|
Plagegeister aller Art und deren Bekämpfung: csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.09.2017, 20:48 | #1 | |
| csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/... Guten Abend allerseits, ich bin neu hier und auch gleich mit einem (für mich aktuell gefühlt) "riesigen" Problem. Ich habe ein Update für Simcity gesucht (ja, EA bietet da leider selber nichts an...) und dann bei Google gesucht und ja... war wohl nicht das Richtige, aber nun ist die Kacke am Dampfen Seit der Benutzung von Windows (immer seit '98) noch nie sowas gehabt... und nun wohl zu leichtsinnig gewesen. Nach dem Hochfahren vergeht einiges an Zeit, bis ich überhaupt erstmal was machen kann und dann werde ich mit Werbung zugespammt, zig komische Prozesse offen, wenn ich google, lande ich auf Yahoo und ja... es geht erst wieder ohne Internet, alle Prozesse schließen und dann Internet wieder an. Dann startet und installiert und downloadet er zwar wieder wie verrückt, aber man kann zumindest was machen. Was ihr an Informationen benötigt stelle ich euch postwendend zur Verfügung... nur googlen kann ich es leider nicht. Der Gag ist, wenn ich Malwarescanner google und das dann installiere sagt er mir "Das Ausführen von Software auf dem Computer wurde für diesen Herausgeber blockiert". Windows Defender zeigt an "Das Programm wurde durch eine Gruppenrichtlinie geblockt" und Avira kann ich auch nicht installieren "Service 'Avira Service Host' (Avira.ServiceHost) failed to start." usw. usw. Im Anhang sollte sich ein Screenshot von den Prozessen befinden. Eben hat er mir auch diesen Tab schließen wollen... ich fühle mich dezent fremd gesteuert, da noch 40 weitere Werbetabs offen sind... Ich hoffe ich kann alle nötigen Informationen bereitstellen und mir kann geholfen werden Danke im Voraus Gruß Edit: Addition.txt Code:
ATTFilter
Geändert von Mud92 (03.09.2017 um 20:59 Uhr) |
03.09.2017, 20:59 | #2 |
| csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/...Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 durchgeführt von Martin (Administrator) auf MARTIN-PC (03-09-2017 21:50:59) Gestartet von C:\Users\Martin\AppData\Local\Temp\scoped_dir9304_32589 Geladene Profile: Martin (Verfügbare Profile: Martin) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Opera) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\ProgramData\Logic Cramble\set.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\clsid16489.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe () C:\ProgramData\PrefsSecure\Nettrans.exe () C:\Windows\Temp\g1E8A.tmp.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe () C:\Windows\svchost.exe (Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (1) C:\Program Files (x86)\SDownloader\RKRMYBB4A19HA9I.exe (1) C:\Program Files (x86)\ShutdownTime\2WQ0D70CZN7RBOL.exe () C:\Program Files (x86)\dry7reYQ6I\updengine.exe () C:\Users\Martin\AppData\Roaming\ircxamjbdex\ttualzabmxf.exe () C:\Program Files\W6K6U2RAYB\W6K6U2RAY.exe () C:\Users\Martin\AppData\Roaming\mxbls0r2wlx\zsirsfcp015.exe () C:\Users\Martin\AppData\Roaming\23ysz3xdgoa\t1nifuevwxi.exe () C:\Users\Martin\AppData\Roaming\ix5ht31la24\4kl424axw3x.exe () C:\Users\Martin\AppData\Roaming\xqtkx0wm0gr\i5cxsyjpboi.exe () C:\Users\Martin\AppData\Roaming\n5vhbxnyjv4\zrw1fmf5uju.exe () C:\Users\Martin\AppData\Roaming\xit35i0prr4\s3xkcfscss1.exe () C:\Program Files\9HYBPKO95D\9HYBPKO95.exe () C:\Program Files\IWOHYBDD7A\IWOHYBDD7.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Program Files\AudioMX HS-11B Headset\CPL\FaceLift_x64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Users\Martin\AppData\Roaming\hdp4vvfs3k3\j4utdjouyf3.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Users\Martin\AppData\Roaming\riyrr1qk4ga\pp0sbbhw45p.exe (1) C:\Program Files\NZKF69OGHP\NZKF69OGH.exe () C:\Users\Martin\AppData\Roaming\shuqwilelrn\sp51wdicuri.exe () C:\Users\Martin\AppData\Roaming\fdi1kdcnyni\2jzg2htg5uv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (1) C:\Program Files\89PUNDTUX9\89PUNDTUX.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Users\Martin\AppData\Roaming\copi4mslqlt\2spd4qtusxt.exe () C:\Users\Martin\AppData\Roaming\yqsllvyegxj\ysnrazuwwkz.exe () C:\Users\Martin\AppData\Roaming\4e4hlehfvnf\lr1rjb1i4yc.exe (1) C:\Program Files\ZZFOH8V0GD\ZZFOH8V0G.exe () C:\Users\Martin\AppData\Roaming\ipfea5szlx2\ve0trfta2dr.exe () C:\Users\Martin\AppData\Roaming\pjbaoqcdlqk\34dk1uqm31x.exe () C:\Users\Martin\AppData\Roaming\ojyfe1tqxle\vqixnkk3b0w.exe () C:\Users\Martin\AppData\Roaming\kkuaf3unqup\mkusperuzoq.exe () C:\Users\Martin\AppData\Roaming\maof5k4rau2\rox5dz50qxp.exe (1) C:\Program Files\ZCAHD3Y5LH\ZCAHD3Y5L.exe () C:\Users\Martin\AppData\Roaming\dxrdwvqcbbd\kunxkzsey3i.exe (1) C:\Program Files\G7F9FQQLD4\G7F9FQQLD.exe (1) C:\Program Files\LXI2VTNF8G\LXI2VTNF8.exe () C:\Users\Martin\AppData\Roaming\uplhmap22k5\pfaucditzzj.exe (L88V4J) C:\Program Files\1ET4JYM1M7\1ET4JYM1M.exe () C:\Users\Martin\AppData\Roaming\ircxamjbdex\ttualzabmxf.exe () C:\Program Files\W6K6U2RAYB\W6K6U2RAY.exe () C:\Users\Martin\AppData\Roaming\mxbls0r2wlx\zsirsfcp015.exe () C:\Users\Martin\AppData\Roaming\23ysz3xdgoa\t1nifuevwxi.exe () C:\Users\Martin\AppData\Roaming\ix5ht31la24\4kl424axw3x.exe () C:\Users\Martin\AppData\Roaming\xqtkx0wm0gr\i5cxsyjpboi.exe () C:\Users\Martin\AppData\Roaming\n5vhbxnyjv4\zrw1fmf5uju.exe () C:\Program Files\SILMTMLWGN\SILMTMLWG.exe () C:\Users\Martin\AppData\Roaming\xit35i0prr4\s3xkcfscss1.exe () C:\Program Files\9HYBPKO95D\9HYBPKO95.exe () C:\Program Files\IWOHYBDD7A\IWOHYBDD7.exe () C:\Program Files\1TN9EXRST9\1TN9EXRST.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe () C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (TODO: <Company name>) C:\ProgramData\AppmallosayoV\AppmallosayoV.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe (Microsoft Corporation) C:\Windows\csrss.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (EDOOJ) C:\Users\Martin\AppData\Roaming\CpuzApp4\CpuzApp.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe (Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Avira Operations GmbH & Co. KG) C:\Users\Martin\Documents\avira_de_free0___pcw.exe (Avira Operations GmbH & Co. KG) C:\Users\Martin\AppData\Local\Temp\{348F0A61-19F0-4C85-9D24-0F9EEFD8E16F}\.cr\avira_de_free0___pcw.exe (Avira Operations GmbH & Co. KG) C:\Users\Martin\AppData\Local\Temp\{B6396FF3-23A9-423F-BCDE-275D6618C8F6}\.be\Avira.OE.Setup.Bundle.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Cm108BSound] => C:\Program Files\AudioMX HS-11B Headset\CPL\FaceLift_x64.exe [2300416 2014-11-10] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17654904 2017-06-16] (Logitech Inc.) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation) HKLM-x32\...\Run: [win32] => C:\kernels\drivers.vbs [474 2012-11-02] () HKLM-x32\...\Run: [IR_SERVER] => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [Komsa_Germany Silverstone ModemListener] => C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] () HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-08-15] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated) HKLM\...\RunOnce: [OMEWPRODUCT_S945L] => C:\Program Files (x86)\SDownloader\RKRMYBB4A19HA9I.exe [337408 2017-09-03] (1) <==== ACHTUNG HKLM\...\RunOnce: [OMEWPRODUCT_LE0BO] => C:\Program Files (x86)\ShutdownTime\2WQ0D70CZN7RBOL.exe [337408 2017-09-03] (1) <==== ACHTUNG HKLM\...\RunOnce: [MARTIN-PC] => C:\Windows\Temp\g1767.tmp.exe [212992 2017-09-03] () <==== ACHTUNG HKLM-x32\...\RunOnce: [{4771539a-931b-4378-8d4a-721ba62effca}] => C:\ProgramData\Package Cache\{4771539a-931b-4378-8d4a-721ba62effca}\Avira.OE.Setup.Bundle.exe [985216 2017-09-03] (Avira Operations GmbH & Co. KG) HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ACHTUNG HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ACHTUNG HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ACHTUNG HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ACHTUNG HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ACHTUNG HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ACHTUNG HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ACHTUNG HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ACHTUNG HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ACHTUNG HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ACHTUNG HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ACHTUNG HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ACHTUNG HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ACHTUNG HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ACHTUNG HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ACHTUNG HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ACHTUNG HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ACHTUNG HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ACHTUNG HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ACHTUNG HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ACHTUNG HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ACHTUNG HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ACHTUNG HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ACHTUNG HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ACHTUNG HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ACHTUNG HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ACHTUNG HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ACHTUNG HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ACHTUNG HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ACHTUNG HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ACHTUNG HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ACHTUNG HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ACHTUNG HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ACHTUNG HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ACHTUNG HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ACHTUNG HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ACHTUNG HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ACHTUNG HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ACHTUNG HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ACHTUNG HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ACHTUNG HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ACHTUNG HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ACHTUNG HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ACHTUNG HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ACHTUNG HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ACHTUNG HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10601064 2017-05-09] (Windscribe Limited) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [cukq3sjfmlk] => C:\Users\Martin\AppData\Roaming\hdp4vvfs3k3\j4utdjouyf3.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [46KY45Y6GNAX6GE] => C:\Program Files\RZA7MRGA68\RZA7MRGA6.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [kr31rvbcdsc] => C:\Users\Martin\AppData\Roaming\riyrr1qk4ga\pp0sbbhw45p.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [1X2WRPBA96JJFLH] => C:\Program Files\NZKF69OGHP\NZKF69OGH.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [7HKGEC5334ZKKW3] => C:\Program Files (x86)\SDownloader\8OZAD.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [ktnwiru5x0h] => C:\Users\Martin\AppData\Roaming\shuqwilelrn\sp51wdicuri.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [21nx2fmqywu] => C:\Users\Martin\AppData\Roaming\fdi1kdcnyni\2jzg2htg5uv.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [part64] => rundll32.exe "C:\Users\Martin\AppData\Local\part64.dll",part64 <==== ACHTUNG HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [JUKXJ9FQLN4V4GQ] => C:\Program Files\89PUNDTUX9\89PUNDTUX.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [1RIOZUS47MX5Q2Q] => C:\Program Files\M04OI8EH76\M04OI8EH7.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [DawnGlitter] => C:\Windows\rss\csrss.exe [4602880 2017-09-03] () <==== ACHTUNG HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [CloudNet] => C:\Users\Martin\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [776704 2017-09-03] (EpicNet Inc.) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [2klajah2d42] => C:\Users\Martin\AppData\Roaming\copi4mslqlt\2spd4qtusxt.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [ye2kbzwzp03] => C:\Users\Martin\AppData\Roaming\yqsllvyegxj\ysnrazuwwkz.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [ZQL2ZWMZ6HU0U5O] => C:\Program Files\RCPPGDPT8D\RCPPGDPT8.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [2icaxiahz5a] => C:\Users\Martin\AppData\Roaming\4e4hlehfvnf\lr1rjb1i4yc.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [Z4C4HIC5RUZVVYN] => C:\Program Files\ZZFOH8V0GD\ZZFOH8V0G.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [boyabkqf4r5] => C:\Users\Martin\AppData\Roaming\ipfea5szlx2\ve0trfta2dr.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [o2iirbs12jr] => C:\Users\Martin\AppData\Roaming\pjbaoqcdlqk\34dk1uqm31x.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [1mplytllmm3] => C:\Users\Martin\AppData\Roaming\ojyfe1tqxle\vqixnkk3b0w.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [kbulvvcqysw] => C:\Users\Martin\AppData\Roaming\kkuaf3unqup\mkusperuzoq.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [325flxvnnbx] => C:\Users\Martin\AppData\Roaming\maof5k4rau2\rox5dz50qxp.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [CZPJCOLGV1K8QSW] => C:\Program Files\ZCAHD3Y5LH\ZCAHD3Y5L.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [YLY8SUXC3ZENZWC] => C:\Program Files\4UKDRNXPTV\4UKDRNXPT.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [0y1vk1d12nx] => C:\Users\Martin\AppData\Roaming\dxrdwvqcbbd\kunxkzsey3i.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [1TX2TYF3JS8R2RB] => C:\Program Files\G7F9FQQLD4\G7F9FQQLD.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [T1XY5VF268RZ3CV] => C:\Program Files\LXI2VTNF8G\LXI2VTNF8.exe [1325056 2017-09-03] (1) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [abnnirxqeod] => C:\Users\Martin\AppData\Roaming\uplhmap22k5\pfaucditzzj.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [VT1LL08OL39QL0T] => C:\Program Files\1ET4JYM1M7\1ET4JYM1M.exe [1218048 2017-09-03] (L88V4J) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [klbnpirhcbx] => C:\Users\Martin\AppData\Roaming\ircxamjbdex\ttualzabmxf.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [IENZ237H78UAS3R] => C:\Program Files\W6K6U2RAYB\W6K6U2RAY.exe [1227264 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [3iss4pzuapi] => C:\Users\Martin\AppData\Roaming\mxbls0r2wlx\zsirsfcp015.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [rsps1g534td] => C:\Users\Martin\AppData\Roaming\23ysz3xdgoa\t1nifuevwxi.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [z2jnzea013e] => C:\Users\Martin\AppData\Roaming\ix5ht31la24\4kl424axw3x.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [hmzqrekjo25] => C:\Users\Martin\AppData\Roaming\xqtkx0wm0gr\i5cxsyjpboi.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [1e4xjdzsoc2] => C:\Users\Martin\AppData\Roaming\n5vhbxnyjv4\zrw1fmf5uju.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [ZDFHFYC5EPH6KSY] => C:\Program Files\SILMTMLWGN\SILMTMLWG.exe [1227264 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [ymaonvsmtbo] => C:\Users\Martin\AppData\Roaming\xit35i0prr4\s3xkcfscss1.exe [8192 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [GMAQHU6OPQ0TN51] => C:\Program Files\9HYBPKO95D\9HYBPKO95.exe [1227264 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [DKZMRZ27OQ7GCJV] => C:\Program Files\IWOHYBDD7A\IWOHYBDD7.exe [1227264 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [6JH6H7RO1E3F01Y] => C:\Program Files\1TN9EXRST9\1TN9EXRST.exe [1227264 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [HexaDesK] => C:\Users\Martin\AppData\Roaming\HexaDesK\HexaDesK.exe [1236328 2017-08-19] (STOX TECHNOLOGY) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Run: [CpuzApp] => C:\Users\Martin\AppData\Roaming\CpuzApp4\CpuzApp.exe [2113472 2017-09-03] (EDOOJ) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\RunOnce: [uninst1] => C:\Users\Martin\AppData\Local\uninstallce.exe [3072 2017-09-03] () HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\MountPoints2: {12b95964-e3d7-11e1-9dcc-806e6f6e6963} - D:\autorun.exe HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\MountPoints2: {79376a5e-f5b2-11e1-bb67-902b343487d5} - E:\install.exe HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\MountPoints2: {83f52f5b-ffe9-11e1-9c69-902b343487d5} - G:\Install.exe HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\MountPoints2: {881af519-67bd-11e2-b9e7-902b343487d5} - I:\autorun.exe HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\MountPoints2: {a6af9051-4338-11e3-b4e6-806e6f6e6963} - D:\autorun.exe AppInit_DLLs: C:\ProgramData\AppmallosayoV\InIs.dll => C:\ProgramData\AppmallosayoV\InIs.dll [343552 2017-09-03] () AppInit_DLLs-x32: C:\ProgramData\AppmallosayoV\Overin.dll => C:\ProgramData\AppmallosayoV\Overin.dll [246784 2017-09-03] () GroupPolicy: Beschränkung - Chrome <==== ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{6103039F-F3FB-44E3-BD48-9727307B92C4}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{8DED8FDF-0602-4FA9-93EE-03AE92F60663}: [NameServer] 62.138.239.45 Tcpip\..\Interfaces\{8DED8FDF-0602-4FA9-93EE-03AE92F60663}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{BA63B5EE-61A1-4F6A-9203-D54F24CADBAA}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{BD9B16D6-36AC-45C6-8F27-B0CC312CAA47}: [DhcpNameServer] 10.110.122.1 Internet Explorer: ================== HKU\S-1-5-21-4274444522-239977233-1919266746-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkOOmCCYjHgvUD836rR8tB1b0k2LLIK5V5l-X25Ljh323tNcJDUMq5txA_rB0DGWRu_z1QFmn-qnsfFLABULL9CW_vf9nz63E_5Ork30fntB6fQT-wHeGQiCnFPAONyVbyUAYfiHVksBkv4vULC_ooNUEVy365InSicl56Ca1W_q&q={searchTerms} HKU\S-1-5-21-4274444522-239977233-1919266746-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkOOmCCYjHgvUD836rR8tB1b0k2LLIK5V5l-X25Ljh323tNcJDUMq5txA_rB0DGWRu_z1QFmn-qnsfFHBuHqq81eVbkwTfTw_zSCbc7PzZzwvO8TM3mg4BWUKDMV24dUKj4UAknG3akTZLQjnxj9OTJTgYy0DYjQEZIFkyySqOEr HKU\S-1-5-21-4274444522-239977233-1919266746-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkOOmCCYjHgvUD836rR8tB1b0k2LLIK5V5l-X25Ljh323tNcJDUMq5txA_rB0DGWRu_z1QFmn-qnsfFLABULL9CW_vf9nz63E_5Ork30fntB6fQT-wHeGQiCnFPAONyVbyUAYfiHVksBkv4vULC_ooNUEVy365InSicl56Ca1W_q&q={searchTerms} SearchScopes: HKU\S-1-5-21-4274444522-239977233-1919266746-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkOOmCCYjHgvUD836rR8tB1b0k2LLIK5V5l-X25Ljh323tNcJDUMq5txA_rB0DGWRu_z1QFmn-qnsfFLABULL9CW_vf9nz63E_5Ork30fntB6fQT-wHeGQiCnFPAONyVbyUAYfiHVksBkv4vULC_ooNUEVy365InSicl56Ca1W_q&q={searchTerms} SearchScopes: HKU\S-1-5-21-4274444522-239977233-1919266746-1000 -> {2629CD96-88A0-4a5d-B784-6BE26E1DFD2A} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} SearchScopes: HKU\S-1-5-21-4274444522-239977233-1919266746-1000 -> {C9ED399D-D71C-463f-96B8-51071E6C989D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV SearchScopes: HKU\S-1-5-21-4274444522-239977233-1919266746-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkOOmCCYjHgvUD836rR8tB1b0k2LLIK5V5l-X25Ljh323tNcJDUMq5txA_rB0DGWRu_z1QFmn-qnsfFLABULL9CW_vf9nz63E_5Ork30fntB6fQT-wHeGQiCnFPAONyVbyUAYfiHVksBkv4vULC_ooNUEVy365InSicl56Ca1W_q&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-09] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: - -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{7E3A8050-6F2E-4CF2-85E3-8B899E9A79C7}\{5F5BB6A4-E0BF-42F8-9F7A-6409F89587BF}.bin [2017-09-03] ( ) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-09] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-11-25] (Perfect World Entertainment Inc) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO-x32: - -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{8D47D459-B5AE-4F59-90C8-1633C7FC787B}\{7B7AF6C7-3BB8-4CFD-B44A-A603C544551E}.bin [2017-09-03] ( ) Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default [2017-09-03] FF user.js: detected! => C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\user.js [2017-07-12] FF NewTab: Mozilla\Firefox\Profiles\i7opqxyh.default -> C:\ProgramData\AppmallosayoVs\ff.NT FF Homepage: Mozilla\Firefox\Profiles\i7opqxyh.default -> C:\ProgramData\AppmallosayoVs\ff.HP FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.ftp", "84.10.1.42" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.ftp_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.socks", "84.10.1.42" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.socks_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.ssl", "84.10.1.42" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.ssl_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> ftp", "185.25.148.167" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> ftp_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> http", "185.25.148.167" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> http_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> share_proxy_settings", true FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> socks", "185.25.148.167" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> socks_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> ssl", "185.25.148.167" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> ssl_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> type", 0 FF Extension: (Tables) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\300414@extcorp.com.xpi [2017-08-23] FF Extension: (Avira Browser Safety) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\abs@avira.com.xpi [2017-07-27] FF Extension: (SaveFrom.net helper) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\helper-sig@savefrom.net.xpi [2017-08-24] FF Extension: (ProxTube) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\ich@maltegoetz.de.xpi [2017-07-03] FF Extension: (PlugIn-Checker) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi [2017-07-16] FF Extension: (Quick Searcher) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2017-09-03] FF Extension: (Who Deleted Me) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\whodeletedme@deleted.io.xpi [2017-05-22] FF Extension: (Modify Headers) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-04-27] FF Extension: (Firefox Screenshots) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\features\{34e3885c-c768-4954-89fe-39d4051a328b}\screenshots@mozilla.org.xpi [2017-09-01] FF HKLM-x32\...\Firefox\Extensions: [{80ED13C1-4152-45EB-8698-598BE3A62B48}] - C:\Windows\Installer\{2DFCAC87-BC01-4B1A-835B-430E99F31267}\{80ED13C1-4152-45EB-8698-598BE3A62B48}.xpi => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [{CC84D9B2-9577-42E4-8F84-A0A79CEAA7D2}] - C:\Windows\Installer\{7647B13A-C47E-4371-B6BB-DB0F064C7340}\{CC84D9B2-9577-42E4-8F84-A0A79CEAA7D2}.xpi => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [{712377D3-9AEB-4569-A921-75AE59DA69B8}] - C:\Windows\Installer\{B5AA8423-3D86-4421-9CDE-1D080D3E65AD}\{712377D3-9AEB-4569-A921-75AE59DA69B8}.xpi FF Extension: ( ) - C:\Windows\Installer\{B5AA8423-3D86-4421-9CDE-1D080D3E65AD}\{712377D3-9AEB-4569-A921-75AE59DA69B8}.xpi [2017-09-03] FF HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\Firefox\Extensions: [blyrics@be-lyrics.net] - C:\Program Files (x86)\bLyrics\120.xpi => nicht gefunden FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-19] () FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-09] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-19] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-09-29] (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-11-25] (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems) FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC) FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC) FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC) FF Plugin HKU\S-1-5-21-4274444522-239977233-1919266746-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-07-18] () FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-04-20] <==== ACHTUNG Chrome: ======= CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2017-09-03] CHR Extension: (Google Präsentationen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-16] CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-16] CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-16] CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-16] CHR Extension: (Chrome IG Story) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2017-08-28] CHR Extension: (Google Tabellen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-16] CHR Extension: (Tables) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-09-03] CHR Extension: (Google Docs Offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-16] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28] CHR Extension: (Quick Searcher) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-09-03] CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-16] CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-06] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR StartupUrls: "hxxp://t-online.de/" OPR Extension: (Tables) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj [2017-09-03] OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-07-12] OPR Extension: (Quick Searcher) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-09-03] ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AppmallosayoV; C:\ProgramData\\AppmallosayoV\\AppmallosayoV.exe [2554368 2017-09-02] (TODO: <Company name>) [Datei ist nicht signiert] S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-11-25] (Perfect World Entertainment Inc) S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [404816 2017-08-15] (Avira Operations GmbH & Co. KG) [Datei ist nicht signiert] R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2017-08-17] () [Datei ist nicht signiert] <==== ACHTUNG R2 clsid16489; C:\ProgramData\clsid16489.exe [406208 2017-09-03] () S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] () R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-06-16] (Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) [Datei ist nicht signiert] R2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2017-08-28] () [Datei ist nicht signiert] <==== ACHTUNG S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2013-08-22] (The OpenVPN Project) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-09-02] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-09-02] (Electronic Arts) S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ACHTUNG R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-16] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH) R2 UI Assistant Service; C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe [241664 2009-03-30] () [Datei ist nicht signiert] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WinDefender; C:\Windows\windefender.exe [3430912 2017-09-03] () [Datei ist nicht signiert] R2 Windows; C:\Windows\svchost.exe [177152 2017-09-03] () [Datei ist nicht signiert] R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [71272 2017-05-09] (Windscribe Limited) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2017-06-05] () [Datei ist nicht signiert] S3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.sys [593920 2014-08-01] (C-MEDIA) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-04] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-08-14] () S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-06-16] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2017-06-16] (Logitech Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2017-06-05] () [Datei ist nicht signiert] R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project) S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21] (The OpenVPN Project) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) R3 WinMon; C:\Windows\System32\drivers\Winmon.sys [9352 2017-09-03] () [Datei ist nicht signiert] R2 WinRing0_1_2_0; C:\Users\Martin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [14544 2012-08-11] (OpenLibSys.org) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-09-03 21:30 - 2017-09-03 21:31 - 004916408 _____ (Avira Operations GmbH & Co. KG) C:\Users\Martin\Documents\avira_de_free0___pcw.exe 2017-09-03 21:27 - 2017-09-03 21:27 - 000000000 ____D C:\Program Files (x86)\ProxyGate 2017-09-03 21:26 - 2017-09-03 21:26 - 000001046 _____ C:\Users\Martin\Desktop\cpuz.lnk 2017-09-03 21:26 - 2017-09-03 21:26 - 000000000 ____D C:\Users\Martin\AppData\Roaming\CpuzApp4 2017-09-03 21:25 - 2017-09-03 21:25 - 006760064 _____ (ESET spol. s r.o.) C:\Users\Martin\Documents\ESETOnlineScanner_DEU.exe 2017-09-03 21:25 - 2017-09-03 21:25 - 000014918 _____ C:\Windows\System32\Tasks\{3E43C360-7FB6-49C5-AD96-5DF8A4C284CC} 2017-09-03 21:25 - 2017-09-03 21:25 - 000002482 _____ C:\Windows\System32\Tasks\HEXA DESK 2017-09-03 21:25 - 2017-09-03 21:25 - 000000939 _____ C:\Users\Martin\Desktop\HEXA DESK.lnk 2017-09-03 21:25 - 2017-09-03 21:25 - 000000919 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\HEXA DESK.lnk 2017-09-03 21:25 - 2017-09-03 21:25 - 000000268 _____ C:\Windows\Tasks\HEXA DESK.job 2017-09-03 21:25 - 2017-09-03 21:25 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Temp 2017-09-03 21:25 - 2017-09-03 21:25 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HEXA DESK 2017-09-03 21:25 - 2017-09-03 21:25 - 000000000 ____D C:\Users\Martin\AppData\Roaming\HexaDesK 2017-09-03 21:25 - 2017-09-03 21:25 - 000000000 ____D C:\Users\Martin\AppData\Roaming\BrowserModule 2017-09-03 21:25 - 2017-09-03 21:25 - 000000000 ____D C:\ProgramData\Windows 2017-09-03 21:22 - 2017-09-03 21:24 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-03 21:22 - 2017-09-03 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-03 21:22 - 2017-09-03 21:22 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-03 21:22 - 2017-09-03 21:22 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-03 21:22 - 2017-08-21 07:20 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-09-03 21:21 - 2017-09-03 21:21 - 001526792 _____ C:\Users\Martin\Documents\Malwarebytes Malware Scanner - CHIP-Installer.exe 2017-09-03 21:07 - 2017-09-03 21:07 - 000004110 _____ C:\Windows\System32\Tasks\AppleChargerSrvServiceASP.NET-Zustandsdienst 2017-09-03 21:05 - 2017-09-03 21:50 - 000000000 ____D C:\ProgramData\AppmallosayoV 2017-09-03 21:05 - 2017-09-03 21:05 - 000000000 ____D C:\ProgramData\AppmallosayoVs 2017-09-03 21:04 - 2017-09-03 21:04 - 000000000 _____ C:\Windows\SysWOW64\__00CE1C2B__C0000005.dmp 2017-09-03 21:01 - 2017-09-03 21:01 - 000000000 ____D C:\Users\Martin\AppData\Local\AdvinstAnalytics 2017-09-03 21:00 - 2017-09-03 21:00 - 000000004 _____ C:\ProgramData\_lg.3sap 2017-09-03 21:00 - 2017-09-03 21:00 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microleaves 2017-09-03 20:59 - 2017-09-03 21:10 - 000000000 ____D C:\Users\Martin\AppData\Local\InetInfoTools 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Users\Martin\AppData\Roaming\xqtkx0wm0gr 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Users\Martin\AppData\Roaming\xit35i0prr4 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Users\Martin\AppData\Roaming\n5vhbxnyjv4 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Users\Martin\AppData\Roaming\mxbls0r2wlx 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Users\Martin\AppData\Roaming\ix5ht31la24 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Users\Martin\AppData\Roaming\ircxamjbdex 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Users\Martin\AppData\Roaming\23ysz3xdgoa 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Program Files\W6K6U2RAYB 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Program Files\SILMTMLWGN 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Program Files\IWOHYBDD7A 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Program Files\9HYBPKO95D 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Program Files\1TN9EXRST9 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Program Files\{7E3A8050-6F2E-4CF2-85E3-8B899E9A79C7} 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Program Files (x86)\{E0F53F9D-7999-4BA5-9027-06B20FC6C0E6} 2017-09-03 20:59 - 2017-09-03 20:59 - 000000000 ____D C:\Program Files (x86)\{8D47D459-B5AE-4F59-90C8-1633C7FC787B} 2017-09-03 16:02 - 2017-09-03 16:02 - 002395648 _____ (Farbar) C:\Users\Martin\Documents\FRST64.exe 2017-09-03 16:02 - 2017-09-03 16:02 - 000000000 ____D C:\FRST 2017-09-03 15:42 - 2017-09-03 15:42 - 000000000 ____D C:\Users\Martin\AppData\Roaming\uplhmap22k5 2017-09-03 15:42 - 2017-09-03 15:42 - 000000000 ____D C:\Program Files\1ET4JYM1M7 2017-09-03 14:00 - 2016-06-26 02:27 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-09-03 14:00 - 2016-06-26 02:27 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-09-03 14:00 - 2016-06-26 02:27 - 000344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2017-09-03 14:00 - 2016-06-26 02:27 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2017-09-03 14:00 - 2016-06-26 02:27 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2017-09-03 14:00 - 2016-06-25 21:54 - 000497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2017-09-03 14:00 - 2016-06-25 21:53 - 000297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2017-09-03 14:00 - 2016-06-25 21:53 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe 2017-09-03 14:00 - 2016-06-25 21:53 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe 2017-09-03 14:00 - 2016-06-25 21:41 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe 2017-09-03 14:00 - 2016-02-12 20:52 - 003169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2017-09-03 14:00 - 2016-02-12 20:52 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2017-09-03 14:00 - 2016-02-12 20:52 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2017-09-03 14:00 - 2016-02-12 20:44 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2017-09-03 14:00 - 2016-02-12 20:39 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2017-09-03 14:00 - 2016-02-12 20:22 - 002610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-09-03 14:00 - 2016-02-12 20:19 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-09-03 14:00 - 2016-02-12 20:18 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2017-09-03 14:00 - 2016-02-12 20:18 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2017-09-03 14:00 - 2016-02-12 20:18 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2017-09-03 14:00 - 2016-02-12 20:18 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2017-09-03 14:00 - 2016-02-12 20:18 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2017-09-03 14:00 - 2016-02-12 20:06 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2017-09-03 14:00 - 2016-02-12 20:05 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2017-09-03 14:00 - 2016-02-12 20:05 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2017-09-03 14:00 - 2016-02-12 20:05 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2017-09-03 14:00 - 2016-02-03 20:07 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2017-09-03 14:00 - 2016-01-06 21:02 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2017-09-03 14:00 - 2016-01-06 21:02 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2017-09-03 14:00 - 2016-01-06 20:41 - 000216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2017-09-03 13:49 - 2017-09-03 13:49 - 000000000 _____ C:\Windows\SysWOW64\__00D11C2B__C0000005.dmp 2017-09-03 13:48 - 2017-09-03 13:48 - 000003160 _____ C:\Windows\System32\Tasks\{002667BB-F9D0-4F0C-BE37-974C787CF7E8} 2017-09-03 13:42 - 2017-09-03 13:42 - 000001996 _____ C:\Windows\System32\Tasks\VhQw2OFut7 2017-09-03 13:42 - 2017-09-03 13:42 - 000001996 _____ C:\Windows\System32\Tasks\nQXisEo3lC 2017-09-03 13:41 - 2017-09-03 13:47 - 000000000 ____D C:\Program Files (x86)\dry7reYQ6I 2017-09-03 13:41 - 2017-09-03 13:41 - 000000306 __RSH C:\Users\Martin\ntuser.pol 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Users\Martin\AppData\Roaming\pjbaoqcdlqk 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Users\Martin\AppData\Roaming\ojyfe1tqxle 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Users\Martin\AppData\Roaming\maof5k4rau2 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Users\Martin\AppData\Roaming\kkuaf3unqup 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Users\Martin\AppData\Roaming\ipfea5szlx2 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Users\Martin\AppData\Roaming\dxrdwvqcbbd 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Program Files\ZCAHD3Y5LH 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Program Files\LXI2VTNF8G 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Program Files\G7F9FQQLD4 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Program Files\4UKDRNXPTV 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Program Files\{CC61A0D1-A462-4812-B031-524E798F64E2} 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Program Files (x86)\WiDKobkFRy0m 2017-09-03 13:41 - 2017-09-03 13:41 - 000000000 ____D C:\Program Files (x86)\{44070544-9739-4198-BEB2-98EABC6227FF} 2017-09-03 13:40 - 2017-09-03 13:41 - 000000000 ____D C:\Program Files\ZZFOH8V0GD 2017-09-03 13:40 - 2017-09-03 13:40 - 000003432 ____N C:\bootsqm.dat 2017-09-03 13:40 - 2017-09-03 13:40 - 000000000 ____D C:\Users\Martin\AppData\Roaming\4e4hlehfvnf 2017-09-03 13:35 - 2017-09-03 13:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\wec4uqf2d3y 2017-09-03 13:34 - 2017-09-03 13:35 - 000000000 ____D C:\Program Files\RCPPGDPT8D 2017-09-03 13:34 - 2017-09-03 13:34 - 000000000 ____D C:\Users\Martin\AppData\Roaming\yqsllvyegxj 2017-09-03 13:34 - 2017-09-03 13:34 - 000000000 ____D C:\Users\Martin\AppData\Roaming\copi4mslqlt 2017-09-03 13:32 - 2017-09-03 21:51 - 000016784 _____ C:\Windows\System32\Tasks\QUOSA USB Flash Prists Upgrade 2017-09-03 13:32 - 2017-09-03 13:42 - 000000000 ____D C:\Program Files (x86)\ShutdownTime 2017-09-03 13:32 - 2017-09-03 13:32 - 000000000 ____D C:\Users\Martin\AppData\Roaming\EpicNet Inc 2017-09-03 13:31 - 2017-09-03 21:09 - 000000000 ____D C:\Windows\SysWOW64\SSL 2017-09-03 13:31 - 2017-09-03 21:05 - 000031449 _____ C:\Windows\1e61f3fcf130e6786c212969e80c078b.ps1 2017-09-03 13:31 - 2017-09-03 21:05 - 000003474 _____ C:\Windows\System32\Tasks\1e61f3fcf130e6786c212969e80c078b 2017-09-03 13:31 - 2017-09-03 13:47 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk 2017-09-03 13:31 - 2017-09-03 13:47 - 000002059 _____ C:\Users\Public\Desktop\Ореrа.lnk 2017-09-03 13:31 - 2017-09-03 13:31 - 000000000 ____D C:\Users\Martin\AppData\Local\AppTrailers 2017-09-03 13:30 - 2017-09-03 21:05 - 000015607 _____ C:\Windows\SysWOW64\findit.xml 2017-09-03 13:30 - 2017-09-03 21:05 - 000000000 ____D C:\ProgramData\PrefsSecure 2017-09-03 13:30 - 2017-09-03 21:02 - 000001224 _____ C:\Users\Public\Desktop\Download icq.lnk 2017-09-03 13:30 - 2017-09-03 13:30 - 007327744 _____ C:\Users\Martin\AppData\Local\agent.dat 2017-09-03 13:30 - 2017-09-03 13:30 - 005572544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe 2017-09-03 13:30 - 2017-09-03 13:30 - 003430912 _____ C:\Windows\windefender.exe 2017-09-03 13:30 - 2017-09-03 13:30 - 001900814 _____ C:\Users\Martin\AppData\Local\Zaming.tst 2017-09-03 13:30 - 2017-09-03 13:30 - 001895382 _____ C:\Users\Martin\AppData\Local\LightDonsing.bin 2017-09-03 13:30 - 2017-09-03 13:30 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe 2017-09-03 13:30 - 2017-09-03 13:30 - 000278509 _____ C:\Users\Martin\AppData\Local\Goldrondox.bin 2017-09-03 13:30 - 2017-09-03 13:30 - 000126464 _____ C:\Users\Martin\AppData\Local\noah.dat 2017-09-03 13:30 - 2017-09-03 13:30 - 000070800 _____ C:\Users\Martin\AppData\Local\Config.xml 2017-09-03 13:30 - 2017-09-03 13:30 - 000018432 _____ C:\Users\Martin\AppData\Local\Main.dat 2017-09-03 13:30 - 2017-09-03 13:30 - 000009352 _____ C:\Windows\system32\Drivers\Winmon.sys 2017-09-03 13:30 - 2017-09-03 13:30 - 000005568 _____ C:\Users\Martin\AppData\Local\md.xml 2017-09-03 13:30 - 2017-09-03 13:30 - 000000000 ____D C:\Windows\rss 2017-09-03 13:30 - 2017-09-03 13:30 - 000000000 ____D C:\ProgramData\Voyasollams 2017-09-03 13:30 - 2017-09-03 13:30 - 000000000 ____D C:\ProgramData\Logic Cramble 2017-09-03 13:30 - 2017-09-03 13:29 - 002554368 _____ (TODO: <Company name>) C:\Users\Martin\AppData\Local\Zaming.exe 2017-09-03 13:29 - 2017-09-03 21:05 - 001847296 _____ C:\Users\Martin\AppData\Local\po.db 2017-09-03 13:29 - 2017-09-03 20:59 - 000014848 _____ C:\Users\Martin\AppData\Local\part64.dll 2017-09-03 13:29 - 2017-09-03 20:59 - 000005120 _____ C:\Windows\SysWOW64\wuapi64.dll 2017-09-03 13:29 - 2017-09-03 20:59 - 000003072 _____ C:\Users\Martin\AppData\Local\uninstallce.exe 2017-09-03 13:29 - 2017-09-03 20:59 - 000000306 __RSH C:\ProgramData\ntuser.pol 2017-09-03 13:29 - 2017-09-03 20:59 - 000000000 ____D C:\ProgramData\WindowsReporting 2017-09-03 13:29 - 2017-09-03 13:47 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk 2017-09-03 13:29 - 2017-09-03 13:47 - 000001876 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk 2017-09-03 13:29 - 2017-09-03 13:47 - 000001811 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа-Вrоwsеr.lnk 2017-09-03 13:29 - 2017-09-03 13:47 - 000000000 ____D C:\Program Files (x86)\SDownloader 2017-09-03 13:29 - 2017-09-03 13:30 - 000000000 ____D C:\Program Files\M04OI8EH76 2017-09-03 13:29 - 2017-09-03 13:29 - 000432640 _____ (Microsoft Corporation) C:\Windows\csrss.exe 2017-09-03 13:29 - 2017-09-03 13:29 - 000177152 _____ C:\Windows\svchost.exe 2017-09-03 13:29 - 2017-09-03 13:29 - 000140800 _____ C:\Users\Martin\AppData\Local\installer.dat 2017-09-03 13:29 - 2017-09-03 13:29 - 000103424 _____ C:\run.exe 2017-09-03 13:29 - 2017-09-03 13:29 - 000073216 _____ C:\Windows\taskmgr.exe 2017-09-03 13:29 - 2017-09-03 13:29 - 000016176 _____ C:\Users\Martin\AppData\Local\InstallationConfiguration.xml 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\Windows\Azart 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\Users\Martin\AppData\Roaming\shuqwilelrn 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\Users\Martin\AppData\Roaming\riyrr1qk4ga 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\Users\Martin\AppData\Roaming\hdp4vvfs3k3 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\Users\Martin\AppData\Roaming\fdi1kdcnyni 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\ProgramData\68980152-5ea7-0 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\ProgramData\68980152-3811-1 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\Program Files\RZA7MRGA68 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\Program Files\NZKF69OGHP 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\Program Files\89PUNDTUX9 2017-09-03 13:29 - 2017-08-08 10:47 - 000000332 _____ C:\Users\Martin\Desktop\Download Video and Audio Online.lnk 2017-09-03 13:28 - 2017-09-03 13:47 - 000002059 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk 2017-09-03 13:28 - 2017-09-03 13:47 - 000001917 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk 2017-09-03 13:28 - 2017-09-03 13:47 - 000001864 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk 2017-09-03 13:28 - 2017-09-03 13:47 - 000001799 _____ C:\Users\Public\Desktop\Ореrа-Вrоwsеr.lnk 2017-09-03 13:28 - 2017-09-03 13:28 - 000689128 _____ C:\Users\Martin\Documents\Simcity_5_Update_10.exe 2017-09-03 13:28 - 2017-09-03 13:28 - 000406208 _____ C:\ProgramData\clsid16489.exe 2017-09-03 13:28 - 2017-09-03 13:28 - 000001088 _____ C:\Users\Martin\Desktop\Play Crossout.lnk 2017-09-03 13:28 - 2017-09-03 13:28 - 000001082 _____ C:\Users\Martin\Desktop\Play WarThunder.lnk 2017-09-02 19:34 - 2017-09-02 19:34 - 000000744 _____ C:\Users\Public\Desktop\SimCity™.lnk 2017-09-02 19:34 - 2017-09-02 19:34 - 000000000 ____D C:\Users\Martin\Documents\SimCity 2017-09-02 06:15 - 2017-09-02 06:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor1911 2017-09-02 06:09 - 2017-09-02 06:09 - 000000000 ____D C:\Users\Martin\.QtWebEngineProcess 2017-09-02 06:09 - 2017-09-02 06:09 - 000000000 ____D C:\Users\Martin\.Origin 2017-09-01 06:41 - 2017-09-03 05:22 - 000012467 _____ C:\Users\Martin\Documents\pokemon_eier.xlsx 2017-08-31 21:29 - 2017-08-31 21:29 - 000796160 _____ C:\Windows\f6b32caad31903cc513689588c45de46.exe 2017-08-31 21:29 - 2017-08-31 21:29 - 000037159 _____ C:\Windows\uninstaller.dat 2017-08-30 22:47 - 2017-08-30 22:47 - 000004068 _____ C:\Users\Martin\AppData\Local\recently-used.xbel 2017-08-30 20:34 - 2017-08-30 20:34 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2017-08-30 20:34 - 2017-08-30 20:34 - 000001308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2017-08-30 20:34 - 2017-08-30 20:34 - 000000020 _____ C:\Windows\Àö' 2017-08-30 20:34 - 2017-08-30 20:34 - 000000000 ____D C:\Windows\de 2017-08-30 20:34 - 2017-08-30 20:34 - 000000000 ____D C:\Program Files (x86)\Windows Live 2017-08-30 20:33 - 2017-08-30 20:34 - 000000000 ____D C:\Users\Martin\AppData\Local\Windows Live 2017-08-23 14:24 - 2017-08-23 14:24 - 000001139 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2017-08-23 14:24 - 2017-08-23 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-08-16 22:47 - 2017-08-16 22:47 - 000065306 _____ C:\Users\Martin\Downloads\WhatsApp Ptt 2017-08-16 at 20.44.29.ogg 2017-08-15 15:55 - 2017-08-15 15:55 - 000616235 _____ C:\Users\Martin\Downloads\annaclausing-2017-08-15T15-55-42+02-00.zip 2017-08-15 15:55 - 2017-08-15 15:55 - 000130574 _____ C:\Users\Martin\Downloads\marta_amaral96-2017-08-15T15-55-47+02-00.zip 2017-08-15 15:55 - 2017-08-06 08:23 - 001392013 ____N C:\Users\Martin\Downloads\1574976033350675502_4697453264.mp4 2017-08-15 02:03 - 2017-08-15 13:21 - 000000000 ____D C:\Program Files (x86)\Windscribe 2017-08-15 02:03 - 2017-08-15 02:03 - 000001074 _____ C:\Users\Public\Desktop\Windscribe.lnk 2017-08-15 02:03 - 2017-08-15 02:03 - 000000000 ____D C:\Users\Martin\AppData\Local\Windscribe 2017-08-15 02:03 - 2017-08-15 02:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe 2017-08-15 02:03 - 2017-04-21 04:16 - 000045560 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys 2017-08-15 02:02 - 2017-08-15 02:03 - 015139472 _____ (Windscribe ) C:\Users\Martin\Documents\Windscribe.exe 2017-08-15 00:57 - 2017-08-15 01:25 - 000001808 _____ C:\Users\Martin\Desktop\age3y.exe - Verknüpfung.lnk 2017-08-14 14:20 - 2017-08-15 01:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Games 2017-08-14 14:18 - 2017-08-14 14:18 - 000003040 _____ C:\Windows\System32\Tasks\{248A36B1-D733-4D0A-A983-77CA2BC18268} 2017-08-11 20:19 - 2017-08-11 20:20 - 001141429 _____ C:\Users\Martin\Downloads\Logo_Martin.zip 2017-08-11 18:46 - 2017-08-11 18:46 - 000000000 ____D C:\Program Files\7-Zip 2017-08-11 18:22 - 2017-08-11 18:22 - 000000000 ____D C:\ProgramData\Age of Empires 3 2017-08-11 17:49 - 2017-08-11 17:49 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0 2017-08-11 11:17 - 2017-08-11 11:17 - 000557549 _____ C:\Users\Martin\Downloads\Lehrte Protokoll Martin Werner-1.pdf 2017-08-09 11:03 - 2017-08-09 11:04 - 001265320 _____ C:\Users\Martin\Downloads\solarthermie labor 1gille.pdf 2017-08-08 20:25 - 2017-08-08 20:25 - 000709549 _____ C:\Users\Martin\Downloads\2LaborSolarthermieanlage (1).pdf 2017-08-06 10:23 - 2017-08-06 10:23 - 001507547 _____ C:\Users\Martin\Downloads\roxy_a_paris-2017-08-06T10-23-27+02-00.zip ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-09-03 21:50 - 2013-12-15 16:10 - 000000000 ____D C:\Users\Martin\AppData\Roaming\NetSpeedMonitor 2017-09-03 21:31 - 2013-11-05 04:59 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-03 21:25 - 2012-08-11 14:06 - 000000000 ____D C:\Program Files (x86)\Opera 2017-09-03 21:13 - 2012-11-09 19:18 - 000000000 ____D C:\Windows\Minidump 2017-09-03 21:13 - 2012-09-04 02:16 - 000000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite 2017-09-03 21:13 - 2012-08-12 02:49 - 000000000 ____D C:\Users\Martin\AppData\Roaming\uTorrent 2017-09-03 21:13 - 2012-08-11 20:07 - 000000000 ____D C:\Windows\Panther 2017-09-03 21:13 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\ModemLogs 2017-09-03 21:13 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2017-09-03 21:06 - 2017-05-14 03:25 - 000000000 ___RD C:\Users\Martin\Creative Cloud Files 2017-09-03 21:06 - 2012-09-16 20:00 - 000000000 ____D C:\Users\Martin\AppData\Local\Adobe 2017-09-03 21:06 - 2009-07-14 06:45 - 000022048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-03 21:06 - 2009-07-14 06:45 - 000022048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-03 21:03 - 2009-07-14 19:58 - 000699416 _____ C:\Windows\system32\perfh007.dat 2017-09-03 21:03 - 2009-07-14 19:58 - 000149556 _____ C:\Windows\system32\perfc007.dat 2017-09-03 21:03 - 2009-07-14 07:13 - 001620612 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-03 20:55 - 2013-04-20 14:05 - 000000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2017-09-03 20:55 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-03 16:07 - 2009-07-14 20:18 - 000000000 ____D C:\Program Files\Windows Journal 2017-09-03 15:59 - 2016-02-02 21:40 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Origin 2017-09-03 15:59 - 2016-02-02 21:29 - 000000000 ____D C:\ProgramData\Origin 2017-09-03 13:56 - 2017-01-04 11:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-09-03 13:41 - 2012-08-11 13:28 - 000000000 ____D C:\Users\Martin 2017-09-03 13:30 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2017-09-03 13:29 - 2017-07-16 04:14 - 000003544 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-09-03 13:29 - 2017-07-16 04:14 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-09-03 01:26 - 2012-08-11 14:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-09-02 22:48 - 2017-01-11 22:07 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Mozilla 2017-09-02 19:34 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-09-02 06:27 - 2017-02-07 04:06 - 000000000 ____D C:\Program Files (x86)\Steam 2017-09-02 06:10 - 2012-08-11 14:55 - 000000000 ____D C:\Games 2017-09-02 06:09 - 2016-02-02 21:28 - 000000000 ____D C:\Program Files (x86)\Origin 2017-08-31 19:59 - 2017-07-04 07:24 - 000008995 _____ C:\Users\Martin\Documents\passwerter.xlsx 2017-08-31 17:25 - 2012-08-15 13:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-08-31 02:20 - 2017-04-20 15:50 - 000000000 ____D C:\Users\Martin\AppData\Roaming\WhatsApp 2017-08-30 22:47 - 2013-06-25 17:51 - 000000000 ____D C:\Users\Martin\AppData\Local\gtk-2.0 2017-08-30 22:47 - 2013-06-25 17:42 - 000000000 ____D C:\Users\Martin\.gimp-2.8 2017-08-30 20:53 - 2012-08-16 13:54 - 000000000 ____D C:\Users\Martin\AppData\Roaming\vlc 2017-08-30 20:34 - 2017-04-30 21:17 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2017-08-30 20:34 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-08-27 19:13 - 2016-02-18 16:38 - 000003870 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1455806318 2017-08-27 12:43 - 2009-07-14 07:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-08-26 00:19 - 2017-04-20 15:50 - 000002175 _____ C:\Users\Martin\Desktop\WhatsApp.lnk 2017-08-26 00:19 - 2017-04-20 15:50 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-08-26 00:19 - 2017-04-20 15:50 - 000000000 ____D C:\Users\Martin\AppData\Local\WhatsApp 2017-08-26 00:19 - 2017-04-20 15:50 - 000000000 ____D C:\Users\Martin\AppData\Local\SquirrelTemp 2017-08-15 02:51 - 2012-08-14 22:40 - 000000000 ____D C:\ProgramData\InstallShield 2017-08-15 02:41 - 2012-08-11 13:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-08-15 01:53 - 2014-06-21 20:12 - 000000000 ____D C:\Users\Martin\Documents\My Games 2017-08-15 01:52 - 2012-12-11 17:38 - 000000000 ____D C:\Temp 2017-08-14 14:42 - 2012-08-14 22:46 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2017-08-12 22:42 - 2016-02-19 00:12 - 000004508 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-08-12 22:42 - 2012-08-11 14:08 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-08-12 22:42 - 2012-08-11 14:08 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-12 22:42 - 2012-08-11 14:08 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-06 22:54 - 2015-08-15 11:30 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2017-05-29 19:04 - 2016-11-07 07:21 - 1032677376 _____ () C:\Program Files\de_office_language_pack_2010_x86_x64_dvd_517114.iso 2017-05-29 19:04 - 2016-11-06 17:04 - 341735424 _____ () C:\Program Files\Microsoft Office 2010 Excel x64 64bit.iso 2017-05-29 19:04 - 2016-12-09 20:45 - 387149824 _____ () C:\Program Files\Microsoft Office 2010 Powerpoint x64 64bit.iso 2017-05-29 19:04 - 2016-12-09 20:17 - 353724416 _____ () C:\Program Files\Microsoft Office 2010 Powerpoint x86 32bit.iso 2017-05-29 19:04 - 2016-11-06 17:13 - 361279488 _____ () C:\Program Files\Microsoft Office 2010 Word x64 64bit.iso 2017-05-29 19:04 - 2016-11-07 13:15 - 063363736 _____ (Microsoft Corporation) C:\Program Files\PowerPointViewer.exe 2017-03-26 03:35 - 2015-04-07 02:42 - 002831528 ____N (Adobe Systems Incorporated) C:\Program Files\Set-up.exe 2013-09-13 15:21 - 2014-04-01 00:19 - 000000142 _____ () C:\Users\Martin\AppData\Roaming\WB.CFG 2017-09-03 13:30 - 2017-09-03 13:30 - 007327744 _____ () C:\Users\Martin\AppData\Local\agent.dat 2017-09-03 13:30 - 2017-09-03 13:30 - 000070800 _____ () C:\Users\Martin\AppData\Local\Config.xml 2012-08-15 19:48 - 2016-04-20 17:36 - 000007168 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-09-03 13:30 - 2017-09-03 13:30 - 000278509 _____ () C:\Users\Martin\AppData\Local\Goldrondox.bin 2017-09-03 13:29 - 2017-09-03 13:29 - 000016176 _____ () C:\Users\Martin\AppData\Local\InstallationConfiguration.xml 2017-09-03 13:29 - 2017-09-03 13:29 - 000140800 _____ () C:\Users\Martin\AppData\Local\installer.dat 2017-09-03 13:30 - 2017-09-03 13:30 - 001895382 _____ () C:\Users\Martin\AppData\Local\LightDonsing.bin 2017-09-03 13:30 - 2017-09-03 13:30 - 000018432 _____ () C:\Users\Martin\AppData\Local\Main.dat 2017-09-03 13:30 - 2017-09-03 13:30 - 000005568 _____ () C:\Users\Martin\AppData\Local\md.xml 2017-09-03 13:30 - 2017-09-03 13:30 - 000126464 _____ () C:\Users\Martin\AppData\Local\noah.dat 2017-09-03 13:29 - 2017-09-03 20:59 - 000014848 _____ () C:\Users\Martin\AppData\Local\part64.dll 2017-09-03 13:29 - 2017-09-03 21:05 - 001847296 _____ () C:\Users\Martin\AppData\Local\po.db 2017-08-30 22:47 - 2017-08-30 22:47 - 000004068 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel 2012-08-15 03:57 - 2016-07-10 23:35 - 000007633 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg 2017-09-03 13:29 - 2017-09-03 20:59 - 000003072 _____ () C:\Users\Martin\AppData\Local\uninstallce.exe 2017-09-03 13:30 - 2017-09-03 13:30 - 000032038 _____ () C:\Users\Martin\AppData\Local\uninstall_temp.ico 2017-09-03 13:30 - 2017-09-03 13:29 - 002554368 _____ (TODO: <Company name>) C:\Users\Martin\AppData\Local\Zaming.exe 2017-09-03 13:30 - 2017-09-03 13:30 - 001900814 _____ () C:\Users\Martin\AppData\Local\Zaming.tst 2017-09-03 13:28 - 2017-09-03 13:28 - 000406208 _____ () C:\ProgramData\clsid16489.exe 2017-09-03 21:00 - 2017-09-03 21:00 - 000000004 _____ () C:\ProgramData\_lg.3sap C:\Windows\svchost.exe ACHTUNG ====> Check for partition/boot infection. Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Program Files (x86)\SDownloader\RKRMYBB4A19HA9I.exe C:\Program Files (x86)\ShutdownTime\2WQ0D70CZN7RBOL.exe C:\Windows\Temp\g1767.tmp.exe C:\Windows\rss\csrss.exe C:\ProgramData\clsid16489.exe C:\Program Files (x86)\Google\Chrome\Application\wtsapi32.dll Einige Dateien in TEMP: ==================== 2017-09-03 13:29 - 2017-09-03 13:31 - 029131136 _____ (AppTrailers) C:\Users\Martin\AppData\Local\Temp\AppTrailers.9.1.10amt.exe 2017-09-03 13:32 - 2017-09-03 13:32 - 000636227 _____ (gpPdG21eKqPH4TT3a08h ) C:\Users\Martin\AppData\Local\Temp\browmodule.exe 2017-09-03 13:30 - 2017-09-03 13:30 - 001527488 _____ (Microsoft Corporation) C:\Users\Martin\AppData\Local\Temp\dbghelp.dll 2017-09-03 13:33 - 2017-09-03 13:33 - 000374181 _____ (WeMonetize ) C:\Users\Martin\AppData\Local\Temp\FT02CR9.exe 2017-09-03 13:32 - 2017-09-03 13:32 - 003484912 _____ (RIYGQA Octaa Ivgeuta) C:\Users\Martin\AppData\Local\Temp\installer_campaign_20521.exe 2017-09-03 13:28 - 2017-09-03 13:28 - 001676844 _____ () C:\Users\Martin\AppData\Local\Temp\installer_campaign_20522.exe 2017-09-03 13:28 - 2017-09-03 13:28 - 000406208 _____ () C:\Users\Martin\AppData\Local\Temp\msclean.exe 2017-09-03 13:29 - 2017-09-03 13:29 - 000097280 _____ () C:\Users\Martin\AppData\Local\Temp\setup.exe 2017-09-03 13:31 - 2017-09-03 13:31 - 000515118 _____ ( ) C:\Users\Martin\AppData\Local\Temp\shutdowntime.exe 2017-09-03 13:28 - 2017-09-03 13:28 - 000492058 _____ ( ) C:\Users\Martin\AppData\Local\Temp\speedownloader.exe 2017-09-03 13:30 - 2017-09-03 13:30 - 000167616 _____ (Microsoft Corporation) C:\Users\Martin\AppData\Local\Temp\symsrv.dll 2017-09-03 13:29 - 2017-09-03 13:29 - 001199825 _____ () C:\Users\Martin\AppData\Local\Temp\unins000.exe 2017-09-03 13:29 - 2017-09-03 13:29 - 000707434 _____ (VideoBox ) C:\Users\Martin\AppData\Local\Temp\v-b.exe 2017-09-03 13:31 - 2017-09-03 13:32 - 001327096 _____ ( ) C:\Users\Martin\AppData\Local\Temp\webfriend.exe 2017-09-03 20:59 - 2017-09-03 21:00 - 003199256 _____ (Microleaves) C:\Users\Martin\AppData\Local\Temp\ww-Online.IO-installer.exe 2017-09-03 13:31 - 2017-09-03 13:31 - 003731903 _____ ( ) C:\Users\Martin\AppData\Local\Temp\Yeadesktop.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert nointegritychecks: ==> "IntegrityChecks" ist deaktiviert. <==== ACHTUNG LastRegBack: 2017-08-11 12:31 ==================== Ende von FRST.txt ============================ |
03.09.2017, 22:25 | #3 |
/// Malwareteam | csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/...Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen. Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
Na das war aber mal ein ordentlicher Griff ins Klo mein Freund, Respekt edit: du solltest von einem sicheren PC/Handy aus wichtige Passwörter ändern und diesem PC nicht mehr verwenden, bis ich das okay dazu gebe. Schritt: 1 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Schritt: 2 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.
__________________ Geändert von burningice (03.09.2017 um 22:47 Uhr) |
04.09.2017, 04:26 | #4 |
| csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/... Hallo Rafael! Ich habe mir mittlerweile einige Scanner und Tools zum Bereinigen über einen anderen PC gedownloadet laufen lassen und bekam nun (nach dem im Link beschriebenen Vorgehen) die im Anhang angezeigte Meldung. Ich weiß, geduldig ist anders aber leider brauche ich meinen PC für Bildbearbeitung und hänge sowieso schon hinterher. Sommer ist Saison bei uns Fotografen Fotos sind zum Glück gesichert... System nicht. Aber das System läuft soweit auch wieder normal, allerdings habe ich beim Killen von Autostarts und Programmen im CCleaner wohl etwas zu "gute" Arbeit geleistet und bekomme nun die ebenfalls im Anhang verlinkte Meldung. Evtl. ist das System jetzt sogar sauberer als vorher (Malwarebytes hatte zuvor rund 300 Files gefunden), aber evtl. ist ja noch ein Keylogger oder dergleichen drauf. Die Passwörter werde ich am anderen PC noch für wichtige Dienste wie PayPal usw. ändern, nur muss ich sie ja bei mir dann auch wieder eingeben, also ja hmm. Grüße |
04.09.2017, 09:29 | #5 |
/// Malwareteam | csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/... Mein Freund, so funktioniert das nicht ganz. Dein PC ist nach meinem letzten Stand massiv infiziert, wenn du willst, dass wir dir hier gratis helfen, musst du dich auch an unsere Regeln halten. Erstelle wie in Schritt 2 beschrieben neue FRST Logs.
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
04.09.2017, 10:55 | #6 |
| csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/... Nummer 1 Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 durchgeführt von Martin (Administrator) auf MARTIN-PC (04-09-2017 11:49:50) Gestartet von C:\Users\Martin\Documents Geladene Profile: Martin (Verfügbare Profile: Martin) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Opera) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files\AudioMX HS-11B Headset\CPL\FaceLift_x64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe () C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe (Opera Software) C:\Program Files\Opera\47.0.2631.71\opera.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-08-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [919032 2017-08-17] (Avira Operations GmbH & Co. KG) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\MountPoints2: {12b95964-e3d7-11e1-9dcc-806e6f6e6963} - D:\autorun.exe HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\MountPoints2: {79376a5e-f5b2-11e1-bb67-902b343487d5} - E:\install.exe HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\MountPoints2: {83f52f5b-ffe9-11e1-9c69-902b343487d5} - G:\Install.exe HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\MountPoints2: {881af519-67bd-11e2-b9e7-902b343487d5} - I:\autorun.exe HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\MountPoints2: {a6af9051-4338-11e3-b4e6-806e6f6e6963} - D:\autorun.exe CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{6103039F-F3FB-44E3-BD48-9727307B92C4}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{8DED8FDF-0602-4FA9-93EE-03AE92F60663}: [NameServer] 62.138.239.45 Tcpip\..\Interfaces\{8DED8FDF-0602-4FA9-93EE-03AE92F60663}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{BA63B5EE-61A1-4F6A-9203-D54F24CADBAA}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{BD9B16D6-36AC-45C6-8F27-B0CC312CAA47}: [DhcpNameServer] 10.110.122.1 Internet Explorer: ================== HKU\S-1-5-21-4274444522-239977233-1919266746-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4274444522-239977233-1919266746-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4274444522-239977233-1919266746-1000 -> {2629CD96-88A0-4a5d-B784-6BE26E1DFD2A} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} SearchScopes: HKU\S-1-5-21-4274444522-239977233-1919266746-1000 -> {C9ED399D-D71C-463f-96B8-51071E6C989D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-09] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-09] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-11-25] (Perfect World Entertainment Inc) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default [2017-09-03] FF user.js: detected! => C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\user.js [2017-07-12] FF Homepage: Mozilla\Firefox\Profiles\i7opqxyh.default -> hxxps://www.malwarebytes.org/restorebrowser/ FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.ftp", "84.10.1.42" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.ftp_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.socks", "84.10.1.42" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.socks_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.ssl", "84.10.1.42" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> backup.ssl_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> ftp", "185.25.148.167" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> ftp_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> http", "185.25.148.167" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> http_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> share_proxy_settings", true FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> socks", "185.25.148.167" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> socks_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> ssl", "185.25.148.167" FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> ssl_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\i7opqxyh.default -> type", 0 FF Extension: (Avira Browser Safety) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\abs@avira.com [2017-09-04] FF Extension: (Avira Browser Safety) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\abs@avira.com.xpi [2017-07-27] FF Extension: (SaveFrom.net helper) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\helper-sig@savefrom.net.xpi [2017-08-24] FF Extension: (ProxTube) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\ich@maltegoetz.de.xpi [2017-07-03] FF Extension: (PlugIn-Checker) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi [2017-07-16] FF Extension: (Quick Searcher) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2017-09-03] FF Extension: (Who Deleted Me) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\whodeletedme@deleted.io.xpi [2017-05-22] FF Extension: (Modify Headers) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-04-27] FF Extension: (Firefox Screenshots) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7opqxyh.default\features\{34e3885c-c768-4954-89fe-39d4051a328b}\screenshots@mozilla.org.xpi [2017-09-01] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-19] () FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-09] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-19] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-09-29] (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-11-25] (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems) FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC) FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC) FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC) FF Plugin HKU\S-1-5-21-4274444522-239977233-1919266746-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-07-18] () FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-04-20] <==== ACHTUNG Chrome: ======= CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2017-09-03] CHR Extension: (Google Präsentationen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-16] CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-16] CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-16] CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-16] CHR Extension: (Chrome IG Story) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2017-08-28] CHR Extension: (Google Tabellen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-16] CHR Extension: (Google Docs Offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-16] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28] CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-16] CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-06] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR StartupUrls: "hxxp://t-online.de/" OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-07-12] StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-08-17] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-08-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-08-17] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-08-17] (Avira Operations GmbH & Co. KG) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-11-25] (Perfect World Entertainment Inc) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [389312 2017-08-02] (Avira Operations GmbH & Co. KG) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] () R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-06-16] (Logitech Inc.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2013-08-22] (The OpenVPN Project) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-09-02] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-09-02] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-16] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH) R2 UI Assistant Service; C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe [241664 2009-03-30] () [Datei ist nicht signiert] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [71272 2017-05-09] (Windscribe Limited) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2017-06-05] () [Datei ist nicht signiert] R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-08-17] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194912 2017-08-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-08-17] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-08-17] (Avira Operations GmbH & Co. KG) R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-08-17] (Avira Operations GmbH & Co. KG) S3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.sys [593920 2014-08-01] (C-MEDIA) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-04] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-08-14] () S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-06-16] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2017-06-16] (Logitech Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2017-06-05] () [Datei ist nicht signiert] R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2017-09-04] (Malwarebytes) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) U0 nsidy; C:\Windows\System32\drivers\vusxg.sys [79064 2017-09-04] (Malwarebytes) S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project) S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21] (The OpenVPN Project) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) S3 WinMon; C:\Windows\System32\drivers\Winmon.sys [9352 2017-09-03] () [Datei ist nicht signiert] R2 WinRing0_1_2_0; C:\Users\Martin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [14544 2012-08-11] (OpenLibSys.org) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-09-04 11:49 - 2017-09-04 11:50 - 000027936 _____ C:\Users\Martin\Documents\FRST.txt 2017-09-04 04:46 - 2017-09-04 05:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-09-04 04:45 - 2017-09-04 05:22 - 000000000 ____D C:\Users\Martin\Desktop\mbar 2017-09-04 04:44 - 2017-09-04 04:44 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Martin\Desktop\mbar-1.09.3.1001.exe 2017-09-04 00:15 - 2017-09-04 00:15 - 000079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\vusxg.sys 2017-09-03 23:15 - 2017-09-03 23:15 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Avira 2017-09-03 23:12 - 2017-09-03 23:12 - 000003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1504473120 2017-09-03 23:12 - 2017-09-03 23:12 - 000001096 _____ C:\Users\Public\Desktop\Opera-Browser.lnk 2017-09-03 23:12 - 2017-09-03 23:12 - 000001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk 2017-09-03 23:10 - 2017-09-03 23:12 - 000000000 ____D C:\Program Files\Opera 2017-09-03 22:49 - 2017-09-03 22:49 - 000001424 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-09-03 22:47 - 2017-09-03 22:47 - 000001212 _____ C:\malware.txt 2017-09-03 22:40 - 2017-09-03 22:49 - 000221988 _____ C:\Windows\ntbtlog.txt 2017-09-03 22:35 - 2017-09-03 22:35 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2017-09-03 22:35 - 2017-08-17 18:25 - 000194912 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2017-09-03 22:35 - 2017-08-17 18:25 - 000151128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2017-09-03 22:35 - 2017-08-17 18:25 - 000078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2017-09-03 22:35 - 2017-08-17 18:25 - 000064504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys 2017-09-03 22:35 - 2017-08-17 18:25 - 000035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2017-09-03 22:35 - 2017-08-17 18:25 - 000034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys 2017-09-03 22:30 - 2017-09-03 22:47 - 000000080 _____ C:\Users\Public\Desktop\SimCityT.lnk 2017-09-03 22:30 - 2017-09-03 22:47 - 000000080 _____ C:\Users\Public\Desktop\Need for SpeedT Most Wanted.lnk 2017-09-03 22:22 - 2017-09-04 04:46 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-03 22:22 - 2017-09-04 04:45 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-09-03 22:22 - 2017-09-03 22:47 - 000001099 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2017-09-03 22:22 - 2017-09-03 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2017-09-03 22:22 - 2017-09-03 22:22 - 000000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2017-09-03 22:22 - 2016-03-10 14:09 - 000064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2017-09-03 22:22 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-03 22:21 - 2017-09-03 22:21 - 006705178 _____ C:\Users\Martin\Downloads\mbam-chameleon-3.1.33.0.zip 2017-09-03 22:16 - 2017-09-04 04:46 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-03 22:16 - 2017-09-03 22:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-03 22:16 - 2017-09-03 22:16 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-03 22:16 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-09-03 22:14 - 2017-09-03 22:15 - 066347240 _____ (Malwarebytes ) C:\Users\Martin\Documents\mb3-setup-consumer-3.2.2.2018.exe 2017-09-03 21:30 - 2017-09-03 21:31 - 004916408 _____ (Avira Operations GmbH & Co. KG) C:\Users\Martin\Documents\avira_de_free0___pcw.exe 2017-09-03 21:26 - 2017-09-03 22:46 - 000001046 _____ C:\Users\Martin\Desktop\cpuz.lnk 2017-09-03 21:25 - 2017-09-03 22:35 - 000000268 _____ C:\Windows\Tasks\HEXA DESK.job 2017-09-03 21:25 - 2017-09-03 22:35 - 000000000 ____D C:\ProgramData\Windows 2017-09-03 21:25 - 2017-09-03 22:28 - 000000000 ____D C:\Users\Martin\AppData\Roaming\HexaDesK 2017-09-03 21:25 - 2017-09-03 21:25 - 006760064 _____ (ESET spol. s r.o.) C:\Users\Martin\Documents\ESETOnlineScanner_DEU.exe 2017-09-03 21:25 - 2017-09-03 21:25 - 000014918 _____ C:\Windows\System32\Tasks\{3E43C360-7FB6-49C5-AD96-5DF8A4C284CC} 2017-09-03 21:25 - 2017-09-03 21:25 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Temp 2017-09-03 21:25 - 2017-09-03 21:25 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HEXA DESK 2017-09-03 21:21 - 2017-09-03 21:21 - 001526792 _____ C:\Users\Martin\Documents\Malwarebytes Malware Scanner - CHIP-Installer.exe 2017-09-03 21:07 - 2017-09-03 21:07 - 000004110 _____ C:\Windows\System32\Tasks\AppleChargerSrvServiceASP.NET-Zustandsdienst 2017-09-03 21:04 - 2017-09-03 21:04 - 000000000 _____ C:\Windows\SysWOW64\__00CE1C2B__C0000005.dmp 2017-09-03 21:01 - 2017-09-03 21:01 - 000000000 ____D C:\Users\Martin\AppData\Local\AdvinstAnalytics 2017-09-03 21:00 - 2017-09-03 21:00 - 000000004 _____ C:\ProgramData\_lg.3sap 2017-09-03 20:59 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\xqtkx0wm0gr 2017-09-03 20:59 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\xit35i0prr4 2017-09-03 20:59 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\n5vhbxnyjv4 2017-09-03 20:59 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\mxbls0r2wlx 2017-09-03 20:59 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\ix5ht31la24 2017-09-03 20:59 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\ircxamjbdex 2017-09-03 20:59 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\23ysz3xdgoa 2017-09-03 20:59 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\W6K6U2RAYB 2017-09-03 20:59 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\SILMTMLWGN 2017-09-03 20:59 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\IWOHYBDD7A 2017-09-03 20:59 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\9HYBPKO95D 2017-09-03 20:59 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\1TN9EXRST9 2017-09-03 20:59 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\{7E3A8050-6F2E-4CF2-85E3-8B899E9A79C7} 2017-09-03 20:59 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files (x86)\{8D47D459-B5AE-4F59-90C8-1633C7FC787B} 2017-09-03 20:59 - 2017-09-03 21:10 - 000000000 ____D C:\Users\Martin\AppData\Local\InetInfoTools 2017-09-03 16:02 - 2017-09-04 11:49 - 000000000 ____D C:\FRST 2017-09-03 16:02 - 2017-09-03 16:02 - 002395648 _____ (Farbar) C:\Users\Martin\Documents\FRST64.exe 2017-09-03 15:42 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\uplhmap22k5 2017-09-03 15:42 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\1ET4JYM1M7 2017-09-03 14:00 - 2016-06-26 02:27 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-09-03 14:00 - 2016-06-26 02:27 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-09-03 14:00 - 2016-06-26 02:27 - 000344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2017-09-03 14:00 - 2016-06-26 02:27 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2017-09-03 14:00 - 2016-06-26 02:27 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2017-09-03 14:00 - 2016-06-25 21:54 - 000497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2017-09-03 14:00 - 2016-06-25 21:53 - 000297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2017-09-03 14:00 - 2016-06-25 21:53 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe 2017-09-03 14:00 - 2016-06-25 21:53 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe 2017-09-03 14:00 - 2016-06-25 21:41 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe 2017-09-03 14:00 - 2016-02-12 20:52 - 003169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2017-09-03 14:00 - 2016-02-12 20:52 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2017-09-03 14:00 - 2016-02-12 20:52 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2017-09-03 14:00 - 2016-02-12 20:44 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2017-09-03 14:00 - 2016-02-12 20:39 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2017-09-03 14:00 - 2016-02-12 20:22 - 002610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-09-03 14:00 - 2016-02-12 20:19 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-09-03 14:00 - 2016-02-12 20:18 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2017-09-03 14:00 - 2016-02-12 20:18 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2017-09-03 14:00 - 2016-02-12 20:18 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2017-09-03 14:00 - 2016-02-12 20:18 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2017-09-03 14:00 - 2016-02-12 20:18 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2017-09-03 14:00 - 2016-02-12 20:06 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2017-09-03 14:00 - 2016-02-12 20:05 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2017-09-03 14:00 - 2016-02-12 20:05 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2017-09-03 14:00 - 2016-02-12 20:05 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2017-09-03 14:00 - 2016-02-03 20:07 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2017-09-03 14:00 - 2016-01-06 21:02 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2017-09-03 14:00 - 2016-01-06 21:02 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2017-09-03 14:00 - 2016-01-06 20:41 - 000216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2017-09-03 13:49 - 2017-09-03 13:49 - 000000000 _____ C:\Windows\SysWOW64\__00D11C2B__C0000005.dmp 2017-09-03 13:48 - 2017-09-03 13:48 - 000003160 _____ C:\Windows\System32\Tasks\{002667BB-F9D0-4F0C-BE37-974C787CF7E8} 2017-09-03 13:42 - 2017-09-03 13:42 - 000001996 _____ C:\Windows\System32\Tasks\VhQw2OFut7 2017-09-03 13:42 - 2017-09-03 13:42 - 000001996 _____ C:\Windows\System32\Tasks\nQXisEo3lC 2017-09-03 13:41 - 2017-09-04 00:16 - 000000000 ____D C:\Program Files (x86)\dry7reYQ6I 2017-09-03 13:41 - 2017-09-03 22:35 - 000000306 __RSH C:\Users\Martin\ntuser.pol 2017-09-03 13:41 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\pjbaoqcdlqk 2017-09-03 13:41 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\ojyfe1tqxle 2017-09-03 13:41 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\maof5k4rau2 2017-09-03 13:41 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\kkuaf3unqup 2017-09-03 13:41 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\ipfea5szlx2 2017-09-03 13:41 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\dxrdwvqcbbd 2017-09-03 13:41 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\ZCAHD3Y5LH 2017-09-03 13:41 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\LXI2VTNF8G 2017-09-03 13:41 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\G7F9FQQLD4 2017-09-03 13:41 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\4UKDRNXPTV 2017-09-03 13:41 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files (x86)\WiDKobkFRy0m 2017-09-03 13:40 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\4e4hlehfvnf 2017-09-03 13:40 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\ZZFOH8V0GD 2017-09-03 13:40 - 2017-09-03 13:40 - 000003432 ____N C:\bootsqm.dat 2017-09-03 13:35 - 2017-09-03 13:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\wec4uqf2d3y 2017-09-03 13:34 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\yqsllvyegxj 2017-09-03 13:34 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\copi4mslqlt 2017-09-03 13:34 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\RCPPGDPT8D 2017-09-03 13:32 - 2017-09-03 22:35 - 000000000 ____D C:\Program Files (x86)\ShutdownTime 2017-09-03 13:32 - 2017-09-03 22:34 - 000016784 _____ C:\Windows\System32\Tasks\QUOSA USB Flash Prists Upgrade 2017-09-03 13:31 - 2017-09-03 21:09 - 000000000 ____D C:\Windows\SysWOW64\SSL 2017-09-03 13:31 - 2017-09-03 21:05 - 000003474 _____ C:\Windows\System32\Tasks\1e61f3fcf130e6786c212969e80c078b 2017-09-03 13:31 - 2017-09-03 13:47 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk 2017-09-03 13:31 - 2017-09-03 13:47 - 000002059 _____ C:\Users\Public\Desktop\Ореrа.lnk 2017-09-03 13:30 - 2017-09-03 22:47 - 000001236 _____ C:\Users\Public\Desktop\Download icq.lnk 2017-09-03 13:30 - 2017-09-03 22:35 - 000000000 ____D C:\Windows\rss 2017-09-03 13:30 - 2017-09-03 22:35 - 000000000 ____D C:\ProgramData\Logic Cramble 2017-09-03 13:30 - 2017-09-03 13:30 - 005572544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe 2017-09-03 13:30 - 2017-09-03 13:30 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe 2017-09-03 13:30 - 2017-09-03 13:30 - 000018432 _____ C:\Users\Martin\AppData\Local\Main.dat 2017-09-03 13:30 - 2017-09-03 13:30 - 000009352 _____ C:\Windows\system32\Drivers\Winmon.sys 2017-09-03 13:29 - 2017-09-03 22:46 - 000000332 _____ C:\Users\Martin\Desktop\Download Video and Audio Online.lnk 2017-09-03 13:29 - 2017-09-03 22:35 - 000000306 __RSH C:\ProgramData\ntuser.pol 2017-09-03 13:29 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\shuqwilelrn 2017-09-03 13:29 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\riyrr1qk4ga 2017-09-03 13:29 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\hdp4vvfs3k3 2017-09-03 13:29 - 2017-09-03 22:35 - 000000000 ____D C:\Users\Martin\AppData\Roaming\fdi1kdcnyni 2017-09-03 13:29 - 2017-09-03 22:35 - 000000000 ____D C:\Program Files (x86)\SDownloader 2017-09-03 13:29 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\RZA7MRGA68 2017-09-03 13:29 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\NZKF69OGHP 2017-09-03 13:29 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\M04OI8EH76 2017-09-03 13:29 - 2017-09-03 22:28 - 000000000 ____D C:\Program Files\89PUNDTUX9 2017-09-03 13:29 - 2017-09-03 20:59 - 000000000 ____D C:\ProgramData\WindowsReporting 2017-09-03 13:29 - 2017-09-03 13:47 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk 2017-09-03 13:29 - 2017-09-03 13:47 - 000001876 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk 2017-09-03 13:29 - 2017-09-03 13:47 - 000001811 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа-Вrоwsеr.lnk 2017-09-03 13:29 - 2017-09-03 13:29 - 000140800 _____ C:\Users\Martin\AppData\Local\installer.dat 2017-09-03 13:29 - 2017-09-03 13:29 - 000016176 _____ C:\Users\Martin\AppData\Local\InstallationConfiguration.xml 2017-09-03 13:29 - 2017-09-03 13:29 - 000000000 ____D C:\Windows\Azart 2017-09-03 13:28 - 2017-09-03 13:47 - 000002059 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk 2017-09-03 13:28 - 2017-09-03 13:47 - 000001917 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk 2017-09-03 13:28 - 2017-09-03 13:47 - 000001864 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk 2017-09-03 13:28 - 2017-09-03 13:47 - 000001799 _____ C:\Users\Public\Desktop\Ореrа-Вrоwsеr.lnk 2017-09-02 19:34 - 2017-09-02 19:34 - 000000744 _____ C:\Users\Public\Desktop\SimCity™.lnk 2017-09-02 19:34 - 2017-09-02 19:34 - 000000000 ____D C:\Users\Martin\Documents\SimCity 2017-09-02 06:15 - 2017-09-02 06:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor1911 2017-09-02 06:09 - 2017-09-02 06:09 - 000000000 ____D C:\Users\Martin\.QtWebEngineProcess 2017-09-02 06:09 - 2017-09-02 06:09 - 000000000 ____D C:\Users\Martin\.Origin 2017-09-01 06:41 - 2017-09-03 05:22 - 000012467 _____ C:\Users\Martin\Documents\pokemon_eier.xlsx 2017-08-31 21:29 - 2017-08-31 21:29 - 000037159 _____ C:\Windows\uninstaller.dat 2017-08-30 22:47 - 2017-08-30 22:47 - 000004068 _____ C:\Users\Martin\AppData\Local\recently-used.xbel 2017-08-30 20:34 - 2017-09-03 22:47 - 000001365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2017-08-30 20:34 - 2017-09-03 22:47 - 000001296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2017-08-30 20:34 - 2017-08-30 20:34 - 000000020 _____ C:\Windows\Àö' 2017-08-30 20:34 - 2017-08-30 20:34 - 000000000 ____D C:\Windows\de 2017-08-30 20:34 - 2017-08-30 20:34 - 000000000 ____D C:\Program Files (x86)\Windows Live 2017-08-30 20:33 - 2017-08-30 20:34 - 000000000 ____D C:\Users\Martin\AppData\Local\Windows Live 2017-08-23 14:24 - 2017-09-03 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-08-23 14:24 - 2017-09-03 22:47 - 000001133 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2017-08-16 22:47 - 2017-08-16 22:47 - 000065306 _____ C:\Users\Martin\Downloads\WhatsApp Ptt 2017-08-16 at 20.44.29.ogg 2017-08-15 15:55 - 2017-08-15 15:55 - 000616235 _____ C:\Users\Martin\Downloads\annaclausing-2017-08-15T15-55-42+02-00.zip 2017-08-15 15:55 - 2017-08-15 15:55 - 000130574 _____ C:\Users\Martin\Downloads\marta_amaral96-2017-08-15T15-55-47+02-00.zip 2017-08-15 15:55 - 2017-08-06 08:23 - 001392013 ____N C:\Users\Martin\Downloads\1574976033350675502_4697453264.mp4 2017-08-15 02:03 - 2017-09-03 22:47 - 000001068 _____ C:\Users\Public\Desktop\Windscribe.lnk 2017-08-15 02:03 - 2017-08-15 13:21 - 000000000 ____D C:\Program Files (x86)\Windscribe 2017-08-15 02:03 - 2017-08-15 02:03 - 000000000 ____D C:\Users\Martin\AppData\Local\Windscribe 2017-08-15 02:03 - 2017-08-15 02:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe 2017-08-15 02:03 - 2017-04-21 04:16 - 000045560 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys 2017-08-15 02:02 - 2017-08-15 02:03 - 015139472 _____ (Windscribe ) C:\Users\Martin\Documents\Windscribe.exe 2017-08-15 00:57 - 2017-09-03 22:46 - 000001808 _____ C:\Users\Martin\Desktop\age3y.exe - Verknüpfung.lnk 2017-08-14 14:20 - 2017-08-15 01:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Games 2017-08-14 14:18 - 2017-08-14 14:18 - 000003040 _____ C:\Windows\System32\Tasks\{248A36B1-D733-4D0A-A983-77CA2BC18268} 2017-08-11 20:19 - 2017-08-11 20:20 - 001141429 _____ C:\Users\Martin\Downloads\Logo_Martin.zip 2017-08-11 18:46 - 2017-08-11 18:46 - 000000000 ____D C:\Program Files\7-Zip 2017-08-11 18:22 - 2017-08-11 18:22 - 000000000 ____D C:\ProgramData\Age of Empires 3 2017-08-11 17:49 - 2017-08-11 17:49 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0 2017-08-11 11:17 - 2017-08-11 11:17 - 000557549 _____ C:\Users\Martin\Downloads\Lehrte Protokoll Martin Werner-1.pdf 2017-08-09 11:03 - 2017-08-09 11:04 - 001265320 _____ C:\Users\Martin\Downloads\solarthermie labor 1gille.pdf 2017-08-08 20:25 - 2017-08-08 20:25 - 000709549 _____ C:\Users\Martin\Downloads\2LaborSolarthermieanlage (1).pdf 2017-08-06 10:23 - 2017-08-06 10:23 - 001507547 _____ C:\Users\Martin\Downloads\roxy_a_paris-2017-08-06T10-23-27+02-00.zip ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-09-04 11:50 - 2013-12-15 16:10 - 000000000 ____D C:\Users\Martin\AppData\Roaming\NetSpeedMonitor 2017-09-04 05:27 - 2016-02-02 21:40 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Origin 2017-09-04 05:26 - 2016-02-02 21:29 - 000000000 ____D C:\ProgramData\Origin 2017-09-04 02:00 - 2012-09-16 20:00 - 000000000 ____D C:\Users\Martin\AppData\Local\Adobe 2017-09-03 23:15 - 2009-07-14 06:45 - 000022048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-03 23:15 - 2009-07-14 06:45 - 000022048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-03 23:14 - 2009-07-14 19:58 - 000699416 _____ C:\Windows\system32\perfh007.dat 2017-09-03 23:14 - 2009-07-14 19:58 - 000149556 _____ C:\Windows\system32\perfc007.dat 2017-09-03 23:14 - 2009-07-14 07:13 - 001620612 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-03 23:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2017-09-03 23:09 - 2017-05-14 03:25 - 000000000 ___RD C:\Users\Martin\Creative Cloud Files 2017-09-03 23:07 - 2013-04-20 14:05 - 000000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2017-09-03 23:07 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-03 23:05 - 2017-01-04 11:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-09-03 23:01 - 2012-08-15 13:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-09-03 22:49 - 2012-08-11 14:06 - 000000000 ____D C:\Program Files (x86)\Opera 2017-09-03 22:47 - 2017-07-31 22:43 - 000001140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2017-09-03 22:47 - 2017-07-31 22:43 - 000001134 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2017-09-03 22:47 - 2017-05-27 15:20 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk 2017-09-03 22:47 - 2017-05-14 03:35 - 000001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk 2017-09-03 22:47 - 2017-02-07 04:06 - 000000960 _____ C:\Users\Public\Desktop\Steam.lnk 2017-09-03 22:47 - 2016-12-27 13:08 - 000002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Do It Again.lnk 2017-09-03 22:47 - 2016-12-16 00:28 - 000001087 _____ C:\Users\Public\Desktop\ReMouse Standard.lnk 2017-09-03 22:47 - 2016-09-08 15:49 - 000001915 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk 2017-09-03 22:47 - 2016-08-05 20:56 - 000001034 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2017-09-03 22:47 - 2016-08-05 20:56 - 000001028 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2017-09-03 22:47 - 2016-07-19 13:52 - 000001255 _____ C:\Users\Public\Desktop\The Settlers Online.lnk 2017-09-03 22:47 - 2016-04-08 14:09 - 000002016 _____ C:\Users\Public\Desktop\Raptr.lnk 2017-09-03 22:47 - 2015-11-02 22:48 - 000001067 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk 2017-09-03 22:47 - 2015-09-07 00:44 - 000001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lens Profile Downloader.lnk 2017-09-03 22:47 - 2015-09-07 00:44 - 000001078 _____ C:\Users\Public\Desktop\Adobe Lens Profile Downloader.lnk 2017-09-03 22:47 - 2015-09-03 16:34 - 000001898 _____ C:\Users\Public\Desktop\LightZone.lnk 2017-09-03 22:47 - 2015-08-26 22:44 - 000002105 _____ C:\Users\Public\Desktop\Contenta Converter PREMIUM.lnk 2017-09-03 22:47 - 2015-08-17 20:54 - 000001136 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk 2017-09-03 22:47 - 2015-04-20 22:58 - 000000836 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk 2017-09-03 22:47 - 2015-02-18 22:40 - 000001136 _____ C:\Users\Public\Desktop\Virtual WiFi Router.lnk 2017-09-03 22:47 - 2014-11-30 01:35 - 000001864 _____ C:\Users\Public\Desktop\SwordsMan.lnk 2017-09-03 22:47 - 2014-11-30 01:35 - 000001836 _____ C:\Users\Public\Desktop\Arc.lnk 2017-09-03 22:47 - 2014-11-20 04:23 - 000001938 _____ C:\Users\Public\Desktop\Metin2.lnk 2017-09-03 22:47 - 2014-07-17 05:29 - 000002511 _____ C:\Users\Public\Desktop\Skype.lnk 2017-09-03 22:47 - 2014-07-02 16:30 - 000001323 _____ C:\Users\Public\Desktop\Diablo III Public Test.lnk 2017-09-03 22:47 - 2014-06-11 02:47 - 000001244 _____ C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk 2017-09-03 22:47 - 2014-06-11 02:47 - 000001182 _____ C:\Users\Public\Desktop\Mouse Recorder Play.lnk 2017-09-03 22:47 - 2014-06-11 02:33 - 000001060 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk 2017-09-03 22:47 - 2014-06-10 00:20 - 000001154 _____ C:\Users\Public\Desktop\Making of Moorhuhn 2.lnk 2017-09-03 22:47 - 2014-06-10 00:20 - 000001149 _____ C:\Users\Public\Desktop\Moorhuhn.lnk 2017-09-03 22:47 - 2014-06-10 00:20 - 000001137 _____ C:\Users\Public\Desktop\Moorhuhn Trainingsarea 2.lnk 2017-09-03 22:47 - 2014-06-10 00:20 - 000001137 _____ C:\Users\Public\Desktop\Moorhuhn Trainingsarea 1.lnk 2017-09-03 22:47 - 2014-02-28 21:20 - 000001100 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk 2017-09-03 22:47 - 2013-11-05 19:43 - 000001073 _____ C:\Users\Public\Desktop\Diablo III.lnk 2017-09-03 22:47 - 2013-10-23 13:27 - 000001162 _____ C:\Users\Public\Desktop\AION Free-to-Play.lnk 2017-09-03 22:47 - 2013-08-10 16:34 - 000001064 _____ C:\Users\Public\Desktop\Gameforge Live.lnk 2017-09-03 22:47 - 2013-04-21 16:54 - 000001121 _____ C:\Users\Public\Desktop\ICQ Status Checker.lnk 2017-09-03 22:47 - 2013-02-22 01:11 - 000000823 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiMP.lnk 2017-09-03 22:47 - 2013-01-26 21:16 - 000001083 _____ C:\Users\Public\Desktop\HSPA USB MODEM.lnk 2017-09-03 22:47 - 2013-01-07 16:41 - 000001995 _____ C:\Users\Public\Desktop\TotalMedia 3.5.lnk 2017-09-03 22:47 - 2012-09-16 16:36 - 000001852 _____ C:\Users\Public\Desktop\T-Mobile Internet Manager 03.lnk 2017-09-03 22:47 - 2012-09-04 22:22 - 000000973 _____ C:\Users\Public\Desktop\Mp3tag.lnk 2017-09-03 22:47 - 2012-09-04 02:17 - 000001944 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2017-09-03 22:47 - 2012-08-20 20:19 - 000001807 _____ C:\Users\Public\Desktop\ICQ7M.lnk 2017-09-03 22:47 - 2012-08-17 18:48 - 000000860 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-09-03 22:47 - 2012-08-17 18:19 - 000002115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2017-09-03 22:47 - 2012-08-16 13:53 - 000000909 _____ C:\Users\Public\Desktop\VLC media player.lnk 2017-09-03 22:47 - 2012-08-15 19:46 - 000001162 _____ C:\Users\Public\Desktop\Camtasia Studio 7.lnk 2017-09-03 22:47 - 2012-08-15 13:29 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2017-09-03 22:47 - 2012-08-15 13:29 - 000002013 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk 2017-09-03 22:47 - 2012-08-12 02:49 - 000000937 _____ C:\Users\Public\Desktop\µTorrent.lnk 2017-09-03 22:47 - 2012-08-11 19:12 - 000001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2017-09-03 22:47 - 2012-08-11 19:12 - 000001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2017-09-03 22:47 - 2012-08-11 15:21 - 000001777 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-09-03 22:47 - 2012-08-11 15:17 - 000002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-09-03 22:47 - 2012-08-11 13:52 - 000001202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk 2017-09-03 22:47 - 2012-08-11 13:52 - 000001196 _____ C:\Users\Public\Desktop\HD VDeck.lnk 2017-09-03 22:47 - 2009-07-14 06:57 - 000001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-09-03 22:47 - 2009-07-14 06:57 - 000001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2017-09-03 22:47 - 2009-07-14 06:57 - 000001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2017-09-03 22:47 - 2009-07-14 06:57 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2017-09-03 22:47 - 2009-07-14 06:54 - 000001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2017-09-03 22:46 - 2017-05-14 03:35 - 000001019 _____ C:\Users\Martin\Desktop\Adobe Lightroom.lnk 2017-09-03 22:46 - 2017-05-14 02:52 - 000001049 _____ C:\Users\Martin\Desktop\Capture One 10.lnk 2017-09-03 22:46 - 2017-04-20 15:50 - 000002175 _____ C:\Users\Martin\Desktop\WhatsApp.lnk 2017-09-03 22:46 - 2017-03-30 07:42 - 000013373 _____ C:\Users\Martin\Desktop\Netzwerkverbindungen anzeigen - Verknüpfung.lnk 2017-09-03 22:46 - 2017-03-25 23:40 - 000000984 _____ C:\Users\Martin\Desktop\ExifToolGUI.exe - Verknüpfung.lnk 2017-09-03 22:46 - 2017-01-25 22:42 - 000002012 _____ C:\Users\Martin\Desktop\AudioMX HS-11B Headset.lnk 2017-09-03 22:46 - 2016-12-19 23:55 - 000001276 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\OpenIV.lnk 2017-09-03 22:46 - 2016-12-19 23:55 - 000001274 _____ C:\Users\Martin\Desktop\OpenIV.lnk 2017-09-03 22:46 - 2016-12-15 17:07 - 000001073 _____ C:\Users\Martin\Desktop\Random Mouse Clicker.lnk 2017-09-03 22:46 - 2015-10-28 02:52 - 000003039 _____ C:\Users\Martin\Desktop\PTLens.lnk 2017-09-03 22:46 - 2015-10-28 02:52 - 000002999 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PTLens.lnk 2017-09-03 22:46 - 2014-07-28 20:34 - 000001755 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk 2017-09-03 22:46 - 2014-04-27 15:49 - 000001096 _____ C:\Users\Martin\Desktop\PokerStars.net.lnk 2017-09-03 22:46 - 2014-03-11 23:28 - 000001204 _____ C:\Users\Martin\Desktop\Uplay.lnk 2017-09-03 22:46 - 2014-02-07 15:01 - 000001240 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk 2017-09-03 22:46 - 2013-10-29 17:52 - 000001973 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk 2017-09-03 22:46 - 2013-06-25 17:42 - 000000924 _____ C:\Users\Martin\Desktop\GIMP 2.lnk 2017-09-03 22:46 - 2012-12-02 22:32 - 000001172 _____ C:\Users\Martin\Desktop\TeamSpeak 3 Client.lnk 2017-09-03 22:46 - 2012-11-28 00:04 - 000000988 _____ C:\Users\Martin\Desktop\Bandicam.lnk 2017-09-03 22:46 - 2012-08-12 22:23 - 000000562 _____ C:\Users\Martin\Desktop\Fraps.lnk 2017-09-03 22:46 - 2012-08-12 02:49 - 000000949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk 2017-09-03 22:46 - 2012-08-11 17:28 - 000001894 _____ C:\Users\Martin\Desktop\Need For Speed World.lnk 2017-09-03 22:46 - 2009-07-14 07:01 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2017-09-03 22:46 - 2009-07-14 06:49 - 000001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2017-09-03 22:35 - 2016-02-13 02:26 - 000000000 ____D C:\Program Files (x86)\Avira 2017-09-03 22:35 - 2014-03-16 22:32 - 000000000 ____D C:\ProgramData\Avira 2017-09-03 22:35 - 2012-08-11 13:28 - 000000000 ____D C:\Users\Martin 2017-09-03 22:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Help 2017-09-03 22:35 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\QUOSA USB Flash Prists Upgrade 2017-09-03 22:31 - 2012-08-14 22:46 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2017-09-03 22:31 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-09-03 22:28 - 2012-11-02 14:52 - 000000000 _RSHD C:\Kernels 2017-09-03 22:11 - 2013-11-05 04:59 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-03 21:13 - 2012-11-09 19:18 - 000000000 ____D C:\Windows\Minidump 2017-09-03 21:13 - 2012-09-04 02:16 - 000000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite 2017-09-03 21:13 - 2012-08-12 02:49 - 000000000 ____D C:\Users\Martin\AppData\Roaming\uTorrent 2017-09-03 21:13 - 2012-08-11 20:07 - 000000000 ____D C:\Windows\Panther 2017-09-03 21:13 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\ModemLogs 2017-09-03 16:07 - 2009-07-14 20:18 - 000000000 ____D C:\Program Files\Windows Journal 2017-09-03 13:30 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2017-09-03 13:29 - 2017-07-16 04:14 - 000003544 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-09-03 13:29 - 2017-07-16 04:14 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-09-03 01:26 - 2012-08-11 14:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-09-02 22:48 - 2017-01-11 22:07 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Mozilla 2017-09-02 06:27 - 2017-02-07 04:06 - 000000000 ____D C:\Program Files (x86)\Steam 2017-09-02 06:10 - 2012-08-11 14:55 - 000000000 ____D C:\Games 2017-09-02 06:09 - 2016-02-02 21:28 - 000000000 ____D C:\Program Files (x86)\Origin 2017-08-31 19:59 - 2017-07-04 07:24 - 000008995 _____ C:\Users\Martin\Documents\passwerter.xlsx 2017-08-31 02:20 - 2017-04-20 15:50 - 000000000 ____D C:\Users\Martin\AppData\Roaming\WhatsApp 2017-08-30 22:47 - 2013-06-25 17:51 - 000000000 ____D C:\Users\Martin\AppData\Local\gtk-2.0 2017-08-30 22:47 - 2013-06-25 17:42 - 000000000 ____D C:\Users\Martin\.gimp-2.8 2017-08-30 20:53 - 2012-08-16 13:54 - 000000000 ____D C:\Users\Martin\AppData\Roaming\vlc 2017-08-30 20:34 - 2017-04-30 21:17 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2017-08-30 20:34 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-08-27 19:13 - 2016-02-18 16:38 - 000003870 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1455806318 2017-08-27 12:43 - 2009-07-14 07:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-08-26 00:19 - 2017-04-20 15:50 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-08-26 00:19 - 2017-04-20 15:50 - 000000000 ____D C:\Users\Martin\AppData\Local\WhatsApp 2017-08-26 00:19 - 2017-04-20 15:50 - 000000000 ____D C:\Users\Martin\AppData\Local\SquirrelTemp 2017-08-15 02:51 - 2012-08-14 22:40 - 000000000 ____D C:\ProgramData\InstallShield 2017-08-15 02:41 - 2012-08-11 13:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-08-15 01:53 - 2014-06-21 20:12 - 000000000 ____D C:\Users\Martin\Documents\My Games 2017-08-15 01:52 - 2012-12-11 17:38 - 000000000 ____D C:\Temp 2017-08-12 22:42 - 2016-02-19 00:12 - 000004508 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-08-12 22:42 - 2012-08-11 14:08 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-08-12 22:42 - 2012-08-11 14:08 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-12 22:42 - 2012-08-11 14:08 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-06 22:54 - 2015-08-15 11:30 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2017-05-29 19:04 - 2016-11-07 07:21 - 1032677376 _____ () C:\Program Files\de_office_language_pack_2010_x86_x64_dvd_517114.iso 2017-05-29 19:04 - 2016-11-06 17:04 - 341735424 _____ () C:\Program Files\Microsoft Office 2010 Excel x64 64bit.iso 2017-05-29 19:04 - 2016-12-09 20:45 - 387149824 _____ () C:\Program Files\Microsoft Office 2010 Powerpoint x64 64bit.iso 2017-05-29 19:04 - 2016-12-09 20:17 - 353724416 _____ () C:\Program Files\Microsoft Office 2010 Powerpoint x86 32bit.iso 2017-05-29 19:04 - 2016-11-06 17:13 - 361279488 _____ () C:\Program Files\Microsoft Office 2010 Word x64 64bit.iso 2017-05-29 19:04 - 2016-11-07 13:15 - 063363736 _____ (Microsoft Corporation) C:\Program Files\PowerPointViewer.exe 2017-03-26 03:35 - 2015-04-07 02:42 - 002831528 ____N (Adobe Systems Incorporated) C:\Program Files\Set-up.exe 2013-09-13 15:21 - 2014-04-01 00:19 - 000000142 _____ () C:\Users\Martin\AppData\Roaming\WB.CFG 2012-08-15 19:48 - 2016-04-20 17:36 - 000007168 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-09-03 13:29 - 2017-09-03 13:29 - 000016176 _____ () C:\Users\Martin\AppData\Local\InstallationConfiguration.xml 2017-09-03 13:29 - 2017-09-03 13:29 - 000140800 _____ () C:\Users\Martin\AppData\Local\installer.dat 2017-09-03 13:30 - 2017-09-03 13:30 - 000018432 _____ () C:\Users\Martin\AppData\Local\Main.dat 2017-08-30 22:47 - 2017-08-30 22:47 - 000004068 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel 2012-08-15 03:57 - 2016-07-10 23:35 - 000007633 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg 2017-09-03 21:00 - 2017-09-03 21:00 - 000000004 _____ () C:\ProgramData\_lg.3sap ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert nointegritychecks: ==> "IntegrityChecks" ist deaktiviert. <==== ACHTUNG LastRegBack: 2017-08-11 12:31 ==================== Ende von FRST.txt ============================ |
04.09.2017, 10:56 | #7 |
| csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/... Und Nummer 2 Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-08-2017 durchgeführt von Martin (04-09-2017 11:50:13) Gestartet von C:\Users\Martin\Documents Windows 7 Home Premium Service Pack 1 (X64) (2012-08-11 11:28:44) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-4274444522-239977233-1919266746-500 - Administrator - Disabled) Gast (S-1-5-21-4274444522-239977233-1919266746-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4274444522-239977233-1919266746-1002 - Limited - Enabled) Martin (S-1-5-21-4274444522-239977233-1919266746-1000 - Administrator - Enabled) => C:\Users\Martin ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) ActiveState ActivePython 2.7.2.5 (64-bit) (HKLM\...\{99F9B5F6-C042-44C5-9BE8-36CF244480BC}) (Version: 2.7.5 - ActiveState Software Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated) Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated) Adobe Lens Profile Downloader (HKLM-x32\...\AdobeLensProfileDownloader) (Version: 1.0.1 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.10.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated) Adobe Reader X (10.1.7) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated) Age of Empires III - The Asian Dynasties (HKLM-x32\...\{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III - The WarChiefs (HKLM-x32\...\{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III (HKLM-x32\...\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios) Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.322 - ArcSoft) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.) AudioMX HS-11B Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006620}) (Version: 1.00.0015 - Claybox Limited) AutoGreen B12.0206.1 (HKLM-x32\...\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) Hidden AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.30.29 - Avira Operations GmbH & Co. KG) Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG) Avira Connect (HKLM-x32\...\{7990b9d3-2da3-4eef-bf20-73a05086fd12}) (Version: 1.2.92.32157 - Avira Operations GmbH & Co. KG) Avira Connect (HKLM-x32\...\{E972AE5C-71B3-4D35-8193-BC4CC2F1FA20}) (Version: 1.2.92.32157 - Avira Operations GmbH & Co. KG) Hidden Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.4.283 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation) Canon Inkjet Printer Driver Add-On Module V2.00 (HKLM\...\CANONIJINBOXADDON200) (Version: - ) Canon iP3600 series Benutzerregistrierung (HKLM-x32\...\Canon iP3600 series Benutzerregistrierung) (Version: - ) Canon iP3600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform) Contenta Converter PREMIUM (HKLM-x32\...\ContentaConverter-PREMIUM) (Version: - Contenta Software) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd) DeepSkyStacker (HKLM-x32\...\{350E3960-DE20-4FE6-9E6B-26B464AD27FD}) (Version: 3.2.0 - ) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment) Do It Again (HKLM-x32\...\{85BF0E64-6ABB-4EA1-A026-A3DEA6554A60}) (Version: 1.6.0 - spacetornado software) Easy Tune 6 B12.0402.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden Easy Tune 6 B12.0402.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{4705DBFD-9D5E-4D23-817C-8CA7359B7BDE}) (Version: 11.1.20810.00 - Microsoft Corporation) Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation) erLT (HKLM-x32\...\{A498D9EB-927B-459B-85D6-DD6EF8C2C564}) (Version: 1.20.0137 - Logitech, Inc.) Hidden Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff) F1 2010 (HKLM-x32\...\{434D0831-3E0C-4D03-A5D4-5E1000008600}) (Version: 1.0.0000.134 - Codemasters) Hidden F1 2010 (HKLM-x32\...\{434D0831-A4CC-401A-9E74-621000018401}) (Version: 1.0.0001.132 - Codemasters) Hidden F1 2010 (HKLM-x32\...\GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008600}) (Version: 1.0.0000.134 - Codemasters) FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fraps (HKLM-x32\...\Fraps) (Version: - ) Ghost Recon Online (EU) (HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\d8be6c3f847d7d92) (Version: 1.35.3440.2 - Ubisoft) GOG.com The Settlers 4 GOLD (HKLM\...\{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG) Gothic III Release Update (HKLM-x32\...\{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}) (Version: 1.00.0000 - JoWooD Productions Software AG) GRID (HKLM-x32\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.30.0000 - Codemasters) ICQ7M (HKLM-x32\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ) Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation) ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman) iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.) Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation) LightZone 4.1.2 (HKLM-x32\...\3263-1164-2624-0047) (Version: 4.1.2 - LightZone Project) Logitech Gaming Software 8.94 (HKLM\...\Logitech Gaming Software) (Version: 8.94.92 - Logitech Inc.) M2Fish 4.4 (HKLM-x32\...\M2Fish) (Version: 4.4 - ErpeL) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.6.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01590 - Microsoft Corporation) Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation) Microsoft Excel 2010 (HKLM\...\Office14.EXCEL) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (HKLM-x32\...\{69ec32be-d994-44de-9eae-6d86ced6f352}) (Version: 11.0.50727.42 - Microsoft Corporation) Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation) Moorhuhn (HKLM-x32\...\Moorhuhn) (Version: - ) Moorhuhn Kart XXL (HKLM-x32\...\{49E766E4-4B3F-40F7-B987-89F2DF6D524C}) (Version: - ) Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 55.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 de)) (Version: 55.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla) Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich) Mrtzc Media Player (HKLM-x32\...\{179E723E-F113-4781-B033-EF0167455C9D}) (Version: 1.0.0 - Martazcasoft Ltd.) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft) Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts) NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles) Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - ) NVIDIA PhysX (HKLM-x32\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation) O&O SSD Migration Kit (HKLM\...\{C0A813B0-3764-4D77-B4F0-AFB130D8C215}) (Version: 7.0.35 - O&O Software GmbH) ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenIV (HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team) OpenVPN 2.3.2-I003 (HKLM-x32\...\OpenVPN) (Version: 2.3.2-I003 - ) Opera 12.18 (HKLM-x32\...\Opera 12.18.1872) (Version: 12.18.1872 - Opera Software ASA) Opera Stable 47.0.2631.71 (HKLM-x32\...\Opera 47.0.2631.71) (Version: 47.0.2631.71 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.) Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer) PlanetSide 2 (HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment) Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden PlayMemories Camera Apps Downloader (HKLM-x32\...\{E4B95A36-0EF2-44C6-B939-5B3DBBC34502}) (Version: 1.1.1975.475 - Sony Network Entertainment International LLC) PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net) PTLens (HKLM\...\{79D0735B-052B-4657-8485-15FBB33FF612}) (Version: 3.0.807 - ePaperPress) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc) REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology) Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{F8F9897A-AA29-43EB-8847-94E0253CD458}) (Version: - Microsoft) SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamSpeak 3 Client (HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer) The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) The Settlers Online - Standalone Client (HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\The Settlers Online) (Version: - ) TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK) T-Mobile Internet Manager 03 (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) WhatsApp (HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\WhatsApp) (Version: 0.2.5863 - WhatsApp) WiMP 2.1.3 (HKLM-x32\...\{4DAC7A70-AD1B-0946-8756-0C7F70D08329}) (Version: 2.1.3 - Aspiro AS) Hidden WiMP 2.1.3 (HKLM-x32\...\com.aspiro.wimp.de.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1) (Version: 2.1.3 - Aspiro AS) Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.7.6 - Shark007) Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows-Treiberpaket - Leaf Imaging Ltd. Image (12/03/2014 1.2.0.0) (HKLM\...\B758007C752D28F7C3542875CEEBDADCAE5941AE) (Version: 12/03/2014 1.2.0.0 - Leaf Imaging Ltd.) Windows-Treiberpaket - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya) Windows-Treiberpaket - Phase One A/S (WinUSB) USBDevice (12/03/2014 1.13.0.0) (HKLM\...\7C6570ABBEB2F08EFBC23ED7925AE72DA6167BD8) (Version: 12/03/2014 1.13.0.0 - Phase One A/S) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-4274444522-239977233-1919266746-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4274444522-239977233-1919266746-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] () ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] () ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-08-17] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers2: [Record To CD] -> {34F4B935-17DC-4885-8BC9-CCD1ADF42F93} => C:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll [2009-04-02] (Alex Feinman) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] () ContextMenuHandlers6: [Create ISO Image from directory] -> {34F4B935-17DC-4885-8BC9-CCD1ADF42F93} => C:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll [2009-04-02] (Alex Feinman) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-08-17] (Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0234CF2A-6869-4976-8CA0-6773F4BF57FC} - System32\Tasks\{469A63ED-B969-4790-A38A-821658059A35} => C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [2012-07-19] () Task: {0B07DA20-80C0-44D5-B36D-D6F8EA4CB270} - System32\Tasks\{BD51E8FE-20F3-45AF-9CA2-03205A292D26} => C:\Windows\system32\pcalua.exe -a C:\Users\Martin\AppData\Local\Temp\GLF436D.tmp\SEATOO~1.EXE -d C:\Users\Martin\AppData\Local\Opera\Opera\TEMPOR~1 -c /awm "C:\Users\Martin\AppData\Local\Temp\GLF436D.tmp\settings.ini" <==== ACHTUNG Task: {12291588-53F8-431F-8849-5C1AF39D2F59} - System32\Tasks\{248A36B1-D733-4D0A-A983-77CA2BC18268} => C:\Windows\system32\pcalua.exe -a D:\autorun.exe -d D:\ Task: {169CA4F4-7D13-4676-8BFA-B9A4471A55C1} - System32\Tasks\{94E4FF8D-95B4-4E78-9B97-91234881CD09} => C:\Users\Martin\Desktop\WinSize2\DesktopCmd.exe Task: {21DE6C09-BE9D-4E06-A7BD-54C6C27C0ABE} - System32\Tasks\1e61f3fcf130e6786c212969e80c078b => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\Windows\1e61f3fcf130e6786c212969e80c078b.ps1" <==== ACHTUNG Task: {282AA540-A6DC-486A-ACA5-9F07B2BA52C5} - System32\Tasks\{BF95E290-7F53-49F3-A363-F9C327FBF087} => C:\Windows\system32\pcalua.exe -a C:\Users\Martin\AppData\Local\Opera\Opera\temporary_downloads\eDgMt2_Client.exe -d C:\Users\Martin\AppData\Local\Opera\Opera\temporary_downloads Task: {30147E0B-51AC-4FFE-A9F4-3983CD3E11D1} - System32\Tasks\AppleChargerSrvServiceASP.NET-Zustandsdienst => C:\Program Files (x86)\nodejs\node.exe Task: {307A60E0-DB73-4AF3-836A-2A222740E618} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd) Task: {383152C0-D518-4ED1-A049-6F0AF0AE9B11} - System32\Tasks\nQXisEo3lC => C:\Program Files (x86)\dry7reYQ6I\updengine.exe <==== ACHTUNG Task: {3BAD81BE-6B91-43D9-A834-3F6AF26C1A58} - System32\Tasks\{11E721AF-177D-4332-802B-95DF45628C1C} => C:\Windows\system32\pcalua.exe -a "B:\Programme\Lightroom\Adobe Photoshop Lightroom CC 6.7 Multilingual + Crack [SadeemPC]\Lightroom.6.Setup.exe" -d "B:\Programme\Lightroom\Adobe Photoshop Lightroom CC 6.7 Multilingual + Crack [SadeemPC]" Task: {4B51E838-6803-48BD-80AD-1412F9A54442} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-16] (Google Inc.) Task: {5311CCDB-C2DC-4FDC-9AD0-BEFC691FDE46} - System32\Tasks\{F2A0FD30-CA55-426F-A96C-086350064F46} => C:\Windows\system32\pcalua.exe -a C:\Users\Martin\Desktop\Eoc\Setup.Exe -d C:\Users\Martin\Desktop\Eoc Task: {5F11F10A-17FB-49CC-93DB-167A9E990FC4} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {690471AD-BACF-467C-8A69-BA7D482F1189} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {8883D0FF-AA32-4994-B162-E14736C09C09} - System32\Tasks\QUOSA USB Flash Prists Upgrade => C:\Windows\system32\rundll32.exe "C:\Program Files\QUOSA USB Flash Prists Upgrade\QUOSA USB Flash Prists Upgrade.dll",bNjRZEJhbNor <==== ACHTUNG Task: {91B3C395-46C2-4817-AD7A-FC041E124778} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-16] (Google Inc.) Task: {9857C6E2-3B7D-4FD4-AC62-46F549FB62A4} - System32\Tasks\{66582B0E-13E9-440F-9EAB-4F82A8A0A9C6} => C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [2012-07-19] () Task: {9A36D7CC-4919-40D6-948D-D45428697766} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => C:\\ProgramData\\WindowsReporting\\wermgr.exe [2017-09-03] () <==== ACHTUNG Task: {A6F77BF2-C091-42EE-A742-C9EFEB715334} - System32\Tasks\Opera scheduled Autoupdate 1455806318 => C:\Program Files (x86)\Opera\launcher.exe Task: {A9B3FFE2-E7BD-408C-9263-291024F0B87E} - System32\Tasks\VhQw2OFut7 => C:\Program Files (x86)\QYiDhYJvVY\updengine.exe <==== ACHTUNG Task: {B3958F85-21DB-49E0-BCBB-7A5D95DB120C} - System32\Tasks\Opera scheduled Autoupdate 1504473120 => C:\Program Files\Opera\launcher.exe [2017-08-25] (Opera Software) Task: {C4DCE3C8-4804-46AF-9B0B-2DB97C5A6EDE} - System32\Tasks\{E09F92E4-9B0E-4FEF-A792-8D54E3BA9EC3} => C:\Windows\system32\pcalua.exe -a C:\Users\Martin\AppData\Local\Temp\GLF436D.tmp\WISEPR~1.EXE -d C:\Users\Martin\AppData\Local\Opera\Opera\TEMPOR~1 -c "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS98613C991399416CA07C1EE1C585D872_1_2_0_6.MSI" InstallUISequence <==== ACHTUNG Task: {C7D22866-8464-4CB8-891E-146B20A9BE43} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG) Task: {DDEB58B0-D410-45D6-8A03-41542A99D346} - System32\Tasks\{7BEC8C18-32B1-422D-961D-0CCB9B8E1996} => C:\Program Files\VideoLAN\VLC\vlc.exe [2012-06-28] () Task: {E270B26B-E816-4DFA-815F-A729BD7312AF} - System32\Tasks\{002667BB-F9D0-4F0C-BE37-974C787CF7E8} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall Task: {EC6B739C-DAC3-4D8F-BBE2-2D16D7EEE66E} - System32\Tasks\{3E43C360-7FB6-49C5-AD96-5DF8A4C284CC} => rundll32.exe "C:\Users\Martin\AppData\Local\Microsoft\TaskPlay\caches.dat",StaticCache Task: {EEDDA502-3112-4B35-ABBD-EB73FA670A0C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-12] (Adobe Systems Incorporated) Task: {F29F6283-5B7E-467C-8AFA-7AD1BF25A837} - System32\Tasks\AdobeAAMUpdater-1.0-Martin-PC-Martin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\HEXA DESK.job => C:\Users\Martin\AppData\Roaming\HexaDesK\HexaDesK.exe ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\Martin\Desktop\Download Video and Audio Online.lnk -> hxxp://video-box.org/Content/Images/favicon3.ico Shortcut: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic Shortcut: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Keine Datei) <==== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа-Вrоwsеr.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Keine Datei) <==== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Keine Datei) <==== Cyrillic Shortcut: C:\Users\Public\Desktop\Ореrа-Вrоwsеr.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Keine Datei) <==== Cyrillic Shortcut: C:\Users\Public\Desktop\Ореrа.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2013-01-26 21:16 - 2012-03-14 13:05 - 000053312 _____ () C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe 2014-03-16 06:18 - 2014-03-16 06:18 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-09-16 16:36 - 2009-03-30 11:34 - 000241664 _____ () C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe 2017-07-18 00:50 - 2017-08-14 03:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll 2017-01-25 22:42 - 2014-11-10 04:52 - 002300416 ____N () C:\Program Files\AudioMX HS-11B Headset\CPL\FaceLift_x64.exe 2015-03-07 02:07 - 2015-03-07 02:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2017-06-16 03:00 - 2017-06-16 03:00 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-07 02:07 - 2015-03-07 02:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2017-06-16 03:00 - 2017-06-16 03:00 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2012-08-11 13:52 - 2012-01-12 15:21 - 000078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2012-08-11 13:52 - 2012-01-12 15:21 - 000386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2013-01-26 21:16 - 2012-03-14 13:04 - 000109120 _____ () C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe 2017-06-16 03:00 - 2017-06-16 03:00 - 000416888 _____ () C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe 2017-08-14 03:48 - 2017-08-14 03:48 - 034865232 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe 2017-09-03 23:12 - 2017-08-25 15:57 - 090054232 _____ () C:\Program Files\Opera\47.0.2631.71\opera_browser.dll 2017-09-03 23:12 - 2017-08-25 15:57 - 003972696 _____ () C:\Program Files\Opera\47.0.2631.71\libglesv2.dll 2017-09-03 23:12 - 2017-08-25 15:57 - 000100440 _____ () C:\Program Files\Opera\47.0.2631.71\libegl.dll 2017-09-02 06:09 - 2017-09-02 06:09 - 000021856 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe 2012-05-30 20:06 - 2012-05-30 20:06 - 000087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-07-13 09:50 - 2017-07-13 09:50 - 067115616 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2017-06-22 18:56 - 2017-06-22 18:56 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2017-06-22 18:56 - 2017-06-22 18:56 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2017-06-22 18:55 - 2017-06-22 18:55 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2017-06-22 18:56 - 2017-06-22 18:56 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2017-07-13 10:12 - 2017-07-13 10:12 - 000110688 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll 2017-06-22 18:56 - 2017-06-22 18:56 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2017-05-19 23:49 - 2017-05-19 23:49 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node 2017-05-19 23:49 - 2017-05-19 23:49 - 000117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node 2017-05-19 23:49 - 2017-05-19 23:49 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node 2017-05-19 23:50 - 2017-05-19 23:50 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2017-07-13 10:07 - 2017-07-13 10:07 - 000110688 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll 2017-05-19 23:49 - 2017-05-19 23:49 - 000098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node 2017-05-19 23:50 - 2017-05-19 23:50 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node 2012-08-11 13:44 - 2011-12-16 10:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2017-09-02 06:09 - 2017-09-02 06:09 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL 2017-09-02 06:09 - 2017-09-02 06:09 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll 2016-02-02 21:40 - 2017-09-02 06:07 - 000266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-4274444522-239977233-1919266746-1000\...\sony.com -> sony.com ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2017-09-03 21:30 - 000001293 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 distribution.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 plugpackdownload.net 127.0.0.1 texttotalk.org 127.0.0.1 gambling577.xyz 127.0.0.1 htagdownload.space 127.0.0.1 mybcnmonetize.com 127.0.0.1 360devtraking.website 127.0.0.1 dscdn.pw 127.0.0.1 beautifllink.xyz ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-4274444522-239977233-1919266746-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 62.138.239.45 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk => C:\Windows\pss\TMMonitor.lnk.CommonStartup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent MSCONFIG\startupreg: ICQ => ~"C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4 MSCONFIG\startupreg: RandomMouseClicker => C:\Users\Martin\AppData\Roaming\Random Mouse Clicker\RandomMouseClicker.exe :silent MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\T-Mobile Internet Manager 03\UIExec.exe" MSCONFIG\startupreg: World of Warships => "B:\GAMES\World Of Warshipss\WargamingGameUpdater.exe" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{E451C0EA-1655-4780-99FB-AD6848764151}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe FirewallRules: [{62A95B79-1CC3-4FFE-85C9-00F52D2E4426}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe FirewallRules: [{2BFFA246-87EA-467D-81B3-7757AC3FC8B2}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{9B5410C9-ED3D-47AB-AC70-1BB761AD9255}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{BA789F2C-29EF-46AA-AFA5-268566B6CE35}] => (Allow) C:\Games\Codemasters\GRID\GRID.exe FirewallRules: [{4EA7D534-EA9C-4920-A260-1B1E9468C539}] => (Allow) C:\Games\Codemasters\GRID\GRID.exe FirewallRules: [{83C249FB-D936-4501-BC4E-549A8467D2B1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{2FB38158-8740-40B1-9A89-7CC3675E84B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D668C8EC-F472-4C9F-94D7-97FA5AB9EBC1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{43EB419E-FB22-4D74-9006-6ED26495598A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D89B7F83-C6FF-4AE8-91D9-1132E8090B0F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{58A7B8DB-076A-4D66-B3E3-8DF327F5B28C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{584F626B-A470-4B0C-88E1-CC64544C3F6E}C:\games\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\games\electronic arts\need for speed world\data\nfsw.exe FirewallRules: [UDP Query User{222A6262-2D20-404F-BAFE-ED72D71536E4}C:\games\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\games\electronic arts\need for speed world\data\nfsw.exe FirewallRules: [{87AE5956-0528-4B4E-902D-A5821F93BD33}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{6AE68337-9C8D-4AEF-B782-7330E81D9C99}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{2367A379-D802-4079-94FD-F3E4A811C3BE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe FirewallRules: [{3B50941F-0B4E-43E9-B9BE-35FEEA5B44C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe FirewallRules: [{A97074B8-7976-4C25-BFE6-F23C627BAED3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe FirewallRules: [{401395D5-BDF4-4546-B28C-6C645ABA3866}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe FirewallRules: [{CCC9DEAC-3E93-4A73-BBC9-26A3D93203BD}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{D8B485FD-3468-4E45-8CD8-B7B2CB20CE54}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{BE3CC39D-7500-4CD8-9E99-BF59B948BC55}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe FirewallRules: [{09CF9179-EEFC-41CA-B2A2-60A151D3263D}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe FirewallRules: [{554D0959-70C0-42C6-B9A9-55898989CF85}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe FirewallRules: [{EA188FEA-A2A2-44B0-AF30-17D86F54022B}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe FirewallRules: [{7724E55F-B550-40CF-9BBB-30C507B7BE24}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe FirewallRules: [{8A730F80-6671-4DFD-ABE8-03850AC358B3}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe FirewallRules: [{35F4FAE3-6EDB-498C-A1C2-DC43469B3D1C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe FirewallRules: [{71E91AAD-0315-43AF-83BD-85EB17F27C19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe FirewallRules: [TCP Query User{774A58CD-E3DC-4212-993E-8F05AF72C96F}C:\users\martin\desktop\hardcore reloaded\.hardcore reloaded.exe] => (Allow) C:\users\martin\desktop\hardcore reloaded\.hardcore reloaded.exe FirewallRules: [UDP Query User{8E55178F-3C9D-4876-9E72-4F9B2A7A4464}C:\users\martin\desktop\hardcore reloaded\.hardcore reloaded.exe] => (Allow) C:\users\martin\desktop\hardcore reloaded\.hardcore reloaded.exe FirewallRules: [TCP Query User{F1DEDC6D-4F22-48BB-9A53-F97512C4FDF9}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe FirewallRules: [UDP Query User{F8779B61-1311-4B47-952E-046210A3B8AA}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe FirewallRules: [{E2873022-B0F3-4F67-98B7-B72406EF0F09}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{8ACD3E53-C876-4383-817E-9887850E8FD4}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{72A23EB6-62D1-45EC-8633-3F4E6DB6BAE7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7C09614C-91DB-462B-A483-D6160E456ED6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{9D87AA90-DCE0-4CC4-9ACD-7F351C18D3BA}C:\users\martin\desktop\awesomeworld2 - join us ! [user-client]\metin2.exe] => (Allow) C:\users\martin\desktop\awesomeworld2 - join us ! [user-client]\metin2.exe FirewallRules: [UDP Query User{A4289919-6906-4F0E-BB91-426481E8AF01}C:\users\martin\desktop\awesomeworld2 - join us ! [user-client]\metin2.exe] => (Allow) C:\users\martin\desktop\awesomeworld2 - join us ! [user-client]\metin2.exe FirewallRules: [TCP Query User{C25A4A34-A668-423B-B6BE-1BBB2D135B64}C:\users\martin\desktop\takania2client v1.1\clientstarter.exe] => (Allow) C:\users\martin\desktop\takania2client v1.1\clientstarter.exe FirewallRules: [UDP Query User{3EE60CF6-3075-460D-8A0A-44F845451ED5}C:\users\martin\desktop\takania2client v1.1\clientstarter.exe] => (Allow) C:\users\martin\desktop\takania2client v1.1\clientstarter.exe FirewallRules: [{E9C4208B-77DB-4FCF-8E7D-85AA174F6303}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe FirewallRules: [{E4DE615C-2742-46AD-B274-EBC80ECD3953}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe FirewallRules: [TCP Query User{54486198-9430-4464-B396-A25D43E432A8}C:\users\martin\downloads\need for speed most wanted limited edition-full unlocked\need for speed most wanted limited edition-full unlocked\nfs13.exe] => (Allow) C:\users\martin\downloads\need for speed most wanted limited edition-full unlocked\need for speed most wanted limited edition-full unlocked\nfs13.exe FirewallRules: [UDP Query User{CF9EB1B3-327C-4B9B-BACE-579AE1255ED8}C:\users\martin\downloads\need for speed most wanted limited edition-full unlocked\need for speed most wanted limited edition-full unlocked\nfs13.exe] => (Allow) C:\users\martin\downloads\need for speed most wanted limited edition-full unlocked\need for speed most wanted limited edition-full unlocked\nfs13.exe FirewallRules: [TCP Query User{E1AF9F3E-EC7C-4D53-914B-0AF6F4684E01}C:\users\martin\downloads\need for speed most wanted limited edition-full unlocked\need for speed most wanted limited edition-full unlocked\nfs13 klicken.exe] => (Block) C:\users\martin\downloads\need for speed most wanted limited edition-full unlocked\need for speed most wanted limited edition-full unlocked\nfs13 klicken.exe FirewallRules: [UDP Query User{3064B4CF-F66A-4F8C-A07C-70E6A737B17F}C:\users\martin\downloads\need for speed most wanted limited edition-full unlocked\need for speed most wanted limited edition-full unlocked\nfs13 klicken.exe] => (Block) C:\users\martin\downloads\need for speed most wanted limited edition-full unlocked\need for speed most wanted limited edition-full unlocked\nfs13 klicken.exe FirewallRules: [{16F8073A-E554-48D6-8C3A-BBF339DFAAF9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{18B5E9EB-5F38-4AB6-B6A1-7EAEE5D0D8F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [TCP Query User{65E2DB8A-5666-4AF7-BE03-D6198A5D464C}C:\users\martin\desktop\hardcore reloaded\metin2client.bin] => (Allow) C:\users\martin\desktop\hardcore reloaded\metin2client.bin FirewallRules: [UDP Query User{CCC45799-11FB-4D40-8C39-87489ADFAEE6}C:\users\martin\desktop\hardcore reloaded\metin2client.bin] => (Allow) C:\users\martin\desktop\hardcore reloaded\metin2client.bin FirewallRules: [TCP Query User{4348C251-834A-436B-9D9D-5E83164AC549}C:\games\metin2\metin2client.bin] => (Allow) C:\games\metin2\metin2client.bin FirewallRules: [UDP Query User{C25831CA-61C0-46A3-BA54-C6B69E94D8CD}C:\games\metin2\metin2client.bin] => (Allow) C:\games\metin2\metin2client.bin FirewallRules: [TCP Query User{FB864E17-615A-405F-B6CA-FBC6EDA1AC87}C:\users\martin\desktop\moonmt2\moonmt2_2012 client dez 2012 2\moonmt2.exe] => (Allow) C:\users\martin\desktop\moonmt2\moonmt2_2012 client dez 2012 2\moonmt2.exe FirewallRules: [UDP Query User{5E718284-00EC-4FD0-943F-5115E5F05BEF}C:\users\martin\desktop\moonmt2\moonmt2_2012 client dez 2012 2\moonmt2.exe] => (Allow) C:\users\martin\desktop\moonmt2\moonmt2_2012 client dez 2012 2\moonmt2.exe FirewallRules: [{FC1252BB-3D71-45E5-9340-142DBFDF37F7}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe FirewallRules: [{9D87B0A5-5650-44C4-8951-64A70829A277}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe FirewallRules: [{00FD2B69-4E12-4402-B8D5-D26C422A3688}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [{32D0A3D2-9003-409E-86B6-EDF3BBCADA74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [TCP Query User{5315B946-B256-4416-8C02-D6734F31BDF5}C:\users\martin\desktop\metin2 beta\metin2\metin2client.bin] => (Allow) C:\users\martin\desktop\metin2 beta\metin2\metin2client.bin FirewallRules: [UDP Query User{365E91C6-6BB7-428F-AF30-7D302762C167}C:\users\martin\desktop\metin2 beta\metin2\metin2client.bin] => (Allow) C:\users\martin\desktop\metin2 beta\metin2\metin2client.bin FirewallRules: [{480FC727-0B17-4DF4-8F90-9980A2E0B748}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 8\onlineTV.exe FirewallRules: [{74A90048-6580-469B-8E77-746AF743E490}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 8\onlineTV.exe FirewallRules: [{DA37C15F-7DF4-4E66-98C7-C5523DCDB5D7}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 8\onlineTVStarter.exe FirewallRules: [{3F78AAA7-169F-4500-BE44-CF9E9F705ED8}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 8\onlineTVStarter.exe FirewallRules: [{7A90232A-E698-4587-9D68-941D04B14670}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe FirewallRules: [{7622B153-9F8B-459C-8742-4248F3D417A4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe FirewallRules: [TCP Query User{A4B1614B-2F20-4B51-BD98-DC7474B05B67}C:\users\martin\desktop\takaniaversion2.1\takania -- starter.exe] => (Allow) C:\users\martin\desktop\takaniaversion2.1\takania -- starter.exe FirewallRules: [UDP Query User{58FBC85D-B149-4345-A915-514966BDBC1D}C:\users\martin\desktop\takaniaversion2.1\takania -- starter.exe] => (Allow) C:\users\martin\desktop\takaniaversion2.1\takania -- starter.exe FirewallRules: [{382A4776-10EC-4073-AF65-C406798792A7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [{17398AD9-2425-4855-9419-85BD2EDB2052}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [TCP Query User{F9CC29AE-540A-4A9D-AA6C-E769E181D956}C:\users\martin\desktop\shiro2 client\shiro2.exe] => (Allow) C:\users\martin\desktop\shiro2 client\shiro2.exe FirewallRules: [UDP Query User{ED139DCE-DDAA-4939-8DFF-53270A8CA44C}C:\users\martin\desktop\shiro2 client\shiro2.exe] => (Allow) C:\users\martin\desktop\shiro2 client\shiro2.exe FirewallRules: [TCP Query User{B7284BAF-443C-4B0E-B093-C3CBFC11F25C}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe FirewallRules: [UDP Query User{CB571CF6-9C00-4179-908C-5D41295782F5}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe FirewallRules: [{B6DF258A-5C9B-46DB-AF95-E2D37015806B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe FirewallRules: [{83DD87B4-BDB5-4AD9-A2CE-B0969628433A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe FirewallRules: [{93E371D7-13C5-4E86-9A56-D4CFD1F42C5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe FirewallRules: [{A8770094-1007-442E-8D5C-357989D30BD5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe FirewallRules: [TCP Query User{F653DAB6-D7AE-4CFB-BC70-4C15CA2A89B3}C:\users\martin\desktop\pandora2 client\metin2client.exe] => (Allow) C:\users\martin\desktop\pandora2 client\metin2client.exe FirewallRules: [UDP Query User{C5AB6B46-BC40-4C5D-B132-E992162AF593}C:\users\martin\desktop\pandora2 client\metin2client.exe] => (Allow) C:\users\martin\desktop\pandora2 client\metin2client.exe FirewallRules: [{C3323D81-B65B-4741-A22B-9668D94AE003}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{3940B24E-8E74-4EDF-93B1-0BD5E9DF516C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{B0D2FDB2-0118-441B-8EFA-8B0165D9356D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{2559B33C-79D3-4E20-9935-275A57EFA9B1}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{F99AAF51-28C7-4649-8DF9-B335751C483D}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base26490\SC2.exe FirewallRules: [{75659C88-16B7-4EA1-AFFF-D9D743772059}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base26490\SC2.exe FirewallRules: [TCP Query User{6DCA772E-0BD0-4266-9ED8-3A030D413183}C:\users\martin\desktop\client\metin2client2.bin] => (Allow) C:\users\martin\desktop\client\metin2client2.bin FirewallRules: [UDP Query User{AE3FB5EB-7DD0-4F56-B84C-7C013FAC6D2A}C:\users\martin\desktop\client\metin2client2.bin] => (Allow) C:\users\martin\desktop\client\metin2client2.bin FirewallRules: [TCP Query User{581B9D32-91DD-48AC-9BE2-A2BFCEC24772}C:\users\martin\desktop\shiro2_client _2013\shiro2.exe] => (Allow) C:\users\martin\desktop\shiro2_client _2013\shiro2.exe FirewallRules: [UDP Query User{C908E77F-FD80-4312-BEBA-EBCEB05B5180}C:\users\martin\desktop\shiro2_client _2013\shiro2.exe] => (Allow) C:\users\martin\desktop\shiro2_client _2013\shiro2.exe FirewallRules: [{83AA124F-B3A1-4110-8ED5-6C1233A25072}] => (Block) C:\users\martin\desktop\shiro2_client _2013\shiro2.exe FirewallRules: [{CA1780D7-25C7-4BC1-B504-1E3C92AAD030}] => (Block) C:\users\martin\desktop\shiro2_client _2013\shiro2.exe FirewallRules: [{A3366FC7-900E-41F6-BA8B-2D03C9E1909B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe FirewallRules: [{B3FE8639-1093-449C-9B73-3A9D709AD86D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe FirewallRules: [TCP Query User{550A7230-5BBC-4964-94F4-A06C92BF7E67}C:\games\sony online entertainment\planetside 2 psg\planetside2.exe] => (Allow) C:\games\sony online entertainment\planetside 2 psg\planetside2.exe FirewallRules: [UDP Query User{78B88635-B181-4F9A-9B67-F2CDC2FE1D8D}C:\games\sony online entertainment\planetside 2 psg\planetside2.exe] => (Allow) C:\games\sony online entertainment\planetside 2 psg\planetside2.exe FirewallRules: [{0FF55A01-306D-44E3-A550-58390B694D6C}] => (Block) C:\games\sony online entertainment\planetside 2 psg\planetside2.exe FirewallRules: [{951D989B-9F09-40DB-9295-545A441D148F}] => (Block) C:\games\sony online entertainment\planetside 2 psg\planetside2.exe FirewallRules: [{579B26A2-AADA-40AB-ADE1-A0986B769CA9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{5206DBF9-9E37-4802-B7C3-53B07FB6AAA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{C66DD3D8-ACA9-4EDF-8A32-C2A1866DAC8E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{60F71D56-8883-41F8-A0F6-E42038851D2C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{7ACECC1F-46AA-40ED-B417-37CC089465EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe FirewallRules: [{C0AC6702-BBFB-479C-B772-1E3E79CC93EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe FirewallRules: [{90AF46BA-4664-40D3-8864-99E1BA810C70}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{44A2FB38-AE16-4E4E-BA8D-3E7A545717CE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E7D30107-A527-47CE-B500-051C6740A7AE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{CC1F1994-3AC7-4548-9CB8-6652C1B0ACA9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [TCP Query User{46F9A497-6F69-4C01-8BAE-61E623290A18}C:\games\tera\tera-launcher.exe] => (Allow) C:\games\tera\tera-launcher.exe FirewallRules: [UDP Query User{635BB4F5-A5D2-46FA-9FE7-62229F5DCA69}C:\games\tera\tera-launcher.exe] => (Allow) C:\games\tera\tera-launcher.exe FirewallRules: [{109A7D02-685E-43C9-98AD-AB7333B6508D}] => (Block) C:\games\tera\tera-launcher.exe FirewallRules: [{CE639FA7-9CE8-4119-9A23-258B78317BCA}] => (Block) C:\games\tera\tera-launcher.exe FirewallRules: [TCP Query User{2DC92F06-048C-48DD-AD24-672BB973A327}C:\games\ghost recon online\pdc-live\ghostrecononline.exe] => (Allow) C:\games\ghost recon online\pdc-live\ghostrecononline.exe FirewallRules: [UDP Query User{D3F00D7A-5247-43F8-A8EC-94C0F2DC0C5B}C:\games\ghost recon online\pdc-live\ghostrecononline.exe] => (Allow) C:\games\ghost recon online\pdc-live\ghostrecononline.exe FirewallRules: [{DD6C614F-803F-424F-A266-E9E6AD48DDA7}] => (Block) C:\games\ghost recon online\pdc-live\ghostrecononline.exe FirewallRules: [{A6356832-5347-4EDD-945B-54178353D774}] => (Block) C:\games\ghost recon online\pdc-live\ghostrecononline.exe FirewallRules: [{F3998E98-CE1B-4F3A-98D1-0178C0DB1CDC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe FirewallRules: [{D29F77D3-6202-4E13-9226-D499675F2164}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe FirewallRules: [{D0583710-6698-4C83-B6B7-F582C9114681}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{3C3C7BF6-7D3A-4F65-B999-896E2154D178}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{2B985F09-B854-40D4-8CE1-F2C3310A4AC2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe FirewallRules: [{75F43589-3AC6-4B81-9E7C-D568FAFD7497}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe FirewallRules: [{BF0FCBA5-981E-4801-8BA3-5DA55B6512E5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe FirewallRules: [{BD1AEC0C-7A3F-46E3-BA24-236C92F9B8CD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe FirewallRules: [{15106560-E5FC-4027-B6C2-78AB116241C7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe FirewallRules: [{0BC09154-4A09-41B1-A3DC-21891AFF3F07}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe FirewallRules: [{028A9A11-0356-43FE-BD45-D259DD201CA9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{02C2CBA5-CB5C-48B5-9EC7-C101307D7E7A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{1DA7321D-ABD8-4439-BB05-8A5205A03E95}] => (Allow) C:\Program Files (x86)\Diablo III Public Test\Diablo III.exe FirewallRules: [{AA432BBE-A7AF-4E91-B4E7-D734A8ED314F}] => (Allow) C:\Program Files (x86)\Diablo III Public Test\Diablo III.exe FirewallRules: [{67F98885-D209-4D0D-B806-3F79FA84327A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{1950FFF0-085F-44B3-936C-7DF803880379}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{2A885F54-38A1-494D-9F58-215A22A5B242}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe FirewallRules: [{CD88575D-794F-4EC4-8233-20685909F30B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe FirewallRules: [{E8605398-A854-4D7A-A2DC-CCB884407AC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{2932E569-5E34-4382-9645-2235B6301323}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{4098DB2C-07CE-4AC6-B524-3511C9C74004}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe FirewallRules: [{AEB8100B-EDD5-471F-830B-3F1E8342DA73}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe FirewallRules: [{446F21EA-9DEF-4F2B-96F6-C931E985B8E3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{DA55354E-603E-4AA5-8A7D-F585FC6E7B43}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe FirewallRules: [{93086D18-210C-4A56-BB24-9E72DEDF62EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe FirewallRules: [TCP Query User{28211EB6-6707-45D5-9FD3-256CA4F3A794}C:\users\martin\desktop\cyperia 2014\bin\metin2client.bin] => (Block) C:\users\martin\desktop\cyperia 2014\bin\metin2client.bin FirewallRules: [UDP Query User{4D87DCFF-57C8-4F16-8301-5CE4534D681A}C:\users\martin\desktop\cyperia 2014\bin\metin2client.bin] => (Block) C:\users\martin\desktop\cyperia 2014\bin\metin2client.bin FirewallRules: [{5AB121D0-2545-480C-B97C-120E6B28A82F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{E25AAD4A-892C-4467-A498-6BBBF6C747B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{3FD14508-5A92-4CCF-B50D-A45A8B423F1A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe FirewallRules: [{B8381CED-ADED-4BC5-A932-CB56F5AE8A86}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe FirewallRules: [TCP Query User{B6B8DF27-F79F-4908-A227-DD7E2E2C07A8}C:\games\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\games\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [UDP Query User{6028124A-0C0B-4DC5-A15C-E9FDDB4B8F9B}C:\games\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\games\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [TCP Query User{8D67A5FA-BEB3-444E-9FCC-5EC2D2B9429F}C:\games\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\games\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [UDP Query User{457833FD-8C87-4100-A7BA-B8BAFEAC6437}C:\games\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\games\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [{1EAEEA54-9F22-41FE-AE92-3DD19A353658}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{6DDDCD47-9283-4E90-A43C-8211F5235BE7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{8E3F11BA-E9F0-4614-9EE7-EB133C5402B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{717A4A61-0BA6-4B7F-8948-8F7ECEE3309C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{2B347C8F-36F2-4A44-8C6D-CB48D5371F82}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{74E8EF52-657F-46AD-BD87-6B42725CD02F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe FirewallRules: [{DF0E886A-5512-407E-8F87-C828175F26A7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe FirewallRules: [{5593EBD9-8388-4F7C-8AF0-ACD26AC4C326}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{C9E90A5C-AAD3-4033-8A2A-1A7912E66DD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{83F9E687-3B62-4F48-9BD5-4F78AB69378C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{ADC7FDAD-7BBC-48F0-A4EA-9A70465BDE85}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{94614290-AB9E-421D-8F37-0B6D9BDF7D99}] => (Allow) C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{071C63A6-2792-47C6-99E4-1119D3E73F61}] => (Allow) C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{091CEC13-CA76-4B2F-85B7-D4DC73378C61}] => (Allow) C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{F2DE831E-55B4-4838-9349-A6F005D521A0}] => (Allow) C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{E3ECA9D6-B1BD-4B04-9D8F-63862C488803}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe FirewallRules: [{79AA2A4E-6710-4833-A6CA-7DA79808F81B}] => (Allow) B:\GAMES\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{42C3CCC7-2BAC-409D-B835-15D2CF22C641}] => (Allow) B:\GAMES\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{43D0035B-F45E-4298-8050-BA25C8727A03}] => (Allow) B:\GAMES\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{E79558FF-CADE-4079-898A-B92484AD980B}] => (Allow) B:\GAMES\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{D034C64E-DFEF-43A9-9851-3AA700957556}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C9EEC8BB-92A8-4155-90F9-15F8C15275B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D5AA047C-7FF3-422B-BF13-99484C4DEEE1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{F7FAD6B1-29C5-49CF-91DD-D0097C45636D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{D3995136-4FC5-4211-A6CA-EF29ACB2A291}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{CE6A14B7-7EB5-4FA9-82E2-6D68B4EFFEF1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{89770019-B6AD-485D-A127-F4919E02F907}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe FirewallRules: [{988957D3-F14A-4671-A011-09C43F6C0773}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe FirewallRules: [{ADCD1A1C-275C-4C52-ABC7-97E6F3473CEC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{E1196930-96A0-41D0-9D56-AADCD7629580}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [TCP Query User{82228F2F-D540-4EC5-8FB9-6B8B023FB6D3}B:\programme\hearthstone\hearthstone.exe] => (Allow) B:\programme\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{D75FF750-96BF-4F89-9E87-F9EDAE7A7C23}B:\programme\hearthstone\hearthstone.exe] => (Allow) B:\programme\hearthstone\hearthstone.exe FirewallRules: [{A3AC39B7-2F87-4C08-B888-9E3D3FD24117}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe FirewallRules: [{BE514CC5-9D71-4ECE-BB51-566FF4E32510}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe FirewallRules: [{5C9B0F67-AE53-4333-848D-4388795B2D4E}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe FirewallRules: [{757A027D-44B9-4D88-9E53-0A0CF615167B}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe FirewallRules: [TCP Query User{294A5084-27CE-417B-94CD-CF00B266B709}C:\games\sony online entertainment\planetside2_x64.exe] => (Allow) C:\games\sony online entertainment\planetside2_x64.exe FirewallRules: [UDP Query User{F020E1D4-17F8-42E8-A877-1BB6309AEDD5}C:\games\sony online entertainment\planetside2_x64.exe] => (Allow) C:\games\sony online entertainment\planetside2_x64.exe FirewallRules: [{A2E300AE-CD5E-4553-A4CE-36073065FA57}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{112015FB-3FC7-4C85-916A-900DAA9446DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{7D904DBF-860A-4772-9BD4-8129784C2E27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7C0A5E1B-5F61-4D34-A4D6-CEEB35DA2F32}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{1F80135E-94CE-49E1-BE21-00EEFAB3913C}] => (Allow) H:\Games\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{744EAAD1-8373-4984-9CD5-606D2FE73014}] => (Allow) H:\Games\The Crew (Worldwide)\TheCrew.exe FirewallRules: [TCP Query User{D1874236-98BC-4BAE-B5DC-C983D4001931}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe FirewallRules: [UDP Query User{3A470C9C-492B-4CC4-A6F9-0F5525DF91B0}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe FirewallRules: [{2ADE7F1F-C354-4373-9F27-E7121E70296E}] => (Allow) B:\GAMES\World Of Warshipss\WoWSLauncher.exe FirewallRules: [{88E4F59C-B079-419A-849C-A2AA5ACA5091}] => (Allow) B:\GAMES\World Of Warshipss\WoWSLauncher.exe FirewallRules: [{279A4841-7F79-42A0-BD31-FACC7D66E49A}] => (Allow) B:\GAMES\World Of Warshipss\worldofwarships.exe FirewallRules: [{71D60902-C52A-40FC-BFEF-EE8D734F3766}] => (Allow) B:\GAMES\World Of Warshipss\worldofwarships.exe FirewallRules: [TCP Query User{21D9119F-F623-434F-97CF-1FDE06A65949}C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe FirewallRules: [UDP Query User{E8737553-7FE2-4914-9B2C-DB4DE2285BFE}C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe FirewallRules: [{414B2F6C-8B89-4E1F-B8AB-030670505F1D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{32FD6C02-B13B-4E8A-9E71-A298E4C4CCA5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{A637091A-0A20-4208-9762-365D206494D3}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe FirewallRules: [{0D0F45BB-7A8F-497B-ADB5-7FE8101BAE10}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{0EAE6EE3-C709-4D2A-A9DD-056DA8C54F17}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{B96035E2-5600-45A3-9D01-672D0090D68B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{4FBCF141-9758-435C-AB55-BA9368714237}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [TCP Query User{C93EF098-9E30-4918-A15B-7A43ACF34C6E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{5DA4F62D-8C47-463C-842D-8FC32157A2A1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{E22EDCE1-5FED-4EA5-8C83-6C8D5F98DBC3}] => (Allow) H:\Games\F1\F1_2010_game.exe FirewallRules: [{AA83B768-77ED-4B10-BC51-2342842C4BB0}] => (Allow) H:\Games\F1\F1_2010_game.exe FirewallRules: [{F4662CE7-120D-48D7-BAB3-C5A818990F17}] => (Allow) LPort=47624 FirewallRules: [{3AA7441E-312E-4C45-9887-2FB2A4185E60}] => (Allow) LPort=80 FirewallRules: [{1F6A3834-3DEE-40E1-B354-3BF8F4716F96}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe FirewallRules: [{B9144F05-21ED-42BA-A94C-706BB8C38EF2}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe FirewallRules: [{54C91A96-F5FB-4EB0-924B-0A77ADE3FD98}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe FirewallRules: [{92494667-81AC-41AB-BF93-53A28B377BCC}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe FirewallRules: [{30933DA9-E6BA-4C47-8AFE-C6ACBF1F20CB}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe FirewallRules: [{730ACF0F-AFEF-4639-9E8B-17E1E85E9E47}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe FirewallRules: [{F7603E6F-0AE7-405C-9A4D-6C354D60F04A}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.55\opera.exe FirewallRules: [{A59B5C7A-8C56-43A2-A56F-437EE13996CC}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe FirewallRules: [{5237F36D-B887-4FE9-A0D8-49104939A6D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{673641AC-4D61-4BED-A390-9FA61D996B06}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{6F49EB9A-39D5-4ABE-B801-BF3972FC4006}] => (Allow) LPort=2869 FirewallRules: [{DE84E059-904D-4F64-A60D-FC8A39E20819}] => (Allow) LPort=1900 FirewallRules: [{C564E14F-B888-40A9-B1F8-EF0BD30F0E3E}] => (Allow) H:\Games\Simcity\SimCity\SimCity.exe FirewallRules: [{6DF35053-6A33-4165-8B18-4C7E2105F10A}] => (Allow) H:\Games\Simcity\SimCity\SimCity.exe FirewallRules: [{01A76474-0AEE-45C7-A876-F864ADD74BF9}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{E6B4A8A8-28D8-44AF-91F8-5AED192A82F2}] => (Allow) C:\Windows\rss\csrss.exe FirewallRules: [{8C1FF108-37F7-4772-B3E7-768AD1730DF3}] => (Allow) C:\Users\Martin\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe FirewallRules: [{C5972A23-721F-429D-8B08-56EF09B6BECE}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{C642908B-E86E-4724-8AA9-643C55533B71}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{79651CBC-4EA6-492A-9A5A-E14DC2CD26D8}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{66F52298-7BC7-41BA-8BB6-114A80F031AD}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{A5BBD247-45A6-47EB-A442-78003C2066CC}] => (Allow) C:\Windows\rss\csrss.exe FirewallRules: [{A95E0EBC-DA3E-4913-86C6-F1AF3F2B46CC}] => (Allow) C:\Windows\rss\csrss.exe FirewallRules: [{F2335493-95A0-40B1-AE3A-72D0AFDE24E7}] => (Allow) C:\Users\Martin\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe FirewallRules: [{B983F750-26F7-43F0-87C3-CD838D251E10}] => (Allow) C:\Users\Martin\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe FirewallRules: [{14DC2BC6-85FD-4E4F-984B-ADE7D395A5CE}] => (Allow) C:\Program Files\Opera\47.0.2631.71\opera.exe ==================== Wiederherstellungspunkte ========================= ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft-Adapter für Miniports virtueller WiFis Description: Microsoft-Adapter für Miniports virtueller WiFis Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Windscribe VPN Description: Windscribe VPN Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Windscribe.com Service: tapwindscribe0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/04/2017 04:46:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbar.exe, Version: 1.9.3.1001, Zeitstempel: 0x55ca7a8b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19110, Zeitstempel: 0x5684255b Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ced0b ID des fehlerhaften Prozesses: 0x323c Startzeit der fehlerhaften Anwendung: 0x01d32527dc99ad9c Pfad der fehlerhaften Anwendung: C:\Users\Martin\Desktop\mbar\mbar.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 32721320-911b-11e7-ac9b-902b343487d5 Error: (09/03/2017 11:39:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm avscan.exe, Version 15.0.30.25 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1704 Startzeit: 01d324f93df08327 Endzeit: 2 Anwendungspfad: c:\program files (x86)\avira\antivirus\avscan.exe Berichts-ID: 6c756505-90f0-11e7-ac9b-902b343487d5 Error: (09/03/2017 11:32:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm avscan.exe, Version 15.0.30.25 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bf0 Startzeit: 01d324f952646c2d Endzeit: 2 Anwendungspfad: c:\program files (x86)\avira\antivirus\avscan.exe Berichts-ID: 59b3343a-90ef-11e7-ac9b-902b343487d5 Error: (09/03/2017 11:07:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: LCore.exe, Version: 8.94.92.0, Zeitstempel: 0x59432ada Name des fehlerhaften Moduls: Qt5Widgets.dll, Version: 5.3.2.0, Zeitstempel: 0x547384eb Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000005c522 ID des fehlerhaften Prozesses: 0xaa4 Startzeit der fehlerhaften Anwendung: 0x01d324f8a5b6575b Pfad der fehlerhaften Anwendung: C:\Program Files\Logitech Gaming Software\LCore.exe Pfad des fehlerhaften Moduls: C:\Program Files\Logitech Gaming Software\Qt5Widgets.dll Berichtskennung: ec98eb91-90eb-11e7-ac9b-902b343487d5 Error: (09/03/2017 11:07:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VDeck.exe, Version: 10.2.0.30, Zeitstempel: 0x4f0ed220 Name des fehlerhaften Moduls: VDeck.exe, Version: 10.2.0.30, Zeitstempel: 0x4f0ed220 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000bf002 ID des fehlerhaften Prozesses: 0xb3c Startzeit der fehlerhaften Anwendung: 0x01d324f8a5d7aa9f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe Berichtskennung: ec9912a1-90eb-11e7-ac9b-902b343487d5 Error: (09/03/2017 11:06:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: LCore.exe, Version: 8.94.92.0, Zeitstempel: 0x59432ada Name des fehlerhaften Moduls: Qt5Widgets.dll, Version: 5.3.2.0, Zeitstempel: 0x547384eb Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000005c522 ID des fehlerhaften Prozesses: 0xa8c Startzeit der fehlerhaften Anwendung: 0x01d324f8703e2b3a Pfad der fehlerhaften Anwendung: C:\Program Files\Logitech Gaming Software\LCore.exe Pfad des fehlerhaften Moduls: C:\Program Files\Logitech Gaming Software\Qt5Widgets.dll Berichtskennung: b71f6f81-90eb-11e7-b751-902b343487d5 Error: (09/03/2017 11:01:51 PM) (Source: Avira File Signature Verification) (EventID: 0) (User: ) Description: Signature check failed for file 'C:\ProgramData\Avira\Launcher\Temp\f5e36524-7986-4217-a5f8-a949d3e72469\avira_antivirus_de-de.exe': ErrorNotValidSignature (size=249768384, md5=e5bc8579f2b6a25be93f5fad0ec2b7a6, last Win32 error: -2146869232, trust check result: 2148098064) Error: (09/03/2017 10:51:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: stobject.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9c9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000002c68 ID des fehlerhaften Prozesses: 0x101c Startzeit der fehlerhaften Anwendung: 0x01d324f6741af75c Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\system32\stobject.dll Berichtskennung: b5a8200e-90e9-11e7-8577-902b343487d5 Error: (09/03/2017 10:51:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: stobject.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9c9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000002c68 ID des fehlerhaften Prozesses: 0x12dc Startzeit der fehlerhaften Anwendung: 0x01d324f66a768460 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\system32\stobject.dll Berichtskennung: ac65457d-90e9-11e7-8577-902b343487d5 Error: (09/03/2017 10:51:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: stobject.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9c9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000002c68 ID des fehlerhaften Prozesses: 0x7b8 Startzeit der fehlerhaften Anwendung: 0x01d324f64c49778a Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\system32\stobject.dll Berichtskennung: 96e5d804-90e9-11e7-8577-902b343487d5 Systemfehler: ============= Error: (09/04/2017 08:59:41 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: Der Server "{752073A1-23F2-4396-85F0-8FDB879ED0ED}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/04/2017 08:59:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: Zugriff verweigert Error: (09/03/2017 11:14:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: Zugriff verweigert Error: (09/03/2017 11:14:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: Zugriff verweigert Error: (09/03/2017 11:14:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: Zugriff verweigert Error: (09/03/2017 11:07:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (09/03/2017 11:07:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht. Error: (09/03/2017 11:07:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: Der Treiber konnte nicht geladen werden. Error: (09/03/2017 11:07:23 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Error: (09/03/2017 11:06:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. CodeIntegrity: =================================== Date: 2017-09-03 13:24:22.434 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2017-09-03 13:24:22.414 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2017-09-03 13:24:22.334 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2017-09-03 13:24:22.304 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2017-09-02 17:59:49.518 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2017-09-02 17:59:49.498 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2017-09-02 17:59:49.418 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2017-09-02 17:59:49.388 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2017-09-01 18:37:08.950 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2017-09-01 18:37:08.930 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz Prozentuale Nutzung des RAM: 85% Installierter physikalischer RAM: 8154.34 MB Verfügbarer physikalischer RAM: 1208.61 MB Summe virtueller Speicher: 19190.81 MB Verfügbarer virtueller Speicher: 8953.67 MB ==================== Laufwerke ================================ Drive b: (MEDIA) (Fixed) (Total:890.01 GB) (Free:12.56 GB) NTFS Drive c: (SSD) (Fixed) (Total:232.78 GB) (Free:6.34 GB) NTFS Drive d: (AOE3Y) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS Drive e: (SimCity) (CDROM) (Total:3.01 GB) (Free:0 GB) CDFS Drive g: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive h: (Altes System) (Fixed) (Total:972.91 GB) (Free:113.39 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 247717A8) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A72CEBC9) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=972.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=890 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
04.09.2017, 13:37 | #8 |
/// Malwareteam | csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/... Jetzt erst richtig bemerkt: Lesestoff: Illegale Software: Cracks, Keygens und Co Code:
ATTFilter "B:\Programme\Lightroom\Adobe Photoshop Lightroom CC 6.7 Multilingual + Crack [SadeemPC]\Lightroom.6.Setup.exe Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... Geändert von burningice (04.09.2017 um 13:55 Uhr) |
04.09.2017, 17:56 | #9 |
| csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/... Stimmt, Danke für den Hinweis. Das hätte ich auch schon längst löschen könne, da Creative Cloud der legale Service von Adobe Lightroom/Photoshop ist (nur leider auf Monatsabo-Basis), aber der einzige Weg ist Updates zu aktuellen Kamera/Objektiv-Profilen zu erhalten und ich letztlich wegen einer Objektivkorrektur nicht ein halbes Jahr später nochmal 100€ blechen wollte, aber anderes Thema... das ist auch schon wieder länger her. Den freien Speicherplatz ist es auch allemal wert. Ich habe den PC seit Besitz auch nie neu aufgesetzt (mittlerweile 5,5 Jahre) und da sammelt sich echt eine Menge an. Geändert von Mud92 (04.09.2017 um 18:01 Uhr) |
04.09.2017, 21:48 | #10 |
/// Malwareteam | csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/... hm. Schritt 1 Lade dir folgendes Programm herunter und installiere es: Malwarebytes Anti-Malware
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen. Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
Themen zu csrss.exe - Ein derber Griff ins Klo... Problem mit Virus/Malware/... |
altes system, askbar, avira, blockiert, computer, csrss.exe, defender, failed, geblockt, gesucht, google, hochfahren, internet, neu, nodejs, offen, ohne internet, problem, programm, prozesse, schließen, screenshot, software, startet, tab, teredo, update, werbung, windows, wrapper, yahoo |