:02 - 2016-06-02 23:02 - 00252928 _____ C:\Windows\system32\clinfo.exe
2016-06-02 23:00 - 2016-06-02 23:00 - 00096256 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-06-02 23:00 - 2016-06-02 23:00 - 00087040 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-06-02 22:58 - 2016-06-02 22:58 - 27433472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-06-02 22:58 - 2016-06-02 22:58 - 08699904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-06-02 22:54 - 2016-06-02 22:54 - 06952448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-06-02 22:45 - 2016-06-02 22:45 - 00096256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2016-06-02 22:43 - 2016-06-02 22:43 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2016-06-02 22:42 - 2016-06-02 22:42 - 30188032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-06-02 22:42 - 2016-06-02 22:42 - 00732160 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-06-02 22:42 - 2016-06-02 22:42 - 00607744 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-06-02 22:42 - 2016-06-02 22:42 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-06-02 22:42 - 2016-06-02 22:42 - 00117760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-06-02 22:41 - 2016-06-02 22:41 - 06965248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-06-02 22:39 - 2016-06-02 22:39 - 00865280 _____ (AMD) C:\Windows\system32\coinst_16.20.dll
2016-06-02 22:38 - 2016-06-02 22:38 - 05643776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-06-02 22:38 - 2016-06-02 22:38 - 00717520 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-06-02 22:38 - 2016-06-02 22:38 - 00717520 _____ C:\Windows\system32\atiapfxx.blb
2016-06-02 22:37 - 2016-06-02 22:37 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-06-02 22:37 - 2016-06-02 22:37 - 00385536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-06-02 22:37 - 2016-06-02 22:37 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-06-02 22:37 - 2016-06-02 22:37 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-06-02 22:37 - 2016-06-02 22:37 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-06-02 22:37 - 2016-06-02 22:37 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-06-02 22:36 - 2016-06-02 22:36 - 14302720 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-06-02 22:35 - 2016-06-02 22:35 - 24836096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-06-02 22:35 - 2016-06-02 22:35 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-06-02 22:35 - 2016-06-02 22:35 - 00038400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-06-02 22:34 - 2016-06-02 22:34 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-06-02 22:34 - 2016-06-02 22:34 - 00092160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-06-02 22:32 - 2016-06-02 22:32 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-06-02 22:31 - 2016-06-02 22:31 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-06-02 22:31 - 2016-06-02 22:31 - 00274432 _____ C:\Windows\system32\dgtrayicon.exe
2016-06-02 22:31 - 2016-06-02 22:31 - 00258560 _____ C:\Windows\system32\GameManager64.dll
2016-06-02 22:31 - 2016-06-02 22:31 - 00212480 _____ C:\Windows\system32\atieah64.exe
2016-06-02 22:30 - 2016-06-02 22:30 - 00588288 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-06-02 22:30 - 2016-06-02 22:30 - 00306688 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-06-02 22:30 - 2016-06-02 22:30 - 00270336 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-06-02 22:30 - 2016-06-02 22:30 - 00230912 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-06-02 22:30 - 2016-06-02 22:30 - 00202752 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-06-02 22:30 - 2016-06-02 22:30 - 00190464 _____ C:\Windows\SysWOW64\atieah32.exe
2016-06-02 22:30 - 2016-06-02 22:30 - 00093696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-06-02 22:28 - 2016-06-02 22:28 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-06-02 22:26 - 2016-06-02 22:26 - 01304576 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00973824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00185344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00106496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-06-02 22:25 - 2016-06-02 22:25 - 00497664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-06-02 22:25 - 2016-06-02 22:25 - 00119808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-06-02 22:25 - 2016-06-02 22:25 - 00101376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-06-02 22:25 - 2016-06-02 22:25 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-06-02 22:23 - 2016-06-02 22:23 - 00251392 _____ C:\Windows\system32\hsa-thunk64.dll
2016-06-02 22:23 - 2016-06-02 22:23 - 00217088 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-05-28 18:24 - 2016-05-28 18:24 - 00000742 _____ C:\Users\Marlin\Desktop\Revo Uninstaller.lnk
2016-05-28 18:24 - 2016-05-28 18:24 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-05-28 15:56 - 2016-05-28 15:56 - 01703295 _____ C:\Users\Marlin\Desktop\wpdb.sql
2016-05-28 15:55 - 2016-05-28 15:55 - 00000000 ____D C:\Users\Marlin\Desktop\otterforum
2016-05-28 12:06 - 2016-05-28 12:06 - 00003013 _____ C:\Users\Marlin\Desktop\HitLeap Viewer.lnk
2016-05-28 12:06 - 2016-05-28 12:06 - 00002929 _____ C:\Users\Marlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HitLeap Viewer.lnk
2016-05-28 12:06 - 2016-05-28 12:06 - 00000000 ____D C:\Program Files (x86)\HitLeap
2016-05-27 23:53 - 2016-05-27 23:53 - 00000718 _____ C:\Users\Marlin\www.kieran.pw.conf
2016-05-27 23:46 - 2016-05-27 23:46 - 00003058 _____ C:\Users\Marlin\agb.phpBAk
2016-05-27 23:44 - 2016-05-27 23:44 - 00003058 _____ C:\Users\Marlin\agb.php
2016-05-27 18:18 - 2016-05-27 18:18 - 06541784 _____ (Tim Kosse) C:\Users\Marlin\Downloads\FileZilla_3.18.0_win64-setup.exe
2016-05-27 00:04 - 2016-05-27 00:04 - 00000000 ____D C:\Users\Marlin\AppData\Local\GWX
2016-05-26 00:55 - 2016-05-29 13:35 - 00000000 ____D C:\Users\Marlin\Desktop\droid
2016-05-25 16:42 - 2016-06-07 00:29 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-05-25 16:42 - 2016-06-07 00:28 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-25 16:42 - 2016-04-12 03:23 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-25 16:42 - 2016-04-12 03:23 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-25 16:42 - 2016-04-12 03:20 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-25 16:42 - 2016-04-12 03:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-25 16:42 - 2016-04-12 03:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-25 16:42 - 2016-04-12 03:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-25 16:42 - 2016-04-12 03:01 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-25 16:42 - 2016-04-12 03:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-25 16:42 - 2016-04-12 02:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-25 16:42 - 2016-04-12 02:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-25 16:42 - 2016-04-12 02:43 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-25 16:42 - 2016-04-12 02:43 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-25 16:42 - 2016-04-12 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-25 16:42 - 2016-04-12 02:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-25 16:42 - 2016-04-12 02:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-25 16:42 - 2016-04-09 08:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-25 16:42 - 2016-04-09 08:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-25 16:42 - 2016-04-09 08:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-05-25 16:42 - 2016-04-09 07:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-25 16:38 - 2016-04-14 18:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-05-25 16:38 - 2016-04-14 18:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-05-25 16:38 - 2016-04-14 18:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-05-25 16:38 - 2016-04-14 18:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-05-25 16:38 - 2016-04-14 18:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-05-25 16:38 - 2016-04-14 18:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-05-25 16:38 - 2016-04-14 17:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-05-25 16:38 - 2016-04-14 17:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-05-25 16:38 - 2016-04-14 17:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-05-25 16:38 - 2016-04-14 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-05-25 16:38 - 2016-04-14 17:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-05-25 16:38 - 2016-04-14 17:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-05-25 12:33 - 2016-06-13 08:41 - 00000000 ____D C:\FRST
2016-05-25 09:16 - 2016-06-04 16:52 - 00000000 ____D C:\Users\Marlin\Desktop\Anti Virus
2016-05-25 09:16 - 2016-05-25 09:16 - 00004419 _____ C:\Users\Marlin\Desktop\JRT.txt
2016-05-25 08:06 - 2016-05-25 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweeten
2016-05-25 01:10 - 2016-05-25 01:10 - 00000000 ____H C:\Users\Marlin\AppData\Local\BITFA99.tmp
2016-05-25 01:09 - 2016-05-25 01:10 - 00000000 _____ C:\Users\Marlin\AppData\Local\{056C4BAF-A0FF-4DDD-ABE9-6611CE374B05}
2016-05-25 01:07 - 2016-05-25 01:07 - 00000011 _____ C:\ProgramData\.tv7
2016-05-25 00:48 - 2016-05-25 00:48 - 00000000 ____D C:\.Trash-999
2016-05-24 23:58 - 2016-05-24 23:58 - 00000000 ____D C:\Identity
2016-05-24 23:57 - 2016-06-13 08:39 - 00117728 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2016-05-24 23:57 - 2016-06-12 21:01 - 00000000 ____D C:\ProgramData\WRData
2016-05-24 23:57 - 2016-06-10 13:40 - 00054512 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2016-05-24 23:57 - 2016-06-04 00:32 - 00181176 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2016-05-24 23:57 - 2016-06-04 00:32 - 00115768 _____ (Webroot) C:\Windows\system32\WRusr.dll
2016-05-24 23:57 - 2016-05-24 23:57 - 00000000 ____D C:\Users\Marlin\AppData\LocalLow\LastPass
2016-05-24 23:57 - 2016-05-24 23:57 - 00000000 ____D C:\Users\Marlin\AppData\Local\lptmp
2016-05-24 23:57 - 2016-05-24 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2016-05-24 23:57 - 2016-05-24 23:57 - 00000000 ____D C:\Program Files\Webroot
2016-05-24 23:57 - 2016-05-24 23:57 - 00000000 ____D C:\Program Files\Common Files\Webroot
2016-05-24 23:56 - 2016-05-26 23:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-24 23:56 - 2016-05-24 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-05-24 23:56 - 2016-05-24 23:56 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-05-24 23:56 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-24 23:56 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-24 23:56 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-24 22:29 - 2016-05-24 22:29 - 00000000 _____ C:\Users\Marlin\AppData\Local\{1A1B3749-31EB-494F-AA76-3DFC76586726}
2016-05-24 22:13 - 2016-05-24 22:13 - 00000184 _____ C:\Users\Marlin\Desktop\Aurelion.url
2016-05-21 16:28 - 2016-05-21 16:28 - 00000000 _____ C:\Users\Marlin\AppData\Local\{AB9E70B5-71FF-4C0D-9E0C-EEBA9714DFC4}
2016-05-19 02:45 - 2016-04-12 16:52 - 00908717 _____ C:\Users\Marlin\Desktop\Para's InstaLock 0.49.exe
2016-05-18 20:55 - 2016-05-18 20:57 - 352321536 _____ C:\Users\Marlin\Downloads\pmagic_2013_08_01.iso
2016-05-14 00:44 - 2016-05-14 00:44 - 00001097 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-05-14 00:44 - 2016-05-14 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-05-14 00:43 - 2016-05-14 00:43 - 00000000 ____D C:\Program Files\Oracle
2016-05-14 00:09 - 2016-05-27 18:21 - 00002084 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-13 08:41 - 2015-06-12 21:25 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-06-13 08:40 - 2016-05-11 14:55 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f163753f4a4f.job
2016-06-13 08:40 - 2016-04-25 20:16 - 00000000 ____D C:\Users\Marlin\AppData\Local\LogMeIn Hamachi
2016-06-13 08:40 - 2016-04-16 23:28 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\Spotify
2016-06-13 08:40 - 2015-12-10 17:11 - 00000000 ____D C:\Users\Marlin\AppData\Local\Spotify
2016-06-13 08:40 - 2015-07-16 01:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf53fb750165.job
2016-06-13 08:40 - 2014-12-21 12:08 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\Raptr
2016-06-13 08:40 - 2014-09-14 17:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 08:40 - 2014-09-14 14:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-13 08:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-13 00:51 - 2014-10-12 23:05 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\vlc
2016-06-13 00:48 - 2015-06-17 17:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-06-13 00:13 - 2014-09-14 17:19 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-13 00:10 - 2015-12-30 18:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-13 00:00 - 2016-05-11 14:55 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf53fb98686a.job
2016-06-12 23:22 - 2015-05-27 19:23 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\Skype
2016-06-12 23:20 - 2015-10-28 02:37 - 00000000 ____D C:\Users\Marlin\AppData\Local\Clipboarder
2016-06-12 20:55 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-12 20:55 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-12 20:19 - 2015-02-13 19:58 - 00000600 _____ C:\Users\Marlin\AppData\Local\PUTTY.RND
2016-06-12 20:19 - 2014-09-23 17:31 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\FileZilla
2016-06-12 19:57 - 2016-04-30 16:15 - 00000832 _____ C:\Users\Marlin\Desktop\World of Tanks ProMod.lnk
2016-06-12 19:57 - 2016-04-30 16:02 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\ProMod
2016-06-12 19:55 - 2015-10-15 18:08 - 00000000 ____D C:\Users\Marlin\AppData\Local\Battle.net
2016-06-12 19:16 - 2014-09-20 20:34 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\OBS
2016-06-12 18:15 - 2014-09-20 20:34 - 00000000 ____D C:\Program Files (x86)\OBS
2016-06-12 17:59 - 2016-03-06 13:38 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\PlaysTV
2016-06-12 17:59 - 2014-12-21 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-06-12 13:24 - 2014-10-10 14:15 - 05427200 ___SH C:\Users\Marlin\Desktop\Thumbs.db
2016-06-12 13:09 - 2014-10-15 14:30 - 00000000 ____D C:\Users\Marlin\.gimp-2.8
2016-06-12 13:07 - 2014-10-15 14:34 - 00000000 ____D C:\Users\Marlin\AppData\Local\gtk-2.0
2016-06-10 21:43 - 2014-10-24 00:22 - 00000000 ____D C:\Users\Marlin\Desktop\Programme
2016-06-10 19:52 - 2014-09-14 14:49 - 00000000 ____D C:\ProgramData\Skype
2016-06-10 13:39 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-09 19:33 - 2015-06-14 22:46 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-09 18:56 - 2015-03-11 21:11 - 00000000 ____D C:\Users\Marlin\AppData\Local\CrashDumps
2016-06-09 07:40 - 2015-12-05 17:18 - 00004230 _____ C:\Windows\System32\Tasks\AMD Updater
2016-06-09 07:35 - 2015-12-05 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-06-09 07:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-09 07:32 - 2014-09-14 17:22 - 00000000 ____D C:\Program Files\AMD
2016-06-09 07:31 - 2014-09-14 04:58 - 00000000 ____D C:\AMD
2016-06-09 07:01 - 2014-10-23 22:49 - 00002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 22:47 - 2015-08-28 17:02 - 00409410 _____ C:\Windows\system32\perfh011.dat
2016-06-08 22:47 - 2015-08-28 17:02 - 00122294 _____ C:\Windows\system32\perfc011.dat
2016-06-08 22:47 - 2015-08-28 16:54 - 00502046 _____ C:\Windows\system32\perfh006.dat
2016-06-08 22:47 - 2015-08-28 16:54 - 00098852 _____ C:\Windows\system32\perfc006.dat
2016-06-08 22:47 - 2015-08-28 16:37 - 00390974 _____ C:\Windows\system32\prfh0404.dat
2016-06-08 22:47 - 2015-08-28 16:37 - 00115284 _____ C:\Windows\system32\prfc0404.dat
2016-06-08 22:47 - 2015-08-28 16:30 - 00706512 _____ C:\Windows\system32\prfh0416.dat
2016-06-08 22:47 - 2015-08-28 16:30 - 00147850 _____ C:\Windows\system32\prfc0416.dat
2016-06-08 22:47 - 2015-08-28 16:23 - 00721650 _____ C:\Windows\system32\prfh0816.dat
2016-06-08 22:47 - 2015-08-28 16:23 - 00153100 _____ C:\Windows\system32\prfc0816.dat
2016-06-08 22:47 - 2015-08-28 16:17 - 00732990 _____ C:\Windows\system32\perfh015.dat
2016-06-08 22:47 - 2015-08-28 16:17 - 00156066 _____ C:\Windows\system32\perfc015.dat
2016-06-08 22:47 - 2015-08-28 16:11 - 00649314 _____ C:\Windows\system32\perfh01F.dat
2016-06-08 22:47 - 2015-08-28 16:11 - 00140194 _____ C:\Windows\system32\perfc01F.dat
2016-06-08 22:47 - 2015-08-28 16:00 - 00373802 _____ C:\Windows\system32\prfh0804.dat
2016-06-08 22:47 - 2015-08-28 16:00 - 00119786 _____ C:\Windows\system32\prfc0804.dat
2016-06-08 22:47 - 2015-08-28 15:44 - 00717232 _____ C:\Windows\system32\perfh019.dat
2016-06-08 22:47 - 2015-08-28 15:44 - 00151036 _____ C:\Windows\system32\perfc019.dat
2016-06-08 22:47 - 2015-08-28 15:39 - 00487146 _____ C:\Windows\system32\perfh014.dat
2016-06-08 22:47 - 2015-08-28 15:39 - 00095598 _____ C:\Windows\system32\perfc014.dat
2016-06-08 22:47 - 2015-08-28 15:35 - 00599620 _____ C:\Windows\system32\perfh008.dat
2016-06-08 22:47 - 2015-08-28 15:35 - 00111322 _____ C:\Windows\system32\perfc008.dat
2016-06-08 22:47 - 2015-08-28 15:30 - 00656352 _____ C:\Windows\system32\perfh01D.dat
2016-06-08 22:47 - 2015-08-28 15:30 - 00142668 _____ C:\Windows\system32\perfc01D.dat
2016-06-08 22:47 - 2015-08-28 15:26 - 00421056 _____ C:\Windows\system32\perfh012.dat
2016-06-08 22:47 - 2015-08-28 15:26 - 00120578 _____ C:\Windows\system32\perfc012.dat
2016-06-08 22:47 - 2015-08-28 15:22 - 00661472 _____ C:\Windows\system32\perfh005.dat
2016-06-08 22:47 - 2015-08-28 15:22 - 00141620 _____ C:\Windows\system32\perfc005.dat
2016-06-08 22:47 - 2015-08-28 15:11 - 00736130 _____ C:\Windows\system32\perfh013.dat
2016-06-08 22:47 - 2015-08-28 15:11 - 00153296 _____ C:\Windows\system32\perfc013.dat
2016-06-08 22:47 - 2015-08-28 15:04 - 00474134 _____ C:\Windows\system32\perfh00B.dat
2016-06-08 22:47 - 2015-08-28 15:04 - 00101714 _____ C:\Windows\system32\perfc00B.dat
2016-06-08 22:47 - 2015-08-28 15:00 - 00676386 _____ C:\Windows\system32\perfh00E.dat
2016-06-08 22:47 - 2015-08-28 15:00 - 00171468 _____ C:\Windows\system32\perfc00E.dat
2016-06-08 22:47 - 2015-08-28 14:52 - 00738088 _____ C:\Windows\system32\perfh00A.dat
2016-06-08 22:47 - 2015-08-28 14:52 - 00158668 _____ C:\Windows\system32\perfc00A.dat
2016-06-08 22:47 - 2015-08-28 14:47 - 00384976 _____ C:\Windows\system32\perfh00D.dat
2016-06-08 22:47 - 2015-08-28 14:47 - 00084952 _____ C:\Windows\system32\perfc00D.dat
2016-06-08 22:47 - 2015-08-28 14:38 - 00732678 _____ C:\Windows\system32\perfh010.dat
2016-06-08 22:47 - 2015-08-28 14:38 - 00147040 _____ C:\Windows\system32\perfc010.dat
2016-06-08 22:47 - 2015-08-28 14:34 - 00738348 _____ C:\Windows\system32\perfh00C.dat
2016-06-08 22:47 - 2015-08-28 14:34 - 00471646 _____ C:\Windows\system32\perfh001.dat
2016-06-08 22:47 - 2015-08-28 14:34 - 00149774 _____ C:\Windows\system32\perfc00C.dat
2016-06-08 22:47 - 2015-08-28 14:34 - 00094966 _____ C:\Windows\system32\perfc001.dat
2016-06-08 22:47 - 2010-11-21 08:50 - 00700130 _____ C:\Windows\system32\perfh007.dat
2016-06-08 22:47 - 2010-11-21 08:50 - 00149768 _____ C:\Windows\system32\perfc007.dat
2016-06-08 22:47 - 2009-07-14 07:13 - 17467958 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-08 21:28 - 2016-03-29 21:44 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\Tweeten
2016-06-08 10:56 - 2015-12-22 19:55 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-06-07 00:27 - 2015-04-20 08:20 - 00000000 ____D C:\ProgramData\D83C629D-C688-4A07-8615-94974D65F157
2016-06-06 20:54 - 2016-04-01 14:03 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-06 20:51 - 2015-12-05 17:17 - 00000000 ____D C:\Users\Marlin\AppData\Local\AMD
2016-06-06 20:31 - 2016-03-12 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2016-06-06 20:31 - 2016-03-12 20:37 - 00000000 ____D C:\Program Files\Core Temp
2016-06-04 19:05 - 2015-09-12 15:08 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\BitTorrent
2016-06-04 16:43 - 2014-12-10 22:38 - 00000000 ____D C:\Users\Marlin\.VirtualBox
2016-06-04 14:57 - 2014-09-14 16:56 - 00000000 ____D C:\Users\Marlin
2016-06-03 22:32 - 2016-04-16 17:08 - 00000000 ____D C:\Users\Marlin\Downloads\Telegram Desktop
2016-06-03 20:39 - 2015-08-28 03:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 20:24 - 2015-07-19 14:08 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-03 17:07 - 2014-09-14 16:58 - 17078958 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-02 23:14 - 2016-03-21 16:45 - 00122704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-06-02 23:14 - 2015-11-29 23:19 - 00166488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-06-02 23:14 - 2015-11-29 23:19 - 00150544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-06-02 23:14 - 2015-11-29 23:18 - 01512192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-06-02 23:14 - 2014-04-18 04:42 - 00137136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-06-02 23:14 - 2014-04-18 04:42 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-06-02 23:13 - 2015-11-29 23:18 - 10700864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-06-02 23:13 - 2015-11-29 23:18 - 09798560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-06-02 23:13 - 2015-11-29 23:18 - 08577456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-06-02 23:13 - 2014-04-18 04:42 - 08865344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-06-02 23:13 - 2014-04-18 04:42 - 06999496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-06-02 23:01 - 2016-03-21 16:27 - 38098432 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-06-02 22:58 - 2016-03-21 16:24 - 21600768 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-06-02 22:31 - 2015-12-23 17:31 - 00223744 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-06-02 22:26 - 2016-03-21 15:45 - 00973824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-06-02 22:26 - 2016-03-21 15:45 - 00159232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-06-02 19:04 - 2016-01-01 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2016-06-01 22:01 - 2016-01-22 14:43 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-05-31 21:47 - 2014-10-23 22:06 - 00000448 __RSH C:\ProgramData\ntuser.pol
2016-05-30 08:09 - 2015-04-22 07:54 - 00000000 ____D C:\Users\Alexander
2016-05-28 19:12 - 2014-09-23 18:35 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\.minecraft
2016-05-27 18:21 - 2015-01-24 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-05-27 18:21 - 2015-01-24 20:19 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-05-27 04:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-26 23:00 - 2015-06-14 22:46 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 23:00 - 2015-06-14 22:46 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-26 19:31 - 2015-06-21 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-05-25 16:55 - 2015-08-28 15:51 - 00000000 ____D C:\Windows\et-EE
2016-05-25 16:55 - 2015-08-28 15:47 - 00000000 ____D C:\Windows\lt-LT
2016-05-25 16:55 - 2015-08-28 15:07 - 00000000 ____D C:\Windows\lv-LV
2016-05-25 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-05-25 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-05-25 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-05-25 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-05-25 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-05-25 16:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-05-25 16:21 - 2015-11-18 23:43 - 00943536 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-05-25 16:21 - 2015-06-11 20:32 - 00049240 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-05-25 16:20 - 2015-07-04 03:18 - 00237480 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-05-25 13:48 - 2016-01-02 21:02 - 00000000 ___RD C:\Users\Marlin\MediaFire
2016-05-25 12:39 - 2016-05-01 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Hide-IP VPN
2016-05-25 00:27 - 2015-03-22 19:59 - 00000000 ____D C:\ProgramData\TEMP
2016-05-24 23:56 - 2014-11-08 23:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-24 22:10 - 2016-04-26 00:53 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps
2016-05-24 22:10 - 2016-03-26 00:13 - 00000671 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-24 22:10 - 2015-07-06 15:48 - 00000723 _____ C:\Users\Marlin\Desktop\Amorous.lnk
2016-05-24 22:10 - 2015-05-11 22:55 - 00000000 __SHD C:\Users\Marlin\Desktop\Tools
2016-05-24 22:10 - 2014-10-08 20:33 - 00000000 ____D C:\Users\Marlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2016-05-24 22:10 - 2014-09-14 16:56 - 00001026 _____ C:\Users\Marlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-19 18:18 - 2016-02-11 16:29 - 00000633 _____ C:\Users\Marlin\Desktop\Phone.txt
2016-05-19 16:33 - 2016-04-16 23:52 - 00000000 ____D C:\Users\Marlin\Documents\Euro Truck Simulator 2
2016-05-19 01:37 - 2015-12-04 19:42 - 00000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-18 19:29 - 2016-01-04 15:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-14 00:39 - 2014-12-02 17:16 - 00000501 _____ C:\Windows\system32\Drivers\etc\hosts.ics
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-01-12 14:09 - 2016-01-12 14:09 - 0000011 _____ () C:\Users\Marlin\AppData\Roaming\.tv7
2016-04-16 14:24 - 2016-04-16 14:24 - 0005120 _____ () C:\Users\Marlin\AppData\Roaming\GiftBag.db
2014-09-24 19:48 - 2014-09-24 19:48 - 0000012 _____ () C:\Users\Marlin\AppData\Roaming\id.txt
2014-10-12 16:21 - 2014-10-12 16:21 - 0000098 _____ () C:\Users\Marlin\AppData\Roaming\LauncherSettings_live.cfg
2014-11-12 18:53 - 2014-11-13 15:37 - 0001216 _____ () C:\Users\Marlin\AppData\Roaming\Marlin.txt
2015-11-25 23:26 - 2016-05-10 23:12 - 0000600 _____ () C:\Users\Marlin\AppData\Roaming\PUTTY.RND
2015-08-29 11:50 - 2015-08-29 11:50 - 0001268 _____ () C:\Users\Marlin\AppData\Roaming\Roaming - Shortcut.lnk
2015-08-29 11:50 - 2015-08-29 11:51 - 0044032 ___SH () C:\Users\Marlin\AppData\Roaming\Thumbs.db
2016-01-02 21:48 - 2016-01-04 21:13 - 20806800 _____ () C:\Users\Marlin\AppData\Roaming\xulrunner.zip
2016-05-25 01:10 - 2016-05-25 01:10 - 0000000 ____H () C:\Users\Marlin\AppData\Local\BITFA99.tmp
2014-09-24 19:53 - 2015-10-22 02:25 - 0011776 _____ () C:\Users\Marlin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 19:58 - 2016-06-12 20:19 - 0000600 _____ () C:\Users\Marlin\AppData\Local\PUTTY.RND
2016-06-12 13:07 - 2016-06-12 13:07 - 0014592 _____ () C:\Users\Marlin\AppData\Local\recently-used.xbel
2015-06-12 15:18 - 2015-10-11 22:41 - 0007599 _____ () C:\Users\Marlin\AppData\Local\Resmon.ResmonCfg
2016-05-25 01:09 - 2016-05-25 01:10 - 0000000 _____ () C:\Users\Marlin\AppData\Local\{056C4BAF-A0FF-4DDD-ABE9-6611CE374B05}
2015-10-08 08:08 - 2015-10-08 08:08 - 0000000 _____ () C:\Users\Marlin\AppData\Local\{17367099-8997-4CFF-BF2C-F000DF000440}
2016-05-24 22:29 - 2016-05-24 22:29 - 0000000 _____ () C:\Users\Marlin\AppData\Local\{1A1B3749-31EB-494F-AA76-3DFC76586726}
2016-01-10 00:24 - 2016-01-10 00:24 - 0000000 _____ () C:\Users\Marlin\AppData\Local\{5BD514BE-42FC-46EB-A519-E8C388502CAC}
2015-12-08 15:23 - 2015-12-08 15:23 - 0000000 _____ () C:\Users\Marlin\AppData\Local\{5D944AE5-599D-45D9-9A19-38C0440454A8}
2015-12-16 14:27 - 2015-12-16 14:27 - 0000000 _____ () C:\Users\Marlin\AppData\Local\{73AA8701-6E85-4A4D-BF2B-5D5DA87280D5}
2016-05-21 16:28 - 2016-05-21 16:28 - 0000000 _____ () C:\Users\Marlin\AppData\Local\{AB9E70B5-71FF-4C0D-9E0C-EEBA9714DFC4}
2015-08-13 11:15 - 2015-08-13 11:15 - 0000000 _____ () C:\Users\Marlin\AppData\Local\{B8E48531-81EC-4123-9E5A-E18A4912D3F8}
2015-12-16 14:27 - 2015-12-16 14:27 - 0000000 _____ () C:\Users\Marlin\AppData\Local\{BD45C9D4-BE8E-457B-B07F-11E05B39E8ED}
2016-05-25 01:07 - 2016-05-25 01:07 - 0000011 _____ () C:\ProgramData\.tv7
Einige Dateien in TEMP:
====================
C:\Users\Marlin\AppData\Local\Temp\7za.exe
C:\Users\Marlin\AppData\Local\Temp\DaS_21.exe
C:\Users\Marlin\AppData\Local\Temp\hijackthis.exe
C:\Users\Marlin\AppData\Local\Temp\NirCmd.exe
C:\Users\Marlin\AppData\Local\Temp\PEVZ.EXE
C:\Users\Marlin\AppData\Local\Temp\remove.exe
C:\Users\Marlin\AppData\Local\Temp\sed.exe
C:\Users\Marlin\AppData\Local\Temp\shortcut.exe
C:\Users\Marlin\AppData\Local\Temp\swreg.exe
C:\Users\Marlin\AppData\Local\Temp\swxcacls.exe
C:\Users\Marlin\AppData\Local\Temp\wget.exe
C:\Users\Marlin\AppData\Local\Temp\zoek-delete.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe
[2016-05-25 16:42] - [2016-06-07 00:28] - 3231232 ____A (Microsoft Corporation) 29BDC4913224EFBBAE4C31D4139F99E6
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-06-08 23:57
==================== Ende von FRST.txt ============================
|
|
13.06.2016, 15:02
| #50 |
| /// Malwareteam | Browser öffnen auf Klick hin adware Seiten Hi, ich hab da eine Vermutung. Da ich Webroot nicht wirklich kenn ist es möglich, dass es ein Feature eingebaut hat, welches Änderungen an der Registry wieder zurückspielt. Deaktivier das mal bitte für ein paar Tage und schau, ob das Problem wiederkommt. |
|
13.06.2016, 15:56
| #51 |
| | Browser öffnen auf Klick hin adware Seiten Also in regedit.exe sehe ich die AutoConfigUrl nicht mehr. Hier ist ein Screenshot von dem Reg Pfad der gelöscht werden sollte.  Ich hab mir das im clean boot mal angesehen und hab da auch die AutoConfigUrl von unstops.biz gesehen. Übrigends wird diese Seite (der gesamte Pfad im reg) gesperrt von Chrome. Ich deaktivire Webroot trotzdem mal. |
|
13.06.2016, 22:31
| #52 |
| /// Malwareteam | Browser öffnen auf Klick hin adware Seiten Ja das kommt immer wieder, aber da läuft eigentlich kein Dienst oder Prozess welcher das macht. Deshalb hab ich die Vermutung, dass WebRoot da denkt das wird unerwünscht entfernt und fügt das deshalb wieder hinzu. Sonst würde mir eigentlich keine Erklärung einfallen warum das immer wiederkommt. |
|
13.06.2016, 23:11
| #53 |
| | Browser öffnen auf Klick hin adware Seiten Also ich hab mir das nochmal angeschaut und sehen tu ich die AutoConfigUrl nicht mehr. Hast du noch wieder etwas in dem FRST Scan gefunden oder hast du sonst ideen? |
|
17.06.2016, 11:12
| #54 |
| /// Malwareteam | Browser öffnen auf Klick hin adware Seiten Hi, Ideen habe ich eigentlich keine wo die AutoConfig URL her kommen könnte. Jedenfalls ist die für die Umleitungen verantwortlich... |
|
17.06.2016, 15:16
| #55 |
| | Browser öffnen auf Klick hin adware Seiten Also weg ist sie glaube ich. Wenn ich die .bat datei ausführe sagt er mir, dass er sie nicht mehr findet. Code:
ATTFilter ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
|
|
18.06.2016, 16:10
| #56 |
| /// Malwareteam | Browser öffnen auf Klick hin adware Seiten Hi, hast du die Weiterleitungen noch? |
|
18.06.2016, 19:19
| #57 |
| | Browser öffnen auf Klick hin adware Seiten Leider ja aber es kommt mir so vor als würden sie nicht mehr so oft passieren. |
|
20.06.2016, 17:16
| #58 |
| /// Malwareteam | Browser öffnen auf Klick hin adware Seiten Hi, hmmm... Hilft es, einen Adblocker zu installieren? Und hast du schon mal Router zurcksetzen probiert? |
|
20.06.2016, 17:41
| #59 |
| | Browser öffnen auf Klick hin adware Seiten Adblock hab ich bereits. Deshalb (oder wegen Kaspersky) sind manche seiten einfach weiß und haben title wie "afu.php 1x1" oder so. Und am router liegt es nicht. Passiert auch wenn ich mein Telefon über USB "getethered" habe und das internet davon benutze. |
|
21.06.2016, 15:00
| #60 |
| /// Malwareteam | Browser öffnen auf Klick hin adware Seiten Hi, poste mal bitte noch ein frisches FRST-Log, mit Addition.txt angehakt. Im Clean Boot ist das Problem auch aufgetreten? |
|
| Themen zu Browser öffnen auf Klick hin adware Seiten |
| adware, ausser, browser, dauert, einfach, entfernt, fehler, freund, gescannt, gestern, installer, klick, klicke, malwarebytes, neue, neuen, neuer tab, programm, schei, schädlinge, seite, seiten, versteckt, windows, windows 7, öffnen, öffnet |
Linear-Darstellung
