|
Plagegeister aller Art und deren Bekämpfung: Tr.Dropper.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.11.2016, 14:53 | #1 |
| Tr.Dropper.gen Hi leute aus dummheit habe ich aussversehen links statt rechtsklick gemacht nun ja Frst: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016 durchgeführt von Ben (Administrator) auf BENSWIDERSKY (26-11-2016 14:48:08) Gestartet von C:\Users\Ben\Desktop Geladene Profile: Ben (Verfügbare Profile: Ben) Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe () C:\Program Files (x86)\Droid4X\Droid4XService.exe (FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft) C:\Program Files (x86)\ToolbarTerminator\TTBackgroundGuard.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (© 2015 Microsoft Corporation) C:\Users\Ben\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Andy OS, inc.) C:\Program Files\Andy\HandyAndy.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.EXE (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Andy OS, inc.) C:\Program Files\Andy\AndyADB.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Andy OS, inc.) C:\Program Files\Andy\AndyDnD.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-09-11] (Intel Corporation) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] () HKLM-x32\...\Run: [SL-6397 Gaming Mouse] => C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.exe [3587584 2014-07-17] () HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25673776 2016-11-07] (Dropbox, Inc.) HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2540032 2016-01-28] (FileZilla Project) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [916072 2016-11-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.) HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd) HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\Run: [BingSvc] => C:\Users\Ben\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-14] (© 2015 Microsoft Corporation) HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation) HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.) HKU\S-1-5-21-813788870-3651861006-301960843-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [217088 2014-10-29] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ben\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ben\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ben\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ben\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ben\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ben\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-07-16] ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.) Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MadAppLauncher.lnk [2015-01-11] ShortcutTarget: MadAppLauncher.lnk -> C:\Program Files (x86)\MadAppLauncher\MadAppLauncher.exe (Keine Datei) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\..\Interfaces\{273D64FD-08A7-4FA6-B4A0-E4FD966CBA7F}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{273D64FD-08A7-4FA6-B4A0-E4FD966CBA7F}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-813788870-3651861006-301960843-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de SearchScopes: HKLM -> DefaultScope Wert fehlt SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-30] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-30] (Oracle Corporation) Toolbar: HKU\S-1-5-21-813788870-3651861006-301960843-1001 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 49sbyf4u.default FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\49sbyf4u.default [2016-11-26] FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\49sbyf4u.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\49sbyf4u.default -> Bing FF Homepage: Mozilla\Firefox\Profiles\49sbyf4u.default -> hxxp://www.google.de FF Keyword.URL: Mozilla\Firefox\Profiles\49sbyf4u.default -> hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q= FF Extension: (Kein Name) - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\49sbyf4u.default\Extensions\abs@avira.com [2016-09-18] [ist nicht signiert] FF Extension: (Bing Search) - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\49sbyf4u.default\Extensions\bingsearch.full@microsoft.com [2015-06-20] [ist nicht signiert] FF Extension: (YouTube mp3) - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\49sbyf4u.default\Extensions\info@youtube-mp3.org.xpi [2015-05-30] FF Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\49sbyf4u.default\Extensions\iobitascsurfingprotection@iobit.com [2015-11-14] [ist nicht signiert] FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\49sbyf4u.default\searchplugins\computer-bild-suche.xml [2015-07-25] FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\49sbyf4u.default\searchplugins\mc-heli-mod-for-minecraft-wiki-en.xml [2015-06-25] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] () FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-30] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-07] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-09] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [Keine Datei] FF Plugin HKU\S-1-5-21-813788870-3651861006-301960843-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Ben\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) FF Plugin HKU\S-1-5-21-813788870-3651861006-301960843-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-02] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default [2016-11-26] CHR Extension: (ProxFlow) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-11-10] CHR Extension: (Google Präsentationen) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-17] CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-17] CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-09] CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17] CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30] CHR Extension: (Google Tabellen) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-17] CHR Extension: (Avira Browserschutz) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-21] CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17] CHR Extension: (Skype) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-10] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17] CHR Extension: (ProxPrice) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopgehbobniifpngnhmljfojnkkopbje [2016-11-10] CHR Extension: (Google Mail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17] CHR Extension: (Chrome Media Router) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-03] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AbAdminService; C:\Program Files (x86)\ToolbarTerminator\AbAdminService.exe [32520 2015-04-10] (Ascora GmbH) [Datei ist nicht signiert] S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089088 2016-11-04] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [475232 2016-11-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [475232 2016-11-04] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1488240 2016-11-04] (Avira Operations GmbH & Co. KG) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [Datei ist nicht signiert] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349512 2016-11-15] (Avira Operations GmbH & Co. KG) S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-06-13] (BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-26] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-26] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-07] (Dropbox, Inc.) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-09-11] (Intel Corporation) R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-09-11] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-09-11] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-09-11] (Intel Corporation) R2 Droid4XService; C:\Program Files (x86)\Droid4X\Droid4XService.exe [279552 2016-06-13] () [Datei ist nicht signiert] R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert] R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [827904 2016-01-28] (FileZilla Project) [Datei ist nicht signiert] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert] R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-09] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [Datei ist nicht signiert] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [X] S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [151352 2016-11-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [153392 2016-10-13] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-15] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-06-09] (Avira Operations GmbH & Co. KG) S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-06-13] (BitRaider) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [143568 2013-09-11] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-09-11] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-09-11] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-09-11] (Intel Corporation) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-24] (Malwarebytes) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation) R3 NIWinCDEmu; C:\Windows\System32\drivers\NIWinCDEmu.sys [111696 2015-11-14] () R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows (R) Win 7 DDK provider) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation) R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33472 2015-11-25] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-11-26 14:47 - 2016-11-26 14:47 - 02412032 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe 2016-11-26 14:47 - 2016-11-26 14:47 - 00000000 ____D C:\Users\Ben\Desktop\FRST-OlderVersion 2016-11-26 12:26 - 2016-11-26 12:26 - 00002472 _____ C:\Users\Ben\Downloads\mbam-log-2012-09-18 (21-28-42).txt 2016-11-26 12:20 - 2016-11-26 12:20 - 00000000 ____D C:\Windows\System32\Tasks\GenericSettingsHandler 2016-11-26 12:19 - 2016-11-26 12:19 - 00001158 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2016-11-26 12:19 - 2016-11-26 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-11-26 12:12 - 2016-11-26 12:12 - 00202269 _____ C:\Users\Ben\Desktop\Skype Spammer.rar 2016-11-26 12:11 - 2016-10-28 22:04 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-11-26 12:11 - 2016-10-28 22:04 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-11-24 19:54 - 2016-11-24 19:54 - 00000010 _____ C:\Users\Ben\Desktop\Neues Textdokument (2).txt 2016-11-21 20:11 - 2016-11-21 20:11 - 00000950 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2016-11-21 20:11 - 2016-11-21 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2016-11-21 20:11 - 2016-11-21 20:11 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2016-11-17 18:37 - 2016-11-17 18:46 - 00000000 ____D C:\Users\Ben\Desktop\Vibra 2016-11-17 15:48 - 2016-11-17 15:49 - 05093038 _____ C:\Users\Ben\Downloads\Fantro.mp4 2016-11-17 15:45 - 2016-11-17 15:45 - 04912226 _____ C:\Users\Ben\Downloads\video.mkv 2016-11-17 15:34 - 2016-11-17 15:34 - 02881215 _____ C:\Users\Ben\Downloads\Awesome_2D_Colorful_Sync_CN8.pz 2016-11-11 20:56 - 2016-11-11 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-11-11 13:43 - 2016-11-11 13:43 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys 2016-11-10 19:18 - 2016-11-10 19:18 - 00000000 ____D C:\Users\Ben\AppData\Local\TempTaskUpdateDetection00502C7B-74E5-4276-9583-1C987040435D 2016-11-10 18:46 - 2016-11-24 19:55 - 00000010 _____ C:\Users\Ben\Desktop\shutdown.bat 2016-11-10 15:06 - 2016-10-27 19:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-11-10 15:06 - 2016-10-27 18:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-11-10 15:06 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-11-10 15:06 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-11-10 15:05 - 2016-11-02 21:48 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-11-10 15:05 - 2016-11-02 21:48 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-11-10 15:05 - 2016-11-02 15:03 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-11-10 15:05 - 2016-11-02 15:00 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-11-10 15:05 - 2016-10-27 19:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-11-10 15:05 - 2016-10-27 19:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-11-10 15:05 - 2016-10-27 19:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-11-10 15:05 - 2016-10-27 19:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-11-10 15:05 - 2016-10-27 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-11-10 15:05 - 2016-10-27 19:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2016-11-10 15:05 - 2016-10-27 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-11-10 15:05 - 2016-10-27 18:57 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-11-10 15:05 - 2016-10-27 18:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-11-10 15:05 - 2016-10-27 18:47 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-11-10 15:05 - 2016-10-27 18:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-11-10 15:05 - 2016-10-27 18:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-11-10 15:05 - 2016-10-27 18:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-11-10 15:05 - 2016-10-27 18:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-11-10 15:05 - 2016-10-27 18:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-11-10 15:05 - 2016-10-27 17:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-11-10 15:05 - 2016-10-25 15:11 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-11-10 15:05 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-11-10 15:05 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-11-10 15:05 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-11-10 15:05 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-11-10 15:05 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-11-10 15:05 - 2016-10-22 17:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2016-11-10 15:05 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-11-10 15:05 - 2016-10-22 17:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-11-10 15:05 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-11-10 15:05 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-11-10 15:05 - 2016-10-22 17:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-11-10 15:05 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-11-10 15:05 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-11-10 15:05 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-11-10 15:05 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-11-10 15:05 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-11-10 15:05 - 2016-10-13 20:06 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-11-10 15:05 - 2016-10-13 20:06 - 01124376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-11-10 15:05 - 2016-10-12 09:01 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2016-11-10 15:05 - 2016-10-11 21:21 - 00497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2016-11-10 15:05 - 2016-10-11 21:21 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2016-11-10 15:05 - 2016-10-11 19:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2016-11-10 15:05 - 2016-10-11 18:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2016-11-10 15:05 - 2016-10-11 17:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2016-11-10 15:05 - 2016-10-10 22:17 - 00444248 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-11-10 15:05 - 2016-10-10 22:17 - 00333656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-11-10 15:05 - 2016-10-09 23:59 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys 2016-11-10 15:05 - 2016-10-09 00:12 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-11-10 15:05 - 2016-10-08 23:53 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-11-10 15:05 - 2016-10-08 23:21 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-11-10 15:05 - 2016-10-08 23:18 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2016-11-10 15:05 - 2016-10-08 23:07 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-11-10 15:05 - 2016-10-08 23:02 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-11-10 15:05 - 2016-10-08 22:49 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-11-10 15:05 - 2016-10-08 22:21 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-11-10 15:05 - 2016-10-08 02:34 - 01660040 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-11-10 15:05 - 2016-10-08 02:34 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-11-10 15:05 - 2016-10-04 21:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-11-10 15:05 - 2016-10-04 21:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-11-10 15:05 - 2016-10-04 21:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-11-10 15:05 - 2016-10-04 21:08 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-11-10 15:05 - 2016-09-09 23:52 - 00921944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys 2016-11-10 15:05 - 2016-09-09 23:14 - 00275800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2016-11-10 15:05 - 2016-09-09 15:15 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll 2016-11-10 15:05 - 2016-09-09 15:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll 2016-11-10 15:05 - 2016-09-09 15:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-11-10 15:05 - 2016-09-09 15:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll 2016-11-10 15:05 - 2016-09-09 15:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmi.dll 2016-11-10 15:05 - 2016-09-09 14:38 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml 2016-11-10 15:05 - 2016-09-03 19:20 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\iscsidsc.dll 2016-11-10 15:05 - 2016-09-03 19:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll 2016-11-10 15:05 - 2016-09-03 18:21 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsidsc.dll 2016-11-10 15:05 - 2016-09-03 17:12 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2016-11-10 15:05 - 2016-09-03 17:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-11-10 15:05 - 2016-09-03 16:58 - 00397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2016-11-10 15:05 - 2016-09-02 15:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll 2016-11-10 15:05 - 2016-09-02 15:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll 2016-11-10 15:05 - 2016-09-01 15:33 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll 2016-11-10 15:05 - 2016-09-01 15:33 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll 2016-11-10 15:05 - 2016-09-01 15:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll 2016-11-10 15:05 - 2016-08-30 15:11 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll 2016-11-10 15:05 - 2016-08-30 03:45 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll 2016-11-10 15:05 - 2016-08-30 03:18 - 00871936 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll 2016-11-10 15:05 - 2016-08-30 03:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll 2016-11-10 15:05 - 2016-08-30 03:03 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll 2016-11-10 15:05 - 2016-08-22 14:34 - 01628672 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-11-07 23:49 - 2016-11-07 23:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2016-11-07 23:49 - 2016-11-07 23:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2016-11-07 23:49 - 2016-11-07 23:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2016-11-07 23:49 - 2016-11-07 23:49 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2016-11-07 16:55 - 2016-11-07 16:55 - 00002172 _____ C:\Users\Public\Desktop\Google Earth.lnk 2016-11-07 16:55 - 2016-11-07 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2016-11-04 18:08 - 2016-11-04 18:08 - 00722909 ____T C:\Users\Ben\Downloads\Crack Ignaz - König der Alpen.mp3.asd 2016-11-03 16:05 - 2016-11-10 18:45 - 00000042 _____ C:\Users\Ben\Desktop\shutdown.txt 2016-10-30 14:36 - 2016-11-10 18:48 - 00000009 _____ C:\Users\Ben\Desktop\Download.htm ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-11-26 14:50 - 2015-06-20 11:55 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Skype 2016-11-26 14:49 - 2016-09-06 13:34 - 00033582 _____ C:\Users\Ben\Desktop\FRST.txt 2016-11-26 14:48 - 2016-09-06 13:33 - 00000000 ____D C:\FRST 2016-11-26 14:42 - 2015-02-18 16:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-11-26 14:39 - 2016-09-20 21:01 - 00000410 _____ C:\Windows\Tasks\update-S-1-5-21-813788870-3651861006-301960843-1001.job 2016-11-26 14:28 - 2015-10-09 14:59 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc 2016-11-26 13:54 - 2015-11-07 13:45 - 00001234 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-11-26 13:51 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2016-11-26 13:25 - 2015-11-09 19:03 - 00689152 ___SH C:\Users\Ben\Downloads\Thumbs.db 2016-11-26 13:18 - 2015-07-22 17:36 - 00000416 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2016-11-26 12:22 - 2015-01-06 16:51 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3EF3E9D7-BA6B-4998-8FF2-7DAA2A3BD0FF} 2016-11-26 12:21 - 2015-01-06 16:45 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-813788870-3651861006-301960843-1001 2016-11-26 12:19 - 2015-01-17 15:36 - 00000000 ____D C:\ProgramData\Package Cache 2016-11-26 12:18 - 2016-02-08 19:29 - 00000000 ____D C:\Users\Ben\AppData\Local\CrashDumps 2016-11-26 12:18 - 2014-05-16 00:45 - 00775692 _____ C:\Windows\system32\perfh007.dat 2016-11-26 12:18 - 2014-05-16 00:45 - 00163520 _____ C:\Windows\system32\perfc007.dat 2016-11-26 12:18 - 2014-03-18 16:26 - 01785100 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-26 12:16 - 2015-11-07 13:56 - 00000000 ___RD C:\Users\Ben\Dropbox 2016-11-26 12:15 - 2015-02-01 16:57 - 00000000 ____D C:\Program Files (x86)\Avira 2016-11-26 12:15 - 2015-01-17 15:35 - 00000000 ____D C:\ProgramData\Avira 2016-11-26 12:15 - 2015-01-06 16:44 - 00000000 ___DO C:\Users\Ben\OneDrive 2016-11-26 12:13 - 2015-06-25 18:40 - 00000000 ____D C:\Users\Ben\AppData\Local\LogMeIn Hamachi 2016-11-26 12:12 - 2015-09-21 18:06 - 00000000 ____D C:\Program Files (x86)\Steam 2016-11-26 12:11 - 2015-11-07 13:45 - 00001230 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-11-26 12:10 - 2016-07-16 10:28 - 00000000 ____D C:\ProgramData\VMware 2016-11-26 12:09 - 2016-09-27 11:57 - 00000000 ____D C:\ProgramData\Foxit Software 2016-11-26 12:09 - 2016-07-16 10:44 - 00000000 _____ C:\hsrv.txt 2016-11-26 12:09 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-26 12:09 - 2013-08-22 15:44 - 00602664 _____ C:\Windows\system32\FNTCACHE.DAT 2016-11-26 12:06 - 2016-08-29 19:23 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi 2016-11-26 12:06 - 2016-08-29 19:23 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi 2016-11-26 12:06 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2016-11-24 19:56 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData 2016-11-24 19:52 - 2016-05-19 18:37 - 00000000 ____D C:\Users\Ben\Desktop\Ghoste Remix Project 2016-11-24 19:52 - 2015-10-08 17:43 - 00000000 ____D C:\Users\Ben\Desktop\musikschule projekte 2016-11-24 19:42 - 2015-11-18 20:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-11-24 19:36 - 2016-09-20 21:01 - 00000410 _____ C:\Windows\Tasks\update-sys.job 2016-11-23 16:04 - 2015-01-11 13:23 - 00000000 ____D C:\Users\Ben\AppData\Roaming\.minecraft 2016-11-17 19:28 - 2016-09-20 21:02 - 00000000 ____D C:\Users\Ben\Documents\Lightshot 2016-11-17 18:37 - 2016-04-26 06:15 - 00000000 ____D C:\Users\Ben\Desktop\aAD 2016-11-17 15:53 - 2015-12-13 16:18 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-11-17 15:53 - 2015-01-07 10:56 - 00002209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-17 15:20 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-11-17 15:19 - 2015-01-06 17:41 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-11-14 16:49 - 2015-01-06 20:13 - 00000000 ____D C:\Windows\system32\MRT 2016-11-14 16:42 - 2015-01-06 20:13 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-11-12 00:12 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2016-11-11 20:57 - 2015-11-07 13:45 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-11-10 17:33 - 2016-09-26 11:35 - 00000617 _____ C:\Users\Ben\Desktop\Neues Textdokument.txt 2016-11-10 17:25 - 2015-06-20 11:54 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-11-10 15:49 - 2015-11-07 13:45 - 00004206 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2016-11-10 15:49 - 2015-11-07 13:45 - 00003970 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2016-11-10 14:58 - 2015-01-06 20:24 - 00000000 ____D C:\Users\Ben\AppData\Roaming\TS3Client 2016-11-10 14:56 - 2015-04-13 18:16 - 01396224 ___SH C:\Users\Ben\Desktop\Thumbs.db 2016-11-08 20:42 - 2015-02-18 16:17 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-11-08 20:42 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-11-08 20:42 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-11-07 17:02 - 2016-06-25 21:02 - 00000000 ____D C:\Users\Ben\AppData\Local\JDownloader v2.0 2016-11-07 16:55 - 2015-01-07 10:52 - 00000000 ____D C:\Program Files (x86)\Google 2016-11-06 13:52 - 2015-01-07 10:52 - 00000000 ____D C:\Users\Ben\AppData\Local\Google 2016-11-04 17:21 - 2015-02-01 17:06 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2016-11-02 16:58 - 2016-02-27 21:29 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-11-02 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-07-16 10:41 - 2016-07-16 10:45 - 0003182 _____ () C:\Users\Ben\AppData\Roaming\droid4xinstaller.log 2016-02-29 19:12 - 2016-02-29 19:12 - 0000600 _____ () C:\Users\Ben\AppData\Roaming\PUTTY.RND 2015-01-07 11:05 - 2015-01-07 17:07 - 0000067 _____ () C:\Users\Ben\AppData\Roaming\WB.CFG 2016-02-21 15:57 - 2016-03-05 13:05 - 0000600 _____ () C:\Users\Ben\AppData\Local\PUTTY.RND 2015-05-25 11:19 - 2015-11-07 12:38 - 0001469 _____ () C:\Users\Ben\AppData\Local\RecConfig.xml 2016-04-14 19:04 - 2016-06-25 20:28 - 0007616 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg 2016-09-20 21:01 - 2016-09-20 21:01 - 0000003 _____ () C:\Users\Ben\AppData\Local\updater.log 2016-09-20 21:01 - 2016-09-20 21:01 - 0000424 _____ () C:\Users\Ben\AppData\Local\UserProducts.xml 2015-10-23 10:22 - 2015-10-23 10:22 - 0000000 _____ () C:\Users\Ben\AppData\Local\{CD5AC17C-8F5B-4B65-99B0-F32FE291017F} 2015-11-19 21:00 - 2015-11-19 21:01 - 0000000 _____ () C:\Users\Ben\AppData\Local\{E36D5CD2-0263-48E4-967A-5CD0F8A8B620} 2015-01-07 10:48 - 2015-01-07 10:48 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-07-25 16:31 - 2014-07-25 16:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-04-17 10:54 - 2016-04-17 10:54 - 0000016 _____ () C:\ProgramData\mntemp 2016-02-08 10:35 - 2016-02-08 10:35 - 0004881 _____ () C:\ProgramData\rxsmznjf.zcp 2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Einige Dateien in TEMP: ==================== C:\Users\Ben\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-11-17 19:58 ==================== Ende von FRST.txt ============================ |
26.11.2016, 14:54 | #2 |
| Tr.Dropper.gen Addition
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-11-2016 durchgeführt von Ben (26-11-2016 14:50:22) Gestartet von C:\Users\Ben\Desktop Windows 8.1 (Update) (X64) (2015-01-06 15:39:26) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-813788870-3651861006-301960843-500 - Administrator - Disabled) Ben (S-1-5-21-813788870-3651861006-301960843-1001 - Administrator - Enabled) => C:\Users\Ben Gast (S-1-5-21-813788870-3651861006-301960843-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-813788870-3651861006-301960843-1003 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Ableton Live 9 Intro (HKLM\...\{A87A85A4-4544-44A5-AD3F-4138E7551701}) (Version: 9.0.0.0 - Ableton) Ableton Live 9 Standard (HKLM\...\{D752AC64-C335-4A06-BB7B-F90875680E17}) (Version: 9.0.0.0 - Ableton) Acoustica MP3 To Wave Converter PLUS (HKLM-x32\...\Acoustica MP3 To Wave Converter PLUS) (Version: 2.5 - Acoustica, Inc.) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated) Akai Professional MPK Mini MkII Editor (HKLM-x32\...\MPKminiMkIIEditor) (Version: - ) Altitude (HKLM-x32\...\Steam App 41300) (Version: - Nimbly Games) Andy OS (HKLM\...\Andy OS) (Version: - Andy OS, Inc) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS) ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) Avira Connect (HKLM-x32\...\{e7f56494-d786-472e-aba2-1b93089e06cd}) (Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG) Hidden Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team) BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC) Blender (HKLM\...\Blender) (Version: 2.74 - Blender Foundation) CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform) CLIP STUDIO PAINT 1.5.4 (HKLM-x32\...\{88B5A062-DDA1-4F62-A4DD-95D0C4F19979}) (Version: 1.5.4 - CELSYS) Cloudfall 1.0 (HKLM-x32\...\Cloudfall) (Version: 1.0 - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CrystalDiskInfo 7.0.3 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.3 - Crystal Dew World) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DECUS Gaming Mouse (HKLM-x32\...\{B62CC42A-D1D9-4E91-BEDE-8614DE2AD943}) (Version: 1.0 - SPEEDLINK) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Droid4X (HKLM-x32\...\Droid4X) (Version: 0.10.3 - Haiyu Dongxiang Co.,Ltd.) Dropbox (HKLM-x32\...\Dropbox) (Version: 14.4.19 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden Electric Sheep 2.7b34 (HKLM-x32\...\Electric Sheep) (Version: 2.7b34 - Electricsheep) Epic Games Launcher (HKLM-x32\...\{C8E7C575-FCFA-46B2-8FC0-E8AC65501350}) (Version: 1.1.78.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden FileZilla Client 3.15.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.15.0.1 - Tim Kosse) FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.55 - FileZilla Project) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.) GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - ) HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{7A564D11-817E-48B1-9830-91420BF6E339}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\HP Photo Creations) (Version: 1.0.0.18922 - HP) HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC) HyperSnap 7 (HKLM-x32\...\HyperSnap 7) (Version: 7.29.03 - Hyperionics Technology LLC) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation) Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) JSkat (HKLM-x32\...\JSkat) (Version: - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden Magic Duels (HKLM-x32\...\Steam App 316010) (Version: - Stainless Games Ltd.) MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{02ABEC70-68BD-458F-A302-B280FEA5E103}) (Version: 4.3.2.0 - MAGIX Software GmbH) MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2015 Premium (Demosongs) (HKLM-x32\...\MX.{BF0BAC06-859A-43A0-9E63-EBB3A0C14BDE}) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Music Maker 2015 Premium (Demosongs) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2015 Premium (HKLM-x32\...\MX.{3DF585C2-BDD1-42F7-84E1-AB6191830E0E}) (Version: 21.0.0.30 - MAGIX Software GmbH) MAGIX Music Maker 2015 Premium (Synthesizer und Effekte) (HKLM-x32\...\MX.{BC8A72AD-2199-4353-A999-98552C29B986}) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Music Maker 2015 Premium (Synthesizer und Effekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2015 Premium (Version: 21.0.0.30 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2015 Premium (Visuals) (HKLM-x32\...\MX.{300D920D-C6AB-4453-ABC5-8B2F025059E9}) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Music Maker 2015 Premium (Visuals) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2015 Premium Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2015 Premium Update (Version: 21.0.3.38 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2015 Premium Update (Version: 21.0.4.50 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2015 Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker Techno Edition 6 (HKLM-x32\...\MX.{6859754A-A628-46B0-BD8C-388EEBDFBB87}) (Version: 21.0.3.47 - MAGIX Software GmbH) MAGIX Music Maker Techno Edition 6 (Version: 21.0.3.47 - MAGIX Software GmbH) Hidden MAGIX Music Maker Techno Edition 6 Trial Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker Techno Edition 6 Update (Version: 21.0.4.50 - MAGIX Software GmbH) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{AD4A2318-33E8-4E3C-90F5-5E91D0EE8572}) (Version: 7.0.2.6 - MAGIX Software GmbH) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden Mahjong World Contest (HKLM-x32\...\{F31D44B8-107E-43CF-BAA0-27A7C86CC293}) (Version: 1.00.0000 - PurpleHills) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Halo Trial (HKLM-x32\...\Halo Trial) (Version: - Microsoft) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4875.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mill 3D (HKLM-x32\...\mill3d) (Version: - ) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.2.0 - Movavi) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments) Native Instruments Guitar Rig Factory Selection for Maschine (HKLM-x32\...\Native Instruments Guitar Rig Factory Selection for Maschine) (Version: - Native Instruments) Native Instruments Komplete 8 Players (HKLM-x32\...\Native Instruments Komplete 8 Players) (Version: - Native Instruments) Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.1.451 - Native Instruments) Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: - Native Instruments) Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.4.2.419 - Native Instruments) Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: - Native Instruments) Native Instruments Reaktor Factory Selection (HKLM-x32\...\Native Instruments Reaktor Factory Selection) (Version: - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments) Neverball (HKLM-x32\...\Neverball) (Version: - ) No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23) NVIDIA Graphics Driver 332.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.85 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation) osu! (HKLM-x32\...\{992321e2-e85c-4322-825b-51723f3fef4a}) (Version: latest - ppy Pty Ltd) paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.) Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.) S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Steam App 286940) (Version: - Dragonfly GF Co., LTD) Should I Remove It (HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.) Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC) Star Trek Online (HKLM-x32\...\Steam App 9900) (Version: - Cryptic Studios) Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.22 - Bioware/EA) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Studie zur Verbesserung von HP ENVY 4500 series (HKLM\...\{36E08FE6-D9FF-44EE-8AD3-EC723390DE00}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) Sylenth1 Demo v3.021 (HKLM\...\Sylenth1v3_is1) (Version: - ) TAL-Chorus-LX (64bit) (HKLM\...\{387F3AC2-DC2C-4768-8DA1-DB3E73A130F3}) (Version: 1.0.0 - TAL - Togu Audio Line) TAL-Reverb-4 (AAX 64bit) (HKLM\...\{51DC6492-3AE9-43BB-8FCD-620EAA88BC91}) (Version: 1.0.0 - TAL - Togu Audio Line) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) Total War: Arena (HKLM-x32\...\Steam App 227520) (Version: - Creative Assembly) Unity Web Player (HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VirtualDJ 8 (HKLM-x32\...\{4D5A0E11-2E8C-4F1F-A847-CE6DA223250C}) (Version: 8.1.2770.0 - Atomix Productions) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vita 2 (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden Vita Analog Synths (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden Vita Celtic Harp (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden Vita Drum Engine (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden Vita Jazz Drums (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden Vita Urban Drums (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden Vita World Flutes (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.) VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.2.00000 - VMware, Inc.) Voxengo SPAN (HKLM\...\Voxengo SPAN_is1) (Version: 2.7 - Voxengo) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Zulu DJ Software (HKLM-x32\...\Zulu) (Version: 3.34 - NCH Software) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-813788870-3651861006-301960843-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-813788870-3651861006-301960843-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-813788870-3651861006-301960843-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-813788870-3651861006-301960843-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-813788870-3651861006-301960843-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-813788870-3651861006-301960843-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-813788870-3651861006-301960843-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Ben\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-813788870-3651861006-301960843-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-813788870-3651861006-301960843-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll => Keine Datei ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {07FB666E-E0EE-4A37-90AD-4CD7F2147C1A} - System32\Tasks\Abelssoft\ToolbarTerminator Background Guard => C:\Program Files (x86)\ToolbarTerminator\TTBackgroundGuard.exe [2015-04-10] (Microsoft) Task: {099F2F02-DEFC-4818-AC19-F67117987F87} - System32\Tasks\ASC8_SkipUac_Ben => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe Task: {0ABEA372-41F9-4C59-BCB2-3E53D0D21B34} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.) Task: {173C6D4B-B118-434E-9221-A6930C666149} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {1A3851C3-665D-4B51-A28C-D3D7D5C3272D} - System32\Tasks\HP AR Program Upload - 61b06bf380b747fcaf3b002211cff3d0aa6d5aff6c894756bbf96438722f7d87 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>) Task: {206256B1-B0EA-41BE-9A15-DF8B5F25E82D} - System32\Tasks\HP AR Program Upload - 01ba5763adda49afb37829aae79ea809d7ca54d2ea754f9689fb046b95e4e021 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>) Task: {35F1E090-9EDC-4CB8-A141-3C7B5FA311E1} - System32\Tasks\HP AR Program Upload - 73904ccf716f4b50bee8bdaeb12693b61cb2727a22284b458fa901e0764802f8 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>) Task: {4867FAC3-50A9-4C20-98CF-4CE04E475AE6} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor) Task: {5058814C-52B2-4DD3-8BD9-208C0AF7577C} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS) Task: {50B32207-1405-44D3-AF33-3DFC16984661} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe Task: {594D2544-448D-4F46-9FD3-9040D6284906} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {5DBEF2AE-E592-4B00-820F-38830D9AE1B5} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {75DC0BA9-F89A-4E87-8B01-F5B3DB73E6B9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-11-14] (Microsoft Corporation) Task: {78C7E38E-5415-4F3D-A492-863E4E5B65FC} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek) Task: {7C2E6A74-D9C1-452B-8F0D-A8B0C7D2C77B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor) Task: {973942DA-1A82-40CC-AAED-99909A4D9BCF} - System32\Tasks\Abelssoft\StartBackgroundguardWithWindows => C:\Program Files (x86)\CheckDrive\CheckDrive.exe Task: {9EC480A7-B4C3-4838-97C3-1B494CCCE0E3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-26] (Dropbox, Inc.) Task: {BB7A4365-0451-425B-AE93-2D9F35B8DCF7} - System32\Tasks\Abelssoft\ToolbarTerminator Continous Scan_Ben => C:\Program Files (x86)\ToolbarTerminator\ToolbarTerminator.exe [2015-04-10] (Ascora GmbH) Task: {BD7E42A9-82CA-4009-A3F2-AFCD18D7FE3B} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-813788870-3651861006-301960843-1001 Task: {C69B6965-8CDE-436B-9D91-9294A867FCA5} - System32\Tasks\Abelssoft\ToolbarTerminator AutoScan_Ben => C:\Program Files (x86)\ToolbarTerminator\ToolbarTerminator.exe [2015-04-10] (Ascora GmbH) Task: {CDDA79A9-8A7C-49A3-8F5A-0B914B2B8BA5} - \OTRIG -> Keine Datei <==== ACHTUNG Task: {CF92D9B9-77BC-4A5D-B18E-4835CE5A411F} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.) Task: {CFCF4DF4-535E-44C9-854D-9447C9208032} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd) Task: {D07BF18E-03B6-41F3-BF8F-F906A9E3E7B7} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] () Task: {D36FFB01-AEE5-43C6-A5CF-7739CEAC9174} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-02-11] () Task: {D42E6765-73D6-4717-91E9-DCD1E278622C} - System32\Tasks\Uninstaller_SkipUac_Ben => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Task: {D610C35F-A5DB-4413-98E4-47455C2617F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation) Task: {D876291A-5326-42AF-BF4B-E54239F97F3E} - System32\Tasks\HP AR Program Upload - 51a7edcea6bb432682c6ebd0a2dcf378c58339d856114ecd86286489203b4414 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>) Task: {DA84782C-2845-4EF0-BEEA-309E8C0384B8} - System32\Tasks\update-S-1-5-21-813788870-3651861006-301960843-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] () Task: {DAF4D192-5978-4B38-9D53-EEF0D9B53844} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Ben\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-07-25] () Task: {DD3F1035-2943-4FDF-8F31-60C351C0AA5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated) Task: {E2BB93A2-A173-4076-8F57-6F20D25E7C71} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.) Task: {F01BBDC9-8DD3-4B4D-954D-A72A64175D80} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-11] (ASUS) Task: {F0B589FC-2D8E-4DC8-B191-D606DA9F0082} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation) Task: {FE15E3BB-DA90-49F9-BBDC-2C16BF68A1E3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-26] (Dropbox, Inc.) Task: {FE65403A-8DB4-4F50-AB32-F48333F0DE94} - System32\Tasks\HP AR Program Upload - ba958ca68a8b43e3914d55e49fc1499ac71d58f28ca84626849e28de31cf9d1e => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>) Task: {FF2E1997-4CE3-4137-B221-0C65B9EF8ECC} - System32\Tasks\HP AR Program Upload - ad22b011147a4391bebbc7cdcd969fdcdf809067d6b641ffaead03a436c80de9 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ASC8_SkipUac_Ben.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Ben\AppData\Roaming\HP Photo Creations\Communicator.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_Ben.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Task: C:\Windows\Tasks\update-S-1-5-21-813788870-3651861006-301960843-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\Ben\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html Shortcut: C:\Users\Ben\Desktop\desktop alt\Papierkorb\mül\Real Desktop Webpage.lnk -> hxxp://www.real-desktop.de/ Shortcut: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/ Shortcut: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/ ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-07-25 16:28 - 2014-03-13 20:26 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-11-17 15:17 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-06-13 08:19 - 2016-06-13 08:19 - 00279552 _____ () C:\Program Files (x86)\Droid4X\Droid4XService.exe 2014-02-11 17:08 - 2014-02-11 17:08 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2014-02-11 17:08 - 2014-02-11 17:08 - 00028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll 2016-02-02 10:53 - 2016-02-02 10:53 - 00043472 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2015-08-06 11:33 - 2014-07-17 21:47 - 03587584 _____ () C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.EXE 2015-03-13 14:54 - 2015-03-13 14:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-11-25 17:10 - 2015-11-25 17:10 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll 2013-10-08 20:41 - 2013-10-08 20:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2013-09-09 18:23 - 2013-09-09 18:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-05-01 15:15 - 2014-05-01 15:15 - 00463360 _____ () C:\Users\Ben\AppData\Local\MEGAsync\ShellExtX32.dll 2016-10-20 08:30 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-10-20 08:30 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-10-20 08:30 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll 2016-10-20 08:30 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-10-20 08:30 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-10-20 08:30 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-10-20 08:30 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-10-20 08:30 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-10-20 08:30 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-10-20 08:30 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-10-20 08:30 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-10-20 08:30 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2015-08-06 11:33 - 2013-09-30 12:39 - 00036864 _____ () C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Lang.dll 2015-08-06 11:33 - 2013-01-29 15:15 - 00061440 _____ () C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\hiddriver.dll 2016-11-11 20:55 - 2016-10-10 17:29 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-11-11 20:55 - 2016-10-10 17:29 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-11-11 20:55 - 2016-10-10 17:29 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-11-11 20:55 - 2016-10-10 17:29 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-11-11 20:55 - 2016-10-10 17:29 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-11-11 20:55 - 2016-10-10 17:29 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-11-11 20:55 - 2016-10-10 17:29 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-11-11 20:55 - 2016-11-07 23:58 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-11-11 20:55 - 2016-10-10 17:30 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-11-11 20:55 - 2016-11-07 23:58 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-11-11 20:55 - 2016-11-07 23:58 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-11-11 20:55 - 2016-10-10 17:29 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-11-11 20:55 - 2016-10-10 17:31 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-11-11 20:55 - 2016-11-07 23:58 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-11-11 20:55 - 2016-10-10 17:30 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd 2016-11-11 20:55 - 2016-11-07 23:58 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-11-11 20:55 - 2016-10-10 17:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-11-11 20:55 - 2016-11-07 23:59 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-11-11 20:55 - 2016-11-07 23:59 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-11-11 20:55 - 2016-10-10 17:29 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd 2016-11-11 20:55 - 2016-10-10 17:33 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2016-11-11 20:55 - 2016-10-10 17:34 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2016-11-11 20:55 - 2016-11-07 23:59 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2016-11-11 20:55 - 2016-10-10 17:31 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2016-11-11 20:55 - 2016-11-07 23:59 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-11-17 15:53 - 2016-11-08 21:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll 2016-11-17 15:53 - 2016-11-08 21:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll 2014-07-25 16:24 - 2013-10-23 13:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-10-20 08:30 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\100sexlinks.com -> 100sexlinks.com Da befinden sich 4788 mehr Seiten. ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2016-06-26 10:38 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com Da befinden sich 4 zusätzliche Einträge. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-813788870-3651861006-301960843-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\banner c642_pvp.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == HKLM\...\StartupApproved\StartupFolder: => "Biet-O-Matic.lnk" HKU\S-1-5-21-813788870-3651861006-301960843-1001\...\StartupApproved\StartupFolder: => "MadAppLauncher.lnk" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{B79DCD3C-EC12-4456-9B2C-51ADF9122AA0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{75FFB8E7-0F62-46A7-B07C-0F838158032E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{256B8015-A0EC-4EF4-9764-E6242A31F9B7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{C20BF004-E3F5-411C-96D7-828A3B70F277}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe FirewallRules: [{C18C7605-5375-4FBF-B359-1908FDF46B98}] => (Allow) LPort=5357 FirewallRules: [{5C55E199-BEBD-4E4D-B9F9-FFC5E9A261EE}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{67D530B4-D8BB-4AC3-978B-EA4583B85E8A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{F4FF820E-1BC1-4B5E-9CFD-9B4F7EBBA9D5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{2E3A8A03-FDF8-445F-82AC-9C9B4E23D559}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{B157BEAC-4792-4DD6-99BB-5EA240C1DB10}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{E054C848-79D0-4F00-96FA-0B0D2B2A87CF}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [UDP Query User{1C12732F-F7EE-4194-AD72-88CD5425203A}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [TCP Query User{1B06A0B8-5944-44A9-A60E-BE32C79A69D1}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe FirewallRules: [UDP Query User{E1F4E362-FF96-4669-A6E9-689E7095A6C3}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe FirewallRules: [TCP Query User{A01BE7A7-E1A4-40AC-ADF5-F464F4F74A1C}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe FirewallRules: [UDP Query User{96C19FCF-22D5-488C-9733-4CBDAE223F86}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe FirewallRules: [{13E9A4D0-4EC6-48DE-81A6-C29C43A4ED8C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{CF9BE4E6-022F-4865-B149-C1FF5EEA4AF9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{638784C3-1DF2-4C5A-BAE1-113F0FB98D8D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{535B9828-6692-4E5B-83A0-F6E78885FF7E}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [TCP Query User{D52C9599-BCEF-4C23-9C67-0F4758065C34}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D2787178-F11F-405E-8EFE-E44E1534DD4D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{63AE4630-A4DE-45EB-A229-4D208528E3A2}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe FirewallRules: [UDP Query User{6500117E-BA03-44F2-8DF5-80CD9B8BA7FA}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe FirewallRules: [TCP Query User{1E84B398-EDA2-46F8-A03D-10B07F968586}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe FirewallRules: [UDP Query User{EFE655D1-4BBD-4A88-A360-D72F713FAC20}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe FirewallRules: [TCP Query User{E52B7908-AC9F-4523-BD61-F8148C966ECC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D2CEFEF5-18DA-48E3-9094-62BCDED1FAFB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{42A19422-EF11-4BDC-91E4-E30C0B5B5C02}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe FirewallRules: [{25050611-6E6F-450F-BDC6-6F4A20239F57}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe FirewallRules: [{24AC1D23-E891-4C5B-8430-57422CE19A9E}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe FirewallRules: [{BE0E9CAA-1AD2-4773-A834-138E9A32ACFB}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe FirewallRules: [{69B9F29F-8DFA-4BCB-827E-FAB310401693}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe FirewallRules: [{756CDEB6-AB7B-4044-BF3A-557017A83896}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe FirewallRules: [TCP Query User{0DD6C36B-CB74-4FC9-B055-2CC7DBF24179}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [UDP Query User{1F828BC8-DF2C-4040-80F4-86358CEECDCE}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [{33376415-D4ED-43E4-8948-1110EEBEFA80}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2BC657F1-D737-478A-A418-72ECF22AC915}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{34F02D40-268D-4474-BAE7-E34902738807}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{A8390774-48DD-40AC-BC41-B8B2A3027279}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{EB4F9815-7441-4BD9-BAC8-EBD207199687}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe FirewallRules: [{4F39726D-EA52-4204-A18F-278F183EDDF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe FirewallRules: [{7F8D4E1B-BC3A-4158-A8ED-DC428521237F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{346712AA-2E27-4F0D-8FDC-32C6697EB70C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{E291D376-4590-4029-9C8A-FDE780A7E325}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [UDP Query User{962B836F-370F-4F94-8FF4-94E3D6FBF23E}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [{03387E11-B3CD-4F83-8977-8F7BFE095E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe FirewallRules: [{1D6E9BC8-E63F-4462-8020-B0F0476BE212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe FirewallRules: [TCP Query User{0E46D74D-373B-4B35-B282-85D2F1B0C7C0}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe FirewallRules: [UDP Query User{017F875C-DD87-474E-8EC8-9F872513F80B}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe FirewallRules: [{AC9C745E-10C2-4347-BC8B-38CBE93F3EA2}] => (Block) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe FirewallRules: [{5373BABC-D058-4B98-A063-31E6F5BD9D87}] => (Block) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe FirewallRules: [TCP Query User{63FB8D2A-0B31-4C0B-B104-F4591BF29475}F:\ark survival evolved\ark survival evolved\shootergame\binaries\win64\shootergame.exe] => (Allow) F:\ark survival evolved\ark survival evolved\shootergame\binaries\win64\shootergame.exe FirewallRules: [UDP Query User{B48563D2-3D85-47D8-BA5F-B9C2EB16F27B}F:\ark survival evolved\ark survival evolved\shootergame\binaries\win64\shootergame.exe] => (Allow) F:\ark survival evolved\ark survival evolved\shootergame\binaries\win64\shootergame.exe FirewallRules: [TCP Query User{F3267C0A-0420-4893-8109-C9F549D1E9F5}C:\users\ben\desktop\spiele\ark survival evolved\ark survival evolved\shootergame\binaries\win64\shootergame.exe] => (Allow) C:\users\ben\desktop\spiele\ark survival evolved\ark survival evolved\shootergame\binaries\win64\shootergame.exe FirewallRules: [UDP Query User{EE3271A6-9331-4DE2-98AE-0AE5B592E8C7}C:\users\ben\desktop\spiele\ark survival evolved\ark survival evolved\shootergame\binaries\win64\shootergame.exe] => (Allow) C:\users\ben\desktop\spiele\ark survival evolved\ark survival evolved\shootergame\binaries\win64\shootergame.exe FirewallRules: [TCP Query User{A85E2A7B-DDD8-496D-AC1E-FFA6E1834CF8}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe FirewallRules: [UDP Query User{9F9F4E0B-C606-4ABD-90D0-05C082A027C8}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe FirewallRules: [TCP Query User{505E380F-5852-4656-BCB0-B6F586F06B9C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe FirewallRules: [UDP Query User{EE23E026-F766-4DE7-A052-29C27B36D00C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe FirewallRules: [{B1FF7152-1077-4291-904C-53F652D8E8D5}] => (Block) C:\windows\system32\settingsynchost.exe FirewallRules: [{D86412FA-3C0D-4237-B464-254B91F1FDCF}] => (Block) C:\windows\system32\settingsynchost.exe FirewallRules: [{BBDE517B-55B4-49F7-B61C-479182CE8DE4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{248EF8F3-0553-4118-BBB7-2AF541ED39C3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{C5AAA673-4B4D-4E0C-9C0B-40DA03E8E051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SKILL\DFUBG.exe FirewallRules: [{746F7612-E654-4790-B454-9144D4DDE9FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SKILL\DFUBG.exe FirewallRules: [TCP Query User{5B58C8E3-04E5-46D0-85BE-EA7D4A10D015}C:\users\ben\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe] => (Allow) C:\users\ben\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [UDP Query User{A4375C1B-292E-45C3-9D40-628AC672E13D}C:\users\ben\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe] => (Allow) C:\users\ben\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [{B53E7616-46EF-4BCB-8500-A5B35F8E30B6}] => (Block) C:\users\ben\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [{EFD7E625-CFEF-49FB-A68F-A84BCAF6088B}] => (Block) C:\users\ben\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [{AF4F6C94-F683-4438-B284-6ED80C59DE44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Altitude\altitude.exe FirewallRules: [{199C5742-5D0A-4D14-8E5C-10A32DE6AFA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Altitude\altitude.exe FirewallRules: [TCP Query User{DD958D84-D9F9-4512-B39A-A6E63A2541D4}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe FirewallRules: [UDP Query User{B7A7028D-C570-4CCF-BC06-25A0B3D76834}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe FirewallRules: [{90AFE71A-D44A-4492-B0F1-976C479047C0}] => (Block) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe FirewallRules: [{66B4689E-8775-4493-BD9C-42F51752EDDD}] => (Block) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe FirewallRules: [{B02333AF-31D4-48E9-A4F9-797D10055082}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{885D0572-9472-4E8F-9C49-56471CF5D804}] => (Allow) LPort=2869 FirewallRules: [{002962E0-E4F7-4495-8B40-C5F8221CF838}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{39C5ED5B-EFDA-4049-ADAF-6CBE3404EA26}C:\users\ben\appdata\roaming\skype\my skype received files\lukas´s ftp client.exe] => (Allow) C:\users\ben\appdata\roaming\skype\my skype received files\lukas´s ftp client.exe FirewallRules: [UDP Query User{8EDE449F-C848-4FF9-86CB-0EA8A5B3BBD0}C:\users\ben\appdata\roaming\skype\my skype received files\lukas´s ftp client.exe] => (Allow) C:\users\ben\appdata\roaming\skype\my skype received files\lukas´s ftp client.exe FirewallRules: [{7DF20739-4FB1-4C3D-BFB0-796698607192}] => (Block) C:\users\ben\appdata\roaming\skype\my skype received files\lukas´s ftp client.exe FirewallRules: [{F7FE2B4A-99B2-468C-BD9E-DD8894CD5C30}] => (Block) C:\users\ben\appdata\roaming\skype\my skype received files\lukas´s ftp client.exe FirewallRules: [TCP Query User{1A7F5E9B-E460-4472-9E7C-47BAFD218993}C:\users\ben\desktop\lukas´s ftp client.exe] => (Allow) C:\users\ben\desktop\lukas´s ftp client.exe FirewallRules: [UDP Query User{EED077EA-2BD4-4CA6-888E-0B92129DFB0D}C:\users\ben\desktop\lukas´s ftp client.exe] => (Allow) C:\users\ben\desktop\lukas´s ftp client.exe FirewallRules: [{473FAE40-9D69-4556-B2EF-63FE02A98805}] => (Block) C:\users\ben\desktop\lukas´s ftp client.exe FirewallRules: [{481D6145-54AB-49D9-A5A4-7948675695E1}] => (Block) C:\users\ben\desktop\lukas´s ftp client.exe FirewallRules: [{B3787F37-1CF0-43DE-B03B-2F01465C67E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{15637F07-80AA-4735-BA66-CDA5D441FE4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{160BFA5B-161A-45B6-B711-B29292A0C044}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe FirewallRules: [{CC9705B8-BC7D-41FE-B56A-8968B1E868ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe FirewallRules: [{F9B22E73-D886-4157-9528-C7910B34E50F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{41C42FDF-AE1D-477D-A22F-3F158591B037}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8A4B88F4-A364-4D40-802A-05455E15BD0B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{10002CC1-7108-46F9-9AD1-7DB97B541CA1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E8EAA1E3-374F-4D86-861E-D8C99E2939B7}] => (Allow) C:\Users\Ben\AppData\Local\Temp\andy-x64\Setup.exe FirewallRules: [{BA1C33B8-88C9-46C1-AF73-7F8497FE92A0}] => (Allow) C:\Program Files\Andy\andy.exe FirewallRules: [{77BD5229-2499-4D80-B91C-226805D503D8}] => (Allow) C:\Program Files\Andy\andy.exe FirewallRules: [{B90133BC-1B75-4DD1-A666-F6BBC8963787}] => (Allow) C:\Program Files\Andy\AndyConsole.exe FirewallRules: [{4CC3E3C3-B6D3-4C22-807A-9928ACEA4AE2}] => (Allow) C:\Program Files\Andy\AndyConsole.exe FirewallRules: [{C4683140-6180-4E09-B5EF-990E066C32A8}] => (Allow) C:\Program Files\Andy\HandyAndy.exe FirewallRules: [{DB25A039-173D-4188-A1CA-818F473F6083}] => (Allow) C:\Program Files\Andy\HandyAndy.exe FirewallRules: [{F511D700-6DEC-4266-85FA-03A6597471A8}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe FirewallRules: [{0DD95CA0-CBC4-48D9-9ED9-F7578719C04E}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe FirewallRules: [{4F173D4B-6777-4B25-ADAD-229192889916}] => (Allow) C:\Users\Ben\AppData\Local\Temp\Uninstall.exe FirewallRules: [{9FCF5555-E135-4DE7-8C33-F4482D3E5FEE}] => (Allow) C:\Users\Ben\AppData\Local\Temp\Uninstall.exe FirewallRules: [{2CAC4758-5DD4-404D-9C74-156BF0B1141D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{4BC5C688-641B-4B0D-BB41-576C262C0021}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [TCP Query User{2BC2394C-04A1-4F18-81A5-1FD6DF83ECD3}C:\users\ben\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\ben\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe FirewallRules: [UDP Query User{E14DB948-EE74-4A4F-A26A-2499CEC42E4A}C:\users\ben\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\ben\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe FirewallRules: [{578C9B4A-CC8B-4F00-8D63-D47B55F35919}] => (Block) C:\users\ben\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe FirewallRules: [{54EF2557-C0CB-48B6-9597-DC6A59C94EFE}] => (Allow) C:\Program Files (x86)\Droid4X\Droid4X.exe FirewallRules: [{5225E567-9C9A-443C-9E98-C054E9003B02}] => (Allow) C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe FirewallRules: [{C1EC6A43-315F-4DBE-A3F5-4CA0E4EB0318}] => (Allow) C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe FirewallRules: [{D022C4A6-6E9B-472C-8001-5645E5235F67}] => (Allow) C:\Program Files\Oracle\VirtualBox\vboxheadless.exe FirewallRules: [TCP Query User{E55C5A32-C48F-42EB-9A12-A988570CD4B4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{671F440F-053C-4D22-B33D-B46E5AD72FA6}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [{73D2305D-DA3F-4089-9C38-63DEAECA0D64}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [{33734110-FB0F-4FBB-A619-8E8B8E41325B}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{98EB6267-A63D-46BF-B36C-399F5210A2E1}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{9B8B2F51-6528-4C81-9C17-00CDA0EC2ABB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{053A288B-7B83-402B-942B-34800C75B5E7}C:\program files (x86)\microsoft games\halo trial\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo trial\halo.exe FirewallRules: [UDP Query User{8E5BD63C-0C30-458F-BFD7-F2DA3802488C}C:\program files (x86)\microsoft games\halo trial\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo trial\halo.exe FirewallRules: [{73633208-1622-4EA9-A960-6619EFDFC341}] => (Block) C:\program files (x86)\microsoft games\halo trial\halo.exe FirewallRules: [{36AF3F59-EA84-427B-A118-9368BBA1B883}] => (Block) C:\program files (x86)\microsoft games\halo trial\halo.exe FirewallRules: [{EA198F0E-C204-4D2E-9FAB-BEEBC36597A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{BB177020-E90D-4B29-B4F2-B3A4CCA72823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{E1DC60FE-64BF-4570-8722-8FCD96E1ACA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe FirewallRules: [{750ACF3E-C846-46FA-937C-90E717B4AB03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe FirewallRules: [{44C3231C-583B-48AC-8DF1-0E45B6261B8A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{E0D6A63F-1F63-4FBF-8B23-C10B8582D11F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: USB Camera Description: USB-Videogerät Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/26/2016 12:18:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppVLp.exe, Version: 5.151.57.0, Zeitstempel: 0x5771a0dd Name des fehlerhaften Moduls: AppVIsvStream32.dll, Version: 0.0.0.0, Zeitstempel: 0x5771a0ce Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001f287 ID des fehlerhaften Prozesses: 0x1a54 Startzeit der fehlerhaften Anwendung: 0x01d247d6d3d058e7 Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office 15\Root\Client\AppVLp.exe Pfad des fehlerhaften Moduls: C:\Program Files\Microsoft Office 15\Root\Client\AppVIsvStream32.dll Berichtskennung: 1474c55b-b3ca-11e6-82e9-b8ee65da382a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/26/2016 12:16:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 115c Startzeit: 01d247d5dbbeeb1b Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: d16bd654-b3c9-11e6-82e9-b8ee65da382a Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (11/26/2016 12:09:53 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) Das System kann die angegebene Datei nicht finden. Error: (11/24/2016 07:40:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 15.0.4871.1000, Zeitstempel: 0x57ea22a9 Name des fehlerhaften Moduls: AppVIsvStream32.dll, Version: 0.0.0.0, Zeitstempel: 0x5771a0ce Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001f287 ID des fehlerhaften Prozesses: 0x22d4 Startzeit der fehlerhaften Anwendung: 0x01d2468248ca7b41 Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE Pfad des fehlerhaften Moduls: C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll Berichtskennung: 86a73434-b275-11e6-82e8-005056c00008 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/24/2016 06:35:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BENSWIDERSKY) Description: Bei der Aktivierung der App „Microsoft.WindowsCalculator_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147024809. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (11/24/2016 06:35:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 80070005). Error: (11/18/2016 05:17:50 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 80070005). Error: (11/13/2016 06:25:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_PcaSvc, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e Ausnahmecode: 0xc0000008 Fehleroffset: 0x00000000000925fa ID des fehlerhaften Prozesses: 0x430 Startzeit der fehlerhaften Anwendung: 0x01d23c1d13e64a43 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2b99ab96-a9c6-11e6-82e8-005056c00008 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/13/2016 06:24:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 19a8 Startzeit: 01d23dd25ad18115 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: f0b3af5c-a9c5-11e6-82e8-005056c00008 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (11/13/2016 06:23:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BENSWIDERSKY) Description: Das Paket „microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+ppleae38af2e007f4358a809ac99a64a67c1“ wurde beendet, da das Anhalten zu lange dauerte. Systemfehler: ============= Error: (11/26/2016 12:19:20 PM) (Source: DCOM) (EventID: 10010) (User: BENSWIDERSKY) Description: Der Server "{14286318-B6CF-49A1-81FC-D74AD94902F9}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (11/26/2016 12:15:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde nicht richtig gestartet. Error: (11/26/2016 12:10:52 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT-AUTORITÄT) Description: Der Ereignisprotokollierungsdienst hat beim Aktivieren des Herausgebers "{0BF2FB94-7B60-4B4D-9766-E82F658DF540}" für den Kanal "Microsoft-Windows-Kernel-ShimEngine/Operational" einen Fehler (5) erkannt. Dieser Fehler hat keinen Einfluss auf den Betrieb des Kanals, beeinträchtigt jedoch die Fähigkeit des Herausgebers, Ereignisse für den Kanal auszulösen. Dieser Fehler ist oft darauf zurückzuführen, dass der Anbieter die ETW-Anbietersicherheit verwendet und der Ereignisprotokoll-Dienstidentität keine Berechtigungen zum Aktivieren gewährt hat. Error: (11/26/2016 12:10:45 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT-AUTORITÄT) Description: Der Ereignisprotokollierungsdienst hat beim Aktivieren des Herausgebers "{0BF2FB94-7B60-4B4D-9766-E82F658DF540}" für den Kanal "Microsoft-Windows-Kernel-ShimEngine/Operational" einen Fehler (5) erkannt. Dieser Fehler hat keinen Einfluss auf den Betrieb des Kanals, beeinträchtigt jedoch die Fähigkeit des Herausgebers, Ereignisse für den Kanal auszulösen. Dieser Fehler ist oft darauf zurückzuführen, dass der Anbieter die ETW-Anbietersicherheit verwendet und der Ereignisprotokoll-Dienstidentität keine Berechtigungen zum Aktivieren gewährt hat. Error: (11/26/2016 12:09:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Advanced SystemCare Service 8" wurde aufgrund folgenden Fehlers nicht gestartet: Das System kann die angegebene Datei nicht finden. Error: (11/26/2016 12:06:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: Der Dienst wurde nicht gestartet. Error: (11/26/2016 12:05:56 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (11/24/2016 07:41:45 PM) (Source: DCOM) (EventID: 10010) (User: BENSWIDERSKY) Description: Der Server "{000209FF-0000-0000-C000-000000000046}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (11/21/2016 08:25:44 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (11/21/2016 08:11:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. CodeIntegrity: =================================== Date: 2016-11-12 06:26:01.180 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\Hamdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Prozentuale Nutzung des RAM: 32% Installierter physikalischer RAM: 12171.27 MB Verfügbarer physikalischer RAM: 8235.82 MB Summe virtueller Speicher: 14027.27 MB Verfügbarer virtueller Speicher: 9074.5 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:13.36 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:272.31 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: B4ADA6A4) Partition: GPT. ==================== Ende von Addition.txt ============================ |
28.11.2016, 13:54 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Tr.Dropper.gen Äh aha. Und das ist jetzt wo ein Problem?
__________________
__________________ |
28.11.2016, 15:41 | #4 |
| Tr.Dropper.gen Ich habe Malware ausgeführt |
28.11.2016, 15:56 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Tr.Dropper.gen Sehr informativ Wo sind denn die Logs zu deinem Dropper?
__________________ Logfiles bitte immer in CODE-Tags posten |
28.11.2016, 17:25 | #6 |
| Tr.Dropper.gen Auf meinem Laptop (Bin Grade am Handy) Logs kommen heute Abend oder Morgen Früh. |
29.11.2016, 22:53 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Tr.Dropper.gen Kommt da noch was??
__________________ Logfiles bitte immer in CODE-Tags posten |
30.11.2016, 12:30 | #8 |
| Tr.Dropper.gen Ja so um 6-7 Uhr |
Themen zu Tr.Dropper.gen |
dummheit, leute, links, rechtsklick, tr.dropper.gen |