Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   ich kann mein PC nicht mehr benutzen wegen Werbung! (https://www.trojaner-board.de/173111-pc-mehr-benutzen-wegen-werbung.html)

Nick M. 17.11.2015 16:01
http://img5.fotos-hochladen.net/uplo...6t758320ol.jpg

das ist das einzige was raus kommt

cosinus 17.11.2015 16:32
Normalweise speichert Malwarebytes die Logfiles selbst!!
Ist in Qurantäne was zu sehen?`

Nick M. 19.11.2015 20:44
Bild kommt in kürze

da steht beim letzen scan nur

PUP.Optional.HijackModifiedExtension

sonst ist da nur etwas von 2014 :/

Also ich meine viele sachen von solchen..

''PUP.Optional.xxxxxxxx''

Nur einmal steht da

"Trojam.Malpac.Generic."

cosinus 19.11.2015 20:51
Dann mach bitte nen neuen Scan mit Malwarebytes. Aktualisieren die Signaturen vorher.
Und speicher das Log diesmal vorher richtig ab bevor hier wieder die Suchereit los geht.

Nick M. 20.11.2015 12:59
hat funktioniert, es kommt in kürze

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 19.11.2015
Suchlaufzeit: 20:46
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.11.19.05
Rootkit-Datenbank: v2015.11.14.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: waldemar

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 585665
Abgelaufene Zeit: 1 Std., 5 Min., 58 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}, In Quarantäne, [845d0c731f6cc96dd9146281c43fdf21],

Registrierungswerte: 1
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}|DisplayName, globalupdate Helper, In Quarantäne, [845d0c731f6cc96dd9146281c43fdf21]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 1
Adware.EoRezo, C:\Users\waldemar\AppData\Local\Temp\is-91FK5.tmp\package_vuupc_installer_multilang.exe, In Quarantäne, [875aa9d6d5b684b2584ff6b1c04127d9],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
hoffe es ist das richtige

cosinus 20.11.2015 13:07
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

http://www.trojaner-board.de/picture...&pictureid=611

Nick M. 20.11.2015 18:44
FRST Additions Logfile:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:19-11-2015
durchgeführt von waldemar (2015-11-20 18:42:47)
Gestartet von C:\Users\waldemar\Desktop
Windows 8.1 (X64) (2014-09-10 16:07:09)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-930745963-3632866088-1184878944-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-930745963-3632866088-1184878944-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-930745963-3632866088-1184878944-1004 - Limited - Enabled) => C:\Users\UpdatusUser
waldemar (S-1-5-21-930745963-3632866088-1184878944-1001 - Administrator - Enabled) => C:\Users\waldemar

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battlefield 2(TM) (HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: 1.00.0000 - DICE)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version:  - astragon)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version:  - Forward Development)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DLLEscort version 2014 (HKLM-x32\...\{2F13CA65-0FFB-4760-824B-D459836AACFE}_is1) (Version: 2014 - )
Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.2.0.0 - Ubisoft)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.2.5 - SCS Software)
FileLab Plugin 1.1.33 (HKLM-x32\...\{6AC5F630-9453-433D-90FF-BB3A8E4F8960}) (Version: 1.1.33 - FileLab)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free Studio version 6.4.3.128 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
Free Video to iPhone Converter version 5.0.52.1122 (HKLM-x32\...\Free Video to iPhone Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.44.908 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.908 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
GamersFirst LIVE! (HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Garrys Mod version 14.04.19 (HKLM\...\{C8F834F5-46EA-4933-8AA9-F6CD7D29EED0}_is1) (Version: 14.04.19 - Strogino CS Portal)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iBackupBot 5.2.9 (HKLM-x32\...\iBackupBot) (Version: 5.2.9 - VOWSoft, Ltd.)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
iExplorer 3.7.7.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MassFaces 4.2.5.141 (HKLM-x32\...\{D7B24A43-A287-41AC-9957-F616A2B25A9D}_is1) (Version: 4.2.5.141 - Havy Alegria)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Need For Speed Most Wanted (Black Edition 1.3) Mega Trainer (HKLM-x32\...\ST6UNST #1) (Version:  - )
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.0.0.0 - Electronic Arts)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 12 (HKLM-x32\...\{D529E699-7753-46E7-8B73-C5556EF5B486}) (Version: 12.0.03500 - Nero AG)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
NFS:MW Mod Installer (HKLM-x32\...\{51A81204-4277-4559-9E16-F3CE9D7C7ACC}_is1) (Version: 2.2.0.0 - NFSModDev)
Node.js (HKLM\...\{4A184F20-65CB-49D8-AF28-808B4A6A1FCD}) (Version: 5.0.0 - Node.js Foundation)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Multiplatform (HKLM-x32\...\OBS Multiplatform) (Version: 0.11.4 - OBS Project)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Opera Stable 33.0.1990.115 (HKLM-x32\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2141 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
RCT acCeSS (HKLM-x32\...\RCTACCESS) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Strike Vector (HKLM-x32\...\Steam App 246700) (Version:  - Ragequit Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)
TinyUmbrella 8.2.0.60 (HKLM\...\4851-8548-9863-1993) (Version: 8.2.0.60 - )
TinyUmbrella 8.2.0.60 (HKLM\...\4851-8548-9863-1993-1) (Version: 8.2.0.60 - )
TinyUmbrella 8.2.0.60 (HKLM-x32\...\4851-8548-9863-1993) (Version: 8.2.0.60 - )
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinSCP 5.6.2 beta (HKLM-x32\...\winscp3_is1) (Version: 5.6.2 beta - Martin Prikryl)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

31-10-2015 18:26:46 Windows Update
08-11-2015 21:24:29 Geplanter Prüfpunkt
12-11-2015 18:04:51 Windows Update
15-11-2015 14:20:42 Installed Node.js
16-11-2015 19:17:30 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-05-02 23:24 - 2015-05-02 23:26 - 00000779 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {2279AD95-3D32-409F-8EEC-1AF66FD2B03A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {3C2946A8-329D-4FC9-ABEF-C38F6649CE01} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {5BACBFDB-8716-4F0B-82B3-2BF6DDFC8FCD} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {6F039269-D09C-4978-890C-1F7BA396A6E8} - System32\Tasks\avastBCLRestartS-1-5-21-930745963-3632866088-1184878944-1001 => Firefox.exe
Task: {748A67D6-FFBD-46F8-888B-C5DE46F3D569} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)
Task: {7B8BF048-5FB2-4929-BE3B-CBB9E31DD840} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-28] (Microsoft Corporation)
Task: {7F385422-54B3-4CD5-BC35-058BA4153507} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {820DFB9C-4970-4B9F-B3BF-BDCDC52D0039} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-24] (Google Inc.)
Task: {83CCD7ED-A8A0-45FC-A2FE-D82731B82605} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {8FEE67C0-6D5B-4A87-9190-375F143AFDA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-27] (Avast Software s.r.o.)
Task: {A355FD58-1FA5-4276-9DB1-A8E9B21A4616} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {AF1BCA28-37F2-468D-BFFF-5630CF934C22} - System32\Tasks\{9E631260-DC19-4D51-A6E1-4D7D8D3B67F1} => pcalua.exe -a C:\Users\waldemar\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=exp <==== ACHTUNG
Task: {B167B1FF-C8DA-46F0-AC65-D8991709DC99} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {B346F912-D671-43E7-BFB9-FCEC032A68B2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-12] (Microsoft Corporation)
Task: {B61DB6E9-482F-4B54-9ED8-B71CAB2D90F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B70A8FFB-AFBF-4CF2-B9D9-D36D9FCF55EA} - System32\Tasks\HPCeeScheduleForwaldemar => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {CD1663C0-C6BD-4324-88E1-9EB3438B3306} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-24] (Google Inc.)
Task: {D12E4507-FAF5-44E8-91C6-42045B99562F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {D7B3370D-B10F-4275-95F1-B03BC38A20C6} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {F8081A18-07FD-4283-A692-8497BF9B68AD} - System32\Tasks\Opera scheduled Autoupdate 1412793520 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
Task: {FAC6699E-3E48-412A-A9E9-7A46D5FDF484} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-10-21] (Apple Inc.)
Task: {FD367BA4-635C-41AA-A575-F9F4E4860D63} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-20] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForwaldemar.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-09-10 16:42 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-21 19:45 - 2015-10-07 19:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-22 14:54 - 2015-03-22 14:54 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2015-06-27 08:13 - 2015-06-27 08:13 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-27 08:13 - 2015-06-27 08:13 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-20 07:49 - 2015-11-20 07:49 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111901\algo.dll
2015-11-20 12:30 - 2015-11-20 12:30 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15112000\algo.dll
2015-08-08 20:09 - 2015-07-24 05:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-01-22 10:18 - 2012-06-08 04:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-12 04:39 - 2015-11-07 05:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-12 04:39 - 2015-11-07 05:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-930745963-3632866088-1184878944-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 78.42.43.41 - 82.212.62.41
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: GlobalUpdater => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPConnectedRemote => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SProtection => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WindowsMangerProtect => 2
HKLM\...\StartupApproved\StartupFolder: => "1.bat"
HKLM\...\StartupApproved\StartupFolder: => "2.bat"
HKLM\...\StartupApproved\StartupFolder: => "3.bat"
HKLM\...\StartupApproved\StartupFolder: => "4.bat"
HKLM\...\StartupApproved\StartupFolder: => "5.bat"
HKLM\...\StartupApproved\StartupFolder: => "6.bat"
HKLM\...\StartupApproved\StartupFolder: => "7.bat"
HKLM\...\StartupApproved\StartupFolder: => "8.bat"
HKLM\...\StartupApproved\StartupFolder: => "9.bat"
HKLM\...\StartupApproved\StartupFolder: => "zombiddos.vbs"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\StartupFolder: => "GamersFirst LIVE!.lnk"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\Run: => "RGSC"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\Run: => "Cracked Steam Service"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\Run: => "iFunBox Fast App Install Handler"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\StartupApproved\Run: => "uTorrent"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{614AEE15-2E46-42E5-ABF2-000196F3B7A2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{6147B310-AC56-4AD4-BF73-2E25B36D7A61}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{208E2FAF-9D82-4FF4-81C7-62F906468A0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Driver San Francisco\Driver.exe
FirewallRules: [{114A55FD-1011-4275-8AA1-F07482D69C1A}] => (Allow) C:\Program Files (x86)\Ubisoft\Driver San Francisco\Driver.exe
FirewallRules: [{D71C517D-06CA-4B95-85C5-E0F2CDFEA4BF}] => (Allow) C:\Program Files (x86)\Rockstar Games\EFLC\LaunchEFLC.exe
FirewallRules: [{ECC2F1E2-0DE6-416C-9C17-949EF49F232A}] => (Allow) C:\Program Files (x86)\Rockstar Games\EFLC\LaunchEFLC.exe
FirewallRules: [{E892C4E0-2C16-4522-99B5-6EC22B6271CA}] => (Allow) C:\Program Files (x86)\Cracked Steam\Steam.exe
FirewallRules: [{396E251F-A9D1-4AF5-B330-0AC538ED9A1B}] => (Allow) C:\Program Files (x86)\Cracked Steam\Steam.exe
FirewallRules: [{57458316-E999-4DA7-B444-A992693F25C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\raceroom racing experience\Game\RRRE.exe
FirewallRules: [{18F353FB-67E5-4B1C-A035-F83510A91B93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\raceroom racing experience\Game\RRRE.exe
FirewallRules: [{41F3DCED-C459-450D-B6F5-0BC37F7C1069}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{CE578785-517C-4979-9855-9CA8B8FAD29B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{202C18B4-1C99-4D91-8663-CE2498238320}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C7F6D872-7AA2-4A72-A78F-BE17882A3E96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2BF4875B-1A77-44AA-9CB1-FF8DE5F304A5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{2CBD75FF-30BF-42D7-AE32-521D5E6D5DF1}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{8FC84188-D1E8-4ECF-80A1-28AFE4412D98}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{8860DF67-F376-4D08-90C8-123987D64A2C}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{948B3C64-DD07-47E8-A503-317808393F64}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{C8B53ABD-BAD5-4DC4-A034-88A083A24864}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{4EAAA376-072C-46CF-8197-FE1532373EE8}] => (Allow) LPort=1900
FirewallRules: [{BA53C4D7-6B93-4DE1-85AA-73951E61B0B6}] => (Allow) LPort=2869
FirewallRules: [{D07DB2B6-D361-42C4-8509-6259626B65D1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AEC7F02C-024C-4B6E-9D7A-6A9BBA182A55}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3C6FD3B1-BB96-4AD0-A864-A32FCB6F80FF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CAB5339F-6BC4-4F6E-9928-66A8ED5568FF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E6ECF602-3D7B-4D5C-B40C-2976B56E6E0D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C8234EB9-5530-474B-8BD7-6916F55226F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE00D67E-A339-4066-8C49-5BFB686279FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1BA93315-7DE4-4D8E-A88A-AB70D5C24DD1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{309EFB43-889D-4CE5-934C-BBECA44BA95E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{9F92C83B-F53E-48B1-81FE-4A8F21EFA69A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{BB07CEA3-E62D-4AA9-85A0-1B3FD7F48000}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{8885174A-FD3E-4B6D-9DBB-AE0139D34063}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{77170C8C-2689-4295-9C06-3C5F76CA6A83}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C376690C-8FAF-40FD-B2A5-DEA88F985B0A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{08124C15-6E80-4A94-B7A1-796119E01BBF}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{8A55DEE0-29D7-4E22-8E98-371394EB5F3A}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2537C59E-174A-46B7-BD15-E8DE094C3CA6}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{35FD09BA-747F-4A83-908B-990EAB1BBE00}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{41E9B37E-CDF1-4ABA-B583-8C49990DB70C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2E48F66D-1CC4-4D5D-A7CC-7071D1F4EB1E}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A1BEA267-6442-419C-AC02-F62F8AAA7C00}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{359F7F00-88C8-4E6C-98B6-01BE83F11FF0}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{31EFD54D-502A-4A85-A3A3-BB4BE8F4A584}] => (Allow) LPort=53000
FirewallRules: [TCP Query User{0EA52686-106B-4063-BB17-801D15AAD4E1}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [UDP Query User{6AD16B72-DBC3-4D9D-891A-C4ACDEA1B4E1}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [TCP Query User{A818EC64-6906-4DBB-A32E-FA8D7056AC55}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{569E342E-7ED4-4387-B9FE-419E825C9747}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [TCP Query User{2F8AA96A-77B2-44E0-8377-EE4C6AAA0017}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{795E9C8C-08E5-4EC4-BEC5-0DF68C94AAC0}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [TCP Query User{6ED39E5B-C143-4E7C-B65E-2F27612F7796}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6A9244F4-3E68-4117-B256-21ECDE496E88}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{352709E8-5A32-4CF3-9F0A-A1B84D503088}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{49C88272-2EC3-4E54-B8F0-BEAC035F10A1}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{89769838-B5CA-4A49-841B-CC151F253043}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{E8FC8B0A-2364-42AD-BCFB-0EE759BA723A}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{BA9D90B3-E071-473F-8374-E4C2A70D60A3}] => (Allow) C:\Users\waldemar\Desktop\Trackmania_Nations_Forever_Hacks_downloader.exe
FirewallRules: [{B64E0BC5-E953-4FED-89FB-3DDD43C787D1}] => (Allow) C:\Users\waldemar\Desktop\Trackmania_Nations_Forever_Hacks_downloader.exe
FirewallRules: [{DA3B8853-3303-4103-9735-940F70D8A5A2}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{3451A7CD-71D7-4CDC-BBFA-5C6A9C92A81D}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{F396ECC4-7F22-463D-A208-4316991F07F4}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{089390D7-E869-4D13-BF00-2F2F28FB5222}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{A9451756-1109-40BE-BF09-EF2C78D37772}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1D81DF84-2BA6-4255-BC50-5E005E98879C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9C6AC559-45B4-40EF-9DA5-B0780C980653}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Rivals\NFS14_x86.exe
FirewallRules: [{35FAFB2D-3827-4E19-AA0D-84AB9AD01EA4}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Rivals\NFS14_x86.exe
FirewallRules: [{4E7EA540-07DA-4373-8AD1-247B4DC19DE9}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Rivals\NFS14.exe
FirewallRules: [{56EBAEBE-6FE8-40B7-921B-C27FF1FA280B}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Rivals\NFS14.exe
FirewallRules: [{C9603EBE-B3FF-4B2F-A1CE-818731E465DE}] => (Allow) C:\Program Files (x86)\EA Games\Battlefield 2\BF2.exe
FirewallRules: [{EC7DFD73-BA57-4C5E-9F8D-2842E1DE5487}] => (Allow) C:\Program Files (x86)\EA Games\Battlefield 2\BF2.exe
FirewallRules: [{C6C68221-7047-4534-BA7D-0550F02B455D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9AE6032F-9C0E-420C-B682-E95C83AB2819}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{596DFC37-46FC-4496-A1F8-89010E510679}C:\program files (x86)\opera\26.0.1656.60\opera.exe] => (Block) C:\program files (x86)\opera\26.0.1656.60\opera.exe
FirewallRules: [UDP Query User{4ADAC028-C2E9-42DF-BEF4-FE1FD92DA5F6}C:\program files (x86)\opera\26.0.1656.60\opera.exe] => (Block) C:\program files (x86)\opera\26.0.1656.60\opera.exe
FirewallRules: [{0E11B36E-8719-412E-9267-602D26728163}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{22827706-D3B3-4F78-8B9D-28A4BEFC663A}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{41C5C7F5-AF7E-4028-9321-3EC3978EAE35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7A25CD0E-FCE5-4AF0-884E-AC65992A5C34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AD09D47B-A6BF-4B83-A84B-B5F9113F0B73}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{3CE4B001-3E52-4CD7-8AE5-FE65F5DDB2FC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{3F96B9F7-8588-49A6-89C0-DB352765B418}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E4DC301A-AF3A-4EFC-88B0-EE68A6B5E36E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{588EDC7D-1075-41AB-9A4A-3759960F2356}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{24DE20AE-DFC7-4725-9817-2A7C09B5910E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DB559113-EC0E-4F6D-85FE-2814C9E4D238}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{24DB66DC-5DAB-4A79-9EF9-2710F2E54768}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{1E7705ED-7613-414E-846C-8BE4E347D867}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{668786B1-9248-442D-995C-FF15FF862FF3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{3A71CD3E-9798-4730-B445-624A508F2E76}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{4D398DF7-8969-498A-8E29-7FC53A934DDE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{E791844C-0954-4EA7-AC90-DA756DBBA161}] => (Allow) C:\Users\waldemar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C02CADF3-361E-4830-889E-F90560B3A96D}] => (Allow) C:\Users\waldemar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A60DB82-48BC-4690-B020-F47A125A3D65}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6D0F6294-41BE-4053-9AA4-D78BF1184085}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DD8D1B76-F14B-481A-8DFD-93E69A9D1AEC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6C638353-5CEC-4957-9E6E-6382C05768F1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{92224C36-2C49-4167-BF0F-8A7FB76A2794}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{3581D998-90C7-4523-95CF-09043B839893}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1D38758A-0745-45AB-9826-0B83759D5EFE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3FF39988-F14D-4D0F-B33E-4DDD5BC78237}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A39D6A95-96D8-4F50-A779-ADA5ADF3693D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C4B08632-A92A-42CF-B004-86DD32C86BF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{59E63E6B-8C01-4752-8CB0-AD5598A27C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D6C1BB35-9488-4440-B409-72C85245B35F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5A5C566F-CD80-48AF-8A88-BFF9D234D879}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5802504F-1429-4869-9986-918C90285547}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E7FF49FB-844B-4645-958E-CB2026ACB175}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A27C4668-62FB-4C5F-8A34-ACCB4AB5CC25}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6992D36B-8C00-49B2-82EA-FCA9E488AC85}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8A1C9018-EAA2-427B-8A56-F715BF1EE148}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4CDFE16D-C303-4B52-BC48-F83F473B4B03}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/20/2015 05:27:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2344

Error: (11/20/2015 05:27:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2344

Error: (11/20/2015 05:27:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2015 05:27:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

Error: (11/20/2015 05:27:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156

Error: (11/20/2015 05:27:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2015 00:29:49 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/20/2015 11:08:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

Error: (11/20/2015 11:08:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156

Error: (11/20/2015 11:08:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Systemfehler:
=============
Error: (11/20/2015 05:27:47 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/20/2015 03:39:05 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/20/2015 02:08:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/20/2015 00:52:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/20/2015 00:29:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (11/20/2015 11:08:54 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/20/2015 09:15:33 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/20/2015 09:00:02 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/20/2015 08:17:15 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/19/2015 10:47:44 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


CodeIntegrity:
===================================
  Date: 2015-11-15 18:00:39.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-15 18:00:39.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-15 18:00:28.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-15 18:00:28.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-15 18:00:25.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-15 18:00:25.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-15 17:59:56.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-15 17:59:56.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-15 17:59:50.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-15 17:59:50.571
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 13%
Installierter physikalischer RAM: 12243.37 MB
Verfügbarer physikalischer RAM: 10552.15 MB
Summe virtueller Speicher: 13651.37 MB
Verfügbarer virtueller Speicher: 11127.07 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:917.61 GB) (Free:416.85 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:11.64 GB) (Free:1.38 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (NFSMW) (CDROM) (Total:2.1 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8DAF223A)

Partition: GPT.

==================== Ende von Addition.txt ============================
--- --- ---


Code:

LastRegBack: 2015-11-20 12:40

==================== Ende von FRST.txt ============================

cosinus 20.11.2015 23:43
Neues FRST-Log fehlt

Nick M. 21.11.2015 21:37
da ich ein häkchen da hin habe kam nur was kurzes was unter dem addition file ist!
soll ich beim scan den haken beim Addition file weg machen?

cosinus 22.11.2015 01:20
Meine Güte, die FRST.txt wird immer erstellt, die addition.txt nur wenn man das Häkchen setzt!

Nick M. 23.11.2015 13:10
Heii nicht so unhöflich werden ._.
beim ersten FRST Scan war kein häkchen dran und da wurde die Addition auch gemacht!
und beim ersten scan kam das kleine ding nach den addition.txt was ich gesendet habe als FRST, jetzt hat es funktioniert!! kommt in kürze!

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:22-11-2015
durchgeführt von waldemar (Administrator) auf MILLER (23-11-2015 13:07:17)
Gestartet von C:\Users\waldemar\Desktop
Geladene Profile: waldemar (Verfügbare Profile: waldemar & UpdatusUser & Administrator)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
() C:\Windows\System32\PnkBstrA.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-25] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-25] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-27] (Avast Software s.r.o.)
HKLM-x32\...\RunOnce: [network_adsafiliadosllhs_1] => "C:\Users\waldemar\AppData\Local\Temp\\BI_RunOnce.exe" /initurl hxxp://sub.retcer.info/init/Qd8r4aRVV/:uid:? /affid "-" /id "0" /name " " /uniqid Qd8r4aRVV /uuid 44862A77-20E4-2E73-884A-6D8A7797F559 / (Der Dateneintrag hat 69 mehr Zeichen). <===== ACHTUNG
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe /tray
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\MountPoints2: {f487ac12-93c5-11e2-be6e-806e6f6e6963} - "E:\Autorun.exe"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Keine Datei
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1.bat [2014-05-30] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\2.bat [2014-05-30] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\3.bat [2014-06-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4.bat [2014-06-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\5.bat [2014-06-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\6.bat [2014-06-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\7.bat [2014-06-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\8.bat [2014-05-28] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\9.bat [2014-06-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\zombiddos.vbs [2014-06-03] ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 78.42.43.41 82.212.62.41
Tcpip\..\Interfaces\{5BE000EA-FD30-4759-964A-34EFE80C4CB8}: [DhcpNameServer] 82.212.62.62 78.42.43.62
Tcpip\..\Interfaces\{63EA44AB-64D9-4680-8E50-723EF8BC65BB}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8B9592C0-5904-41A5-A6DF-34B10906B04F}: [DhcpNameServer] 78.42.43.41 82.212.62.41

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM -> {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-930745963-3632866088-1184878944-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-930745963-3632866088-1184878944-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Kein Name -> {11111111-1111-1111-1111-110611321185} -> Keine Datei
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\waldemar\Documents\java\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-27] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\waldemar\Documents\java\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => Keine Datei
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-27] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
IE Session Restore: HKU\S-1-5-21-930745963-3632866088-1184878944-1001 -> ist aktiviert.
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: about:home
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Users\waldemar\Documents\java\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Users\waldemar\Documents\java\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @ASC/FileLabPlugin;version=1.1.33 -> C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll [2012-02-20] (FileLab)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-24] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-930745963-3632866088-1184878944-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\waldemar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-19] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-930745963-3632866088-1184878944-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-13] ()
FF SearchPlugin: C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\searchplugins\google-avast.xml [2015-03-20]
FF Extension: Astro Find 1.0.1 - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\{5a283c6a-4a77-4a68-bbc9-129a6a1bf2f1}.xpi [2015-11-14] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-24]
FF Extension: Greasemonkey - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-10-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-27] [ist nicht signiert]

Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://start.iminent.com/?appId=9BEC116D-D7AE-4914-8F57-C0D412DF5744"
CHR Profile: C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skill Games) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\caibojmomcndolfkdcehpbbflooebmeg [2014-09-29]
CHR Extension: (agar.io server browser) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hongpdkjnjhijmdnogoicadboadgllhi [2015-11-15]
CHR Extension: (Red Ball) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjalmjfkbijjjomllohadmkfkhgonop [2014-09-29]
CHR Extension: (HQVP-3.5V21.09) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia [2015-04-07]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-27]

Opera:
=======
OPR Extension: (Tampermonkey Beta) - C:\Users\waldemar\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2015-11-07]
OPR Extension: (eBay-Erweiterung für Opera™ (von eBay)) - C:\Users\waldemar\AppData\Roaming\Opera Software\Opera Stable\Extensions\nonelnbmpmjifbnoclpchjakhkeolcbh [2014-12-19]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-27] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-27] (Avast Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
S4 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-20] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-03-22] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-03-22] ()
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-25] (IDT, Inc.) [Datei ist nicht signiert]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-10] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [66560 2014-09-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-27] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34424 2015-02-09] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-27] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-23 13:07 - 2015-11-23 13:08 - 00029772 _____ C:\Users\waldemar\Desktop\FRST.txt
2015-11-21 12:40 - 2015-11-21 12:40 - 00002205 _____ C:\Users\waldemar\Desktop\HP Support Assistant.lnk
2015-11-20 18:49 - 2015-11-12 19:37 - 00112712 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2015-11-20 18:48 - 2015-11-20 18:48 - 00000000 ____D C:\WINDOWS\LastGood
2015-11-20 18:48 - 2015-08-11 05:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-11-20 18:48 - 2015-08-11 05:52 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-11-16 19:16 - 2015-11-16 19:16 - 01798976 _____ (Malwarebytes) C:\Users\waldemar\Desktop\JRT.exe
2015-11-16 19:08 - 2015-11-17 13:21 - 00000000 ____D C:\AdwCleaner
2015-11-16 19:05 - 2015-11-16 19:06 - 01732096 _____ C:\Users\waldemar\Desktop\adwcleaner_5.021.exe
2015-11-16 17:18 - 2015-11-20 12:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-16 17:18 - 2015-11-16 17:18 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-16 17:17 - 2015-11-16 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 17:17 - 2015-11-16 17:17 - 22908888 _____ (Malwarebytes ) C:\Users\waldemar\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-16 17:17 - 2015-11-16 17:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-16 17:17 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-16 17:17 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-16 17:17 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-16 17:14 - 2015-11-16 17:14 - 22908888 _____ (Malwarebytes ) C:\Users\waldemar\Downloads\2FC1.tmp
2015-11-16 17:13 - 2015-11-16 17:13 - 15126528 _____ (Malwarebytes ) C:\Users\waldemar\Downloads\4311.tmp
2015-11-16 14:47 - 2015-11-23 13:07 - 00000000 ____D C:\Users\waldemar\Desktop\FRST-OlderVersion
2015-11-16 14:15 - 2015-11-16 14:15 - 00000000 ____D C:\Program Files (x86)\2d8d4ce8-4ca7-41d1-bb04-fbc24d43f9cd
2015-11-15 19:32 - 2015-11-15 19:32 - 00001452 _____ C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-15 17:57 - 2015-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\1e24d446-93ab-47fb-a2dd-9b901872eab5
2015-11-15 17:56 - 2015-11-16 18:58 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-15 17:47 - 2015-11-15 17:47 - 06355867 _____ C:\Users\waldemar\Downloads\Agar.io-Hack-Tool.rar
2015-11-15 14:21 - 2015-11-15 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2015-11-15 14:21 - 2015-11-15 14:24 - 00000000 ____D C:\Program Files\nodejs
2015-11-15 14:21 - 2015-11-15 14:21 - 00000000 ____D C:\Users\waldemar\AppData\Roaming\npm
2015-11-15 14:18 - 2015-11-15 14:17 - 10252288 _____ C:\Users\waldemar\Desktop\node-v5.0.0-x64.msi
2015-11-15 14:17 - 2015-11-15 14:19 - 00000000 ___RD C:\Users\waldemar\Desktop\Agar.io Private Server
2015-11-15 14:17 - 2015-11-15 14:17 - 10252288 _____ C:\Users\waldemar\Downloads\node-v5.0.0-x64.msi
2015-11-15 14:17 - 2015-11-15 14:17 - 03198164 _____ C:\Users\waldemar\Downloads\Agar.io Private Server.zip
2015-11-12 22:28 - 2015-11-12 22:28 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2015-11-11 19:30 - 2015-11-03 01:23 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-11 19:30 - 2015-11-03 01:23 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 04:27 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 04:27 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 04:27 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 04:27 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 04:27 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-11 04:26 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-11 04:26 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-11 04:26 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-11 04:26 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-11 04:26 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-11 04:26 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-11 04:26 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-11 04:26 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-11 04:26 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-11 04:26 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-11 04:26 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-11 04:26 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-11 04:26 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 04:26 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-11 04:26 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-11 04:26 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-11 04:26 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-11 04:26 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 04:26 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 04:26 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 04:26 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 04:26 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 04:26 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 04:26 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 04:26 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 04:26 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 04:26 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 04:26 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 04:26 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 04:26 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 04:26 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 04:26 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 04:26 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-11 04:25 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 04:25 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 04:25 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 04:25 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 04:25 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 04:25 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 04:25 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 04:25 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 04:25 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 04:25 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 04:25 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 04:25 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 04:25 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 04:25 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 04:25 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 04:25 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 04:25 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 04:25 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 04:25 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 04:25 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 04:25 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 04:25 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 04:25 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 04:25 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-11 04:25 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-11 04:25 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-11 04:25 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-11 04:25 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-11 04:25 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-11 04:25 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-11 04:25 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-11 04:25 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-11 04:25 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-11 04:25 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-11 04:25 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-11 04:25 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-11 04:25 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-11 04:25 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-11 04:25 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-11 04:25 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-10-28 21:40 - 2015-10-28 21:40 - 00155300 _____ C:\Users\waldemar\Downloads\36 Tournament Bikes Hack - By BikeRaceJ (BikeRacePro).zip
2015-10-28 21:40 - 2015-10-28 21:40 - 00000000 ____D C:\Users\waldemar\Downloads\36 Tournament Bikes Hack - By BikeRaceJ (BikeRacePro)
2015-10-28 21:04 - 2015-10-28 21:07 - 00000000 ____D C:\Users\waldemar\Documents\Vickys Ordner
2015-10-28 21:03 - 2015-10-28 21:03 - 00000000 ____D C:\Users\waldemar\Documents\Benutzerdefinierte Office-Vorlagen
2015-10-28 20:56 - 2015-10-28 20:56 - 00000000 __RHD C:\MSOCache
2015-10-27 13:18 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-10-27 13:18 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-10-27 11:31 - 2015-10-27 11:31 - 00000000 ____D C:\Users\waldemar\AppData\Roaming\.mono
2015-10-27 11:31 - 2015-10-27 11:31 - 00000000 ____D C:\ProgramData\.mono

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-23 13:07 - 2014-10-31 12:26 - 02346496 _____ (Farbar) C:\Users\waldemar\Desktop\FRST64.exe
2015-11-23 13:07 - 2014-10-31 12:26 - 00000000 ____D C:\FRST
2015-11-23 13:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-23 12:56 - 2014-09-12 18:51 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A350FA8C-F1AE-4D16-B3BE-40AF58306519}
2015-11-23 12:38 - 2015-08-24 02:56 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-23 07:02 - 2014-09-10 16:42 - 01963668 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-23 06:41 - 2015-08-24 02:56 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-23 06:41 - 2015-04-17 05:48 - 00000000 ___RD C:\Users\waldemar\iCloudDrive
2015-11-23 06:41 - 2014-09-10 17:10 - 00000000 __RDO C:\Users\waldemar\OneDrive
2015-11-22 22:22 - 2014-11-29 13:08 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-22 14:04 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-21 15:21 - 2014-07-10 15:20 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-930745963-3632866088-1184878944-1001
2015-11-21 14:15 - 2013-01-22 10:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-11-21 14:15 - 2013-01-22 10:11 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-21 12:40 - 2013-01-22 10:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-21 12:40 - 2013-01-22 10:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-21 12:40 - 2013-01-22 10:10 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-21 12:37 - 2012-10-12 04:24 - 00000000 ____D C:\SWSETUP
2015-11-20 23:28 - 2014-07-15 15:08 - 00000000 ____D C:\ProgramData\Origin
2015-11-20 20:12 - 2015-10-02 03:44 - 00003178 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForwaldemar
2015-11-20 20:12 - 2015-10-02 03:44 - 00000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForwaldemar.job
2015-11-20 20:12 - 2014-11-28 20:55 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-11-20 19:30 - 2014-10-17 22:59 - 00000000 ____D C:\Users\waldemar\Desktop\Musik
2015-11-20 18:50 - 2014-09-28 10:01 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-20 18:50 - 2014-07-15 15:08 - 00000000 ____D C:\Program Files (x86)\Origin
2015-11-20 18:49 - 2014-11-07 23:56 - 00000000 ____D C:\Users\waldemar\AppData\Local\NVIDIA Corporation
2015-11-20 18:48 - 2013-08-22 15:46 - 00426060 _____ C:\WINDOWS\setupact.log
2015-11-20 13:22 - 2014-11-29 13:08 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-20 12:34 - 2014-03-18 11:03 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-20 12:34 - 2014-03-18 10:25 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-20 12:34 - 2014-03-18 10:25 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-20 12:29 - 2014-09-10 16:42 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-20 12:29 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-20 12:28 - 2014-03-18 02:50 - 04651742 _____ C:\WINDOWS\PFRO.log
2015-11-20 12:28 - 2013-08-22 15:45 - 00000000 ____D C:\WINDOWS\Setup
2015-11-20 12:28 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-19 16:04 - 2014-10-08 19:38 - 00003848 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1412793520
2015-11-19 16:04 - 2014-10-08 19:38 - 00001025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-19 16:04 - 2014-10-08 19:38 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-17 15:54 - 2014-09-14 16:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-16 18:59 - 2012-07-26 06:26 - 00000235 _____ C:\WINDOWS\win.ini
2015-11-16 16:12 - 2015-03-08 18:27 - 00000000 ____D C:\Users\waldemar\AppData\Roaming\uTorrent
2015-11-16 14:47 - 2014-11-01 18:35 - 00000000 ____D C:\Users\waldemar\Downloads\FRST-OlderVersion
2015-11-16 14:16 - 2015-02-09 17:09 - 00000000 __SHD C:\Users\waldemar\AppData\Local\EmieBrowserModeList
2015-11-16 14:16 - 2014-09-12 18:51 - 00000000 __SHD C:\Users\waldemar\AppData\Local\EmieUserList
2015-11-14 21:41 - 2014-07-10 15:27 - 00000000 ____D C:\Users\waldemar\AppData\Local\Google
2015-11-12 19:37 - 2014-12-17 15:21 - 01828160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-11-12 19:37 - 2014-12-17 15:21 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-11-12 19:37 - 2014-12-17 15:21 - 01509824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-11-12 19:37 - 2014-12-17 15:21 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-11-12 19:03 - 2014-07-11 20:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 18:58 - 2014-07-11 20:05 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-11 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-11 19:29 - 2013-08-22 15:44 - 00500496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-11 05:16 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-11 04:38 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-28 21:38 - 2014-07-12 12:27 - 00000000 ____D C:\Users\waldemar\AppData\Local\CrashDumps
2015-10-28 14:44 - 2015-07-31 00:03 - 00000000 ____D C:\Users\waldemar\Desktop\andere musik
2015-10-28 14:41 - 2014-11-08 21:59 - 00000000 ____D C:\ProgramData\WindSolutions
2015-10-28 14:02 - 2015-04-21 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-28 14:01 - 2015-04-21 19:45 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 13:39 - 2014-09-30 15:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-07-30 13:31 - 2014-07-30 13:31 - 0000000 _____ () C:\Users\waldemar\AppData\Roaming\bitlord_log.txt
2014-08-21 10:05 - 2014-09-09 12:02 - 0131072 _____ () C:\Users\waldemar\AppData\Roaming\chrtmp
2014-10-28 23:06 - 2014-10-28 23:06 - 0000600 _____ () C:\Users\waldemar\AppData\Roaming\winscp.rnd
2015-03-27 16:05 - 2015-03-27 16:05 - 0000000 _____ () C:\Users\waldemar\AppData\Local\Input.xml
2015-03-27 16:04 - 2015-03-27 16:04 - 0000000 _____ () C:\Users\waldemar\AppData\Local\Settings.xml
2015-04-30 10:11 - 2015-04-30 10:11 - 0004966 _____ () C:\ProgramData\wmzddnmb.cix

Einige Dateien in TEMP:
====================
C:\Users\waldemar\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\waldemar\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-20 12:40

==================== Ende von FRST.txt ============================

cosinus 23.11.2015 13:55
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM-x32\...\RunOnce: [network_adsafiliadosllhs_1] => "C:\Users\waldemar\AppData\Local\Temp\\BI_RunOnce.exe" /initurl hxxp://sub.retcer.info/init/Qd8r4aRVV/:uid:? /affid "-" /id "0" /name " " /uniqid Qd8r4aRVV /uuid 44862A77-20E4-2E73-884A-6D8A7797F559 / (Der Dateneintrag hat 69 mehr Zeichen). <===== ACHTUNG
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-01-28] (Microsoft Corporation) <==== ACHTUNG
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Kein Name -> {11111111-1111-1111-1111-110611321185} -> Keine Datei
SearchScopes: HKU\S-1-5-21-930745963-3632866088-1184878944-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
CHR RestoreOnStartup: Default -> "http://start.iminent.com/?appId=9BEC116D-D7AE-4914-8F57-C0D412DF5744"
Task: {AF1BCA28-37F2-468D-BFFF-5630CF934C22} - System32\Tasks\{9E631260-DC19-4D51-A6E1-4D7D8D3B67F1} => pcalua.exe -a C:\Users\waldemar\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=exp <==== ACHTUNG
C:\Users\waldemar\AppData\Roaming\webssearches
C:\Program Files (x86)\Cracked Steam
C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia
C:\Users\waldemar\Downloads\Agar.io-Hack-Tool.rar
C:\Program Files (x86)\2d8d4ce8-4ca7-41d1-bb04-fbc24d43f9cd
C:\Program Files (x86)\1e24d446-93ab-47fb-a2dd-9b901872eab5
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\2.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\3.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\5.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\6.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\7.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\8.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\9.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\zombiddos.vbs
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Alle Zeitangaben in WEZ +1. Es ist jetzt 11:59 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19