| |
| |||||||
Log-Analyse und Auswertung: Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbindenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.10.2017, 08:09
| #1 |
 | ![Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden - Standard](images/icons/icon1.gif){kind=icon} Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden Gerade eben habe ich von meinem Avast die Meldung bekommen eine Verbindung auf coinhive.com wurde unterbunden, da "sie durch JS:Miner-C [Trj] infiziert" wäre. Die Googlesuche hat meine Befürchtung eines Bitcoin-mining Trojaners erhärtet und leider bin ich so nicht in der Lage den zu löschen. Bei meinen Programmen wird mir ein "Yahoo! Powered" (vom 28.4. o.O) angezeigt, welches sich leider nicht deinstallieren lässt. Ich hoffe hier kann mir geholfen werden. FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2017
durchgeführt von Florian (Administrator) auf FLORIAN-PC (21-10-2017 08:52:26)
Gestartet von B:\Downloads
Geladene Profile: Florian (Verfügbare Profile: Florian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\lync.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) B:\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) B:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) B:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) B:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) B:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) B:\Downloads\FRST64(1).exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11619432 2010-11-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-17] (AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2017-04-25] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\Run: [Xvid] => powershell.exe -nologo -WindowStyle hidden -Noninteractive -NoProfile -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Xvid\CheckUpdate.ps1"
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office16\lync.exe [26960584 2016-12-14] (Microsoft Corporation)
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: D - D:\pushinst.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: K - K:\SETUP.EXE
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {47d53c15-ecae-11e6-be2a-bcaec569c942} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {47d53c1e-ecae-11e6-be2a-bcaec569c942} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {47d53c22-ecae-11e6-be2a-bcaec569c942} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {47d53c2c-ecae-11e6-be2a-bcaec569c942} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {b69b4a06-3d1f-11e7-8e5d-bcaec569c942} - E:\setup.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {ba621a3f-79a3-11e6-b29e-bcaec569c942} - H:\setup.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {c3659fa5-818c-11e6-8d05-bcaec569c942} - H:\setup.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {d23eac55-ee22-11e6-a40a-806e6f6e6963} - E:\pushinst.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {f075e01b-dd70-11e5-884d-bcaec569c942} - K:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IKONIK SIM.lnk [2016-02-18]
ShortcutTarget: IKONIK SIM.lnk -> C:\Windows\Installer\{8F9F4A67-D75B-44C6-9F05-7E2A2007D8D8}\Icon11.ico ()
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2017-02-06]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.exe - Verknüpfung.lnk [2016-03-01]
ShortcutTarget: Steam.exe - Verknüpfung.lnk -> B:\Steam\Steam.exe (Valve Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3FD338AD-F2BC-4F61-8054-DB8C77C0622E}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{4DF7086B-49F6-424D-B6E6-E83858BCDA0F}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{F9C1D875-0D21-4DE8-B9F9-49CDB5FEB4B0}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0AyBzyzy0EtD0CtGyBtCyBzytGyC0C0EyDtGtA0F0BtBtG0EtBtDyByE0ByE0Azz0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutB%26cr%3D1003715282%26a%3Dwbf_fs_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0AyBzyzy0EtD0CtGyBtCyBzytGyC0C0EyDtGtA0F0BtBtG0EtBtDyByE0ByE0Azz0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutB%26cr%3D1003715282%26a%3Dwbf_fs_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0AyBzyzy0EtD0CtGyBtCyBzytGyC0C0EyDtGtA0F0BtBtG0EtBtDyByE0ByE0Azz0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutB%26cr%3D1003715282%26a%3Dwbf_fs_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0AyBzyzy0EtD0CtGyBtCyBzytGyC0C0EyDtGtA0F0BtBtG0EtBtDyByE0ByE0Azz0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutB%26cr%3D1003715282%26a%3Dwbf_fs_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3713184456-2919407675-3275247651-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3713184456-2919407675-3275247651-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3713184456-2919407675-3275247651-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3713184456-2919407675-3275247651-1000 -> {4E64BD58-F988-43B8-BC89-90D2EC7C8691} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-01-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-08] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-17] (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: sa725qld.default
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sa725qld.default [2017-10-21]
FF NewTab: Mozilla\Firefox\Profiles\sa725qld.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\sa725qld.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\sa725qld.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\sa725qld.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\sa725qld.default -> user_pref("keyword.URL", true);
FF Extension: (Avast SafePrice) - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sa725qld.default\Extensions\sp@avast.com.xpi [2017-10-14]
FF Extension: (Avast Online Security) - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sa725qld.default\Extensions\wrc@avast.com.xpi [2017-10-18]
FF Extension: (ProxTube - Gesperrte YouTube Videos entsperren) - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sa725qld.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2016-11-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-17] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-17] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default [2017-10-06]
CHR Extension: (Google Präsentationen) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-22]
CHR Extension: (Google Docs) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-22]
CHR Extension: (Google Drive) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-13]
CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-22]
CHR Extension: (Google-Suche) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-22]
CHR Extension: (Avast SafePrice) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-05]
CHR Extension: (Google Tabellen) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Avast Online Security) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-05]
CHR Extension: (Search Manager) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-10-05]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-05]
CHR Extension: (Search Manager) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-10-05]
CHR Extension: (Google Mail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-13]
CHR Extension: (Chrome Media Router) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-05]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-17] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-17] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1548808 2017-10-11] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-10-08] (EasyAntiCheat Ltd)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-04-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-04-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-09-23] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [92160 2015-02-17] (Code Sector) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-17] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-17] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-17] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-17] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-17] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-17] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1020536 2017-10-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-17] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-17] (AVAST Software)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2014-11-21] (AVM Berlin)
S3 cpuz139; C:\Users\Florian\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [43328 2017-05-18] (CPUID) <==== ACHTUNG
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-27] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-27] (Disc Soft Ltd)
R1 ESEADriver2; C:\Users\Florian\AppData\Local\Temp\ESEADriver2.sys [314720 2016-06-29] () <==== ACHTUNG
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 fwlanusb5_nv2; C:\Windows\System32\DRIVERS\fwlanusb5_nv2.sys [1322824 2014-11-21] (AVM GmbH)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [25920 2017-01-26] (ASUSTeK Computer Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-09-13] (Duplex Secure Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-21 06:36 - 2017-10-21 06:36 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-10-21 06:29 - 2017-10-21 06:29 - 000000000 _____ C:\Windows\cd_127
2017-10-21 06:29 - 2017-01-26 14:27 - 000025920 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2017-10-17 02:15 - 2017-10-17 02:15 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-10-10 20:42 - 2017-10-10 20:42 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2017-09-28 19:57 - 2017-09-28 19:57 - 000000000 ____D C:\Users\Florian\ansel
2017-09-28 00:25 - 2017-09-28 00:25 - 000000965 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-09-28 00:25 - 2017-09-28 00:25 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-09-28 00:25 - 2017-09-28 00:25 - 000000000 ____D C:\Users\Florian\AppData\Local\UnrealEngineLauncher
2017-09-28 00:25 - 2017-09-28 00:25 - 000000000 ____D C:\Users\Florian\AppData\Local\EpicGamesLauncher
2017-09-28 00:25 - 2017-09-28 00:25 - 000000000 ____D C:\ProgramData\Epic
2017-09-27 01:17 - 2017-10-17 09:31 - 000000000 _____ C:\Windows\SysWOW64\last.dump
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-21 08:52 - 2017-05-11 23:53 - 000000000 ____D C:\FRST
2017-10-21 08:45 - 2016-11-18 03:41 - 000000000 ____D C:\Users\Florian\AppData\LocalLow\Mozilla
2017-10-21 08:43 - 2016-12-13 18:15 - 000000000 ____D C:\Users\Florian\AppData\Local\Chromium
2017-10-21 08:39 - 2009-07-14 06:45 - 000020272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-21 08:39 - 2009-07-14 06:45 - 000020272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-21 08:33 - 2017-05-29 22:34 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 08:33 - 2017-03-18 04:15 - 000003158 _____ C:\Windows\System32\Tasks\GPU Tweak II
2017-10-21 08:33 - 2016-12-22 18:53 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 08:33 - 2016-12-22 18:53 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 08:33 - 2016-12-22 18:53 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 08:33 - 2016-12-22 18:53 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 08:33 - 2016-12-22 18:53 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 08:33 - 2016-12-22 18:53 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 08:33 - 2016-12-22 18:53 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 08:33 - 2016-12-22 17:38 - 000002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-10-21 08:33 - 2016-09-12 16:46 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-10-21 08:33 - 2016-06-02 17:24 - 000004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-21 08:33 - 2016-04-27 23:07 - 000003112 _____ C:\Windows\System32\Tasks\{1BF172A9-0263-4D27-B274-496F4055BC15}
2017-10-21 08:33 - 2016-03-31 20:55 - 000003114 _____ C:\Windows\System32\Tasks\{8554801C-2821-44D5-A108-640994146C26}
2017-10-21 08:33 - 2016-03-22 22:32 - 000003918 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458678742
2017-10-21 08:33 - 2016-02-22 23:01 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-10-21 08:33 - 2016-02-22 19:26 - 000003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-21 08:33 - 2016-02-22 19:26 - 000003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-21 06:39 - 2016-02-18 17:51 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-21 06:35 - 2011-04-12 09:43 - 000699092 _____ C:\Windows\system32\perfh007.dat
2017-10-21 06:35 - 2011-04-12 09:43 - 000149232 _____ C:\Windows\system32\perfc007.dat
2017-10-21 06:35 - 2009-07-14 07:13 - 001619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-21 06:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-10-21 06:29 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-20 20:45 - 2016-07-11 01:05 - 000000000 ____D C:\Users\Florian\AppData\Roaming\Skype
2017-10-20 20:44 - 2017-01-18 19:11 - 000000000 ____D C:\Users\Florian\AppData\Roaming\TS3Client
2017-10-18 20:36 - 2016-02-21 17:15 - 000000600 _____ C:\Users\Florian\AppData\Local\PUTTY.RND
2017-10-17 03:35 - 2016-06-02 17:24 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-17 03:35 - 2016-06-02 17:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-17 03:35 - 2016-06-02 17:24 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-17 03:35 - 2016-06-02 17:24 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-17 02:58 - 2016-02-19 22:24 - 000000000 ____D C:\Users\Florian\AppData\Roaming\vlc
2017-10-17 02:15 - 2017-02-10 01:11 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-10-17 02:15 - 2017-02-10 01:11 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-10-17 02:15 - 2017-02-10 01:11 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-10-17 02:15 - 2017-02-10 01:11 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-10-17 02:15 - 2017-02-10 01:11 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-10-17 02:15 - 2016-02-22 23:01 - 001020536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-10-17 02:15 - 2016-02-22 23:01 - 000587168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-10-17 02:15 - 2016-02-22 23:01 - 000363440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-10-17 02:15 - 2016-02-22 23:01 - 000201352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-10-17 02:15 - 2016-02-22 23:01 - 000147776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-10-17 02:15 - 2016-02-22 23:01 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-10-17 02:15 - 2016-02-22 23:01 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-10-17 02:15 - 2016-02-22 23:01 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-10-17 02:15 - 2016-02-22 23:01 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-16 20:28 - 2016-12-29 01:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-10-16 20:28 - 2016-12-15 21:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-16 20:28 - 2016-02-18 17:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-14 18:26 - 2016-03-23 15:09 - 000000000 ____D C:\Users\Florian\AppData\Local\ftblauncher
2017-10-14 18:26 - 2016-02-18 18:11 - 000000000 ____D C:\FTB
2017-10-10 20:42 - 2017-08-03 23:43 - 000000000 ____D C:\Users\Florian\AppData\Roaming\EasyAntiCheat
2017-10-09 19:44 - 2016-04-16 19:47 - 000000000 ____D C:\Users\Florian\AppData\Local\Ubisoft Game Launcher
2017-10-07 15:15 - 2009-07-14 07:08 - 000032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-28 19:57 - 2016-02-18 16:19 - 000000000 ____D C:\Users\Florian
2017-09-28 17:39 - 2016-02-26 23:49 - 000000000 ____D C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-28 00:27 - 2016-02-18 17:50 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-28 00:25 - 2017-05-07 10:55 - 000000000 ____D C:\Users\Florian\AppData\Local\UnrealEngine
2017-09-25 22:01 - 2016-02-22 19:27 - 000002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-25 17:20 - 2016-08-26 23:49 - 000000000 ____D C:\Users\Florian\AppData\Local\Arma 3 Launcher
2017-09-25 15:35 - 2016-08-26 23:53 - 000000000 ____D C:\Users\Florian\AppData\Local\Arma 3
2017-09-25 11:21 - 2016-02-21 17:46 - 000000000 ____D C:\Users\Florian\AppData\Local\CrashDumps
2017-09-24 12:44 - 2016-08-28 18:20 - 000000000 ____D C:\Users\Florian\Documents\mods
2017-09-24 12:43 - 2016-08-28 18:19 - 000000000 ____D C:\Program Files (x86)\A3Launcher
2017-09-24 12:22 - 2016-03-20 21:41 - 000000000 ____D C:\Users\Florian\AppData\Roaming\TeraCopy
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-08-22 19:49 - 2017-08-22 19:49 - 000000445 _____ () C:\Users\Florian\AppData\Roaming\CSharpAnalytics-MeasurementSession
2017-08-03 00:39 - 2017-08-03 00:39 - 000111389 _____ () C:\Users\Florian\AppData\Roaming\ftblauncher.rar
2016-02-21 17:15 - 2017-10-18 20:36 - 000000600 _____ () C:\Users\Florian\AppData\Local\PUTTY.RND
2008-02-05 15:28 - 2008-02-05 15:28 - 000000051 _____ () C:\Users\Florian\AppData\Local\setup.txt
2016-09-23 23:43 - 2016-09-23 23:43 - 000000000 ___SH () C:\ProgramData\.rdata
2016-08-20 00:29 - 2016-08-20 00:29 - 000000016 _____ () C:\ProgramData\mntemp
2016-12-22 17:42 - 2017-01-25 17:23 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-22 17:42 - 2017-01-25 04:38 - 000005307 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Einige Dateien in TEMP:
====================
2016-02-25 15:47 - 2016-02-25 15:47 - 000079736 _____ (AppWork GmbH) C:\Users\Florian\AppData\Local\Temp\131008816428945059.exe
2016-02-25 15:47 - 2016-02-25 15:47 - 000999696 _____ ( ) C:\Users\Florian\AppData\Local\Temp\13100881644118575972.exe
2016-02-27 18:42 - 2016-02-27 18:43 - 000102912 _____ () C:\Users\Florian\AppData\Local\Temp\bitool.dll
2017-01-08 13:53 - 2017-01-08 13:56 - 034139976 _____ (Ellora Assets Corporation ) C:\Users\Florian\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2017-01-08 14:08 - 2017-01-08 14:08 - 000737856 _____ (Oracle Corporation) C:\Users\Florian\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-05-19 17:33 - 2016-05-19 17:33 - 004203840 _____ () C:\Users\Florian\AppData\Local\Temp\npp.6.9.1.Installer.exe
2016-08-24 13:40 - 2016-08-24 13:40 - 004211112 _____ () C:\Users\Florian\AppData\Local\Temp\npp.6.9.2.Installer.exe
2016-02-18 17:51 - 2016-12-01 19:05 - 000747464 _____ (NVIDIA Corporation) C:\Users\Florian\AppData\Local\Temp\nvSCPAPI.dll
2016-02-18 17:51 - 2016-12-01 19:05 - 000860960 _____ (NVIDIA Corporation) C:\Users\Florian\AppData\Local\Temp\nvSCPAPI64.dll
2016-08-31 17:37 - 2016-12-01 19:04 - 000353336 _____ (NVIDIA Corporation) C:\Users\Florian\AppData\Local\Temp\nvStInst.exe
2016-12-22 18:53 - 2017-01-06 03:10 - 000255032 _____ (NVIDIA Corporation) C:\Users\Florian\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-12-22 18:53 - 2017-01-06 03:10 - 000335928 _____ (NVIDIA Corporation) C:\Users\Florian\AppData\Local\Temp\NvTelemetryAPI64.dll
2015-07-31 16:06 - 2015-07-31 16:06 - 000242864 ____R (Microsoft Corporation) C:\Users\Florian\AppData\Local\Temp\ose00000.exe
2017-07-10 20:31 - 2017-07-10 20:31 - 000040448 ____N () C:\Users\Florian\AppData\Local\Temp\proxy_vole7075683337204772920.dll
2017-07-10 20:31 - 2017-07-10 20:31 - 000040448 ____N () C:\Users\Florian\AppData\Local\Temp\proxy_vole8805084617748005345.dll
2017-07-10 20:31 - 2017-07-10 20:31 - 000040448 ____N () C:\Users\Florian\AppData\Local\Temp\proxy_vole8891453254729652200.dll
2017-03-16 21:29 - 2017-03-16 21:29 - 014456872 _____ (Microsoft Corporation) C:\Users\Florian\AppData\Local\Temp\vc_redist.x86.exe
2017-06-16 20:59 - 2017-06-16 20:59 - 032100680 _____ () C:\Users\Florian\AppData\Local\Temp\vlc-2.2.6-win64.exe
2015-08-03 01:58 - 2015-08-03 01:58 - 000118784 _____ () C:\Users\Florian\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-10-12 04:22
==================== Ende von FRST.txt ============================
Addition.txt: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-10-2017
durchgeführt von Florian (21-10-2017 08:52:43)
Gestartet von B:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-18 14:19:16)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3713184456-2919407675-3275247651-500 - Administrator - Disabled)
Florian (S-1-5-21-3713184456-2919407675-3275247651-1000 - Administrator - Enabled) => C:\Users\Florian
Gast (S-1-5-21-3713184456-2919407675-3275247651-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3713184456-2919407675-3275247651-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
A3Launcher version 0.1.3.4 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.3.4 - Maca134)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.78 - NVIDIA Corporation) Hidden
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.3.9 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.3.9 - ASUSTek COMPUTER INC.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - )
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 06.20.00 - AVM Berlin)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.10777 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0195 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{8E1A1C2C-1619-4D51-A7D0-CEB24078BB8D}) (Version: 1.1.123.0 - Epic Games, Inc.)
ESEA Client (HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
FileZilla Client 3.15.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.15.0.2 - Tim Kosse)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freddy's Texture Patch BETA (HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\Gothic Texture Patch - Freddy) (Version: 0.52 - Fred Metger)
Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gothic1_Orcaxe-Orcsword-Fix (HKLM-x32\...\Gothic1_Orcaxe-Orcsword-Fix) (Version: 1.1 - ModRes)
GOTHIC2 - Die Nacht des Raben - 'System-Paket' (HKLM-x32\...\GOTHIC2 - Die Nacht des Raben - 'System-Paket') (Version: 1.1 - World of Gothic RU © 2014)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
IKONIK SIM (HKLM-x32\...\{8F9F4A67-D75B-44C6-9F05-7E2A2007D8D8}) (Version: 1.4 - IKONIK)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movavi Video Converter 16 (HKLM-x32\...\Movavi Video Converter 16) (Version: 16.2.0 - Movavi)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0.1 (x64 de) (HKLM\...\Mozilla Firefox 56.0.1 (x64 de)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.1.6484 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 de)) (Version: 52.4.0 - Mozilla)
NBTExplorer (HKLM-x32\...\{FC4C8FDD-384C-471F-9E9A-C25B57ABE7A8}) (Version: 2.7.6.0 - Justin Aquadro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.4 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
Outils de vérification linguistique 2016 de Microsoft Office*- Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.3 - Project Reality)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6254 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version: - Square Enix)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TeraCopy 3.0 alpha 5 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-012B-0407-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
Vampires Dawn II: Ancient Blood (MP3) (HKLM-x32\...\{04D24793-D317-4E13-95B3-1EDBEA068241}_is1) (Version: Vampires Dawn 2 - Version 1.23 (MP3) - Brianum/Dawnatic)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team)
Yahoo! Powered (HKLM-x32\...\{02EEEA2E-526E-3BAE-E3EE-4B2E336E98AE}) (Version: - ) <==== ACHTUNG
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-17] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-17] (AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-17] (AVAST Software)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2015-04-21] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2015-04-21] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-17] (AVAST Software)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2015-04-21] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-02-23] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-17] (AVAST Software)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2015-04-21] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {09CE2640-4F76-4589-B54E-C858E3209CF6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {0AA4FFEE-2631-4B99-B5DD-5C020D5BDEA7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-17] (AVAST Software)
Task: {0C7364C4-3A8F-43D5-AABA-33C2061E7855} - System32\Tasks\{1BF172A9-0263-4D27-B274-496F4055BC15} => C:\Windows\system32\pcalua.exe -a B:\Downloads\gothic2_playerkit-2.6f.exe -d B:\Downloads
Task: {0D3A31DE-38A8-48CE-ADA4-E5716D3E8B20} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0E7A7DB2-FB4C-49A8-8260-757212345F32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {1884A568-8CA2-44B8-8436-A2191F8B457E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {26A5AD77-0D0A-4F82-B86B-FD8C59EC2C22} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {460766C9-D3C0-4417-83BE-20D1F2D4FE81} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {56C5A409-BCC2-4289-9E3C-0766BFFD4573} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {59ADF23F-F282-4943-AB73-4AAB0FC4F544} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {608D52B8-62B3-47D7-8320-F83C678391DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {64E500EE-473A-41F2-892F-70E27E1558E0} - System32\Tasks\SafeZone scheduled Autoupdate 1458678742 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {6A722FC9-03B1-4430-A83E-B5FE30A855CC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {6C3390F9-CB05-4480-BE0A-7647F9A30CDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {7192E04F-566B-47FA-A16B-859E19F7D5C3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {76D743C7-A371-44A8-B6E2-94DEC8A0BA08} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {82704076-83CC-4BAA-907E-3B42E442D2AA} - System32\Tasks\{8554801C-2821-44D5-A108-640994146C26} => C:\Windows\system32\pcalua.exe -a B:\Downloads\gothic1_playerkit-1.08k.exe -d B:\Downloads
Task: {8CC48AC1-FAAF-49C7-834A-E6EE3A0A6F12} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {8EC72BCB-4C2C-409A-903C-63C1EA8FA13E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {A4697534-659A-40E2-AFF8-877EDC124EE8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {AB72458B-95A1-41C8-A218-E3E15E0DFC16} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {BE134841-54FA-452C-B9DD-F5C2AB28E7F0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {C8592DF1-5C61-446F-8A11-68B81B538877} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {D04AEDA4-34F3-4DF0-92A0-197FD7452620} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-17] (Adobe Systems Incorporated)
Task: {DBAB1E1A-01BE-4A07-9CF4-C3DA1387C92D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {E92D15EA-9222-4009-BCCE-802980A414A8} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [2017-03-08] (TODO: <Company name>)
Task: {EBD18070-2FE0-41AE-85E1-2C972FDE5AE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {EF51F73C-C058-4E46-94D8-C25B08B296B3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {F111D410-EADA-4D9D-B3FD-7460C50C0ED6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {F3A4BF3B-06A0-4279-ADE3-98A38A79C52E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {FF9B3B8D-CBA1-445B-B129-400999FB8AD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-03-17 01:15 - 2017-02-23 10:28 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-10 21:45 - 2016-02-10 21:45 - 000052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-12-22 18:53 - 2017-05-03 22:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-07-30 04:32 - 2015-07-30 04:32 - 002210480 _____ () C:\Program Files\Microsoft Office\Office16\tmpod.dll
2015-07-31 10:59 - 2015-07-31 10:59 - 000032936 _____ () C:\Program Files\Microsoft Office\Office16\lynchtmlconvpxy.dll
2017-01-08 14:16 - 2017-04-25 07:28 - 000073216 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2017-02-06 23:44 - 2016-12-09 19:08 - 001029944 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2016-09-23 23:40 - 2016-09-23 23:40 - 000076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-10-17 02:15 - 2017-10-17 02:15 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000846752 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000286712 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-10-20 20:43 - 2017-10-20 20:43 - 005882040 _____ () C:\Program Files\AVAST Software\Avast\defs\17102004\algo.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000241448 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2016-12-22 18:53 - 2017-05-03 22:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-11 12:37 - 2017-07-11 12:37 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-17 02:15 - 2017-10-17 02:15 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2013-03-12 18:10 - 2017-09-09 21:25 - 000688416 _____ () B:\Steam\SDL2.dll
2015-02-17 23:20 - 2016-09-01 03:02 - 004969248 _____ () B:\Steam\v8.dll
2015-02-17 23:20 - 2016-09-01 03:02 - 001563936 _____ () B:\Steam\icui18n.dll
2015-02-17 23:20 - 2016-09-01 03:02 - 001195296 _____ () B:\Steam\icuuc.dll
2014-05-22 15:29 - 2017-10-17 23:24 - 002546976 _____ () B:\Steam\video.dll
2014-08-30 00:39 - 2016-01-27 09:49 - 002549760 _____ () B:\Steam\libavcodec-56.dll
2014-08-30 00:39 - 2016-01-27 09:49 - 000442880 _____ () B:\Steam\libavutil-54.dll
2014-08-30 00:39 - 2016-01-27 09:49 - 000491008 _____ () B:\Steam\libavformat-56.dll
2014-08-30 00:39 - 2016-01-27 09:49 - 000332800 _____ () B:\Steam\libavresample-2.dll
2014-08-30 00:39 - 2016-01-27 09:49 - 000485888 _____ () B:\Steam\libswscale-3.dll
2011-07-13 17:53 - 2017-10-17 23:24 - 000901408 _____ () B:\Steam\bin\chromehtml.DLL
2016-03-09 13:07 - 2016-07-05 00:17 - 000266560 _____ () B:\Steam\openvr_api.dll
2016-12-22 18:53 - 2017-05-03 22:20 - 065709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-13 18:15 - 2017-08-17 00:28 - 073130272 _____ () B:\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 07:32 - 2017-09-07 04:04 - 000678400 _____ () B:\Steam\bin\cef\cef.win7\SDL2.dll
2015-02-17 23:20 - 2015-09-25 01:52 - 000119208 _____ () B:\Steam\winh264.dll
2017-02-09 11:39 - 2017-02-09 11:39 - 000065536 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Exeio.dll
2017-02-22 21:56 - 2017-02-22 21:56 - 001753088 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\.rdata:X [526]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2017-05-01 05:16 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Discord => C:\Users\Florian\AppData\Local\Discord\app-0.0.295\Discord.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{9A365BAE-D0EE-46FA-8DDF-B7F8AB7E3E82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C1EF9F1-5D53-409A-98F1-A403586E3B2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1EE583AC-742F-4F99-B81D-1BA0450E2789}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{0374D984-03C2-4529-BFA6-188340FB661E}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{DFBB4100-DAD1-4127-A1AC-0752C92345D4}] => (Allow) B:\Steam\Steam.exe
FirewallRules: [{86C03EEE-5BAE-409B-B533-67F8F208A396}] => (Allow) B:\Steam\Steam.exe
FirewallRules: [{499A720C-57B4-480C-B9F6-8947492A70F6}] => (Allow) B:\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{F5E82D2C-E5AA-4953-8A9D-281DFFEDF495}] => (Allow) B:\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{33830BEA-4F6A-4444-8990-63B9E4E42634}] => (Allow) B:\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{0C89B47F-54BA-4EC1-9EB7-EE7B470FD972}] => (Allow) B:\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{56D718A8-3BB8-434A-A9ED-09765D4E5C9B}] => (Allow) B:\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{D66D060E-248A-4B0A-94E8-3449BAAB7082}] => (Allow) B:\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{C1167113-EAB1-4A04-A64C-A6844337310C}] => (Allow) B:\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{769AF350-168B-4974-8669-98BA70DC8EC0}] => (Allow) B:\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{B0B0B757-069B-49CD-9C80-AF9793465868}] => (Allow) B:\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [{DBFDEB24-A43C-4AB1-B331-5F7CB8521198}] => (Allow) B:\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [{07EE6A62-2CB8-4C56-875E-7DEF3BEC44D7}] => (Allow) B:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{2FBECDA5-848F-4A2E-BD78-B5F24C165248}] => (Allow) B:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{802D4246-BC78-4056-BCCE-B35DD6948B15}] => (Allow) B:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{26134408-5617-4516-A107-C23D6EEFBC10}] => (Allow) B:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0F0EEC7F-0416-4B05-B037-7A8234D87B62}] => (Allow) B:\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{9EAA3E17-1766-4F99-BC99-B77C4725C1BD}] => (Allow) B:\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{35EB265E-9846-4F09-A844-E57ABEC87E33}] => (Allow) B:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{498EE086-4194-4D6E-970A-C32AED6C5710}] => (Allow) B:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{3AFEC61D-58C3-401F-8947-58D0CEDDF400}] => (Allow) B:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{09DB9916-ECBA-4C05-A65E-27BCDF2EE9D5}] => (Allow) B:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{95EC4D8F-64EB-4487-A79B-729170EC4240}] => (Allow) B:\Steam\SteamApps\common\Firewatch\Firewatch.exe
FirewallRules: [{5EC2EEA5-CCC5-4AFC-9316-EB0D0DEEBBB8}] => (Allow) B:\Steam\SteamApps\common\Firewatch\Firewatch.exe
FirewallRules: [{4DDE19E7-4884-4BA4-A1AF-A7DDAB79A17C}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{930CAEB2-FF67-4A7A-923F-F3BDDCF2E12D}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{CDBC8C2C-6078-4BB4-8608-7A30142C3F04}] => (Allow) B:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{17EEA5F5-8D75-4C24-BA4F-6D6C0EE80242}] => (Allow) B:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{AC0ABE88-CBD6-4428-B994-D6C9DCEB39C8}] => (Allow) B:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5D4A332F-5AE6-4E28-9D22-77B68E739573}] => (Allow) B:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{F2ADB8CB-9E5A-41E6-988F-69F6E92FDB27}B:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe] => (Allow) B:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe
FirewallRules: [UDP Query User{C99AE575-1880-4DA2-BBC7-6F7373C4ED5B}B:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe] => (Allow) B:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe
FirewallRules: [{0D698485-2F37-4018-8826-C879ABC6D5E5}] => (Allow) B:\Steam\SteamApps\common\Gothic II\system\Gothic2.exe
FirewallRules: [{282F2BA0-0DE2-48C7-BCBC-6C0FEC6EFA94}] => (Allow) B:\Steam\SteamApps\common\Gothic II\system\Gothic2.exe
FirewallRules: [{BD89D7F9-45BA-40FA-B9E7-769499BE4305}] => (Allow) B:\Steam\SteamApps\common\Gothic\system\GOTHIC.EXE
FirewallRules: [{036C2229-0437-43CB-A9E3-09802FFCD962}] => (Allow) B:\Steam\SteamApps\common\Gothic\system\GOTHIC.EXE
FirewallRules: [{A2EB9493-0851-489E-9781-629710150877}] => (Allow) B:\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{57BF7724-8922-4705-BC5A-EBEF31C86766}] => (Allow) B:\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{E988D776-5937-42EA-ADA7-C0CAFFCA86D0}] => (Allow) B:\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{9A53FAE2-7671-4F44-887F-35B78D0D37AF}] => (Allow) B:\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{822DC1F8-53D9-4BA1-8C2D-83E58F0D33AF}] => (Allow) B:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{68A7042A-E11B-4123-B053-65EFC5B7BA90}] => (Allow) B:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{21CAAF6A-D633-468A-8C6A-F5B8DF2FF346}] => (Allow) B:\Steam\SteamApps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{24CB710A-48AB-446C-BF20-4A430B6C41EE}] => (Allow) B:\Steam\SteamApps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{BE1B17D2-B34D-449D-8172-7B36B3F19EA8}] => (Allow) B:\Steam\SteamApps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{4CF9A37E-A6E1-496A-9EC5-5F57B25A9009}] => (Allow) B:\Steam\SteamApps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{A7CE0D04-316E-4A3F-AF89-92519BD2D65A}] => (Allow) B:\Steam\SteamApps\common\SeriousSamDoubleD\SSLauncher.exe
FirewallRules: [{0385BE31-7D7B-4F24-B2DD-87432FE4684D}] => (Allow) B:\Steam\SteamApps\common\SeriousSamDoubleD\SSLauncher.exe
FirewallRules: [{5363BEDC-0CAA-4E6F-A80F-937AF12961CC}] => (Allow) B:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{1B5B067A-8180-4747-A73E-FE0E3B950905}] => (Allow) B:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{E005222D-41FA-49FC-A21A-C602D12FD604}] => (Allow) B:\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{1C25DEFB-B00E-4359-A9E0-6F9B57C1A3D1}] => (Allow) B:\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{66F2B96B-1F58-4B31-9F14-123C9F2C463F}] => (Allow) B:\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{B56F9F8C-D8C2-4B8D-8FBA-F9DEB2872836}] => (Allow) B:\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{8DCA849B-50E7-4507-9980-EA3AC1225E4E}] => (Allow) B:\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{68A7AA40-20EE-4F62-8684-34935D2290A8}] => (Allow) B:\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{8E085DA8-0017-4BB0-ADE4-393F83C798B0}] => (Allow) B:\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{4C4C4E44-D0EA-495E-A3B6-0F90635A04F5}] => (Allow) B:\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{055E5781-5F1F-4708-8D94-1FA4101B93AB}] => (Allow) B:\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{A4F44042-2A74-44A6-A3E2-2FCCADAAEEB3}] => (Allow) B:\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{5087767A-6140-470B-A9FE-AF34B65FEE22}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6A629744-B017-40E3-8A51-048767D4192A}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{0C4652F6-2A84-4FB6-8464-3303D25F2145}M:\arkserver\shootergame\binaries\win64\shootergameserver.exe] => (Allow) M:\arkserver\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [UDP Query User{21AE77D4-9EE5-4E91-9E0F-CDBB30238DE5}M:\arkserver\shootergame\binaries\win64\shootergameserver.exe] => (Allow) M:\arkserver\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [TCP Query User{B925958E-ACAD-4BEE-9754-CA7DF6A5B41E}B:\steam\steamapps\common\dayz\dayz.exe] => (Allow) B:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{3D0F6AED-E0C5-4DBD-B103-BA7D4E5D236A}B:\steam\steamapps\common\dayz\dayz.exe] => (Allow) B:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{092E05A9-E2F8-46E5-B7E2-2F82810ECA08}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{C69D5006-B7F4-4A7F-B583-88AF739E44A1}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{B2623E54-765A-43C8-8442-3282E06874DE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{15C364CB-CF4E-4816-85E5-F04F302DB2E8}] => (Allow) B:\Steam\SteamApps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{66468ADD-0B00-4613-BEA7-68EF8BF28E10}] => (Allow) B:\Steam\SteamApps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{E49C6F25-82B2-48D6-BAE9-059B205793FC}] => (Allow) B:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{D0DDEAE6-00D9-4B7D-BA23-6F17136CD0F5}] => (Allow) B:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{5A8ACE50-9742-4A76-9A82-725DDC8043AF}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [UDP Query User{718BFDFA-8E91-4F2F-8E05-91D232351ADD}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [{5FD683E0-EF50-4397-A6DC-956D9D389539}] => (Allow) X:\EA Teufelsspiele\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{E1BADD5C-B488-460C-BC29-E075829D9DC9}] => (Allow) X:\EA Teufelsspiele\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{CCFBE483-7A83-442C-BD76-B7A3BF74A704}] => (Allow) B:\Steam\SteamApps\common\serious sam 2\Bin\Sam2.exe
FirewallRules: [{611A6949-E2E8-422F-9EB8-B3C56929C501}] => (Allow) B:\Steam\SteamApps\common\serious sam 2\Bin\Sam2.exe
FirewallRules: [{540FBE7F-F96F-4B12-AC7A-17D0C2EE46E7}] => (Allow) B:\Steam\SteamApps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{506C7357-9D75-4EAD-B0E9-6A060335C798}] => (Allow) B:\Steam\SteamApps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{05D718D8-7E41-49E7-A597-4423D8E3A0C0}] => (Allow) LPort=7777
FirewallRules: [{93BD386A-5825-4805-8027-66FC8663821A}] => (Allow) X:\ark server\latest\Servers\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{4F05C94B-A183-4EAE-B0F4-E436E20BE06C}] => (Allow) X:\ark server\latest\Servers\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{F81D374F-4E6B-4910-9F69-DA1053296743}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAB73353-5DE1-4115-8787-F7CF79E053BD}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AC6E3896-5F13-4145-9E23-7CD0BF85D76A}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A4973087-FA0F-415F-BA19-DFAD5AB5E4F0}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F7E49404-DB7A-4AA2-BEF1-74EC9DD8D918}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B18788A4-01BC-4C03-BC20-4AC2556C3DB1}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DD5551AF-C1F2-4198-9BB3-A591BBD8DFEB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5B63EB6C-E478-4F78-8E4F-6E8F9D8B6E17}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B8715AAA-EC62-4BE3-B049-79E06BA99463}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B8E8C7EC-2117-4E51-A6AE-1DAF83225F34}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F2B86745-7308-4651-9711-ACA524E71342}] => (Allow) X:\Program Files (x86)\Project Reality\Project Reality BF2\prbf2.exe
FirewallRules: [{F66E9B8E-F10E-4DAF-ACDF-A2A5021AE9C7}] => (Allow) X:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRLauncher.exe
FirewallRules: [{42398826-363B-49F5-A686-15E1031C8FAB}] => (Allow) X:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRUpdater.exe
FirewallRules: [{2195D611-9C62-47D2-9372-2819E1C62641}] => (Allow) X:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRMumble\PRMumble.exe
FirewallRules: [{C16F6180-D5AC-4182-AEFE-B860526E54C6}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{207D3821-37D6-466C-9162-E3521E3494AD}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{851CE4AB-0029-42A3-99B9-ABEA06B74162}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
FirewallRules: [{0FD6EFB1-5C96-44EF-9605-545D26FD2868}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
FirewallRules: [{5A745F6B-FEBD-4807-81EE-BF5DD6317F33}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
FirewallRules: [{02A40529-5165-46B1-8D8D-50FEC9848290}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
FirewallRules: [{2438B588-8EF6-4B9C-8E93-1F330D42284B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A605E300-5A21-4B6D-9B05-FBE7305F4525}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1D308DAA-1274-4FBA-8605-3065EDF73199}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2051543B-15B8-42AA-91C8-9D5805FF5B1B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0F546F70-670D-4443-8DED-352DDD1F4C57}] => (Allow) B:\Steam\SteamApps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{F4C11E8B-FFD7-4CC8-BB0B-FD0C24D7A059}] => (Allow) B:\Steam\SteamApps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{148A7AF4-43E8-4DCE-932A-D4B8039D976F}] => (Allow) I:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{0296AB5E-1446-4EAE-9338-1258B9527D3C}] => (Allow) I:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{0E31B345-F120-4148-878D-F926F165C505}] => (Allow) B:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EE11C58C-F33C-4510-B26B-4AF1B3D6155E}] => (Allow) B:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1ACC812A-2383-4942-9E40-10D28B123647}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CD524CBD-0A92-4449-ACBE-D01DD91690CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D9CAA513-AF61-4DFA-A76D-B81B50EED72C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5E5FE815-6E1B-4FE1-8400-CCD878253341}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A6BE5834-597C-4E5A-B99B-7FC00A41ED44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B22A0111-7D5B-4EE7-B5A5-FDB1487FC215}] => (Allow) X:\EA Teufelsspiele\Battlefield 1\bf1Trial.exe
FirewallRules: [{F1AB4096-1092-44C4-B4B2-8D56D4B38DC4}] => (Allow) X:\EA Teufelsspiele\Battlefield 1\bf1Trial.exe
FirewallRules: [{919453A3-A6F9-4422-A912-D74A374602AE}] => (Allow) X:\EA Teufelsspiele\Battlefield 1\bf1.exe
FirewallRules: [{5E1181F9-7745-45BB-8F14-EA8A931F9331}] => (Allow) X:\EA Teufelsspiele\Battlefield 1\bf1.exe
FirewallRules: [{C4FA10A2-6B43-483F-A527-2551F93C5DD1}] => (Allow) B:\Steam\SteamApps\common\Reign Of Kings\Reign of Kings.exe
FirewallRules: [{4FC27955-CBA7-4EBD-8C58-B97F0E62E8F4}] => (Allow) B:\Steam\SteamApps\common\Reign Of Kings\Reign of Kings.exe
FirewallRules: [{52D64D1A-7442-48D6-91B9-C936F7F02062}] => (Allow) B:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{F129B39E-A0C7-4E0F-9303-A7F1A5507A2A}] => (Allow) B:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{19834E20-EA3F-4484-91B4-BFDCF8CE631C}] => (Allow) B:\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{0E85DA89-A29C-4E02-B73A-43FBA203AF6B}] => (Allow) B:\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{C495BA51-4DFA-4358-88E8-55BCA899CCB4}] => (Allow) B:\Steam\SteamApps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{AD654F46-D298-4790-A187-A35E5C247FCB}] => (Allow) B:\Steam\SteamApps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{782FAE6F-5DAA-45F9-B58E-63F5453140F0}] => (Allow) B:\Steam\SteamApps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{FE211312-B17C-481E-B022-7AAA30BEB5B9}] => (Allow) B:\Steam\SteamApps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{02778F95-F220-4A34-BB15-003AFF64A650}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8574678A-3F09-445B-BE44-B5699A08015A}] => (Allow) LPort=2869
FirewallRules: [{B2475144-5A6A-456D-A22A-12B6C8E9DB16}] => (Allow) LPort=1900
FirewallRules: [{102C032A-E895-46AD-9E65-5A10B71E7716}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5343D873-5280-4046-AA87-7A1675D51FBE}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6B5660CC-B03D-4C39-9AD9-A90ED1CD01F8}] => (Allow) B:\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{01A618D0-F2B1-4E2F-8BAA-D723818F7DDB}] => (Allow) B:\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{2AB9AC57-CE4A-4365-95FD-AE600D96C795}] => (Allow) B:\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{3E591198-A6EE-49D3-9C1C-C7A703211AA3}] => (Allow) B:\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{E6A5CB9E-BA9C-4210-AAAA-24FC28D2E5B9}] => (Allow) B:\Steam\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{0CF729FE-54A0-46EE-8B65-C3D3A5FDF477}] => (Allow) B:\Steam\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{68AB67E8-7706-473D-9B3B-B49210EDFD49}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{A48DB244-0F1F-456E-8412-F0C3AEE7B5FD}] => (Allow) B:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{D386397E-9E4B-403B-802B-41C8CE009422}] => (Allow) B:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{88A4B48C-3F33-45E8-9CDC-25B0E7B050EC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{C25DCA68-EC5F-4D0B-AB98-9424B2ECDF8E}] => (Allow) B:\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{97180C52-8F96-4F5B-8763-9A58AD707AE0}] => (Allow) B:\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5FCCC7B4-0B1F-4A87-89E5-4B0DFEC8060A}] => (Allow) B:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{3AADF1F4-9C65-481C-AABB-F70914342D98}] => (Allow) B:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{2D06AE99-72D3-4A6D-AF14-3105AF87CBEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9D1E1B11-E4E2-485E-8BB9-52EBA4A384B1}] => (Allow) B:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{41DF995A-55AF-4884-BCEB-A5F3F8C20FDE}] => (Allow) B:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{FCBD73BA-39D5-49E6-8228-A4D43F5B920A}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{0C1697A3-1F6E-4BEE-81B7-9243364E3819}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{A6F42731-22D7-4FB5-A528-FD507769E7E2}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{BD8E988A-713D-444D-972A-3F8421DFF956}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{5CD5AE82-D74E-48F0-9226-7F456A788A47}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{2D4C51A8-CDC5-4E00-B0DC-DF8770B32FDA}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{AF0F54F7-7B12-40D8-8DBD-F1101F8B3361}] => (Allow) B:\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{5905287F-55E7-4322-BCDD-8F4D77955EFB}] => (Allow) B:\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{DA5E8AD2-FD67-4249-BF53-6DE92761B1DA}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{0AC18A6C-D747-4281-B097-36F2F4E7079F}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
==================== Wiederherstellungspunkte =========================
21-10-2017 08:42:52 Team-ELAN Launcher wurde entfernt.
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/21/2017 08:42:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (10/21/2017 08:42:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (10/21/2017 08:42:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (10/21/2017 08:42:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (10/21/2017 08:11:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 80004005).
Error: (10/21/2017 06:39:23 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/21/2017 06:29:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (10/20/2017 02:19:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 90080108).
Error: (10/20/2017 01:15:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 90080108).
Error: (10/20/2017 04:49:38 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 80004005).
Systemfehler:
=============
Error: (10/21/2017 06:30:52 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Start (Lokal) für die COM-Serveranwendung mit CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
und APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (10/21/2017 06:30:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (10/21/2017 06:30:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (10/21/2017 06:30:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (10/21/2017 06:30:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (10/21/2017 06:30:04 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Die Peer Name Resolution-Protokoll-Cloud wurde nicht gestartet. Fehler bei Standardidentität. Fehlercode: 0x80630801.
Error: (10/21/2017 06:30:04 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Die Peer Name Resolution-Protokoll-Cloud wurde nicht gestartet. Fehler bei Standardidentität. Fehlercode: 0x80630801.
Error: (10/21/2017 06:29:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (10/21/2017 06:29:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (10/21/2017 06:29:53 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Die Peer Name Resolution-Protokoll-Cloud wurde nicht gestartet. Fehler bei Standardidentität. Fehlercode: 0x80630801.
CodeIntegrity:
===================================
Date: 2016-09-08 23:05:52.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 21:13:35.987
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 16:37:34.150
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 15:35:46.338
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 15:33:01.005
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 14:05:54.761
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 13:13:55.730
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 13:13:37.462
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 13:13:37.431
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Florian\AppData\Local\Temp\ESEADriver2.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 13:13:35.528
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 16364.14 MB
Verfügbarer physikalischer RAM: 12706.36 MB
Summe virtueller Speicher: 32726.47 MB
Verfügbarer virtueller Speicher: 28830.3 MB
==================== Laufwerke ================================
Drive b: (Volume) (Fixed) (Total:931.51 GB) (Free:90.83 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive c: () (Fixed) (Total:232.88 GB) (Free:2.78 GB) NTFS
Drive e: (CPY-ROTTR) (CDROM) (Total:31.22 GB) (Free:0 GB) CDFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive i: () (Fixed) (Total:55.8 GB) (Free:55.64 GB) NTFS
Drive x: (Volume) (Fixed) (Total:1863.01 GB) (Free:32.84 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 29B29A3C)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00239046)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CE94F2CF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 758BFFE4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
21.10.2017, 12:14
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbindenZitat:
__________________ |
|
21.10.2017, 14:07
| #3 |
| | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden Naja, das Problem besteht darin, dass bei jedem Start von Firefox versucht wird auf coinhive zu verbinden.
__________________ |
|
21.10.2017, 14:19
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden Bitte Avast deinstallieren. Wir deinstallieren dann am besten auch gleich weiteren unnötigen oder veralteten Krempel. Falls du unbedingt ein Programm aus der u.g. Liste braucht, dann lass es drauf gib aber kurz ne Info welches und warum. Avast können wir einfach nicht mehr guten Gewissens empfehlen. => Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog Auch andere Freewareanbieter wie Avira, AVG oder Panda springen auf diesen oder ähnlichen Zügen rauf, basteln Junkware in die Setups, arbeiten mit ASK zusammen etc; so was ist bei Sicherheitssoftware einfach inakzeptabel. Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Gib Bescheid wenn Avast weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.10.2017, 06:21
| #5 |
| | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden Ich habe Avast jetzt deinstalliert. Weiterhin habe ich alle genannten Programme aktualisiert und CCleaner sowie Yahoo! Powered deinstalliert. Von "SafeZone Stable 4.58.2552.909" konnte ich leider keinen Eintrag finden. Nach der Deinstallation von Yahoo! Powered (die nur mit Hilfe vom Revo Uninstaller geling) habe ich für drei Starts von Firefox keine Meldung von Avast mehr erhalten. Dann ist das Problem jedoch leider wieder zurückgekehrt. Ich werde jetzt in Zukunft Chrome nutzen, da hier so ein Verbindungsaufbau von Avast nicht entdeckt wurde. Ich bedanke mich schon mal für die Hilfe bis hierhin. |
|
22.10.2017, 14:19
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbindenZitat:
Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ --> Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden |
|
22.10.2017, 16:44
| #7 | |
| | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbindenZitat:
EDIT: MBAR ist gerade fertig geworden, hat aber leider auch nichts finden können: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2017.10.22.05
rootkit: v2017.10.14.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18537
Florian :: FLORIAN-PC [administrator]
22.10.2017 17:26:00
mbar-log-2017-10-22 (17-26-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 284097
Time elapsed: 7 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
22.10.2017, 16:55
| #8 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbindenZitat:
Zitat:
Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner v7.x Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2017, 08:42
| #9 | ||
| | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbindenZitat:
Zitat:
AdwCleaner[C0].txt: Code:
ATTFilter # AdwCleaner 7.0.3.1 - Logfile created on Tue Oct 24 02:19:22 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Program Files (x86)\Common Files\freemake shared
Deleted: C:\Users\Florian\AppData\Local\Downloaded Installations\{DAD82379-C684-4D04-83D5-2B9934A9C362}
Deleted: C:\Users\Florian\AppData\Local\Temp\VideoConverter
***** [ Files ] *****
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.de
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.watch4.de
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted: [Key] - HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
Plugin deleted: Search Manager -
Plugin deleted: Search Manager -
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [2562 B] - [2017/10/24 2:18:53]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Florian (Administrator) on 24.10.2017 at 4:25:57,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 25
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IEV18PG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WMOWOJN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5G85SQIL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3ZAX96X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6881NDX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCN26EQB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W103I386 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WP1UP816 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IEV18PG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WMOWOJN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5G85SQIL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3ZAX96X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6881NDX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCN26EQB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W103I386 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WP1UP816 (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.10.2017 at 4:27:01,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
24.10.2017, 08:51
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbindenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2017, 11:32
| #11 | |
| | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbindenZitat:
AdwCleaner[C1].txt: Code:
ATTFilter # AdwCleaner 7.0.3.1 - Logfile created on Tue Oct 24 10:28:19 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
No malicious registry entries deleted.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
Plugin deleted: Search Manager -
Plugin deleted: Search Manager -
*************************
::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [2311 B] - [2017/10/24 2:19:22]
C:/AdwCleaner/AdwCleaner[S0].txt - [2562 B] - [2017/10/24 2:18:53]
C:/AdwCleaner/AdwCleaner[S1].txt - [1317 B] - [2017/10/24 10:27:56]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
|
|
24.10.2017, 12:15
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2017, 12:50
| #13 |
| | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2017 01
durchgeführt von Florian (Administrator) auf FLORIAN-PC (24-10-2017 13:48:04)
Gestartet von B:\Downloads
Geladene Profile: Florian (Verfügbare Profile: Florian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\lync.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Valve Corporation) B:\Steam\Steam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe
(Valve Corporation) B:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) B:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) B:\Downloads\FRST64(1).exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11619432 2010-11-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\Run: [Xvid] => powershell.exe -nologo -WindowStyle hidden -Noninteractive -NoProfile -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Xvid\CheckUpdate.ps1"
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office16\lync.exe [26960584 2016-12-14] (Microsoft Corporation)
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: D - D:\pushinst.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: K - K:\SETUP.EXE
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {47d53c15-ecae-11e6-be2a-bcaec569c942} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {47d53c1e-ecae-11e6-be2a-bcaec569c942} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {47d53c22-ecae-11e6-be2a-bcaec569c942} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {47d53c2c-ecae-11e6-be2a-bcaec569c942} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {b69b4a06-3d1f-11e7-8e5d-bcaec569c942} - E:\setup.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {ba621a3f-79a3-11e6-b29e-bcaec569c942} - H:\setup.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {c3659fa5-818c-11e6-8d05-bcaec569c942} - H:\setup.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {d23eac55-ee22-11e6-a40a-806e6f6e6963} - E:\pushinst.exe
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\MountPoints2: {f075e01b-dd70-11e5-884d-bcaec569c942} - K:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IKONIK SIM.lnk [2016-02-18]
ShortcutTarget: IKONIK SIM.lnk -> C:\Windows\Installer\{8F9F4A67-D75B-44C6-9F05-7E2A2007D8D8}\Icon11.ico ()
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2017-02-06]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.exe - Verknüpfung.lnk [2016-03-01]
ShortcutTarget: Steam.exe - Verknüpfung.lnk -> B:\Steam\Steam.exe (Valve Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3FD338AD-F2BC-4F61-8054-DB8C77C0622E}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{4DF7086B-49F6-424D-B6E6-E83858BCDA0F}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{F9C1D875-0D21-4DE8-B9F9-49CDB5FEB4B0}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0AyBzyzy0EtD0CtGyBtCyBzytGyC0C0EyDtGtA0F0BtBtG0EtBtDyByE0ByE0Azz0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutB%26cr%3D1003715282%26a%3Dwbf_fs_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0AyBzyzy0EtD0CtGyBtCyBzytGyC0C0EyDtGtA0F0BtBtG0EtBtDyByE0ByE0Azz0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutB%26cr%3D1003715282%26a%3Dwbf_fs_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0AyBzyzy0EtD0CtGyBtCyBzytGyC0C0EyDtGtA0F0BtBtG0EtBtDyByE0ByE0Azz0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutB%26cr%3D1003715282%26a%3Dwbf_fs_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0AyBzyzy0EtD0CtGyBtCyBzytGyC0C0EyDtGtA0F0BtBtG0EtBtDyByE0ByE0Azz0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutB%26cr%3D1003715282%26a%3Dwbf_fs_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3713184456-2919407675-3275247651-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3713184456-2919407675-3275247651-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyCzy0CzyyEtB0Ezz0DtCtN0D0Tzu0StCzyyEyEtN1L2XzutAtFtBzytFtAtFyBtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0BtB0A0AyBzytAtGtAyD0ByEtGtC0E0CzytGyByByD0EtGzztAyEzzyByC0DyCyByCyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtA0E0FtAtB0FtG0CtCtCzztGyE0B0AzztGzyyD0EzztG0AyCtDtCtCtB0A0A0FyE0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByByBtD%26cr%3D650389536%26a%3Dwbf_ir_17_17%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3713184456-2919407675-3275247651-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3713184456-2919407675-3275247651-1000 -> {4E64BD58-F988-43B8-BC89-90D2EC7C8691} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-22] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: ya8yldza.default-1508686843419
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\ya8yldza.default-1508686843419 [2017-10-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-17] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-17] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default [2017-10-24]
CHR Extension: (Präsentationen) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]
CHR Extension: (Docs) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]
CHR Extension: (Google Drive) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-13]
CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-22]
CHR Extension: (Google-Suche) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-22]
CHR Extension: (Tabellen) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Search Manager) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-10-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-05]
CHR Extension: (Search Manager) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-10-22]
CHR Extension: (Google Mail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-13]
CHR Extension: (Chrome Media Router) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-22]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1548808 2017-10-11] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-10-08] (EasyAntiCheat Ltd)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-04-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-04-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-09-23] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2014-11-21] (AVM Berlin)
S3 cpuz139; C:\Users\Florian\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [43328 2017-05-18] (CPUID) <==== ACHTUNG
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-27] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-27] (Disc Soft Ltd)
R1 ESEADriver2; C:\Users\Florian\AppData\Local\Temp\ESEADriver2.sys [314720 2016-06-29] () <==== ACHTUNG
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 fwlanusb5_nv2; C:\Windows\System32\DRIVERS\fwlanusb5_nv2.sys [1322824 2014-11-21] (AVM GmbH)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [25920 2017-01-26] (ASUSTeK Computer Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-09-13] (Duplex Secure Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-24 12:29 - 2017-10-24 12:29 - 000000000 _____ C:\Windows\cd_127
2017-10-24 12:26 - 2017-10-24 12:26 - 008250832 _____ (Malwarebytes) C:\Users\Florian\Downloads\adwcleaner_7.0.3.1(1).exe
2017-10-24 04:27 - 2017-10-24 04:27 - 000004570 _____ C:\Users\Florian\Documents\JRT.txt
2017-10-24 04:24 - 2017-10-24 04:25 - 001790024 _____ (Malwarebytes) C:\Users\Florian\Downloads\JRT.exe
2017-10-24 04:24 - 2017-10-24 04:24 - 000002311 _____ C:\Users\Florian\Documents\AdwCleaner[C0].txt
2017-10-24 04:20 - 2017-01-26 14:27 - 000025920 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2017-10-24 04:17 - 2017-10-24 12:28 - 000000000 ____D C:\AdwCleaner
2017-10-24 04:16 - 2017-10-24 04:16 - 008250832 _____ (Malwarebytes) C:\Users\Florian\Downloads\adwcleaner_7.0.3.1.exe
2017-10-22 17:26 - 2017-10-22 17:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-22 17:25 - 2017-10-22 17:35 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-22 17:25 - 2017-10-22 17:25 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-10-22 17:25 - 2017-10-22 17:25 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-10-22 07:04 - 2017-10-22 07:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-10-22 07:04 - 2017-10-22 07:04 - 000000000 ____D C:\Program Files\PuTTY
2017-10-22 07:00 - 2017-10-22 07:00 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2017-10-22 06:58 - 2017-10-22 06:58 - 000000000 ____D C:\Users\Florian\AppData\Local\FileZilla
2017-10-22 06:57 - 2017-10-22 06:58 - 007905536 _____ (Tim Kosse) C:\Users\Florian\Downloads\FileZilla_3.28.0_win64-setup.exe
2017-10-21 16:14 - 2017-10-22 06:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-10-21 16:14 - 2017-10-21 16:14 - 000000000 ____D C:\Program Files\VS Revo Group
2017-10-10 20:42 - 2017-10-10 20:42 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2017-09-28 19:57 - 2017-09-28 19:57 - 000000000 ____D C:\Users\Florian\ansel
2017-09-28 00:25 - 2017-09-28 00:25 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-09-28 00:25 - 2017-09-28 00:25 - 000000000 ____D C:\Users\Florian\AppData\Local\UnrealEngineLauncher
2017-09-28 00:25 - 2017-09-28 00:25 - 000000000 ____D C:\Users\Florian\AppData\Local\EpicGamesLauncher
2017-09-28 00:25 - 2017-09-28 00:25 - 000000000 ____D C:\ProgramData\Epic
2017-09-27 01:17 - 2017-10-17 09:31 - 000000000 _____ C:\Windows\SysWOW64\last.dump
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-24 13:48 - 2017-05-11 23:53 - 000000000 ____D C:\FRST
2017-10-24 12:37 - 2009-07-14 06:45 - 000020272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-24 12:37 - 2009-07-14 06:45 - 000020272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-24 12:35 - 2011-04-12 09:43 - 000699092 _____ C:\Windows\system32\perfh007.dat
2017-10-24 12:35 - 2011-04-12 09:43 - 000149232 _____ C:\Windows\system32\perfc007.dat
2017-10-24 12:35 - 2009-07-14 07:13 - 001619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-24 12:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-10-24 12:29 - 2017-03-18 04:15 - 000003158 _____ C:\Windows\System32\Tasks\GPU Tweak II
2017-10-24 12:29 - 2016-11-18 03:41 - 000000000 ____D C:\Users\Florian\AppData\LocalLow\Mozilla
2017-10-24 12:29 - 2016-02-18 17:51 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-24 12:29 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-24 12:25 - 2017-01-18 19:11 - 000000000 ____D C:\Users\Florian\AppData\Roaming\TS3Client
2017-10-24 04:32 - 2011-03-20 19:35 - 000000000 ____D C:\Users\Florian\Desktop\Hintergründe
2017-10-24 04:28 - 2016-02-19 22:24 - 000000000 ____D C:\Users\Florian\AppData\Roaming\vlc
2017-10-24 04:27 - 2011-03-20 19:35 - 000000000 ____D C:\Users\Florian\Desktop\avast + lpo
2017-10-24 04:19 - 2016-11-30 16:08 - 000000000 ____D C:\Users\Florian\AppData\Local\Downloaded Installations
2017-10-23 08:38 - 2016-02-22 23:01 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-22 15:55 - 2016-02-18 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-22 15:55 - 2016-02-18 18:13 - 000000000 ____D C:\Program Files\Java
2017-10-22 07:04 - 2016-02-21 16:54 - 000000000 ____D C:\Program Files (x86)\PuTTY
2017-10-22 07:01 - 2016-02-18 18:13 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-10-22 07:00 - 2016-02-27 18:43 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-10-22 06:58 - 2016-02-21 17:12 - 000000000 ____D C:\Users\Florian\AppData\Roaming\FileZilla
2017-10-22 06:58 - 2016-02-21 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-10-22 06:58 - 2016-02-21 17:12 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2017-10-22 06:55 - 2016-09-12 16:46 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-10-22 06:51 - 2009-07-14 06:45 - 000426256 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-21 18:25 - 2017-05-29 22:34 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 18:25 - 2016-12-22 18:53 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 18:25 - 2016-12-22 18:53 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 18:25 - 2016-12-22 18:53 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 18:25 - 2016-12-22 18:53 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 18:25 - 2016-12-22 18:53 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 18:25 - 2016-12-22 18:53 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 18:25 - 2016-12-22 18:53 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-21 18:25 - 2016-06-02 17:24 - 000004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-21 18:25 - 2016-04-27 23:07 - 000003112 _____ C:\Windows\System32\Tasks\{1BF172A9-0263-4D27-B274-496F4055BC15}
2017-10-21 18:25 - 2016-03-31 20:55 - 000003114 _____ C:\Windows\System32\Tasks\{8554801C-2821-44D5-A108-640994146C26}
2017-10-21 18:25 - 2016-02-22 19:26 - 000003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-21 18:25 - 2016-02-22 19:26 - 000003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-21 14:37 - 2016-02-18 17:20 - 000111128 _____ C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-21 13:20 - 2016-02-18 18:11 - 000000000 ____D C:\FTB
2017-10-21 08:43 - 2016-12-13 18:15 - 000000000 ____D C:\Users\Florian\AppData\Local\Chromium
2017-10-20 20:45 - 2016-07-11 01:05 - 000000000 ____D C:\Users\Florian\AppData\Roaming\Skype
2017-10-18 20:36 - 2016-02-21 17:15 - 000000600 _____ C:\Users\Florian\AppData\Local\PUTTY.RND
2017-10-17 03:35 - 2016-06-02 17:24 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-17 03:35 - 2016-06-02 17:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-17 03:35 - 2016-06-02 17:24 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-17 03:35 - 2016-06-02 17:24 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-16 20:28 - 2016-12-29 01:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-10-16 20:28 - 2016-12-15 21:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-16 20:28 - 2016-02-18 17:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-14 18:26 - 2016-03-23 15:09 - 000000000 ____D C:\Users\Florian\AppData\Local\ftblauncher
2017-10-10 20:42 - 2017-08-03 23:43 - 000000000 ____D C:\Users\Florian\AppData\Roaming\EasyAntiCheat
2017-10-09 19:44 - 2016-04-16 19:47 - 000000000 ____D C:\Users\Florian\AppData\Local\Ubisoft Game Launcher
2017-10-07 15:15 - 2009-07-14 07:08 - 000032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-28 19:57 - 2016-02-18 16:19 - 000000000 ____D C:\Users\Florian
2017-09-28 17:39 - 2016-02-26 23:49 - 000000000 ____D C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-28 00:27 - 2016-02-18 17:50 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-28 00:25 - 2017-05-07 10:55 - 000000000 ____D C:\Users\Florian\AppData\Local\UnrealEngine
2017-09-25 22:01 - 2016-02-22 19:27 - 000002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-25 17:20 - 2016-08-26 23:49 - 000000000 ____D C:\Users\Florian\AppData\Local\Arma 3 Launcher
2017-09-25 15:35 - 2016-08-26 23:53 - 000000000 ____D C:\Users\Florian\AppData\Local\Arma 3
2017-09-25 11:21 - 2016-02-21 17:46 - 000000000 ____D C:\Users\Florian\AppData\Local\CrashDumps
2017-09-24 12:44 - 2016-08-28 18:20 - 000000000 ____D C:\Users\Florian\Documents\mods
2017-09-24 12:43 - 2016-08-28 18:19 - 000000000 ____D C:\Program Files (x86)\A3Launcher
2017-09-24 12:22 - 2016-03-20 21:41 - 000000000 ____D C:\Users\Florian\AppData\Roaming\TeraCopy
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-08-22 19:49 - 2017-08-22 19:49 - 000000445 _____ () C:\Users\Florian\AppData\Roaming\CSharpAnalytics-MeasurementSession
2017-08-03 00:39 - 2017-08-03 00:39 - 000111389 _____ () C:\Users\Florian\AppData\Roaming\ftblauncher.rar
2016-02-21 17:15 - 2017-10-18 20:36 - 000000600 _____ () C:\Users\Florian\AppData\Local\PUTTY.RND
2008-02-05 15:28 - 2008-02-05 15:28 - 000000051 _____ () C:\Users\Florian\AppData\Local\setup.txt
2016-09-23 23:43 - 2016-09-23 23:43 - 000000000 ___SH () C:\ProgramData\.rdata
2016-12-22 17:42 - 2017-01-25 17:23 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-22 17:42 - 2017-01-25 04:38 - 000005307 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Einige Dateien in TEMP:
====================
2016-02-25 15:47 - 2016-02-25 15:47 - 000079736 _____ (AppWork GmbH) C:\Users\Florian\AppData\Local\Temp\131008816428945059.exe
2016-02-25 15:47 - 2016-02-25 15:47 - 000999696 _____ ( ) C:\Users\Florian\AppData\Local\Temp\13100881644118575972.exe
2016-02-27 18:42 - 2016-02-27 18:43 - 000102912 _____ () C:\Users\Florian\AppData\Local\Temp\bitool.dll
2017-10-22 06:58 - 2017-10-22 06:58 - 000791712 _____ (Disc Soft Ltd.) C:\Users\Florian\AppData\Local\Temp\DAEMON Tools Lite.exe
2017-01-08 13:53 - 2017-01-08 13:56 - 034139976 _____ (Ellora Assets Corporation ) C:\Users\Florian\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2017-01-08 14:08 - 2017-01-08 14:08 - 000737856 _____ (Oracle Corporation) C:\Users\Florian\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-05-19 17:33 - 2016-05-19 17:33 - 004203840 _____ () C:\Users\Florian\AppData\Local\Temp\npp.6.9.1.Installer.exe
2016-08-24 13:40 - 2016-08-24 13:40 - 004211112 _____ () C:\Users\Florian\AppData\Local\Temp\npp.6.9.2.Installer.exe
2016-02-18 17:51 - 2016-12-01 19:05 - 000747464 _____ (NVIDIA Corporation) C:\Users\Florian\AppData\Local\Temp\nvSCPAPI.dll
2016-02-18 17:51 - 2016-12-01 19:05 - 000860960 _____ (NVIDIA Corporation) C:\Users\Florian\AppData\Local\Temp\nvSCPAPI64.dll
2016-08-31 17:37 - 2016-12-01 19:04 - 000353336 _____ (NVIDIA Corporation) C:\Users\Florian\AppData\Local\Temp\nvStInst.exe
2016-12-22 18:53 - 2017-01-06 03:10 - 000255032 _____ (NVIDIA Corporation) C:\Users\Florian\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-12-22 18:53 - 2017-01-06 03:10 - 000335928 _____ (NVIDIA Corporation) C:\Users\Florian\AppData\Local\Temp\NvTelemetryAPI64.dll
2015-07-31 16:06 - 2015-07-31 16:06 - 000242864 ____R (Microsoft Corporation) C:\Users\Florian\AppData\Local\Temp\ose00000.exe
2017-07-10 20:31 - 2017-07-10 20:31 - 000040448 ____N () C:\Users\Florian\AppData\Local\Temp\proxy_vole7075683337204772920.dll
2017-07-10 20:31 - 2017-07-10 20:31 - 000040448 ____N () C:\Users\Florian\AppData\Local\Temp\proxy_vole8805084617748005345.dll
2017-07-10 20:31 - 2017-07-10 20:31 - 000040448 ____N () C:\Users\Florian\AppData\Local\Temp\proxy_vole8891453254729652200.dll
2017-03-16 21:29 - 2017-03-16 21:29 - 014456872 _____ (Microsoft Corporation) C:\Users\Florian\AppData\Local\Temp\vc_redist.x86.exe
2017-06-16 20:59 - 2017-06-16 20:59 - 032100680 _____ () C:\Users\Florian\AppData\Local\Temp\vlc-2.2.6-win64.exe
2015-08-03 01:58 - 2015-08-03 01:58 - 000118784 _____ () C:\Users\Florian\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-10-23 17:05
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
durchgeführt von Florian (24-10-2017 13:48:18)
Gestartet von B:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-18 14:19:16)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3713184456-2919407675-3275247651-500 - Administrator - Disabled)
Florian (S-1-5-21-3713184456-2919407675-3275247651-1000 - Administrator - Enabled) => C:\Users\Florian
Gast (S-1-5-21-3713184456-2919407675-3275247651-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3713184456-2919407675-3275247651-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
A3Launcher version 0.1.3.4 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.3.4 - Maca134)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.78 - NVIDIA Corporation) Hidden
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.3.9 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.3.9 - ASUSTek COMPUTER INC.)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - )
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 06.20.00 - AVM Berlin)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.10777 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{8E1A1C2C-1619-4D51-A7D0-CEB24078BB8D}) (Version: 1.1.123.0 - Epic Games, Inc.)
ESEA Client (HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
FileZilla Client 3.28.0 (HKLM-x32\...\FileZilla Client) (Version: 3.28.0 - Tim Kosse)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freddy's Texture Patch BETA (HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\...\Gothic Texture Patch - Freddy) (Version: 0.52 - Fred Metger)
Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gothic1_Orcaxe-Orcsword-Fix (HKLM-x32\...\Gothic1_Orcaxe-Orcsword-Fix) (Version: 1.1 - ModRes)
GOTHIC2 - Die Nacht des Raben - 'System-Paket' (HKLM-x32\...\GOTHIC2 - Die Nacht des Raben - 'System-Paket') (Version: 1.1 - World of Gothic RU © 2014)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
IKONIK SIM (HKLM-x32\...\{8F9F4A67-D75B-44C6-9F05-7E2A2007D8D8}) (Version: 1.4 - IKONIK)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movavi Video Converter 16 (HKLM-x32\...\Movavi Video Converter 16) (Version: 16.2.0 - Movavi)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0.1 (x64 de) (HKLM\...\Mozilla Firefox 56.0.1 (x64 de)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.1.6484 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 de)) (Version: 52.4.0 - Mozilla)
NBTExplorer (HKLM-x32\...\{FC4C8FDD-384C-471F-9E9A-C25B57ABE7A8}) (Version: 2.7.6.0 - Justin Aquadro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.4 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
Outils de vérification linguistique 2016 de Microsoft Office*- Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.3 - Project Reality)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6254 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version: - Square Enix)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-012B-0407-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
Vampires Dawn II: Ancient Blood (MP3) (HKLM-x32\...\{04D24793-D317-4E13-95B3-1EDBEA068241}_is1) (Version: Vampires Dawn 2 - Version 1.23 (MP3) - Brianum/Dawnatic)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-02-23] (NVIDIA Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {09CE2640-4F76-4589-B54E-C858E3209CF6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {0C7364C4-3A8F-43D5-AABA-33C2061E7855} - System32\Tasks\{1BF172A9-0263-4D27-B274-496F4055BC15} => C:\Windows\system32\pcalua.exe -a B:\Downloads\gothic2_playerkit-2.6f.exe -d B:\Downloads
Task: {0D3A31DE-38A8-48CE-ADA4-E5716D3E8B20} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0E7A7DB2-FB4C-49A8-8260-757212345F32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {26A5AD77-0D0A-4F82-B86B-FD8C59EC2C22} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {460766C9-D3C0-4417-83BE-20D1F2D4FE81} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {59ADF23F-F282-4943-AB73-4AAB0FC4F544} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {608D52B8-62B3-47D7-8320-F83C678391DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {6A722FC9-03B1-4430-A83E-B5FE30A855CC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {6C3390F9-CB05-4480-BE0A-7647F9A30CDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {7192E04F-566B-47FA-A16B-859E19F7D5C3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {76D743C7-A371-44A8-B6E2-94DEC8A0BA08} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {82704076-83CC-4BAA-907E-3B42E442D2AA} - System32\Tasks\{8554801C-2821-44D5-A108-640994146C26} => C:\Windows\system32\pcalua.exe -a B:\Downloads\gothic1_playerkit-1.08k.exe -d B:\Downloads
Task: {8CC48AC1-FAAF-49C7-834A-E6EE3A0A6F12} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {8EC72BCB-4C2C-409A-903C-63C1EA8FA13E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {A4697534-659A-40E2-AFF8-877EDC124EE8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {AB72458B-95A1-41C8-A218-E3E15E0DFC16} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {AE93FE0B-030A-4ED4-8C71-8CDE7D66EEE9} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [2017-03-08] (TODO: <Company name>)
Task: {BE134841-54FA-452C-B9DD-F5C2AB28E7F0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {C8592DF1-5C61-446F-8A11-68B81B538877} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {D04AEDA4-34F3-4DF0-92A0-197FD7452620} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-17] (Adobe Systems Incorporated)
Task: {DBAB1E1A-01BE-4A07-9CF4-C3DA1387C92D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {EBD18070-2FE0-41AE-85E1-2C972FDE5AE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {EF51F73C-C058-4E46-94D8-C25B08B296B3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {F3A4BF3B-06A0-4279-ADE3-98A38A79C52E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {FF9B3B8D-CBA1-445B-B129-400999FB8AD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-03-17 01:15 - 2017-02-23 10:28 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-22 18:53 - 2017-05-03 22:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-29 12:32 - 2017-09-29 12:32 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-07-30 04:32 - 2015-07-30 04:32 - 002210480 _____ () C:\Program Files\Microsoft Office\Office16\tmpod.dll
2015-07-31 10:59 - 2015-07-31 10:59 - 000032936 _____ () C:\Program Files\Microsoft Office\Office16\lynchtmlconvpxy.dll
2017-02-06 23:44 - 2016-12-09 19:08 - 001029944 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2016-09-23 23:40 - 2016-09-23 23:40 - 000076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-12-22 18:53 - 2017-05-03 22:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-03-12 18:10 - 2017-09-09 21:25 - 000688416 _____ () B:\Steam\SDL2.dll
2015-02-17 23:20 - 2016-09-01 03:02 - 004969248 _____ () B:\Steam\v8.dll
2015-02-17 23:20 - 2016-09-01 03:02 - 001563936 _____ () B:\Steam\icui18n.dll
2015-02-17 23:20 - 2016-09-01 03:02 - 001195296 _____ () B:\Steam\icuuc.dll
2014-05-22 15:29 - 2017-10-17 23:24 - 002546976 _____ () B:\Steam\video.dll
2014-08-30 00:39 - 2016-01-27 09:49 - 002549760 _____ () B:\Steam\libavcodec-56.dll
2014-08-30 00:39 - 2016-01-27 09:49 - 000442880 _____ () B:\Steam\libavutil-54.dll
2014-08-30 00:39 - 2016-01-27 09:49 - 000491008 _____ () B:\Steam\libavformat-56.dll
2014-08-30 00:39 - 2016-01-27 09:49 - 000332800 _____ () B:\Steam\libavresample-2.dll
2014-08-30 00:39 - 2016-01-27 09:49 - 000485888 _____ () B:\Steam\libswscale-3.dll
2011-07-13 17:53 - 2017-10-17 23:24 - 000901408 _____ () B:\Steam\bin\chromehtml.DLL
2016-05-18 00:42 - 2016-05-18 00:42 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2016-12-22 18:53 - 2017-05-03 22:20 - 065709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-09 11:39 - 2017-02-09 11:39 - 000065536 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Exeio.dll
2017-02-22 21:56 - 2017-02-22 21:56 - 001753088 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll
2016-12-13 18:15 - 2017-08-17 00:28 - 073130272 _____ () B:\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 07:32 - 2017-09-07 04:04 - 000678400 _____ () B:\Steam\bin\cef\cef.win7\SDL2.dll
2015-02-17 23:20 - 2015-09-25 01:52 - 000119208 _____ () B:\Steam\winh264.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\.rdata:X [526]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2017-05-01 05:16 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3713184456-2919407675-3275247651-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Discord => C:\Users\Florian\AppData\Local\Discord\app-0.0.295\Discord.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{9A365BAE-D0EE-46FA-8DDF-B7F8AB7E3E82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C1EF9F1-5D53-409A-98F1-A403586E3B2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1EE583AC-742F-4F99-B81D-1BA0450E2789}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{0374D984-03C2-4529-BFA6-188340FB661E}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{DFBB4100-DAD1-4127-A1AC-0752C92345D4}] => (Allow) B:\Steam\Steam.exe
FirewallRules: [{86C03EEE-5BAE-409B-B533-67F8F208A396}] => (Allow) B:\Steam\Steam.exe
FirewallRules: [{499A720C-57B4-480C-B9F6-8947492A70F6}] => (Allow) B:\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{F5E82D2C-E5AA-4953-8A9D-281DFFEDF495}] => (Allow) B:\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{33830BEA-4F6A-4444-8990-63B9E4E42634}] => (Allow) B:\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{0C89B47F-54BA-4EC1-9EB7-EE7B470FD972}] => (Allow) B:\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{56D718A8-3BB8-434A-A9ED-09765D4E5C9B}] => (Allow) B:\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{D66D060E-248A-4B0A-94E8-3449BAAB7082}] => (Allow) B:\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{C1167113-EAB1-4A04-A64C-A6844337310C}] => (Allow) B:\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{769AF350-168B-4974-8669-98BA70DC8EC0}] => (Allow) B:\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{B0B0B757-069B-49CD-9C80-AF9793465868}] => (Allow) B:\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [{DBFDEB24-A43C-4AB1-B331-5F7CB8521198}] => (Allow) B:\Steam\SteamApps\common\rust\Rust.exe
FirewallRules: [{07EE6A62-2CB8-4C56-875E-7DEF3BEC44D7}] => (Allow) B:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{2FBECDA5-848F-4A2E-BD78-B5F24C165248}] => (Allow) B:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{802D4246-BC78-4056-BCCE-B35DD6948B15}] => (Allow) B:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{26134408-5617-4516-A107-C23D6EEFBC10}] => (Allow) B:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0F0EEC7F-0416-4B05-B037-7A8234D87B62}] => (Allow) B:\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{9EAA3E17-1766-4F99-BC99-B77C4725C1BD}] => (Allow) B:\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{35EB265E-9846-4F09-A844-E57ABEC87E33}] => (Allow) B:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{498EE086-4194-4D6E-970A-C32AED6C5710}] => (Allow) B:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{3AFEC61D-58C3-401F-8947-58D0CEDDF400}] => (Allow) B:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{09DB9916-ECBA-4C05-A65E-27BCDF2EE9D5}] => (Allow) B:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{95EC4D8F-64EB-4487-A79B-729170EC4240}] => (Allow) B:\Steam\SteamApps\common\Firewatch\Firewatch.exe
FirewallRules: [{5EC2EEA5-CCC5-4AFC-9316-EB0D0DEEBBB8}] => (Allow) B:\Steam\SteamApps\common\Firewatch\Firewatch.exe
FirewallRules: [{4DDE19E7-4884-4BA4-A1AF-A7DDAB79A17C}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{930CAEB2-FF67-4A7A-923F-F3BDDCF2E12D}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{CDBC8C2C-6078-4BB4-8608-7A30142C3F04}] => (Allow) B:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{17EEA5F5-8D75-4C24-BA4F-6D6C0EE80242}] => (Allow) B:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{AC0ABE88-CBD6-4428-B994-D6C9DCEB39C8}] => (Allow) B:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5D4A332F-5AE6-4E28-9D22-77B68E739573}] => (Allow) B:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{F2ADB8CB-9E5A-41E6-988F-69F6E92FDB27}B:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe] => (Allow) B:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe
FirewallRules: [UDP Query User{C99AE575-1880-4DA2-BBC7-6F7373C4ED5B}B:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe] => (Allow) B:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe
FirewallRules: [{0D698485-2F37-4018-8826-C879ABC6D5E5}] => (Allow) B:\Steam\SteamApps\common\Gothic II\system\Gothic2.exe
FirewallRules: [{282F2BA0-0DE2-48C7-BCBC-6C0FEC6EFA94}] => (Allow) B:\Steam\SteamApps\common\Gothic II\system\Gothic2.exe
FirewallRules: [{BD89D7F9-45BA-40FA-B9E7-769499BE4305}] => (Allow) B:\Steam\SteamApps\common\Gothic\system\GOTHIC.EXE
FirewallRules: [{036C2229-0437-43CB-A9E3-09802FFCD962}] => (Allow) B:\Steam\SteamApps\common\Gothic\system\GOTHIC.EXE
FirewallRules: [{A2EB9493-0851-489E-9781-629710150877}] => (Allow) B:\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{57BF7724-8922-4705-BC5A-EBEF31C86766}] => (Allow) B:\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{E988D776-5937-42EA-ADA7-C0CAFFCA86D0}] => (Allow) B:\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{9A53FAE2-7671-4F44-887F-35B78D0D37AF}] => (Allow) B:\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{822DC1F8-53D9-4BA1-8C2D-83E58F0D33AF}] => (Allow) B:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{68A7042A-E11B-4123-B053-65EFC5B7BA90}] => (Allow) B:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{21CAAF6A-D633-468A-8C6A-F5B8DF2FF346}] => (Allow) B:\Steam\SteamApps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{24CB710A-48AB-446C-BF20-4A430B6C41EE}] => (Allow) B:\Steam\SteamApps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{BE1B17D2-B34D-449D-8172-7B36B3F19EA8}] => (Allow) B:\Steam\SteamApps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{4CF9A37E-A6E1-496A-9EC5-5F57B25A9009}] => (Allow) B:\Steam\SteamApps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{A7CE0D04-316E-4A3F-AF89-92519BD2D65A}] => (Allow) B:\Steam\SteamApps\common\SeriousSamDoubleD\SSLauncher.exe
FirewallRules: [{0385BE31-7D7B-4F24-B2DD-87432FE4684D}] => (Allow) B:\Steam\SteamApps\common\SeriousSamDoubleD\SSLauncher.exe
FirewallRules: [{5363BEDC-0CAA-4E6F-A80F-937AF12961CC}] => (Allow) B:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{1B5B067A-8180-4747-A73E-FE0E3B950905}] => (Allow) B:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{E005222D-41FA-49FC-A21A-C602D12FD604}] => (Allow) B:\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{1C25DEFB-B00E-4359-A9E0-6F9B57C1A3D1}] => (Allow) B:\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{66F2B96B-1F58-4B31-9F14-123C9F2C463F}] => (Allow) B:\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{B56F9F8C-D8C2-4B8D-8FBA-F9DEB2872836}] => (Allow) B:\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{8DCA849B-50E7-4507-9980-EA3AC1225E4E}] => (Allow) B:\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{68A7AA40-20EE-4F62-8684-34935D2290A8}] => (Allow) B:\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{8E085DA8-0017-4BB0-ADE4-393F83C798B0}] => (Allow) B:\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{4C4C4E44-D0EA-495E-A3B6-0F90635A04F5}] => (Allow) B:\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{055E5781-5F1F-4708-8D94-1FA4101B93AB}] => (Allow) B:\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{A4F44042-2A74-44A6-A3E2-2FCCADAAEEB3}] => (Allow) B:\Steam\SteamApps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{5087767A-6140-470B-A9FE-AF34B65FEE22}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6A629744-B017-40E3-8A51-048767D4192A}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{0C4652F6-2A84-4FB6-8464-3303D25F2145}M:\arkserver\shootergame\binaries\win64\shootergameserver.exe] => (Allow) M:\arkserver\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [UDP Query User{21AE77D4-9EE5-4E91-9E0F-CDBB30238DE5}M:\arkserver\shootergame\binaries\win64\shootergameserver.exe] => (Allow) M:\arkserver\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [TCP Query User{B925958E-ACAD-4BEE-9754-CA7DF6A5B41E}B:\steam\steamapps\common\dayz\dayz.exe] => (Allow) B:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{3D0F6AED-E0C5-4DBD-B103-BA7D4E5D236A}B:\steam\steamapps\common\dayz\dayz.exe] => (Allow) B:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{092E05A9-E2F8-46E5-B7E2-2F82810ECA08}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{C69D5006-B7F4-4A7F-B583-88AF739E44A1}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{B2623E54-765A-43C8-8442-3282E06874DE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{15C364CB-CF4E-4816-85E5-F04F302DB2E8}] => (Allow) B:\Steam\SteamApps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{66468ADD-0B00-4613-BEA7-68EF8BF28E10}] => (Allow) B:\Steam\SteamApps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{E49C6F25-82B2-48D6-BAE9-059B205793FC}] => (Allow) B:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{D0DDEAE6-00D9-4B7D-BA23-6F17136CD0F5}] => (Allow) B:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{5A8ACE50-9742-4A76-9A82-725DDC8043AF}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [UDP Query User{718BFDFA-8E91-4F2F-8E05-91D232351ADD}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [{5FD683E0-EF50-4397-A6DC-956D9D389539}] => (Allow) X:\EA Teufelsspiele\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{E1BADD5C-B488-460C-BC29-E075829D9DC9}] => (Allow) X:\EA Teufelsspiele\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{CCFBE483-7A83-442C-BD76-B7A3BF74A704}] => (Allow) B:\Steam\SteamApps\common\serious sam 2\Bin\Sam2.exe
FirewallRules: [{611A6949-E2E8-422F-9EB8-B3C56929C501}] => (Allow) B:\Steam\SteamApps\common\serious sam 2\Bin\Sam2.exe
FirewallRules: [{540FBE7F-F96F-4B12-AC7A-17D0C2EE46E7}] => (Allow) B:\Steam\SteamApps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{506C7357-9D75-4EAD-B0E9-6A060335C798}] => (Allow) B:\Steam\SteamApps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{05D718D8-7E41-49E7-A597-4423D8E3A0C0}] => (Allow) LPort=7777
FirewallRules: [{93BD386A-5825-4805-8027-66FC8663821A}] => (Allow) X:\ark server\latest\Servers\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{4F05C94B-A183-4EAE-B0F4-E436E20BE06C}] => (Allow) X:\ark server\latest\Servers\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{F81D374F-4E6B-4910-9F69-DA1053296743}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAB73353-5DE1-4115-8787-F7CF79E053BD}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AC6E3896-5F13-4145-9E23-7CD0BF85D76A}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A4973087-FA0F-415F-BA19-DFAD5AB5E4F0}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F7E49404-DB7A-4AA2-BEF1-74EC9DD8D918}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B18788A4-01BC-4C03-BC20-4AC2556C3DB1}] => (Allow) C:\Users\Florian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DD5551AF-C1F2-4198-9BB3-A591BBD8DFEB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5B63EB6C-E478-4F78-8E4F-6E8F9D8B6E17}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B8715AAA-EC62-4BE3-B049-79E06BA99463}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B8E8C7EC-2117-4E51-A6AE-1DAF83225F34}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F2B86745-7308-4651-9711-ACA524E71342}] => (Allow) X:\Program Files (x86)\Project Reality\Project Reality BF2\prbf2.exe
FirewallRules: [{F66E9B8E-F10E-4DAF-ACDF-A2A5021AE9C7}] => (Allow) X:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRLauncher.exe
FirewallRules: [{42398826-363B-49F5-A686-15E1031C8FAB}] => (Allow) X:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRUpdater.exe
FirewallRules: [{2195D611-9C62-47D2-9372-2819E1C62641}] => (Allow) X:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRMumble\PRMumble.exe
FirewallRules: [{C16F6180-D5AC-4182-AEFE-B860526E54C6}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{207D3821-37D6-466C-9162-E3521E3494AD}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{851CE4AB-0029-42A3-99B9-ABEA06B74162}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
FirewallRules: [{0FD6EFB1-5C96-44EF-9605-545D26FD2868}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
FirewallRules: [{5A745F6B-FEBD-4807-81EE-BF5DD6317F33}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
FirewallRules: [{02A40529-5165-46B1-8D8D-50FEC9848290}] => (Allow) B:\Steam\SteamApps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
FirewallRules: [{2438B588-8EF6-4B9C-8E93-1F330D42284B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A605E300-5A21-4B6D-9B05-FBE7305F4525}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1D308DAA-1274-4FBA-8605-3065EDF73199}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2051543B-15B8-42AA-91C8-9D5805FF5B1B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0F546F70-670D-4443-8DED-352DDD1F4C57}] => (Allow) B:\Steam\SteamApps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{F4C11E8B-FFD7-4CC8-BB0B-FD0C24D7A059}] => (Allow) B:\Steam\SteamApps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{148A7AF4-43E8-4DCE-932A-D4B8039D976F}] => (Allow) I:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{0296AB5E-1446-4EAE-9338-1258B9527D3C}] => (Allow) I:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{0E31B345-F120-4148-878D-F926F165C505}] => (Allow) B:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EE11C58C-F33C-4510-B26B-4AF1B3D6155E}] => (Allow) B:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1ACC812A-2383-4942-9E40-10D28B123647}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CD524CBD-0A92-4449-ACBE-D01DD91690CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D9CAA513-AF61-4DFA-A76D-B81B50EED72C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5E5FE815-6E1B-4FE1-8400-CCD878253341}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A6BE5834-597C-4E5A-B99B-7FC00A41ED44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B22A0111-7D5B-4EE7-B5A5-FDB1487FC215}] => (Allow) X:\EA Teufelsspiele\Battlefield 1\bf1Trial.exe
FirewallRules: [{F1AB4096-1092-44C4-B4B2-8D56D4B38DC4}] => (Allow) X:\EA Teufelsspiele\Battlefield 1\bf1Trial.exe
FirewallRules: [{919453A3-A6F9-4422-A912-D74A374602AE}] => (Allow) X:\EA Teufelsspiele\Battlefield 1\bf1.exe
FirewallRules: [{5E1181F9-7745-45BB-8F14-EA8A931F9331}] => (Allow) X:\EA Teufelsspiele\Battlefield 1\bf1.exe
FirewallRules: [{C4FA10A2-6B43-483F-A527-2551F93C5DD1}] => (Allow) B:\Steam\SteamApps\common\Reign Of Kings\Reign of Kings.exe
FirewallRules: [{4FC27955-CBA7-4EBD-8C58-B97F0E62E8F4}] => (Allow) B:\Steam\SteamApps\common\Reign Of Kings\Reign of Kings.exe
FirewallRules: [{52D64D1A-7442-48D6-91B9-C936F7F02062}] => (Allow) B:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{F129B39E-A0C7-4E0F-9303-A7F1A5507A2A}] => (Allow) B:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{19834E20-EA3F-4484-91B4-BFDCF8CE631C}] => (Allow) B:\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{0E85DA89-A29C-4E02-B73A-43FBA203AF6B}] => (Allow) B:\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{C495BA51-4DFA-4358-88E8-55BCA899CCB4}] => (Allow) B:\Steam\SteamApps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{AD654F46-D298-4790-A187-A35E5C247FCB}] => (Allow) B:\Steam\SteamApps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{782FAE6F-5DAA-45F9-B58E-63F5453140F0}] => (Allow) B:\Steam\SteamApps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{FE211312-B17C-481E-B022-7AAA30BEB5B9}] => (Allow) B:\Steam\SteamApps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{02778F95-F220-4A34-BB15-003AFF64A650}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8574678A-3F09-445B-BE44-B5699A08015A}] => (Allow) LPort=2869
FirewallRules: [{B2475144-5A6A-456D-A22A-12B6C8E9DB16}] => (Allow) LPort=1900
FirewallRules: [{102C032A-E895-46AD-9E65-5A10B71E7716}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5343D873-5280-4046-AA87-7A1675D51FBE}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6B5660CC-B03D-4C39-9AD9-A90ED1CD01F8}] => (Allow) B:\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{01A618D0-F2B1-4E2F-8BAA-D723818F7DDB}] => (Allow) B:\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{E6A5CB9E-BA9C-4210-AAAA-24FC28D2E5B9}] => (Allow) B:\Steam\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{0CF729FE-54A0-46EE-8B65-C3D3A5FDF477}] => (Allow) B:\Steam\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{A48DB244-0F1F-456E-8412-F0C3AEE7B5FD}] => (Allow) B:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{D386397E-9E4B-403B-802B-41C8CE009422}] => (Allow) B:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{C25DCA68-EC5F-4D0B-AB98-9424B2ECDF8E}] => (Allow) B:\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{97180C52-8F96-4F5B-8763-9A58AD707AE0}] => (Allow) B:\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5FCCC7B4-0B1F-4A87-89E5-4B0DFEC8060A}] => (Allow) B:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{3AADF1F4-9C65-481C-AABB-F70914342D98}] => (Allow) B:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{2D06AE99-72D3-4A6D-AF14-3105AF87CBEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9D1E1B11-E4E2-485E-8BB9-52EBA4A384B1}] => (Allow) B:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{41DF995A-55AF-4884-BCEB-A5F3F8C20FDE}] => (Allow) B:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{FCBD73BA-39D5-49E6-8228-A4D43F5B920A}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{0C1697A3-1F6E-4BEE-81B7-9243364E3819}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{A6F42731-22D7-4FB5-A528-FD507769E7E2}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{BD8E988A-713D-444D-972A-3F8421DFF956}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{5CD5AE82-D74E-48F0-9226-7F456A788A47}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{2D4C51A8-CDC5-4E00-B0DC-DF8770B32FDA}] => (Allow) B:\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{AF0F54F7-7B12-40D8-8DBD-F1101F8B3361}] => (Allow) B:\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{5905287F-55E7-4322-BCDD-8F4D77955EFB}] => (Allow) B:\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{DA5E8AD2-FD67-4249-BF53-6DE92761B1DA}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{0AC18A6C-D747-4281-B097-36F2F4E7079F}] => (Allow) B:\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [TCP Query User{D84AB480-0F32-40D3-BF09-F850B68774CC}B:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) B:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{19776682-F223-49ED-B900-35E0170122EA}B:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) B:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{44305C70-79D7-4FC5-8010-126EFA107F34}] => (Allow) B:\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{6B5295B1-D15F-4003-991B-FEB91B92E2D3}] => (Allow) B:\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
==================== Wiederherstellungspunkte =========================
24-10-2017 04:25:58 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/24/2017 12:30:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (10/24/2017 04:31:04 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/24/2017 04:25:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (10/24/2017 04:22:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (10/24/2017 04:17:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (10/23/2017 05:12:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (10/23/2017 05:12:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (10/23/2017 05:09:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 90080108).
Error: (10/23/2017 09:32:50 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 80004005).
Error: (10/23/2017 08:49:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Systemfehler:
=============
Error: (10/24/2017 12:30:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Start (Lokal) für die COM-Serveranwendung mit CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
und APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (10/24/2017 12:29:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (10/24/2017 12:29:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (10/24/2017 12:29:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (10/24/2017 12:29:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (10/24/2017 12:29:51 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Die Peer Name Resolution-Protokoll-Cloud wurde nicht gestartet. Fehler bei Standardidentität. Fehlercode: 0x80630801.
Error: (10/24/2017 12:29:51 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Die Peer Name Resolution-Protokoll-Cloud wurde nicht gestartet. Fehler bei Standardidentität. Fehlercode: 0x80630801.
Error: (10/24/2017 12:29:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (10/24/2017 12:29:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (10/24/2017 12:29:40 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Die Peer Name Resolution-Protokoll-Cloud wurde nicht gestartet. Fehler bei Standardidentität. Fehlercode: 0x80630801.
CodeIntegrity:
===================================
Date: 2016-09-08 23:05:52.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 21:13:35.987
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 16:37:34.150
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 15:35:46.338
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 15:33:01.005
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 14:05:54.761
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 13:13:55.730
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 13:13:37.462
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 13:13:37.431
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Florian\AppData\Local\Temp\ESEADriver2.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2016-09-08 13:13:35.528
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 16364.14 MB
Verfügbarer physikalischer RAM: 13318.05 MB
Summe virtueller Speicher: 32726.47 MB
Verfügbarer virtueller Speicher: 29116.46 MB
==================== Laufwerke ================================
Drive b: (Volume) (Fixed) (Total:931.51 GB) (Free:90.11 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive c: () (Fixed) (Total:232.88 GB) (Free:5.23 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive i: () (Fixed) (Total:55.8 GB) (Free:55.64 GB) NTFS
Drive x: (Volume) (Fixed) (Total:1863.01 GB) (Free:32.84 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 29B29A3C)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00239046)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CE94F2CF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 758BFFE4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
24.10.2017, 13:43
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
HR Extension: (Search Manager) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-10-22]
CHR Extension: (Search Manager) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-10-22]
Task: {0D3A31DE-38A8-48CE-ADA4-E5716D3E8B20} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {460766C9-D3C0-4417-83BE-20D1F2D4FE81} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {608D52B8-62B3-47D7-8320-F83C678391DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {6A722FC9-03B1-4430-A83E-B5FE30A855CC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {7192E04F-566B-47FA-A16B-859E19F7D5C3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {76D743C7-A371-44A8-B6E2-94DEC8A0BA08} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {BE134841-54FA-452C-B9DD-F5C2AB28E7F0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {EF51F73C-C058-4E46-94D8-C25B08B296B3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {F3A4BF3B-06A0-4279-ADE3-98A38A79C52E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2017, 14:39
| #15 |
| | Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden hier die fixlog.txt: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
durchgeführt von Florian (24-10-2017 15:35:26) Run:1
Gestartet von B:\Downloads
Geladene Profile: Florian (Verfügbare Profile: Florian)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
HR Extension: (Search Manager) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-10-22]
CHR Extension: (Search Manager) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-10-22]
Task: {0D3A31DE-38A8-48CE-ADA4-E5716D3E8B20} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {460766C9-D3C0-4417-83BE-20D1F2D4FE81} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {608D52B8-62B3-47D7-8320-F83C678391DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {6A722FC9-03B1-4430-A83E-B5FE30A855CC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {7192E04F-566B-47FA-A16B-859E19F7D5C3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {76D743C7-A371-44A8-B6E2-94DEC8A0BA08} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {BE134841-54FA-452C-B9DD-F5C2AB28E7F0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {EF51F73C-C058-4E46-94D8-C25B08B296B3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {F3A4BF3B-06A0-4279-ADE3-98A38A79C52E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
emptytemp:
*****************
Chrome DefaultSearchURL => erfolgreich entfernt
Chrome DefaultSuggestURL => erfolgreich entfernt
HR Extension: (Search Manager) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-10-22] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
CHR Extension: (Search Manager) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-10-22] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D3A31DE-38A8-48CE-ADA4-E5716D3E8B20} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D3A31DE-38A8-48CE-ADA4-E5716D3E8B20} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{460766C9-D3C0-4417-83BE-20D1F2D4FE81} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{460766C9-D3C0-4417-83BE-20D1F2D4FE81} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{608D52B8-62B3-47D7-8320-F83C678391DF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{608D52B8-62B3-47D7-8320-F83C678391DF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A722FC9-03B1-4430-A83E-B5FE30A855CC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A722FC9-03B1-4430-A83E-B5FE30A855CC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7192E04F-566B-47FA-A16B-859E19F7D5C3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7192E04F-566B-47FA-A16B-859E19F7D5C3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76D743C7-A371-44A8-B6E2-94DEC8A0BA08} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76D743C7-A371-44A8-B6E2-94DEC8A0BA08} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE134841-54FA-452C-B9DD-F5C2AB28E7F0} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE134841-54FA-452C-B9DD-F5C2AB28E7F0} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF51F73C-C058-4E46-94D8-C25B08B296B3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF51F73C-C058-4E46-94D8-C25B08B296B3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3A4BF3B-06A0-4279-ADE3-98A38A79C52E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A4BF3B-06A0-4279-ADE3-98A38A79C52E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel erfolgreich entfernt
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62644164 B
Java, Flash, Steam htmlcache => 300113569 B
Windows/system/drivers => 31947923483 B
Edge => 0 B
Chrome => 649103849 B
Firefox => 390403497 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 117050590 B
systemprofile32 => 92004 B
LocalService => 66228 B
NetworkService => 313762 B
Florian => 45446442088 B
RecycleBin => 143023739 B
EmptyTemp: => 73.6 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 15:35:47 ====
|
|
| Themen zu Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden |
| antivirus, computer, firefox, flash player, ftp, home, homepage, miner-c, mozilla, mp3, node.js, problem, problem gelöst, proxy, prozesse, realtek, registry, rundll, scan, security, senden, software, stick, svchost.exe, system, udp, usb, windows |
![Windows 7: JS:Miner-C [Trj] versucht auf coinhive.com zu verbinden](iconimages/log-analyse-auswertung/windows-7-js-miner-c-trj-versucht-coinhive-com-verbinden_ltr.gif)
dann auf 
und dann auf 
. 
Linear-Darstellung
