| |
| |||||||
Log-Analyse und Auswertung: Windows 10, Viren/Trojanerbefall nach download und Aufruf file von http://www.file-upload.netWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.10.2016, 10:54
| #1 |
 |  Windows 10, Viren/Trojanerbefall nach download und Aufruf file von http://www.file-upload.net Mein Sohn wollte mir eine CD seines MRTs zusenden. Hierzu packte er mit Winrar die komplette CD und versah sie mit einem Passwort und hatte sie bei file-upload.net hochgeladen. Als ich die Datei heute morgen downloaden wollte, sollte ich eine *exe-Datei aufrufen (ich dachte, dies sei ein download-Programm welches man benötigt). Als ich die Datei ausgeführt hatte und nicht zum gewünschten Ergebnis kam, fluchte ich über meine Dummheit und startete Malwarebyte. Siehe da. jede Menge Infektionen, die meines Erachtens durch den Aufruf enttstanden sind. Malwarebyte-log: Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/10/10 09:47:05 +0200</date>
<logfile>mbam-log-2016-10-10 (09-47-00).xml</logfile>
<isadmin>no</isadmin>
</header>
<engine>
<version>2.2.0.1024</version>
<malware-database>v2016.10.10.01</malware-database>
<rootkit-database>v2016.09.26.02</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>TOM_USER</hostname>
<ip>192.168.178.36</ip>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>Tom</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>265853</objects>
<time>675</time>
<processes>1</processes>
<modules>0</modules>
<keys>89</keys>
<values>3</values>
<datas>0</datas>
<folders>2</folders>
<files>36</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>J:\Download\NeuerOrdner4.exe</path><vendor>Adware.InstallMonster</vendor><action>delete-on-reboot</action><pid>121956</pid><hash>078299fe8e0c2214ee92df2be124bc44</hash></process>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zdengine</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>5f2aa9ee2c6e7eb8a4b1aff00bf63cc4</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zdwfp</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>553462356b2f65d18cca0996a85958a8</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\{25B1494D-230A-42CF-BBF6-EC73868D13DC}</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>1772395ec6d401356535296e3fc34bb5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{25B1494D-230A-42CF-BBF6-EC73868D13DC}</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>79105740a5f51a1c8d0d27702cd6916f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{25B1494D-230A-42CF-BBF6-EC73868D13DC}</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>70192a6d8c0ecc6a59412e69af539e62</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OtherSearch</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>ec9dd1c67426a4925a238e5a2cd859a7</hash></key>
<key><path>HKCU\SOFTWARE\systweak</path><vendor>PUP.Optional.SysTweak</vendor><action>success</action><hash>4247c8cfeab0092ded832dc98a7a33cd</hash></key>
<key><path>HKCU\SOFTWARE\SYSTWEAK\PARAMS</path><vendor>PUP.Optional.AdvancedSystemProtector</vendor><action>success</action><hash>4742524597032e084ee3fcf98b795aa6</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.DataContainer</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>6029c9ce3961d85e89953faf3ac9e020</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.DataContainer.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>7c0d6037475394a2b16d03eb49baf20e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.DataController</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>30597720b4e69e9876a89c52857ee11f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.DataController.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>acdd4354405a6dc98f8fc925b44f916f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.DataTable</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>74151d7ac5d5d85ee33bd21c5fa41fe1</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.DataTable.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>addc2c6b831763d32df1717dfb082cd4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.DataTableFields</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>5039f5a2bfdb1a1c56c8e00e0ef519e7</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.DataTableFields.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>652486119a00c571849aa34b8380a858</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.DataTableHolder</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>5a2ff0a71d7daf87fd215e905ea5ca36</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.DataTableHolder.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>2366a0f79dfd7db9f42ab23c5ca7a35d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.LSPLogic</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>33566b2c2575e15550ce49a563a0d52b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.LSPLogic.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>0683a2f5eab01b1b26f8648a00033fc1</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.ReadOnlyManager</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>8bfe8512bbdf211546d8b935c43f04fc</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.ReadOnlyManager.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>bacfd4c37e1c8ea8b96515d9e22130d0</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.WFPController</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>9feab0e74d4d1125fa24bc324cb71ee2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\zdengineLib.WFPController.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>dfaad5c2a6f4280ee33b4f9ffd068f71</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\zdengine.EXE</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>96f32374b7e3db5bc657c529bf44a858</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\zdengine.EXE</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>aedb4b4c1f7beb4bd24b618d956e07f9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.DataContainer</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>4b3eff989bff71c568b6509eed16f50b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.DataContainer.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>95f40a8df4a6003658c6747a07fc0000</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.DataController</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>b7d2c1d63c5ece68d34b07e7d2319c64</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.DataController.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>4445bdda8911e155d24c549a7c8734cc</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.DataTable</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>2e5b5d3ae0ba3afc42dc7b7337cc6898</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.DataTable.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>6227eea94555fb3b58c66688659eee12</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.DataTableFields</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>96f372250991e5516bb377777c8740c0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.DataTableFields.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>27627a1dc1d962d4c15d21cd8083ae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.DataTableHolder</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>503943545347a88e25f9e40af60d966a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.DataTableHolder.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>dfaa5641fc9e171fc6587b736f949f61</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.LSPLogic</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>c2c770270298a0969d81e60838cb926e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.LSPLogic.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>ea9fedaae0ba3cfa1905e00e5ca76799</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.ReadOnlyManager</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>eb9e44534b4fb77f3fdf2dc1d231c040</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.ReadOnlyManager.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>b6d306914258092d0618618d956e9b65</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.WFPController</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>23668c0b2377fa3ca07ee806ff04e719</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\zdengineLib.WFPController.1</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>b0d9a9eea3f7d264d8466886758e31cf</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\zdengine.EXE</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>77123f58f7a370c64dd0bb33b152a45c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\OTHERSEARCH</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>2d5ce0b7603a71c5beb0891f35cf2ed2</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\zdengine</path><vendor>PUP.Optional.PennyBee</vendor><action>delete-on-reboot</action><hash>b6d3ebac9307dc5af7fcfff492719c64</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\zdwfp</path><vendor>Rootkit.Komodia.PUA</vendor><action>delete-on-reboot</action><hash>761380176d2d05315f1d3bc14cb7cf31</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HPSEWIL SERVICE</path><vendor>PUP.Optional.HPDefender.Generic</vendor><action>delete-on-reboot</action><hash>53369700e2b8a393a2705e6e6a9a3ec2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{63492C58-6CD7-4FF7-8495-06A6869643EE}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{3A71C84A-1CC4-4201-B037-C81CE118D66F}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{432599E9-40CF-41E3-951A-E1E81B7B1D29}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{7D215707-3E74-4E0E-A078-2C95E1CDE233}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9295785F-8C01-4ED3-9322-8BE5C17CA141}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C656BCEB-6B19-4992-9975-D53CEA283356}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{D6914FD3-FD8E-45AD-8993-901E7B2759FD}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{E26E880F-176C-4007-B2A7-B8F27621EC51}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{E776B534-9402-4049-87C3-089EC0F54BAF}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3A71C84A-1CC4-4201-B037-C81CE118D66F}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{432599E9-40CF-41E3-951A-E1E81B7B1D29}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7D215707-3E74-4E0E-A078-2C95E1CDE233}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9295785F-8C01-4ED3-9322-8BE5C17CA141}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C656BCEB-6B19-4992-9975-D53CEA283356}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D6914FD3-FD8E-45AD-8993-901E7B2759FD}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E26E880F-176C-4007-B2A7-B8F27621EC51}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E776B534-9402-4049-87C3-089EC0F54BAF}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3A71C84A-1CC4-4201-B037-C81CE118D66F}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{432599E9-40CF-41E3-951A-E1E81B7B1D29}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7D215707-3E74-4E0E-A078-2C95E1CDE233}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9295785F-8C01-4ED3-9322-8BE5C17CA141}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C656BCEB-6B19-4992-9975-D53CEA283356}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D6914FD3-FD8E-45AD-8993-901E7B2759FD}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E26E880F-176C-4007-B2A7-B8F27621EC51}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E776B534-9402-4049-87C3-089EC0F54BAF}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{63492C58-6CD7-4FF7-8495-06A6869643EE}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{63492C58-6CD7-4FF7-8495-06A6869643EE}</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></key>
<value><path>HKCU\SOFTWARE\SYSTWEAK\PARAMS</path><valuename>ASPInstalledPath</valuename><vendor>PUP.Optional.AdvancedSystemProtector</vendor><action>success</action><valuedata>C:\Program Files (x86)\ASP</valuedata><hash>4742524597032e084ee3fcf98b795aa6</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\OTHERSEARCH</path><valuename>affid</valuename><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><valuedata>4435</valuedata><hash>2d5ce0b7603a71c5beb0891f35cf2ed2</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HPSewil Service</path><valuename>ImagePath</valuename><vendor>PUP.Optional.HPDefender.Generic</vendor><action>delete-on-reboot</action><valuedata>C:\Users\Tom_admin\AppData\Roaming\HPSewil\HPSewilSrv2.exe</valuedata><hash>53369700e2b8a393a2705e6e6a9a3ec2</hash></value>
<folder><path>c:\windows\syswow64\config\systemprofile\appdata\local\zdengine</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>8afff99e168444f2fd94cff78c7607f9</hash></folder>
<folder><path>C:\Program Files (x86)\OtherSearch</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></folder>
<file><path>J:\Download\NeuerOrdner4.exe</path><vendor>Adware.InstallMonster</vendor><action>delete-on-reboot</action><hash>078299fe8e0c2214ee92df2be124bc44</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\zdengine.exe</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>5f2aa9ee2c6e7eb8a4b1aff00bf63cc4</hash></file>
<file><path>C:\Windows\System32\drivers\zdwfp64.sys</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>553462356b2f65d18cca0996a85958a8</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\uninstall.exe</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>ec9dd1c67426a4925a238e5a2cd859a7</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\zdengine.dll</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>0a7fb8df3c5e82b42b2a3768669ba25e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\zdengine64.dll</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>5c2d77209dfd94a2b99ceeb1e71a46ba</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\zdenginecert.dll</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>6029cec93a60b284bc990a95d62b9d63</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\zdinstaller.exe</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>fd8c0a8d158512243e184a5547ba17e9</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\zdwfp.sys</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>1c6dc8cf9406b87ee274108f58a97d83</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\zdwfp64.sys</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>2465890e5d3d00360a4c3f604ab7d828</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\ziengine.exe</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>f891f7a0f9a184b20d480b94fd049c64</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\ziengine64.exe</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>e4a5d1c691097abcb1a46e31788951af</hash></file>
<file><path>C:\Windows\System32\zdengine64.dll</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>ec9dcccb9604132372e30d92f70ae21e</hash></file>
<file><path>C:\Windows\SysWOW64\zdengine.dll</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>3059d2c5bddd69cd9cb98a15d130b54b</hash></file>
<file><path>c:\windows\temp\zdengine.log</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>5b2ec6d17723ec4ae0360ee016ed47b9</hash></file>
<file><path>C:\Windows\System32\zdengineOff.ini</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>5b2eb2e59802e353be5ecd219f64847c</hash></file>
<file><path>C:\Windows\SysWOW64\zdengineOff.ini</path><vendor>PUP.Optional.Komodia.WnskRST</vendor><action>delete-on-reboot</action><hash>b3d61b7c0694ca6c46d605e97093cd33</hash></file>
<file><path>c:\windows\system32\tasks\updengine</path><vendor>PUP.Optional.Komodia</vendor><action>delete-on-reboot</action><hash>07821384c4d658de67b8a942c93bc53b</hash></file>
<file><path>c:\users\tom_admin\appdata\roaming\hpsewil\hpsewilsrv2.exe</path><vendor>PUP.Optional.HPDefender.Generic</vendor><action>delete-on-reboot</action><hash>53369700e2b8a393a2705e6e6a9a3ec2</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\freebl3.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\libnspr4.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\libplc4.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\libplds4.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\nss3.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\nssckbi.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\nssdbm3.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\nssutil3.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\s.xml</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\slite.exe</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\smime3.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\softokn3.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\sqlite3.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\ssl3.dll</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\updengine.exe</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\zdengine.tlb</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
<file><path>C:\Program Files (x86)\OtherSearch\ziengine.ini</path><vendor>PUP.Optional.OtherSearch</vendor><action>delete-on-reboot</action><hash>91f81384702a4bebb0c61a8fe51f629e</hash></file>
</items>
</mbam-log>
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 09-10-2016
durchgeführt von Tom_admin (Administrator) auf TOM_USER (10-10-2016 11:24:53)
Gestartet von C:\Users\Tom\Desktop
Geladene Profile: Tom & Tom_admin (Verfügbare Profile: Tom & Tom_admin)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Sony Corporation) D:\PlayMemories\PMBDeviceInfoProvider.exe
() C:\Users\Tom_admin\AppData\Roaming\HPSewil\HPSewilSrv2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(zdengine) C:\Program Files (x86)\OtherSearch\zdengine.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\Ir.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
(Bluestack System Inc. ) C:\Program Files (x86)\Bluestacks\BstkSVC.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(SWE Sven Ritter) C:\Program Files\SpeedProject\SpeedCommander 16\SpeedCommander.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174328 2015-10-05] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [HP Color LaserJet CM2320 MFP Series Fax] => C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1514528 2015-10-13] (NVIDIA Corporation)
HKLM-x32\...\Run: [HPPQVideo] => C:\Program Files (x86)\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)
HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PMBVolumeWatcher] => D:\PlayMemories\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)
HKU\S-1-5-21-3917217520-1086647508-2083587260-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3917217520-1086647508-2083587260-1007\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-09-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3917217520-1086647508-2083587260-1007\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3917217520-1086647508-2083587260-1007\...\Run: [ProxyGate] => C:\Users\Tom_admin\AppData\Roaming\ProxyGate\MainService.exe [1142880 2016-01-10] (Gold Click Ltd)
HKU\S-1-5-21-3917217520-1086647508-2083587260-1007\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-3917217520-1086647508-2083587260-1007\...\RunOnce: [DeleteMarkAny] => C:\WINDOWS\SysWOW64\MASetupCleaner.exe [24576 2014-04-30] ((주)마크애니)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-06-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2016-07-18]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-11-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2016-07-18]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe (Hauppauge Computer Works, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 01 C:\WINDOWS\system32\zdengine.dll Keine Datei
Winsock: Catalog9 02 C:\WINDOWS\system32\zdengine.dll Keine Datei
Winsock: Catalog9 03 C:\WINDOWS\system32\zdengine.dll Keine Datei
Winsock: Catalog9 04 C:\WINDOWS\system32\zdengine.dll Keine Datei
Winsock: Catalog9 16 C:\WINDOWS\system32\zdengine.dll Keine Datei
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\zdengine64.dll [364303 2016-10-10] (zdengine)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\zdengine64.dll [364303 2016-10-10] (zdengine)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\zdengine64.dll [364303 2016-10-10] (zdengine)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\zdengine64.dll [364303 2016-10-10] (zdengine)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\zdengine64.dll [364303 2016-10-10] (zdengine)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{21ec3c04-5c06-4488-ab39-a8293e1a4a77}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-02] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-02] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: jwjcxdnf.default
FF ProfilePath: C:\Users\Tom_admin\AppData\Roaming\Mozilla\Firefox\Profiles\jwjcxdnf.default [2016-10-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-17] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-02] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-08] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> d:\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> d:\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-08-25] (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll [2014-05-14] (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-11-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-21] (BlueStack Systems, Inc.)
R3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-21] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3192560 2016-07-26] (Microsoft Corporation)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [586536 2016-06-28] (Hauppauge Computer Works)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP) [Datei ist nicht signiert]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSewil Service; C:\Users\Tom_admin\AppData\Roaming\HPSewil\HPSewilSrv2.exe [1581568 2016-10-07] () [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-09-28] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-09-28] (Electronic Arts)
R2 PMBDeviceInfoProvider; D:\PlayMemories\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [Datei ist nicht signiert]
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-01-26] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [Datei ist nicht signiert]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 zdengine; C:\Program Files (x86)\OtherSearch\zdengine.exe [1660135 2016-10-10] (zdengine) [Datei ist nicht signiert] <==== ACHTUNG
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-21] (BlueStack Systems)
R3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-09-13] (Bluestack System Inc. )
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 hcw85cir; C:\Windows\system32\drivers\hcw85cir4.sys [51336 2016-04-22] (Hauppauge Computer Works, Inc.)
R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-05-10] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 zdwfp; C:\WINDOWS\system32\Drivers\zdwfp64.sys [46352 2016-09-01] (zdengine)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-10-10 11:16 - 2016-10-10 11:25 - 00019722 _____ C:\Users\Tom\Desktop\FRST.txt
2016-10-10 11:16 - 2016-10-10 11:24 - 00000000 ____D C:\FRST
2016-10-10 11:15 - 2016-10-10 11:15 - 02407424 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2016-10-10 11:05 - 2016-10-10 11:05 - 00016813 _____ C:\Users\Tom\Desktop\CX0xwQ3s.htm
2016-10-10 10:53 - 2016-10-10 10:53 - 00002198 _____ C:\Users\Tom\Desktop\firеfох.ехе.lnk
2016-10-10 10:01 - 2016-10-10 10:01 - 00056672 _____ C:\Users\Tom\Desktop\mbam-log-2016-10-10 (09-47-00).xml
2016-10-10 10:01 - 2016-10-10 10:01 - 00000000 ____D C:\Users\Tom\AppData\Local\PeerDistRepub
2016-10-10 09:35 - 2016-10-10 09:35 - 00000000 ____D C:\Users\Tom_admin\AppData\Roaming\ProxyGate
2016-10-10 09:32 - 2016-10-10 10:39 - 00000000 ____D C:\Program Files (x86)\OtherSearch
2016-10-10 09:32 - 2016-10-10 10:03 - 00011448 _____ C:\WINDOWS\SysWOW64\zdengineOff.ini
2016-10-10 09:32 - 2016-10-10 10:03 - 00011448 _____ C:\WINDOWS\system32\zdengineOff.ini
2016-10-10 09:32 - 2016-10-10 09:32 - 00364303 _____ (zdengine) C:\WINDOWS\system32\zdengine64.dll
2016-10-10 09:32 - 2016-10-10 09:32 - 00301711 _____ (zdengine) C:\WINDOWS\SysWOW64\zdengine.dll
2016-10-10 09:32 - 2016-10-10 09:32 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-10-10 09:32 - 2016-10-10 09:32 - 00002052 _____ C:\WINDOWS\System32\Tasks\updengine
2016-10-10 09:32 - 2016-10-10 09:32 - 00000002 _____ C:\END
2016-10-10 09:32 - 2016-10-10 09:32 - 00000000 ____D C:\Users\Tom_admin\AppData\Roaming\HPSewil
2016-10-10 09:32 - 2016-09-01 12:24 - 00046352 _____ (zdengine) C:\WINDOWS\system32\Drivers\zdwfp64.sys
2016-10-09 10:35 - 2016-10-09 10:35 - 00002233 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-10-09 10:35 - 2016-10-09 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-10-04 10:04 - 2016-10-04 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-10-02 15:19 - 2016-10-02 15:19 - 00000000 ____D C:\Users\Tom\AppData\Local\CEF
2016-09-29 17:55 - 2016-09-29 17:55 - 00000000 ____D C:\Users\Tom\Documents\STAR WARS Battlefront
2016-09-29 13:47 - 2016-10-02 00:22 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Origin
2016-09-29 13:47 - 2016-09-29 17:55 - 00000000 ____D C:\Users\Tom\AppData\Local\Origin
2016-09-29 13:47 - 2016-09-29 13:47 - 00000000 ____D C:\Users\Tom\.QtWebEngineProcess
2016-09-29 13:47 - 2016-09-29 13:47 - 00000000 ____D C:\Users\Tom\.Origin
2016-09-29 09:02 - 2016-09-29 09:02 - 00000000 ____D C:\NVIDIA
2016-09-28 23:54 - 2016-09-28 23:54 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-09-28 23:53 - 2016-09-28 23:53 - 00000000 ____D C:\Users\Tom_admin\Documents\STAR WARS Battlefront
2016-09-28 19:50 - 2016-09-28 19:50 - 00001401 _____ C:\Users\Public\Desktop\STAR WARS Battlefront.lnk
2016-09-28 19:27 - 2016-09-28 19:28 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-09-28 19:26 - 2016-09-29 09:21 - 00000000 ____D C:\Users\Tom_admin\AppData\Roaming\Origin
2016-09-28 19:26 - 2016-09-28 19:26 - 00001078 _____ C:\Users\Public\Desktop\Origin.lnk
2016-09-28 19:26 - 2016-09-28 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-09-28 19:26 - 2016-09-28 19:26 - 00000000 ____D C:\Program Files (x86)\Origin
2016-09-28 19:24 - 2016-10-02 00:22 - 00000000 ____D C:\ProgramData\Origin
2016-09-28 19:24 - 2016-09-28 19:27 - 00000000 ____D C:\Users\Tom_admin\AppData\Local\Origin
2016-09-28 19:24 - 2016-09-28 19:24 - 00000000 ____D C:\Users\Tom_admin\.QtWebEngineProcess
2016-09-28 19:24 - 2016-09-28 19:24 - 00000000 ____D C:\Users\Tom_admin\.Origin
2016-09-27 14:41 - 2016-09-27 14:41 - 00000000 ____D C:\Users\Tom_admin\Documents\FF Solutions
2016-09-27 14:41 - 2016-09-27 14:41 - 00000000 ____D C:\Users\Tom_admin\AppData\Local\FF_Radio_Player
2016-09-27 14:40 - 2016-09-27 14:40 - 00001339 _____ C:\Users\Tom_admin\Desktop\FF Radio Player.lnk
2016-09-27 14:40 - 2016-09-27 14:40 - 00000000 ____D C:\Users\Tom_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FF Radio Player
2016-09-27 14:40 - 2016-09-27 14:40 - 00000000 ____D C:\Program Files (x86)\FF Solutions
2016-09-24 15:22 - 2016-09-24 15:22 - 00001078 _____ C:\Users\Tom_admin\Desktop\HTML Editor.lnk
2016-09-24 15:22 - 2016-09-24 15:22 - 00000000 ____D C:\Users\Tom_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
2016-09-24 15:22 - 2016-09-24 15:22 - 00000000 ____D C:\Program Files (x86)\phase5
2016-09-22 16:40 - 2016-09-22 16:43 - 00000000 ____D C:\Program Files (x86)\Bluestacks
2016-09-22 16:40 - 2016-09-21 13:05 - 00000000 ____D C:\ProgramData\Bluestacks
2016-09-20 16:26 - 2016-09-20 16:26 - 00000000 ____D C:\Users\Tom\.jivex
2016-09-20 16:23 - 2016-09-20 16:28 - 00000001 ____R C:\Users\Tom\serverport
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-10-10 10:32 - 2016-07-31 22:21 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-10 10:15 - 2016-07-07 18:23 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-10-10 10:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-10 10:05 - 2016-07-31 22:21 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-10 10:04 - 2015-06-12 23:18 - 00000000 ____D C:\ProgramData\Hauppauge
2016-10-10 10:03 - 2016-06-04 11:37 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-10 10:03 - 2016-04-27 07:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-10 10:02 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-10-09 14:03 - 2016-06-04 11:40 - 02003246 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-09 14:03 - 2016-04-27 07:13 - 00852510 _____ C:\WINDOWS\system32\perfh007.dat
2016-10-09 14:03 - 2016-04-27 07:13 - 00187736 _____ C:\WINDOWS\system32\perfc007.dat
2016-10-09 14:03 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-10-09 13:47 - 2014-11-09 00:15 - 00000000 ____D C:\Users\Tom\AppData\Roaming\MyPhoneExplorer
2016-10-09 10:35 - 2015-07-24 09:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-08 17:36 - 2014-11-09 12:24 - 00000000 ___RD C:\Users\Tom\Desktop\Foto
2016-10-08 16:41 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-08 16:35 - 2014-11-08 22:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-06 19:36 - 2015-06-06 18:47 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2016-10-04 13:27 - 2014-11-08 18:28 - 00000000 ____D C:\Users\Tom\AppData\Local\Packages
2016-10-03 19:23 - 2014-11-09 00:04 - 00000000 ____D C:\Users\Tom\AppData\Roaming\MediaMonkey
2016-10-03 08:09 - 2016-06-04 11:40 - 00000000 ____D C:\Users\Tom
2016-10-02 20:09 - 2014-11-09 00:37 - 00000000 ____D C:\Users\Tom\AppData\Local\Ubisoft Game Launcher
2016-10-02 16:44 - 2014-11-09 00:58 - 00000000 ____D C:\Users\Tom\Documents\Settlers7
2016-10-02 16:42 - 2016-06-04 11:40 - 00000000 ____D C:\Users\Tom_admin
2016-09-29 09:25 - 2016-07-26 08:09 - 00176267 ____N C:\WINDOWS\Minidump\092916-59031-01.dmp
2016-09-29 09:25 - 2016-06-10 19:35 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-28 21:24 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-28 21:24 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-28 19:26 - 2014-11-09 01:04 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-24 15:45 - 2014-11-08 22:25 - 00000000 ____D C:\Users\Tom\AppData\Local\Thunderbird
2016-09-24 15:27 - 2014-11-08 23:18 - 00000000 ____D C:\Users\Tom\Desktop\Spiele
2016-09-24 15:26 - 2014-11-09 12:28 - 00000000 ___RD C:\Users\Tom\Desktop\Video
2016-09-24 12:50 - 2014-11-08 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
2016-09-24 12:50 - 2014-11-08 23:46 - 00000000 ____D C:\Program Files\gs
2016-09-22 16:43 - 2016-07-07 18:23 - 00001934 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-09-22 16:43 - 2016-07-07 18:23 - 00001934 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-09-22 16:43 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-22 16:41 - 2016-07-07 18:23 - 00000000 ____D C:\Users\Tom_admin\AppData\Local\Bluestacks
2016-09-21 12:56 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-21 12:55 - 2014-11-08 22:53 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-17 13:15 - 2015-06-12 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVBViewer
2016-09-17 13:14 - 2016-07-18 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2016-09-17 13:14 - 2016-07-18 20:58 - 00000000 ____D C:\Program Files (x86)\LAV Filters
2016-09-13 12:42 - 2015-03-28 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-09-13 12:42 - 2014-11-09 01:03 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-09-13 12:41 - 2015-03-28 18:16 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-11-09 22:08 - 2014-11-09 22:08 - 0003584 _____ () C:\Users\Tom_admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-04 11:37 - 2016-06-04 11:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-08 22:48 - 2015-11-17 13:20 - 0001583 _____ () C:\ProgramData\hpzinstall.log
Einige Dateien in TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Tom\AppData\Local\Temp\GarminExpressInstaller.exe
C:\Users\Tom_admin\AppData\Local\Temp\Fix-Hauppauge-Permissions.exe
C:\Users\Tom_admin\AppData\Local\Temp\Hauppauge3rdPartyToolDownloader.exe
C:\Users\Tom_admin\AppData\Local\Temp\lavinstaller.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-10-07 12:38
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 09-10-2016
durchgeführt von Tom_admin (10-10-2016 11:25:21)
Gestartet von C:\Users\Tom\Desktop
Windows 10 Pro Version 1511 (X64) (2016-06-04 10:04:17)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3917217520-1086647508-2083587260-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3917217520-1086647508-2083587260-503 - Limited - Disabled)
Gast (S-1-5-21-3917217520-1086647508-2083587260-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3917217520-1086647508-2083587260-1006 - Limited - Enabled)
Tom (S-1-5-21-3917217520-1086647508-2083587260-1001 - Limited - Enabled) => C:\Users\Tom
Tom_admin (S-1-5-21-3917217520-1086647508-2083587260-1007 - Administrator - Enabled) => C:\Users\Tom_admin
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
123 Free Solitaire v10.2 (HKLM-x32\...\123 Free Solitaire_is1) (Version: - TreeCardGames)
3D-Viewer-innoplus (HKLM-x32\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.302 - INNOVA-engineering GmbH)
64 Bit HP CIO Components Installer (Version: 4.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Abloadtool (HKLM-x32\...\Abloadtool) (Version: - Tim Demkowsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 14 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.1.2 - Ashampoo GmbH & Co. KG)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.55.6279 - BlueStack Systems, Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{E900052C-811B-4C0D-B80E-092E1AC76E4F}) (Version: 2.59.0 - Kovid Goyal)
Carcassonne (HKLM-x32\...\{8033CA80-B44F-40F9-8D0A-957211442C19}) (Version: 1.0 - Deep Silver)
Catan (HKLM-x32\...\Catan) (Version: - )
CDex - Digital Audio CD Extractor and Converter (HKLM-x32\...\CDex) (Version: 1.81.0.2016 - Georgy Berdyshev)
Das Telefonbuch Gelbe Seiten Map & Route (HKLM-x32\...\DasTelefonbuch Gelbe Seiten Map & Route) (Version: - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 5.6.4 - CM&V)
Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
FF Radio Player for XP 3.0 (HKLM-x32\...\FF Radio Player for XP) (Version: 3.0 - FF Solutions)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Free Audio Converter version 5.0.60.713 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.60.713 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (HKLM-x32\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{2C44ABB9-8621-4EF5-AF34-0886DCDA7C21}) (Version: 7.1.7.2600 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.19) (Version: 9.19 - Artifex Software Inc.)
Hauppauge WinTV 8 (HKLM-x32\...\Hauppauge WinTV 8) (Version: v8.0.34180 (CD 4.7) - Hauppauge Computer Works)
HP Color LaserJet CM2320 MFP Series 3.1 (HKLM\...\{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}) (Version: 3.1 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Update (HKLM-x32\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
hppCLJCM2320 (x32 Version: 003.001.00097 - Hewlett-Packard) Hidden
hppFaxDrvCM2320 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM2320 (x32 Version: 003.001.00095 - Ihr Firmenname) Hidden
hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppManualsCM2320 (x32 Version: 003.001.00087 - Ihr Firmenname) Hidden
hppPQVideoCM2320 (x32 Version: 003.001.00092 - Ihr Firmenname) Hidden
hppQFolderCM2320 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
hppScanToCM2320 (x32 Version: 003.001.00090 - Ihr Firmenname) Hidden
hppSendFaxCM2320 (x32 Version: 003.000.00001 - Ihr Firmenname) Hidden
hppTLBXFXCM2320 (x32 Version: 001.017.00048 - Hewlett-Packard) Hidden
HPSewil (HKLM-x32\...\HPSewil) (Version: - ) <==== ACHTUNG
hpzTLBXFX (x32 Version: 005.003.00171 - Hewlett-Packard) Hidden
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.04.17271 - Sony Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
K-Lite Codec Pack 10.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.5 - )
KÜCHEN QUELLE 3D (HKU\S-1-5-21-3917217520-1086647508-2083587260-1001\...\SquareClock_Production_Home_KQ_Web) (Version: - 3DVIA SAS)
LAV Filters 0.68.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MergeModule_x64 (Version: 9.0.02 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.0.02 - Sony Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4859.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 9.3.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.3.1 - Moritz Bunkus)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.4.0.6115 - Mozilla)
Mozilla Thunderbird 45.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 de)) (Version: 45.4.0 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
News File Grabber 4.6.0.4 (HKLM-x32\...\News File Grabber_is1) (Version: - RSBR-Software)
NTFS Undelete 3.0.5.506 (HKLM-x32\...\NTFS Undelete_is1) (Version: - Copyright © 2011 eSupport.com • All Rights Reserved)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.1.1.35466 - Electronic Arts, Inc.)
OtherSearch (HKLM-x32\...\OtherSearch) (Version: 3.0.4.2 - Theudobald Yanko) <==== ACHTUNG
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Pixum Fotowelt (HKLM-x32\...\Pixum Fotowelt) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.02.10030 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.0.02 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.0.02 - Sony Corporation) Hidden
POIbase 2.0.9 (HKLM-x32\...\POIbase_is1) (Version: - POIbase)
ProxyGate version 3.0.0.1176 (HKU\S-1-5-21-3917217520-1086647508-2083587260-1007\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1176 - Gold Click Ltd) <==== ACHTUNG
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Simple Sudoku 4.2 (HKLM-x32\...\Simple Sudoku_is1) (Version: - )
Skat XXL (HKU\S-1-5-21-3917217520-1086647508-2083587260-1007\...\Skat XXL) (Version: - )
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
SolveigMM AVI Trimmer+ Version 5.0.1509.11 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1509.11 - Solveig Multimedia)
SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 5.0.1509.11) (Version: 5.0.1509.11 - Solveig Multimedia)
SpeedCommander 16 (x64) (HKLM\...\SpeedCommander 16 (x64)) (Version: 16.20.8300 - SWE Sven Ritter)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.6.35326 - Electronic Arts)
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10 (HKLM-x32\...\{A75D2CF5-3063-41FF-A32D-9D4F7C6D7BF7}) (Version: 10 - Star Finanz GmbH)
StarMoney 9.0 (HKLM-x32\...\{EB303025-B050-4CDF-9BC5-0C771AF0ECD5}) (Version: 9.0 - Star Finanz GmbH)
SUPER © v2014.build.62+Recorder (2014/09/21) Version v2014.buil (HKLM-x32\...\{8E2A18E2-96AF-8649-4DE7-5C06C90719A4}_is1) (Version: v2014.build.62+Recorder - eRightSoft)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VideoReDo TVSuite Version 4.20.5.605 (HKLM-x32\...\VideoReDo4_is1) (Version: - DRD Systems, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - MediaTek Inc. (usbser) Ports (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows-Treiberpaket - MediaTek Inc. (usbser) Ports (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{60F006DD-3A59-46E6-8ED7-E4C48929B090}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{7EB76141-BBD2-4A77-AF48-9F70C363C529}) (Version: 22.00.8811 - Buhl Data Service GmbH)
XMedia Recode Version 3.2.1.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.1.7 - XMedia Recode)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0D4C29D0-7FD7-4821-ACEE-8F3DA435E0EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-28] (Microsoft Corporation)
Task: {0D850E62-A03F-49AE-B309-45F956C18245} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {1A62C301-7E38-477C-B8D9-E196E3AC76DA} - System32\Tasks\updengine => C:\Program Files (x86)\OtherSearch\updengine.exe [2016-10-09] () <==== ACHTUNG
Task: {1B17B1D7-A028-40B2-894D-646475F872A4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {1CC3480A-B2C6-4B74-81F3-4CB5A3CC167B} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {553B3027-90E7-4398-BF38-AF90FCDF19B6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {59BB6220-295F-41FA-999E-8266821C579E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-31] (Google Inc.)
Task: {5FBE6E94-913D-4C19-A3A8-DFBD4ACF00D6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {642C338F-9BE6-4CED-8BDE-4D3B4B39323D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-28] (Microsoft Corporation)
Task: {66B6030A-77DB-4448-A31A-A3D581A8B3FA} - System32\Tasks\{E0BF396A-8664-4C9A-87C6-9F83C078A58D} => pcalua.exe -a F:\Catan\Catan_ks.exe -d f:\Catan
Task: {7D3DE01A-9D20-44C5-9F37-E42BC0361B18} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
Task: {8F888121-A054-40E4-8FC5-C7DCF6818E9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {D0CCEDC3-F926-40FC-BF6F-E51542B65259} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {EF4838BA-109C-4478-A8B7-9B8E9D107AB7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {F49A8275-3B49-41CF-B147-9F2E718DFC49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-31] (Google Inc.)
Task: {F6AA6560-D422-40D2-8E7D-F27C1D997669} - System32\Tasks\{BB46AEE4-C716-4EAE-B982-765EF2D129DB} => pcalua.exe -a C:\Users\Tom\AppData\Roaming\InetStat\inetstat.exe -c /uninstall
Task: {FFF68401-A3AC-40CE-90FC-3ADBCFB3851A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-17] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Tom_admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Users\Tom_admin\AppData\Roaming\HPSewil\SewilStarter2.exe () -> 2 0 <===== Cyrillic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Users\Tom_admin\AppData\Roaming\HPSewil\SewilStarter2.exe () -> 2 0 <===== Cyrillic
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-04 11:37 - 2016-01-29 12:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-07 17:09 - 2016-10-07 17:09 - 01581568 _____ () C:\Users\Tom_admin\AppData\Roaming\HPSewil\HPSewilSrv2.exe
2014-11-08 22:53 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-11 09:12 - 2015-05-11 09:12 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2016-08-09 09:49 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-09 09:49 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-27 07:17 - 2016-04-27 07:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-08-09 09:51 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-04 13:24 - 2016-06-04 13:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-08-09 09:49 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-09 09:49 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-09 09:49 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-09 09:49 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-24 12:57 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2016-07-18 20:56 - 2011-08-23 13:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2016-07-18 20:56 - 2016-06-23 20:04 - 00025600 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2014-11-08 23:06 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2016-09-22 16:41 - 2016-03-09 08:28 - 03306496 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll
2016-06-04 13:24 - 2016-06-04 13:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-04 13:24 - 2016-06-04 13:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2016-07-17 10:15 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3917217520-1086647508-2083587260-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-3917217520-1086647508-2083587260-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "ToolBoxFX"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "HPPQVideo"
HKU\S-1-5-21-3917217520-1086647508-2083587260-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{D3E8B0CD-AC59-42A4-845A-656502CD9122}F:\watchpower1.04sp1\jre\bin\javaw.exe] => (Allow) F:\watchpower1.04sp1\jre\bin\javaw.exe
FirewallRules: [TCP Query User{47892E6F-2551-419A-BF5A-17E05158B8C7}F:\watchpower1.04sp1\jre\bin\javaw.exe] => (Allow) F:\watchpower1.04sp1\jre\bin\javaw.exe
FirewallRules: [UDP Query User{EDF9CF0C-52F2-4867-B877-10F087C600E8}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{8D5E39D6-332A-45BA-AEB7-B6521D7D9BEC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{B214C567-79DC-4E27-B672-0C55D72B40E6}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [TCP Query User{61D169B1-1FE3-4EC7-893D-178E3CFB27D8}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{797ADA50-FD09-4DCE-8D32-189E6520A422}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9810186D-EB82-4E71-95AA-41D9ABB12639}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D636E8BE-0D85-41D6-9D4D-5960AD5EA3AE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C922EE19-5767-4CE5-8715-27F5745F7B7E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DCA5F26A-7D5A-4841-AFAD-6425E4211C1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{92DF821A-C79A-44ED-A38C-D5AC62EA1594}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1D6BD602-B7DD-4B59-A21A-15F67519F856}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{96D04F86-45E7-4800-A7B9-A73A271F51FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{44A58F9E-5F77-454F-9F21-CDEA83C7F2F6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EAEE9DDC-79B1-45F0-9E92-64A4031158B4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{474D5FF8-A717-413D-B618-5CEB148D7D99}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D54FC3BF-2284-4C3C-ABC7-3DBEA07E31E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F32D9419-4E5C-4309-AFD6-3DE42C175E17}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6676D071-92B3-470E-9957-8B8257D64B81}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{7F81DC66-5992-4177-B3CA-1DD18737695A}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{FA457DC1-E579-475B-935B-7B89ADCC886F}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{AF0CAC0D-44BA-438B-96AE-754422BB8632}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{78701AA8-1E3C-466F-8EEC-A1C61061BFEC}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{64C5A57F-5AEC-462F-9CE7-24B6625F95F1}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{FCB66013-0A37-4511-AE53-0B98430D963C}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{EF57A879-A07E-4205-85DE-C3636540A351}] => (Allow) D:\PlayMemories\PMBBrowser.exe
FirewallRules: [{E7B98108-26B9-422B-8735-F2C539C22B4F}] => (Allow) D:\PlayMemories\PMBBrowser.exe
FirewallRules: [{D9A38352-00C8-400A-A227-57B712D8F166}] => (Allow) D:\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{C7B3F46A-06A1-401A-AC3D-597F55695DFA}] => (Allow) D:\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [TCP Query User{8C49512B-CCDC-46E4-A06D-F425ADD78844}D:\sabnzbd\sabnzbd.exe] => (Allow) D:\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{B30DB224-02A0-4CEC-80D2-51DCB326FD12}D:\sabnzbd\sabnzbd.exe] => (Allow) D:\sabnzbd\sabnzbd.exe
FirewallRules: [{81CD2F16-B2B9-4CF6-BBCC-CCC56C667A7F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{8AF51410-B84A-42C0-9B0C-8F6C356BCF1B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C50977B0-B5C5-4D59-97D2-06C27BBD5683}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{73770087-4C3C-4C1F-9B8D-9B5986AE9BC3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{958A2FD4-AC54-4D71-B2A8-5DE4D03AE880}F:\sabnzbd\sabnzbd.exe] => (Allow) F:\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{5F7E26F2-D923-4CEE-9E3C-49B2029DCBAF}F:\sabnzbd\sabnzbd.exe] => (Allow) F:\sabnzbd\sabnzbd.exe
FirewallRules: [TCP Query User{42DB68C8-9150-437C-A0A6-220130187775}D:\sabnzbd\sabnzbd.exe] => (Allow) D:\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{ED035971-CF62-4380-9167-77B3F78F22DB}D:\sabnzbd\sabnzbd.exe] => (Allow) D:\sabnzbd\sabnzbd.exe
FirewallRules: [{97301C1C-527D-421E-B867-A5EA6B1BD480}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F489DE8-2255-4DDA-BB53-13CE8C33A75F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EBC71D60-40B2-4122-88B2-8E67FF96CCC5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B0FD758D-E477-4975-9CB9-66A2F065CB9C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{ED4CF5F9-CA8B-4648-94DB-31CA1BF26E8C}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{33FEB13D-13D7-4E02-822C-95212CF511C1}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [TCP Query User{1E3B5730-90B6-499D-89AD-F6E358287A8F}F:\carcassonne\carcassonne.exe] => (Allow) F:\carcassonne\carcassonne.exe
FirewallRules: [UDP Query User{D5C2E834-76BC-4022-879B-C2C356E4F892}F:\carcassonne\carcassonne.exe] => (Allow) F:\carcassonne\carcassonne.exe
FirewallRules: [{5978C52E-694E-4A17-B3AB-DC7FC9F9B9EC}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{32C3A422-845D-4259-A02B-7DBD3B2AE6AF}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{0DE0DBF9-7F73-4CFF-B8E1-6F495A18FCEE}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{B118BA27-69AB-470F-816D-6DBD90C1903B}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{1A51B91A-6A9B-4BED-B82F-5081CE9C4F35}] => (Allow) C:1\TV-Aufnahme\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{BC5C2A3A-05BB-412E-B3F1-C7743707DB5C}] => (Allow) C:1\TV-Aufnahme\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{36EA9213-C0B6-40A5-AB8E-A63975A39975}] => (Allow) C:1\TV-Aufnahme\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{1DB3C7AB-2781-427F-8E94-B281773558C8}] => (Allow) C:1\TV-Aufnahme\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{39D7D6FA-37CE-4C09-8C5F-FAD5E8ACA149}] => (Allow) C:1\TV-Aufnahme\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{A592F08C-8A51-4A23-A3EA-2AD85E42D3B1}] => (Allow) C:1\TV-Aufnahme\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{95BEF785-4537-461C-81F0-0854D3BEE6E8}] => (Allow) C:1\TV-Aufnahme\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{53D58512-35DE-4547-AB7F-4E04D50B3CF6}] => (Allow) C:1\TV-Aufnahme\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{F69C655D-6DC3-4762-8911-60673CF4A02A}] => (Allow) C:1\TV-Aufnahme\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{D7747FBE-4902-4040-9B71-4A77BEE04916}] => (Allow) C:1\TV-Aufnahme\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{9F6D0164-8326-46CE-AE39-D12C8AFE59B0}] => (Allow) C:1\TV-Aufnahme\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{9E782326-0169-4F49-8E81-FFB4DB2EEF04}] => (Allow) C:1\TV-Aufnahme\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{304814A1-6237-4508-B825-1E0ABB5AD794}] => (Allow) F:\DVBViewer\dvbviewer.exe
FirewallRules: [{7FBE77FB-5FE8-4396-9A06-823C52F45643}] => (Allow) F:\DVBViewer\dvbviewer.exe
FirewallRules: [{C1732268-AAFB-4DF3-BDD0-44664CABF68E}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{AD5E03D9-C7ED-4A7D-9DE8-DDA912E1A39A}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{A3AB53C5-A07D-4E46-8438-EAD53B735F65}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{BE8DB0BD-972A-4D19-BE61-23780EE114FF}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{803DBE0C-ED35-4FD6-A48D-A658D1B2AF4A}] => (Allow) C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{8B32D95F-313F-4136-879B-E1ED71C5ABE4}] => (Allow) C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{F76C872F-F55F-45AF-B8BA-0BB5B4CFE163}] => (Allow) C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{22E4ABF7-7BE3-41A5-9B6E-2892EE050D12}] => (Allow) C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe
FirewallRules: [TCP Query User{CB7CDE47-8411-4B19-867E-40BE2702EF72}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{076AD5CB-B070-4647-BAE0-DA7C753B5210}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{39F864D4-D599-49C4-9831-3680191DCE59}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{237871EB-CBFC-455D-A5EB-B2FBE9B447A0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{3209303D-086A-4B99-A47E-72FE9D8E116E}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe
FirewallRules: [{D1A2B33B-61CF-404B-A057-ECA96A363883}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe
FirewallRules: [{CEF189B4-AB93-4A92-88E8-6CA0A4E6C8B2}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe
FirewallRules: [{AB47FEEB-504E-4DC8-972D-7C872A1A86EB}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe
FirewallRules: [{FBDF0CE8-2F8F-4C0C-908F-EE87C4DCA247}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{51BFEECB-A82F-4324-8490-FFF5D9B02B12}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{28D34A29-0DD4-4A66-9E9B-EDEEE414CF78}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{88B72FCC-CF71-4B4E-9867-FBFFC2A6A9D3}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{1F7959E6-3ACB-4C00-B9B3-CBA9912EC9BA}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
FirewallRules: [{4B51C5DB-5586-444C-B6F3-82AE84F7F02E}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
FirewallRules: [{1CF0E27C-C3E5-47E7-85B7-C4DA46E87958}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
FirewallRules: [{84A56AC8-14F0-46CA-B71B-C83FD6E9CB2E}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
FirewallRules: [{34D93CEF-04EB-4BFE-871F-D38FDED0AA9F}] => (Allow) f:\DVBViewer\DVBViewer.exe
FirewallRules: [TCP Query User{DCAA3BF6-1714-4432-BCEC-064A03D91D13}C:\users\tom\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\tom\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light
FirewallRules: [UDP Query User{652625A4-DD07-40B3-855D-A4DB35D7432A}C:\users\tom\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\tom\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/10/2016 10:15:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/10/2016 10:15:50 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (10/10/2016 10:15:49 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (10/10/2016 10:15:49 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/10/2016 10:15:49 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "Lsa" in der DLL "C:\Windows\System32\Secur32.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/10/2016 10:15:49 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "ESENT" in der DLL "C:\WINDOWS\system32\esentprf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/10/2016 10:15:49 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/10/2016 09:33:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SevilerStuff.exe, Version: 7.0.0.0, Zeitstempel: 0x57fa34c8
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.494, Zeitstempel: 0x5775e78b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000ca18e
ID des fehlerhaften Prozesses: 0x1e25c
Startzeit der fehlerhaften Anwendung: 0x01d222c897843296
Pfad der fehlerhaften Anwendung: C:\Users\TOM_AD~1\AppData\Local\Temp\nso7AAF.tmp\SevilerStuff.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Berichtskennung: 4fb201ab-cd19-4885-b4c5-2aa378b7a010
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/10/2016 09:32:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 42.0.0.5780, Zeitstempel: 0x5632d0a4
Name des fehlerhaften Moduls: mozglue.dll, Version: 42.0.0.5780, Zeitstempel: 0x5632ba58
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ed50
ID des fehlerhaften Prozesses: 0xd204
Startzeit der fehlerhaften Anwendung: 0x01d22214a38411e0
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: 9d66317a-3039-4bba-85a6-3c2334815200
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/09/2016 03:21:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SpeedCommander.exe, Version 16.20.8300.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11428
Startzeit: 01d22223770a9b96
Beendigungszeit: 19449
Anwendungspfad: C:\Program Files\SpeedProject\SpeedCommander 16\SpeedCommander.exe
Berichts-ID: 2e7cec76-8e23-11e6-bee9-4061860d3436
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Systemfehler:
=============
Error: (10/10/2016 10:08:09 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/10/2016 10:04:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Device Interaction Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (10/10/2016 10:04:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Device Interaction Service erreicht.
Error: (10/10/2016 10:04:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (10/10/2016 10:04:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (10/10/2016 10:01:59 AM) (Source: DCOM) (EventID: 10010) (User: Tom_User)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/10/2016 10:01:59 AM) (Source: DCOM) (EventID: 10010) (User: Tom_User)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/10/2016 10:01:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_15b8cc6" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/10/2016 10:01:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _15b8cc6" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/10/2016 10:01:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_15b8cc6" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2016-09-29 09:05:40.736
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-08 10:11:58.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-14 09:19:21.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-10 09:59:36.157
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-09 10:58:04.835
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-23 17:34:39.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-17 10:30:44.021
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-17 09:14:14.615
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-16 10:54:54.816
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 08:14:09.615
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 8183.11 MB
Verfügbarer physikalischer RAM: 4476.31 MB
Summe virtueller Speicher: 16375.11 MB
Verfügbarer virtueller Speicher: 12553.54 MB
==================== Laufwerke ================================
Drive c: (Systemplatte) (Fixed) (Total:99.17 GB) (Free:2.57 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (System) (Fixed) (Total:24.87 GB) (Free:14.37 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (Volume) (Fixed) (Total:195.31 GB) (Free:127.75 GB) NTFS
Drive f: (Programme) (Fixed) (Total:19.53 GB) (Free:14.26 GB) NTFS
Drive g: (Spiele) (Fixed) (Total:156.25 GB) (Free:8.42 GB) NTFS
Drive h: (Daten) (Fixed) (Total:32.23 GB) (Free:1.42 GB) NTFS
Drive i: (Volume) (Fixed) (Total:99.61 GB) (Free:89.72 GB) NTFS
Drive j: (DRIVE_W) (Fixed) (Total:98.87 GB) (Free:20.02 GB) NTFS
Drive k: (Volume) (Fixed) (Total:126.95 GB) (Free:84.86 GB) NTFS
Drive l: (Volume) (Fixed) (Total:143.37 GB) (Free:137.02 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 17B32199)
Partition 1: (Active) - (Size=99.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
Partition 3: (Not Active) - (Size=99.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=98.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 25B304D0)
Partition 1: (Active) - (Size=24.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=208 GB) - (Type=05)
==================== Ende von Addition.txt ============================
|
| Themen zu Windows 10, Viren/Trojanerbefall nach download und Aufruf file von http://www.file-upload.net |
| askbar, computer, converter, cpu, explorer, firefox, firewall, flash player, helper, install.exe, logfile, mozilla, neustart, proxygate, prozesse, realtek, registry, rundll, scan, secur, seiten, services.exe, software, system, udp, updates, windows, windowsapps, winlogon.exe |
Baum-Darstellung