![]() |
|
Log-Analyse und Auswertung: Windows 7: Mail-Account gehackt, Avast zeigt Trojaner anWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an Einen guten Tag wünsche ich allen, ich habe gestern Abend einen Anruf bekommen, dass von meiner E-Mail-Adresse bei Yahoo Spam-Mails verschickt wurden. Als ich nachgeschaut habe, habe ich gesehen, dass die Mail von einer fremden Adresse kam, die aber meinen vollen Namen enthielt und dass zudem Adressen aus meinem Adressbuch verwendet wurden. Bei einem Scan mit Avast wurde mir Win32:Hupigon-ONX als Trojaner angezeigt mit dem Dateinamen C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Eine Suche mit dem ESET Online Scanner hat keine Ergebnisse gezeigt, Scans mit AdwCleaner und Anti-Malware haben dagegen relativ viele Ergebnisse gezeigt. Ich bin daher ein bisschen in Sorge, dass sich einige Viren oder sonstige Schadprogramme auf meinem PC befinden. Allerdings wollte ich mich vor dem Löschen erst mal an euch wenden, bevor ich irgendetwas unnötigerweise lösche. Hier die Logfiles FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016 durchgeführt von ***** (Administrator) auf ***** (03-06-2016 11:46:12) Gestartet von D:\ Geladene Profile: ***** (Verfügbare Profile: ***** & *****) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Apple Inc.) D:\itunes (1)\iTunesHelper.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () Q:\140066.enu\Office14\WINWORDC.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe () Q:\140066.enu\Office14\OffSpon.EXE (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Malwarebytes) D:\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => D:\itunes (1)\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation) HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Plugin Install] => D:\Quicktime\Plugins\DeleteMe1.exe HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NPSStartup] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975760 2015-11-03] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-12] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-02-10] ShortcutTarget: Audible Download Manager.lnk -> D:\Audible\Bin\AudibleDownloadHelper.exe (Keine Datei) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) ProxyServer: [S-1-5-21-1078192431-239819200-2145751044-1000] => http=5.133.176.199:3128 Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{F8CE8708-5C3F-48FF-996E-AFF92665AD4C}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800 SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800 SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {07D56749-CE28-4EAD-98CF-98486A8E78D3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10557 SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10557 BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Users\*****\Desktop\Expat Shield\HssIE\ExpatIE_64.dll => Keine Datei BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-12] (AVAST Software) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Keine Datei BHO-x32: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO-x32: Kein Name -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-12] (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM-x32 - Kein Name - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - Keine Datei Toolbar: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Kein Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Keine Datei FireFox: ======== FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104 FF Homepage: google.de FF NetworkProxy: "backup.ftp", "212.29.229.21" FF NetworkProxy: "backup.ftp_port", 80 FF NetworkProxy: "backup.socks", "212.29.229.21" FF NetworkProxy: "backup.socks_port", 80 FF NetworkProxy: "backup.ssl", "212.29.229.21" FF NetworkProxy: "backup.ssl_port", 80 FF NetworkProxy: "ftp", "198.50.129.9" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "gopher", "119.4.115.51" FF NetworkProxy: "gopher_port", 80 FF NetworkProxy: "http", "198.50.129.9" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "198.50.129.9" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "198.50.129.9" FF NetworkProxy: "ssl_port", 3128 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-16] () FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\VLC\npvlc.dll [2013-12-09] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-08] FF Extension: Modify Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-04-27] FF Extension: Video DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24] FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF Extension: DownThemAll! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15] FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-05-27] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-13] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-13] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-06-01] Chrome: ======= CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden> CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden> CHR HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden> CHR HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-12] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-12] (AVAST Software) R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-04-28] (Electronic Arts) S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies) R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] () [Datei ist nicht signiert] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-12] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-12] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-12] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-24] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-12] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-12] (AVAST Software) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation) [Datei ist nicht signiert] R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-03] (Malwarebytes) S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.) [Datei ist nicht signiert] R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-23] (Duplex Secure Ltd.) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-04-19] (Anchorfree Inc.) U5 usbser; C:\Windows\System32\Drivers\usbser.sys [32768 2010-11-21] (Microsoft Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.) S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-03 11:46 - 2016-06-03 11:46 - 00000000 ____D C:\FRST 2016-06-03 11:32 - 2016-06-03 11:44 - 00022232 _____ C:\Users\*****\Desktop\mbam.txt 2016-06-03 11:18 - 2016-06-03 11:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-03 11:18 - 2016-06-03 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-06-03 11:17 - 2016-06-03 11:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-06-03 11:17 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-06-03 11:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-06-03 11:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-06-02 21:21 - 2016-06-02 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16 2016-06-01 21:34 - 2016-06-02 15:15 - 00000000 ____D C:\Users\*****\Documents\Citavi 5 2016-06-01 21:34 - 2016-06-01 21:47 - 00000000 ____D C:\Users\*****\AppData\Roaming\Swiss Academic Software 2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5 2016-06-01 21:32 - 2016-06-01 21:32 - 00000000 ____D C:\Users\*****\AppData\Local\Downloaded Installations 2016-05-31 18:22 - 2016-05-31 18:22 - 00135152 _____ C:\Users\*****\AppData\Local\recently-used.xbel 2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\Public\CyberLink 2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\*****\Documents\CyberLink 2016-05-30 23:40 - 2016-05-30 23:40 - 00000000 ____D C:\Users\*****\AppData\Local\Cyberlink 2016-05-30 23:33 - 2016-06-03 01:50 - 00000000 ____D C:\Program Files (x86)\CyberLink 2016-05-30 23:33 - 2016-05-30 23:33 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information 2016-05-30 23:30 - 2016-06-03 01:50 - 00000000 ____D C:\ProgramData\SUPPORTDIR 2016-05-30 23:30 - 2016-05-30 23:41 - 00000000 ____D C:\ProgramData\CyberLink 2016-05-30 23:30 - 2016-05-30 23:30 - 00000000 ____D C:\ProgramData\install_clap 2016-05-26 00:28 - 2016-06-02 20:11 - 00149015 _____ C:\Users\*****\Desktop\2016_06rechnung_5616687642.pdf 2016-05-11 11:35 - 2016-05-11 11:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\com.bby.cinemanowca 2016-05-11 01:18 - 2016-05-15 12:14 - 00000000 ____D C:\Users\*****\Desktop\Rupp 2013 ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-03 10:43 - 2015-08-05 14:55 - 00000000 ____D C:\Users\*****\Desktop\Neuer Ordner (6) 2016-06-03 10:24 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-03 10:24 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-03 10:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-03 02:18 - 2013-03-25 22:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\SoftGrid Client 2016-06-03 01:50 - 2012-04-20 17:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-06-03 00:08 - 2014-07-30 23:58 - 00000000 ____D C:\ProgramData\Origin 2016-06-02 21:22 - 2013-12-18 02:18 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc 2016-06-02 21:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-06-02 15:35 - 2014-09-10 00:10 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-02 00:05 - 2016-05-03 14:14 - 00000000 ____D C:\Users\*****\Desktop\BA-Arbeit Kapitel 2016-06-01 17:04 - 2011-04-12 09:43 - 00701778 _____ C:\Windows\system32\perfh007.dat 2016-06-01 17:04 - 2011-04-12 09:43 - 00150420 _____ C:\Windows\system32\perfc007.dat 2016-06-01 17:04 - 2009-07-14 07:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-01 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-31 22:27 - 2016-01-28 12:27 - 00000000 ____D C:\Users\*****\.gimp-2.8 2016-05-31 18:22 - 2014-01-07 20:51 - 00000000 ____D C:\Users\*****\AppData\Local\gtk-2.0 2016-05-30 16:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-22 11:45 - 2012-09-17 12:04 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-05-19 18:40 - 2015-11-06 00:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-18 00:02 - 2016-04-26 13:39 - 00000000 ____D C:\Users\*****\Desktop\Transkripte für BA-Arbeit 2016-05-16 11:14 - 2013-03-11 20:15 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-16 11:14 - 2013-03-11 20:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-15 14:31 - 2015-11-13 18:50 - 00000000 ____D C:\Users\*****\AppData\Local\Clan_prefs 2016-05-13 01:11 - 2014-12-27 13:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-09 22:58 - 2014-05-27 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-09 22:56 - 2015-04-29 12:02 - 00000000 ____D C:\Users\*****\dwhelper 2016-05-09 13:48 - 2015-05-29 22:41 - 00000000 __SHD C:\AI_RecycleBin 2016-05-08 16:56 - 2015-12-26 13:16 - 00000000 ____D C:\Users\*****\AppData\Local\UnrealEngine 2016-05-08 11:45 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-04 00:17 - 2016-04-12 22:56 - 00000000 ____D C:\Users\*****\Desktop\KGS ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-02-24 00:43 - 2016-03-28 16:51 - 0001456 _____ () C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2016-05-31 18:22 - 2016-05-31 18:22 - 0135152 _____ () C:\Users\*****\AppData\Local\recently-used.xbel 2015-06-07 02:41 - 2015-06-07 02:41 - 0007605 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg 2014-06-08 16:27 - 2016-05-15 02:23 - 0002703 _____ () C:\ProgramData\flcd_proxy.log 2013-03-30 00:02 - 2013-03-30 00:14 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-28 00:28 ==================== Ende von FRST.txt ============================ Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-06-2016 durchgeführt von ***** (2016-06-03 11:46:36) Gestartet von D:\ Windows 7 Professional Service Pack 1 (X64) (2012-04-20 15:20:37) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1078192431-239819200-2145751044-500 - Administrator - Disabled) Gast (S-1-5-21-1078192431-239819200-2145751044-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1078192431-239819200-2145751044-1003 - Limited - Enabled) ***** (S-1-5-21-1078192431-239819200-2145751044-1000 - Administrator - Enabled) => C:\Users\***** Mcx1-*****-PC (S-1-5-21-1078192431-239819200-2145751044-1001 - Limited - Enabled) => C:\Users\Mcx1-*****-PC ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Access 97rt PAN EURO G (HKLM-x32\...\Access 97rt PAN EURO G) (Version: - ) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version: - ) Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2253 - AVAST Software) Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.08005 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.08005 - Cisco Systems, Inc.) Hidden Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software) CLAN (HKLM-x32\...\{00868CD9-BEB1-4D2C-8307-4AD82C48501A}) (Version: 2.11.00 - CMU) Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts) EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts) Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com) Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com) FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.42.13482.16 - Electronic Arts) Fragen-Lern-CD 4.3 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1) (Version: 4.3.5 - Wendel-Verlag GmbH) Fragen-Lern-CD 4.3 (x32 Version: 4.3.5 - Wendel-Verlag GmbH) Hidden GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation) Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: - Intel(R) Corporation) Intel(R) Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6134.5007 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team) NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - ) Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.) Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts) VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) Yu-Gi-Oh! The Dawn of a New Era Version 5.0.18.3673 (HKLM-x32\...\{1F276EF8-ACD8-4805-845C-BA1FC14DCB3B}_is1) (Version: 5.0.18.3673 - Kaiba Corporation) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0071A13B-6B94-46F2-9FB6-ADE22483D5A5} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for *****-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation) Task: {0CC6A309-3F84-4134-8FFB-9171C1FE2932} - System32\Tasks\{1DBE5654-06A6-4930-B238-0DF98147764A} => pcalua.exe -a C:\Users\*****\AppData\Local\TNT2\2.0.0.1627\TNT2User.exe -c /UNINSTALL PARTNER=10557 Task: {172DF47C-9163-4CC4-AB32-7BB276417631} - System32\Tasks\{45912AD4-8F33-4D8D-9554-A80AA320F031} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe Task: {1AE6AEA5-5C3E-4F4B-BC06-6AAD7A21D250} - System32\Tasks\{173E985D-BE0F-4425-BDB3-341AF9AB4146} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SSBCUninstall.exe Task: {2191EFF0-B8A4-4E70-AB0C-A64B67600B84} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software) Task: {2585F3CA-5711-4D62-B6F5-A199FED58DC7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {2B2EA069-9304-4BDF-AF20-4B017C27CC4C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {2B428C53-209C-48C4-A188-624C9CA70FF9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {3C96134A-FC2F-4E4B-9EF9-2700AD0D00E6} - System32\Tasks\{66823191-2EB3-47EC-A19A-02C731EA27C2} => pcalua.exe -a E:\dx7ager.exe -d E:\ Task: {3E76700B-2384-4F18-834F-35983FBB8F26} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-12] (AVAST Software) Task: {4ABB64DA-07A2-46BD-A64B-3E69D48CEC3E} - System32\Tasks\{8CE18D4A-43FB-4D4B-BD63-0B634CDFAFA1} => pcalua.exe -a D:\Installer.exe -d D:\ Task: {4C7DC039-C318-4A43-B7A9-728234D2A737} - System32\Tasks\{AF90126A-79C8-4274-AD4E-38A1B3BDC08D} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe Task: {5CEE0A7A-9A24-42B3-A8C4-B264A07E3434} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {6672CE13-36D9-4D89-A012-3893126F7B86} - System32\Tasks\{3F24D816-EF75-43E8-9F64-50F1E3DB735E} => pcalua.exe -a C:\Users\*****\Desktop\PESEdit.com_2012_Patch_3.3.1\Installer.exe -d C:\Users\*****\Desktop\PESEdit.com_2012_Patch_3.3.1 Task: {7466DEB7-CB2E-42E6-8A50-621C46C0643E} - System32\Tasks\{60731E58-7FFB-4725-8A0E-4938AF74C082} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe Task: {803F5571-B947-425E-A2A9-40FFBEC293E0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {83CE7615-E7E2-40A5-A872-AC1C004B734C} - System32\Tasks\{79A0981F-23F9-4972-A067-D5910A7DAAE0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6_old\SSBCUninstall.exe Task: {883A3927-A45D-4675-BF91-F2EFFA4ACB36} - System32\Tasks\{3670FBCA-2A3C-470A-B293-977CB288DA46} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -c -runfromtemp -l0x0407 -removeonly Task: {91981B81-7214-48D1-A774-78CBDD928779} - System32\Tasks\{045A154F-0301-4AE9-858C-C7E12566F748} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {99519820-DA6F-4713-802E-8FF328DFC9A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {A5ED77AC-6AED-406F-9953-2B16D36EB5F3} - System32\Tasks\{EE93492B-829F-46B8-8BA2-7225EA8C38FE} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe Task: {AB7F177B-533D-4559-A658-B5260C43D430} - System32\Tasks\{05376299-63E3-40B4-B000-3BAC939D67C1} => pcalua.exe -a C:\Users\*****\Desktop\epson375890eu.exe -d C:\Users\*****\Desktop Task: {BA07FC55-F1EB-4D5A-8725-902184DD8A13} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {BCAB8935-3339-458D-8B1B-0C0E79442CB0} - System32\Tasks\{B1D11270-DC0A-443F-A2C2-7886CB6545AC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe Task: {C04C3B6E-DB4A-4790-9455-7A5DB41505BC} - System32\Tasks\{5877E4B1-A854-461D-A464-83E4E03E4047} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe Task: {C515F816-D0D4-48C2-81DE-84D0EAB44AC6} - System32\Tasks\{87B8B25C-F246-4C50-A323-E5115EC007AB} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe Task: {D2100B8D-CFCF-4F46-B4C7-38B6BF8FF944} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe Task: {D31D2427-00AE-4BC4-8DF4-2F9F421DDFBA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {DB898384-D1F3-4649-9244-0A6C28D7214B} - System32\Tasks\{C4C55CCC-9DBF-451F-B551-657EA06F68C0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe Task: {DC416041-539F-4378-B0DE-9585A0443A5A} - System32\Tasks\{D3869556-B4D2-45ED-9BB6-9B033BF40786} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe Task: {E69AC183-3C16-4AB6-BE2C-67EEFE889F79} - System32\Tasks\{8FE250CF-A532-4D2A-89E2-D971EBC570C8} => pcalua.exe -a C:\Users\*****\Desktop\epson29817eu.exe -d C:\Users\*****\Desktop Task: {E88DA03D-B7F8-4978-9C38-D24035CD37F9} - System32\Tasks\{6E7BB2E2-DB0B-46AD-A7FD-CD4EBAE55CA1} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.64.105/de/abandoninstall?page=tsProgressBar Task: {EB234CD3-AE7B-4C04-BA18-B6510C3CA55B} - System32\Tasks\{BCDD38EF-0904-43CC-B055-D9F7168A70CD} => D:\StreamTransport\StreamTransport.exe Task: {F2679F97-D496-4E85-BCBD-70F9956D2763} - System32\Tasks\{B08A6FA7-7E3B-4CDF-8D07-44CDA2804BD1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar Task: {F560CC06-3682-441B-A3E7-77352D1C586D} - System32\Tasks\{78685E25-AE26-47B9-BD42-866A20EDC10B} => pcalua.exe -a C:\Users\*****\Downloads\streaming_optimizer_setup.exe -d C:\Users\*****\Downloads (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2012-05-21 15:42 - 2012-05-21 15:42 - 00050176 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe 2012-02-07 21:54 - 2012-02-07 21:54 - 00078624 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe 2015-11-03 12:21 - 2015-11-03 12:21 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2016-02-12 14:29 - 2016-02-12 14:29 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-02-12 14:29 - 2016-02-12 14:29 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-06-02 11:15 - 2016-06-02 11:15 - 02984152 _____ () C:\Program Files\AVAST Software\Avast\defs\16060200\algo.dll 2016-04-14 18:04 - 2016-04-14 18:04 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2012-05-21 15:42 - 2012-05-21 15:42 - 00020480 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.Infrastructure.dll 2016-01-15 13:06 - 2016-01-15 13:06 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-04-20 17:58 - 2012-02-21 06:09 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-04-20 18:00 - 2012-02-27 13:00 - 00030432 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\ProcessPrivileges.dll 2012-04-20 18:00 - 2012-02-27 13:00 - 00215264 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\System.ComponentModel.Composition.dll 2012-04-20 18:00 - 2012-02-27 13:00 - 00051424 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Interop.TaskScheduler.dll 2016-05-16 11:14 - 2016-05-16 11:14 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{94298785-BBE7-4803-9808-176D43C4E216}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{9688D9CD-38B3-4C6C-85A2-93D8171E3856}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [TCP Query User{A6853C33-7D72-4FBC-8627-2A87A55919CA}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe FirewallRules: [UDP Query User{E0A83EAB-E379-46B6-827E-F0CB77D07E10}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe FirewallRules: [TCP Query User{01277258-7A3B-4271-9FE7-D4C8607EFA3C}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe FirewallRules: [UDP Query User{05AF7882-6A87-4B7F-985A-466333B07AC9}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe FirewallRules: [TCP Query User{D4FD44CC-6F86-465D-9660-EE25780533C4}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe FirewallRules: [UDP Query User{F5DB8AF0-02B2-47B5-B66A-FD4CD46F78C6}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe FirewallRules: [TCP Query User{ABDBE795-B056-45E6-9256-94B5C1A48326}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe FirewallRules: [UDP Query User{6B65D548-037A-4A83-8228-4BE7B053A9CC}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe FirewallRules: [{4A90897E-CD4A-4603-A076-2F7603EC17D8}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe FirewallRules: [{8F60A005-04AB-475E-A786-8BFE92808589}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe FirewallRules: [TCP Query User{49375053-5C68-432F-9781-AC33999F0008}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe FirewallRules: [UDP Query User{4AD3975C-C6E2-4052-AC09-49C919E916C0}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [{76CCD08E-FDC4-45B3-BBE4-7F35660D2830}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{6177E29A-7E97-423E-9E31-7D391AC1DB6F}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe FirewallRules: [{AF591D2A-0520-4C36-93B3-14AEDAF3A549}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe FirewallRules: [{F983E86F-E76F-4B3D-A004-ACA22CB80938}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{9E4C7613-42CC-4CE2-A645-F2BF96921709}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [TCP Query User{30B4081A-2283-41D8-9FBB-B08E8024C881}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{36FD5D36-DF53-4F09-9EDD-152F3F4BA620}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [TCP Query User{09310F29-FC7C-4CB4-AB3C-5CA3164757C9}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe FirewallRules: [UDP Query User{EB6E2773-E0F1-4B00-9466-22FB253C88ED}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe FirewallRules: [TCP Query User{E34E6481-9AD7-43AC-AD41-2D8092EDD9CB}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe FirewallRules: [UDP Query User{B6D4044F-D5C8-4087-9B41-7C656EFD9149}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe FirewallRules: [TCP Query User{FD68BD03-E04C-4AF5-AEEE-5DAB69C75FB0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{C43B7741-5F17-4FBD-BD41-891C55C5ACAD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [TCP Query User{E59ABD5C-70B2-4F9C-9BB8-B01DBD44F9EF}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe FirewallRules: [UDP Query User{98E8DCE4-788A-4E6B-93D6-5579ED579B1E}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe FirewallRules: [TCP Query User{E71AEEB1-01BD-41AA-8F36-CFF524807B0C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{A8BDF807-1C34-419B-A7F5-0D1075FD766C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{DF9C7B38-72C8-4905-BF17-15E3D33793AC}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe FirewallRules: [UDP Query User{0394E352-ADD2-4B0C-B227-441231BCE97D}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe FirewallRules: [{8DC61941-EEDE-4959-9AA0-EAD07FDC4DE9}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{7D198C55-19F3-4229-8FD4-E8894F94A13D}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{F74C777F-9F65-4418-9779-CBFA100AE30E}] => (Allow) D:\steam\Steam.exe FirewallRules: [{98DFE08A-1684-455A-A9A4-6264C9E3F784}] => (Allow) D:\steam\Steam.exe FirewallRules: [{77167C1C-9004-42E2-9BA7-1FBC770B7E89}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [TCP Query User{C324AD62-C264-434E-AD50-8685C9A654C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{46242EFF-72ED-474C-A15E-17507B313216}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [TCP Query User{DFD8F70A-D886-49EE-BDA7-ECAB1088734E}C:\users\*****\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\*****\desktop\neuer ordner (2)\vbalink.exe FirewallRules: [UDP Query User{5D149EAF-08DC-4881-953D-68177630FAE6}C:\users\*****\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\*****\desktop\neuer ordner (2)\vbalink.exe FirewallRules: [{98C691AC-BCA1-43BD-9DF9-86705F0542F8}] => (Allow) D:\Samsung\npsasvr.exe FirewallRules: [{64A1F775-9F00-4698-BB1C-30234E5E4C75}] => (Allow) D:\Samsung\npsasvr.exe FirewallRules: [{2FF169A4-6B8B-47B4-8724-AE2FCC1B5015}] => (Allow) D:\Samsung\npsvsvr.exe FirewallRules: [{F35D6A8D-B3A8-4C01-8956-EBA0A2DF5B1B}] => (Allow) D:\Samsung\npsvsvr.exe FirewallRules: [{C93155AD-0155-461F-9200-3B8A9E14577B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{BF829D10-FEE8-4A39-895B-5A270CB8193F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{556741C3-6B18-407D-A36B-2E33091DB2CD}] => (Allow) D:\npsasvr.exe FirewallRules: [{E36BC25E-DAF0-4A7E-89B8-6EEB3D37F4C7}] => (Allow) D:\npsasvr.exe FirewallRules: [{4068BB2E-1E2B-4B35-A5F3-830CC0C31A87}] => (Allow) D:\npsvsvr.exe FirewallRules: [{06CE6F3F-592D-40F3-9352-212C5AF4B359}] => (Allow) D:\npsvsvr.exe FirewallRules: [{9EA2F439-5C3C-4CC5-A09F-71ABF4F3AB84}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe FirewallRules: [{A69E688A-D28D-4D8A-92D0-74756BE0349B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe FirewallRules: [{0A5FCF11-E7F2-4F81-9F43-71AF4D6374F6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe FirewallRules: [{9D2AAA30-7887-4F75-B937-F8B714C15C8C}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe FirewallRules: [{7ECB53BC-7C99-47EC-83B1-9E05FC1B6A23}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{97DB5C82-F495-4902-ACD7-510997B2EE11}] => (Allow) D:\StreamTransport\StreamTransport.exe FirewallRules: [{716BC0D0-1D25-43E9-A230-8EA33CE2D2A5}] => (Allow) D:\Realplayer\realplay.exe FirewallRules: [{08418CE3-8F62-44A4-8427-9FEBFFE542FB}] => (Allow) D:\Realplayer\realplay.exe FirewallRules: [{4DB46D3E-89B2-4A48-97DA-D4B31BB69641}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{2B73FA99-F875-4992-9F10-37F78CD7C608}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [TCP Query User{839203F3-6FB1-4A71-A6D8-55A3530559BE}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe FirewallRules: [UDP Query User{931D8042-D7F8-4BAC-AF66-577D7C07848B}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe FirewallRules: [{24D79C9B-F04D-4DD1-9AC8-DE551E973D29}] => (Allow) D:\Samsung\npsasvr.exe FirewallRules: [{DB568B39-2853-4E83-86ED-072619304E66}] => (Allow) D:\Samsung\npsasvr.exe FirewallRules: [{9BC2BE4F-CBA0-452C-ADB7-C843FAEC4C4B}] => (Allow) D:\Samsung\npsvsvr.exe FirewallRules: [{58F6E409-1128-40CF-A0B4-CCF101E13DB9}] => (Allow) D:\Samsung\npsvsvr.exe FirewallRules: [{8C338048-DB27-4E2D-AB8A-EF82FE816AD8}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe FirewallRules: [{4A2AAC95-CF70-474E-8F42-93ADB0BBACEA}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe FirewallRules: [{2FF460ED-3A3F-42C9-B13C-C4F4BCFCA5FB}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe FirewallRules: [{9F962D63-AAB8-4A21-9AB1-AAB1E92CD4DF}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe FirewallRules: [{7BD7B874-0A59-4FC8-8A51-FCCBEDB68F2B}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe FirewallRules: [{9E5E263C-06E1-47A5-A607-570E8913142E}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe FirewallRules: [TCP Query User{AF1BE002-5DF9-49DB-9145-04F4668498F6}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe FirewallRules: [UDP Query User{F4D10470-C05D-491B-BB38-A505DC6CCC69}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe FirewallRules: [{CB0C0078-85B0-4BF4-BBC0-630D2D2202DC}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe FirewallRules: [{59363F5C-D949-438C-8544-4D249C34DC65}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe FirewallRules: [{C70883A0-C343-41E3-B6BD-7D75865A5D5B}] => (Allow) D:\Skype\Phone\Skype.exe FirewallRules: [{7A33FBBA-2C4D-4668-9632-DF6FC4552E40}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe FirewallRules: [{70753751-3DB1-40ED-8051-0596499DD5B1}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe FirewallRules: [{E6DDD641-730A-4647-AD3B-E24C9EBCCB4B}] => (Allow) D:\steam\bin\steamwebhelper.exe FirewallRules: [{182BB2E6-6C64-471C-8223-2505E76A5767}] => (Allow) D:\steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{230FAD66-FB36-4227-A0C8-BF67D7A62877}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe FirewallRules: [UDP Query User{A2D05491-07CD-4924-8153-BC7A29505700}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe FirewallRules: [{DAAF45B6-8A2F-473C-9BB7-04244E6D50CF}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe FirewallRules: [{5B58AC55-CA8F-452E-B796-F9E7DF687BDB}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe FirewallRules: [{547129D6-5A14-46E5-B11B-3F6E0BB6B0A4}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe FirewallRules: [{CD4EAC82-11C2-41B7-86B1-5FC4CF7619D2}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe FirewallRules: [{7A2DA5E6-C4A7-4F59-B65D-AC48A61064E1}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe FirewallRules: [{187A1EF0-5558-447C-ABEE-625AC07A723B}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe FirewallRules: [{1EFB4A3A-6113-464D-9528-6EFA205A6E65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{ADFE4FBE-FA82-47D6-BE12-EBA70E0FEABF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{C4698300-FE10-4715-ABB4-759C70195532}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{565E985C-046A-435D-9649-07DF5E0AAC93}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{120151B5-E836-42AA-A43F-F12932CF806B}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{CD028901-4F2F-450B-91FE-A8B8511A3286}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{E57FF4CC-B1B1-4B8F-BD57-76A4C85D51E4}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [{6E64CD84-569D-4E8E-A92A-1C23B704609A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [TCP Query User{9493AB36-6106-4E5A-8BDF-7EBAC795628B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{BF076DB4-D3A7-4E77-AAF4-3839952B55CE}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{D876D33F-1264-49BE-9A61-B16E46CAF5E6}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{BC86322E-CB9C-41A2-9B64-10C49211D7DE}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [TCP Query User{80AB14D5-B8B1-404B-B0EF-C5A0771A73C4}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe FirewallRules: [UDP Query User{616A93E8-729A-4587-9737-1CCCC073ED67}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe FirewallRules: [{853CB42B-6954-4CB0-A55F-85113F6167D9}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe FirewallRules: [{79697550-E990-4CB2-B1D3-DDD86435FDD1}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe FirewallRules: [TCP Query User{C987FDDC-F65B-449B-BFF2-4FA740BC63A7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [UDP Query User{73F40D76-BDD1-4270-82AD-B45115637DA7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [{B3907EE7-BC18-4B43-AFF5-F98C05A393B4}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [{5D0EC131-F3A2-441C-879B-65985643F81C}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [{2F0557AB-20B4-46A3-B1FA-D078CCA96F34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B2952665-C19C-4084-AFBA-A48D1D4A9B3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2B0839F3-9AAE-466B-845D-9F77E52F6AC2}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe FirewallRules: [{3B7FB2AB-AAF6-4B4D-83CB-B6CBD1D7C406}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe FirewallRules: [TCP Query User{333F4A8D-430F-4B7E-ADF2-59365C8CF461}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe FirewallRules: [UDP Query User{EB132654-F851-4A98-8A41-0EB2F2AE92C3}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe FirewallRules: [{D86ACBF1-3A3D-4A4D-84CB-5EB369FC731F}] => (Block) D:\jdownloader v2.0\jdownloader2.exe FirewallRules: [{23BFFDB7-A160-4F4E-B04B-287A8C85404D}] => (Block) D:\jdownloader v2.0\jdownloader2.exe FirewallRules: [TCP Query User{A072177C-7188-4EB4-9846-1CD55AD8E934}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe FirewallRules: [UDP Query User{87EFAD7E-30EF-4BB3-BD5F-5856BD2137FB}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe FirewallRules: [{767A0D3E-6CDA-4093-A469-3A663F938684}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe FirewallRules: [{616DC7E5-3F34-4A8B-B0FA-6103B60F28FC}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe FirewallRules: [{29D906A8-E74A-4DA3-ACBC-45028C63EA40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AC24542D-87FB-4406-A45F-253E11FBC154}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{99A9A41A-755D-43C9-8C04-46EB23AFF018}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{14AADFB8-C9E9-45A1-8A3C-41637D7193A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{867181B9-03AF-45B7-8A7F-766A660EB38E}] => (Allow) D:\itunes (1)\iTunes.exe FirewallRules: [TCP Query User{445EBC5A-5F72-45F8-9CDE-396279860252}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{48A911E9-B5BC-47ED-B564-05B06D084A4B}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [{CA96D09B-8060-4B2D-81B8-E34C4152E478}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{315A886A-E2EB-418F-A831-FA16E3DF8731}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{50FC1106-9F83-42E5-8EEB-61B864B36071}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [{81B05483-E256-4251-B0F4-B14AC17CA6DB}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe ==================== Wiederherstellungspunkte ========================= 03-06-2016 11:43:57 Windows Modules Installer ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (06/03/2016 10:27:09 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt. Error: (06/03/2016 10:17:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/03/2016 01:28:12 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/03/2016 01:28:12 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/02/2016 09:51:13 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt. Error: (06/02/2016 09:41:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/02/2016 05:14:29 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Steam.exe, Version 3.42.16.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7d0 Startzeit: 01d1bcca1f38bce6 Endzeit: 27 Anwendungspfad: D:\steam\Steam.exe Berichts-ID: a546ba08-28d4-11e6-b68b-00059a3c7a00 Error: (06/02/2016 01:15:44 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/02/2016 01:15:44 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/02/2016 11:25:58 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt. Systemfehler: ============= Error: (06/03/2016 10:17:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen Error: (06/03/2016 10:16:19 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/02/2016 09:41:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen Error: (06/02/2016 09:38:45 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/02/2016 08:41:40 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (06/02/2016 01:17:52 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (06/02/2016 11:15:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen Error: (06/02/2016 11:14:50 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/01/2016 01:09:12 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (06/01/2016 11:32:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz Prozentuale Nutzung des RAM: 42% Installierter physikalischer RAM: 8130.21 MB Verfügbarer physikalischer RAM: 4700.46 MB Summe virtueller Speicher: 8930.34 MB Verfügbarer virtueller Speicher: 5280.95 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:50 GB) (Free:2.08 GB) NTFS Drive d: () (Fixed) (Total:415.66 GB) (Free:39.64 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1FE31042) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=415.7 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 03.06.2016 Suchlaufzeit: 11:19 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.06.03.01 Rootkit-Datenbank: v2016.05.27.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ***** Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 337625 Abgelaufene Zeit: 10 Min., 14 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 96 Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], Adware.1ClickDownload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, , [3e4ffbfd9afffc3a125c2a52d9292bd5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, , [e8a5c731e3b67fb7d19f44389b670bf5], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, , [4b42bc3ccdcc979f037016663ac860a0], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\f, , [4b42bc3ccdcc979f037016663ac860a0], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f, , [4b42bc3ccdcc979f037016663ac860a0], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\f, , [4b42bc3ccdcc979f037016663ac860a0], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, , [4b42bc3ccdcc979f037016663ac860a0], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [1c714cac6633d561343ba2da3fc37f81], PUP.Optional.FunMoods, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [7419ef097c1de94d0445038be61d47b9], PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [0885f503e4b5c076e16a1b7302019b65], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [632a2fc9aeebb97dd772ef9fca39e11f], PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [b6d79563f5a413239caf2d6138cbcf31], PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, , [46471cdc1683e0563386217bba492ad6], PUP.Optional.InstallCore, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\InstallCore, , [d2bb1fd9841551e564bce1b1d52e5ca4], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [a1ec758332671422d96dd1bdb54e946c], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [abe28573a0f9ce68c1863f4fcb38966a], PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}, , [c4c9aa4ea4f59b9b329acdd6927150b0], PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [0c81c0389bfe43f359eecdc1de252ed2], Registrierungswerte: 30 PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Funmoods Toolbar, , [1c714cac6633d561343ba2da3fc37f81] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [17767c7c7f1ac76f313ebfbd986aed13], PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [0885f503e4b5c076e16a1b7302019b65] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [b6d732c66c2d251119323d514ab943bd] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [45487781c6d3f04643089df1c93a6997] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [6d208573693096a053f8c4ca62a1ee12] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [94f9c5330c8d3ff77fcc1c721ae9a55b] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [2e5f46b2a0f9b185a7a4d4ba6f94cc34] PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [fd90c533bddcb97d0d3edfaf857e0cf4] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [b6d79563f5a413239caf2d6138cbcf31] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [008d1fd925743ff777d4018d46bdb24e] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [187528d0fe9b49edba910c82d231946c] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [2766ec0c6d2c3df90a414846798a20e0] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [fc917e7a03962e0860eb3658a3600ff1] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [1c71c038e4b5f640a1aac3cb05fee818] PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [8607c0384851211545065f2f20e3c43c] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [abe28573a0f9ce68c1863f4fcb38966a] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [335a1ddb8019f73fb88f4d41a261aa56] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [385536c29009e353ef5835595ea5cc34] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [1c718078ddbcfe3865e2137b808352ae] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [f89515e31f7a330379ce1876dd269d63] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [1a730aee1881b4820047f39be221f30d] PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}|OSDFileURL, file:///C:/Users/*****/AppData/Local/TNT2/Profiles/10557/yah10557.xml, , [c4c9aa4ea4f59b9b329acdd6927150b0] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [0c81c0389bfe43f359eecdc1de252ed2] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [6825e0181782b87e88bfb4dab94a2dd3] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [1677c434910843f3b5926a24a16213ed] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [7d100deb1c7dd95d2b1c820c17ec926e] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [8c0124d44c4d93a3d374bad4ae558d73] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [67263bbdd3c6e74fcf78a7e717ecb050] PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [8b022ecabddca096a2a5cdc144bf837d] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) AdwCleaner Code:
ATTFilter # AdwCleaner v5.119 - Bericht erstellt am 03/06/2016 um 14:02:03 # Aktualisiert am 30/05/2016 von Xplode # Datenbank : 2016-05-30.3 [Server] # Betriebssystem : Windows 7 Professional Service Pack 1 (X64) # Benutzername : ***** - *****PC # Gestartet von : D:\AdwCleaner_5.119.exe # Option : Suchlauf # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** Ordner gefunden : C:\ProgramData\9768c88e73e60ecb Ordner gefunden : C:\ProgramData\Application Data\9768c88e73e60ecb Ordner gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Ordner gefunden : C:\Program Files (x86)\Common Files\Tobit Ordner gefunden : C:\Users\*****\AppData\Roaming\GrabPro Ordner gefunden : C:\Users\*****\AppData\Roaming\ProgSense Ordner gefunden : C:\Users\*****\AppData\Local\CrashRpt ***** [ Dateien ] ***** Datei gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\invalidprefs.js ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** Wert gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page] Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel gefunden : HKLM\SOFTWARE\Classes\f Schlüssel gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Schlüssel gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Schlüssel gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Schlüssel gefunden : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki Schlüssel gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki Schlüssel gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki Schlüssel gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1 Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1 Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1 Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.BrowserHandler Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1 Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1 Schlüssel gefunden : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar Schlüssel gefunden : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD} Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A} Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D} Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908} Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908} Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Wert gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] Wert gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}] Schlüssel gefunden : HKCU\Software\APN PIP Schlüssel gefunden : HKCU\Software\Conduit Schlüssel gefunden : HKCU\Software\InstallCore Schlüssel gefunden : HKCU\Software\OCS Schlüssel gefunden : HKCU\Software\ProgSense Schlüssel gefunden : HKCU\Software\UpToDown Schlüssel gefunden : HKCU\Software\Yahoo\Companion Schlüssel gefunden : HKCU\Software\Yahoo\YFriendsBar Schlüssel gefunden : HKCU\Software\delta Schlüssel gefunden : HKCU\Software\AppDataLow\Software\Yahoo\Companion Schlüssel gefunden : HKLM\SOFTWARE\Yahoo\Companion Schlüssel gefunden : HKLM\SOFTWARE\systweak Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78} Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\APN PIP Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Conduit Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\InstallCore Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\OCS Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\ProgSense Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\UpToDown Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Yahoo\Companion Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Yahoo\YFriendsBar Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\delta Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\AppDataLow\Software\Yahoo\Companion Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Daten gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel gefunden : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv Schlüssel gefunden : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd ***** [ Internetbrowser ] ***** ************************* C:\AdwCleaner\AdwCleaner[S1].txt - [10784 Bytes] - [03/06/2016 14:00:22] C:\AdwCleaner\AdwCleaner[S2].txt - [10688 Bytes] - [03/06/2016 14:02:03] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10762 Bytes] ########## Geändert von Deuterium (03.06.2016 um 15:15 Uhr) |
Themen zu Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an |
anti-malware, avast, datei, dnsapi.dll, eset, fremden, gehackt, guten, logfiles, löschen, microsoft, namen, online, relativ, scan, scanner, schadprogramme, suche, trojaner, verschickt, viren, win, win32, windows, windows 7, wrapper, yahoo |