| baumkrone | 10.09.2015 23:49 |
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
durchgeführt von Admin (2015-09-11 00:33:59)
Gestartet von C:\Users\Admin\Desktop
Windows 10 Home (X64) (2015-07-30 10:53:42)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Admin (S-1-5-21-2004366145-3497105423-4204979389-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2004366145-3497105423-4204979389-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2004366145-3497105423-4204979389-503 - Limited - Disabled)
Gast (S-1-5-21-2004366145-3497105423-4204979389-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2004366145-3497105423-4204979389-1003 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
60 Seconds! (HKLM-x32\...\Steam App 368360) (Version: - Robot Gentleman Studios)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version: - SkyBox Labs)
AION Free-To-Play (HKLM-x32\...\AION Free-To-Play) (Version: v0.1 - Gameforge 4D)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{8FAAC5E4-3361-726A-9F42-F0414FD1D3BC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
Dungeon Keeper 2 (HKLM\...\{4f94b43a-8a00-4ac4-bb94-269cf24aef97}.sdb) (Version: - )
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - EKO Software)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LEGO - The Hobbit (HKLM-x32\...\Steam App 285160) (Version: - Traveller's Tales)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{E3AE2D4D-5274-CE6B-5434-64DA3131A301}) (Version: 1.00.0000 - Ihr Firmenname)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Only If (HKLM-x32\...\Steam App 298260) (Version: - Creability)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2004366145-3497105423-4204979389-1001\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
Stronghold 2 (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.1000 - Firefly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Evil Within (HKLM-x32\...\Steam App 268050) (Version: - Tango Gameworks)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
The Walking Dead (HKLM-x32\...\The Walking Dead) (Version: 1.0.0.34 - Telltale Games)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
09-09-2015 15:46:41 Windows Update
10-09-2015 17:20:09 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2015-02-20 22:10 - 00000860 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {33C416A8-BE49-4476-A165-936E9722F0CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {3C130636-0D99-49CD-BBDD-E99FF705AB76} - \Power Management -> Keine Datei <==== ACHTUNG
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {42949EC0-35B0-400B-9B61-9AC64E009F64} - \cfr3011 -> Keine Datei <==== ACHTUNG
Task: {437E1E6B-7212-4816-879E-AFEDAB213718} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {44D033C7-5FCF-4E39-94D9-5CD725D8455B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {47C2E1BC-5D8B-4EE3-BE8A-35A66030CEE3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {53E79908-AC45-4B8D-9647-78A6FAB66003} - System32\Tasks\XuFxt9mkOz6leta3 => C:\Users\Admin\AppData\Roaming\XuFxt9mkOz6leta3.exe <==== ACHTUNG
Task: {62EB40DD-5548-4429-89B0-48177B86F949} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-10] (AVAST Software)
Task: {67B50CA4-0072-4FFD-B4F3-462CE1A94E54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {682DD956-4C90-4EEC-BD63-E2EE8AD96727} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-27] (Microsoft Corporation)
Task: {6F3E07C2-BCD0-44A2-BAE2-1D16A2A6312B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {706A4FA4-EE11-4E3D-AF8D-DBABC4A5B116} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {74229F9D-2346-45D5-8FFA-5CA66899D797} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8102A2DB-C0ED-49E3-AADE-D86A4FE86100} - \Launch Manager -> Keine Datei <==== ACHTUNG
Task: {82E8C04B-F162-4A31-A25F-B124C9ED8358} - \CreateChoiceProcessTask -> Keine Datei <==== ACHTUNG
Task: {83034C66-9BDA-4349-8F17-D5FF8B91FE60} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {8754FFC0-BB2E-43E0-9EA0-66FA202DB7B6} - System32\Tasks\6ZFaWzhw => C:\Users\Admin\AppData\Roaming\6ZFaWzhw.exe <==== ACHTUNG
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-30] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A89A5A25-BBDF-41CF-B2B1-9956B20AFBB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-16] (Adobe Systems Incorporated)
Task: {B0A61ADB-FB42-46C7-9375-C789FDD2266C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {B88F8293-95E3-4777-ACF3-2126CC7A555F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {B8E7D7CF-9063-4FE8-90EB-1AA7B8A17B36} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {DB82B374-2B32-40BD-A8BF-8F039CB77268} - System32\Tasks\{74CC22CD-BF42-4D26-A926-992FC13A2EBD} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\SpeedMon\speedmon.exe -c /uninstall
Task: {E2B99002-BD51-4F93-864E-5007CFFC4248} - System32\Tasks\{5200FF4B-8E73-465C-9CCF-53FCF9E14198} => pcalua.exe -a C:\Users\Admin\Downloads\Silverlight_x64.exe -d C:\Users\Admin\Downloads
Task: {F0F6C0E7-FCFE-41E1-BD51-1BBD235392E8} - \Optimize Start Menu Cache Files-S-1-5-21-2004366145-3497105423-4204979389-500 -> Keine Datei <==== ACHTUNG
Task: {F5546E72-0DDD-445B-A09C-5E4811DA0A05} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {FE3D2819-08E8-4A4D-A987-CDD9D851A889} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {FF3E384D-79DC-4562-8D03-890A2E0279A8} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\6ZFaWzhw.job => C:\Users\Admin\AppData\Roaming\6ZFaWzhw.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\XuFxt9mkOz6leta3.job => C:\Users\Admin\AppData\Roaming\XuFxt9mkOz6leta3.exe <==== ACHTUNG
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-30 13:14 - 2015-07-30 13:14 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-27 11:12 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-30 03:07 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-30 03:07 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-01-16 08:34 - 2013-07-30 19:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-27 11:12 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-27 11:12 - 2015-08-11 10:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-27 11:12 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2014-01-16 07:58 - 2013-09-04 01:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-09-10 17:45 - 2015-09-10 17:45 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-10 17:45 - 2015-09-10 17:45 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-10 17:45 - 2015-09-10 17:45 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091000\algo.dll
2015-09-10 23:02 - 2015-09-10 23:02 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091001\algo.dll
2015-09-10 17:45 - 2015-09-10 17:45 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-10 19:28 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-10 19:27 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-10 19:28 - 2015-08-19 22:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-10 19:27 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-10 19:27 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-10 19:27 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-10 19:27 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-10 19:27 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-10 19:27 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-10 19:27 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-10 19:27 - 2015-08-19 22:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-09-10 19:27 - 2015-07-27 03:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-09-10 19:27 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-09-10 19:27 - 2015-07-25 03:53 - 00115968 _____ () C:\Program Files (x86)\Steam\winh264.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acwfp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-2004366145-3497105423-4204979389-1001\Software\Classes\.exe: exefile => <===== ACHTUNG
HKU\S-1-5-21-2004366145-3497105423-4204979389-1001\Software\Classes\exefile: <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2004366145-3497105423-4204979389-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2004366145-3497105423-4204979389-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\Desktop\Lea Zeug\Pictures\img004.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2004366145-3497105423-4204979389-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{97325B94-617C-4E6F-88E8-8F6C02EEC234}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{1078C122-0ECF-4301-B3E7-FE27A617A0A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{7F47B5C3-2A15-4FE0-A5C8-B17AA8D25CFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2151D007-150B-4A8B-9407-A1F69D5866CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Only If\Only If.exe
FirewallRules: [{918A6EC2-611A-4E42-B569-4E623B6906C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Only If\Only If.exe
FirewallRules: [{1A78CBDD-0541-49F6-95B3-95E234806E80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{562D9A5D-53EB-4035-9144-3A9F12865C16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{30D2E02B-9CE7-4CBE-992A-BECCE4D2F7E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{11DC6D00-B34F-4AFB-8B8D-E3A97734FF38}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{5DF0F41E-C6D9-4E5F-9826-E4F147714E95}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{4CD1AD68-47E1-4B56-A2BD-2CC3920D9E9A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [UDP Query User{09297C1D-5F8A-48AD-923B-D0D3A3F5A58F}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6D666D38-8D3B-4281-859C-C2897FC014FF}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{37AD81FA-C531-48A4-9B84-35B0A80ED553}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{F7F88DC3-9410-4A92-A370-37259C32661A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{BA96E596-DEE8-4F5C-AF57-38DD951E3FEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{1FE68C9F-58FD-4200-AF78-2EE003CB69AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [UDP Query User{85A47940-1020-4383-9E85-816256CBAD1B}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe] => (Allow) C:\program files (x86)\gameforge\nclauncher\nclauncher.exe
FirewallRules: [TCP Query User{45FDDA9F-3C44-4FCD-BC9A-B4689F471B3D}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe] => (Allow) C:\program files (x86)\gameforge\nclauncher\nclauncher.exe
FirewallRules: [UDP Query User{2410BE10-2F86-44CE-AEEB-E03F0108BD06}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Block) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [TCP Query User{CD23BC5A-55C9-4C17-85E6-1CF2448016B4}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Block) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{793E2F10-C1DB-4C55-AAB9-E0F0ADCA6F16}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [TCP Query User{2233422E-5257-49E8-9F9A-68E71DB77376}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{003E6893-F47B-410C-B474-00336EDFB35F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{5C3BD03F-2272-4E21-BA2D-FBAE495DBAF0}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{209647F1-F5D6-4AD2-B9F0-3450CF343D8A}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8C0FC16C-5D79-4F72-BA70-532B16EA0005}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold\Stronghold.exe
FirewallRules: [{412811A2-E569-4290-AA37-0C1491CA860B}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold\Stronghold.exe
FirewallRules: [{14B5C410-6DCB-45D4-9515-085AA80B520B}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{C207435E-C475-4497-A61D-2518AE0E6B14}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{FF22C34C-B71C-484D-9943-D39AEEE8F525}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{4A3BEEAC-33EF-4E5C-84A5-38684D66B9C0}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{9617BAB8-6240-4C7C-AACF-F5BA4AF392D5}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe
FirewallRules: [{B28F4497-9EC9-4909-9845-6C2B236E071A}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe
FirewallRules: [{817934BF-D15A-4E42-8C40-0FF79BC96465}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{D3980B7A-92E9-46F6-8EDF-21BCEA2B3489}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{768E5B40-22A5-4B72-9667-7378AACE3163}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DA9C706F-40FE-4AF4-84E5-374F189F8E2D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D6F73942-E683-4443-B08C-5F10752F4275}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6B461998-05F4-4621-833A-FDF06BA6C044}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{96D648A7-9E2B-4F66-B2A4-9B7D6C15C325}C:\users\admin\desktop\lea zeug\documents\teamspeak3-server_win32-3.0.10.3\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\admin\desktop\lea zeug\documents\teamspeak3-server_win32-3.0.10.3\teamspeak3-server_win32\ts3server_win32.exe
FirewallRules: [TCP Query User{CF9324D2-5AA4-4D2E-BA13-FA0B3FEE39FA}C:\users\admin\desktop\lea zeug\documents\teamspeak3-server_win32-3.0.10.3\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\admin\desktop\lea zeug\documents\teamspeak3-server_win32-3.0.10.3\teamspeak3-server_win32\ts3server_win32.exe
FirewallRules: [{D7837B86-0290-4125-B275-115C5B95BA69}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{A2CBCB83-4E63-4D87-9835-66DCB9954D0D}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{699E8626-CA3A-4CBB-A909-EB4AD7710E08}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{8003CE36-C338-4A58-BA63-E6E9F509390A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{19A15833-5884-4CB9-89EA-0AC6E8D196D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{6D6C4CAB-CFE2-4F05-A7C3-AB7CBF295385}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{08CDFDED-8218-4A66-BE74-F1696F58D0FF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{6D727CEE-67DA-4AD9-BE56-C3E5645B31FD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{D404C1C7-B6B4-46CC-BE13-F1761A49386F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{F63DC085-92B8-4498-B016-B646F029D402}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{E8BF6290-3939-4B44-BED2-0F05D4912D14}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{C215880B-3018-4DEB-BD0C-E41D3EEAE0B7}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{BC3411B2-E553-4F9C-B8EF-267F69C23C24}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{14FADD7B-4BFD-423B-96B5-91C38EA1B627}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{E7AFDF8E-1571-48A5-AC5A-BD623B7D9C5A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{C562658B-B1B0-46C9-A49F-6A58A1696AFC}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{9BB6B44A-251F-4893-AA13-79B38B887C17}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{4CE2D119-7217-4256-BF54-23BC6FE63DDF}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{81825BF5-B8E8-4333-B082-6D30A4AFED0E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B78FE421-FAA6-459E-89BC-756C71095A55}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6DE1084A-AB73-4491-AC98-EB486D104BA8}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{023FF407-B666-45C5-B311-DB0258D2A8A5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{0ACF7C5D-8FC7-4868-81C3-B7238708514D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{3B9932DF-FAAD-4059-B084-281384655FFA}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7C0DFC92-0E50-49C4-A7E6-C54DA2A7430D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{1792AE99-4285-44E3-90AF-15A37D61D47B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{B48B78D9-0BA8-499F-BB81-5C0A9794BB45}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{22BE01C0-B0F0-4255-AF08-F47988E7068A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{B3CA9958-513A-44F0-A414-72FAFA1795FD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{87F4C64F-756F-4916-B85F-71BBF0E963F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{8ACC6BC6-FBFA-499C-9C3E-4C2DDC1FFB8C}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{16FAEA28-5972-44BA-BAEA-D1672B1862A3}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{6C718AB4-C243-4923-8FD9-BC2CBB12E304}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{6F9B55F0-AAA0-4694-B344-37830F04CA62}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{3CBCB046-FAA3-4709-AA4B-D4E6BFB00084}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{59A37F2E-AD53-4FDF-B9F1-9C048715B665}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2D338243-2018-4788-BABE-837BD8E40F68}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{E7554797-41BE-420B-9F5C-1EBE27688857}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [TCP Query User{6DE6A31A-FC02-4500-86E5-EFCB5DBB0968}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe] => (Block) C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe
FirewallRules: [UDP Query User{855A6190-9581-47F8-A723-F6719BB80206}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe] => (Block) C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe
FirewallRules: [{51FB6A82-6049-4CAE-98BA-497EA2E8C5AD}] => (Allow) C:\Users\Admin\AppData\Roaming\SSN\ssn.exe
FirewallRules: [{93930526-A3CE-4674-B124-5ABA81D60801}] => (Allow) C:\Users\Admin\AppData\Roaming\SSN\updssn.exe
FirewallRules: [{E9D57666-5BDD-46FC-997D-0B2158604EBD}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [TCP Query User{83D8128D-A281-4261-8D12-4B29431579CE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{085D939C-0098-485E-A58E-C42071DAF1D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A77C8F87-C07C-4136-A371-0D1F07BA90CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{78640055-226A-43E7-91AF-8B4CF8BDEE6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{4280C7F6-7C22-4E54-86E2-1D855304825C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{5BACD0FA-A884-499B-9599-6542ABFACFFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{93A4932A-D4B1-402B-9702-70C5B1AA25A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/10/2015 11:57:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer)
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/10/2015 11:31:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/10/2015 08:44:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WinStore.Mobile.exe, Version 2015.8.25.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1184
Startzeit: 01d0ebf87938b7de
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
Berichts-ID: f39376d6-57eb-11e5-8414-40f02fc78a67
Vollständiger Name des fehlerhaften Pakets: Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe
Auf das fehlerhafte Paket bezogene Anwendungs-ID: App
Error: (09/10/2015 08:44:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Acer)
Description: Das Paket „Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (09/10/2015 05:20:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (09/09/2015 04:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/09/2015 03:47:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (09/09/2015 03:45:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/09/2015 03:45:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WinStore.Mobile.exe, Version 2015.8.25.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 7cc
Startzeit: 01d0eb05badad3ab
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
Berichts-ID: 03cf47f0-56f9-11e5-8412-40f02fc78a67
Vollständiger Name des fehlerhaften Pakets: Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe
Auf das fehlerhafte Paket bezogene Anwendungs-ID: App
Error: (09/09/2015 03:45:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Acer)
Description: Die App „Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe+App“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Systemfehler:
=============
Error: (09/10/2015 11:57:28 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca
Error: (09/10/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/10/2015 07:28:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (09/10/2015 05:30:46 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Acer)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2004366145-3497105423-4204979389-1001-0-ntuser.dat
Error: (09/10/2015 05:30:36 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Acer)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2004366145-3497105423-4204979389-1001-0-ntuser.dat
Error: (09/10/2015 05:22:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McAfee Validation Trust Protection Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/10/2015 05:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/10/2015 05:21:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/10/2015 05:21:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/10/2015 05:21:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Firewall Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (09/10/2015 11:57:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927141
Error: (09/10/2015 11:31:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer)
Description: Microsoft.WindowsStore_8wekyb3d8bbwe!App-2147023170
Error: (09/10/2015 08:44:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WinStore.Mobile.exe2015.8.25.1118401d0ebf87938b7de4294967295C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exef39376d6-57eb-11e5-8414-40f02fc78a67Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbweApp
Error: (09/10/2015 08:44:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Acer)
Description: Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe+App
Error: (09/10/2015 05:20:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (09/09/2015 04:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer)
Description: Microsoft.WindowsStore_8wekyb3d8bbwe!App-2147023170
Error: (09/09/2015 03:47:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (09/09/2015 03:45:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer)
Description: Microsoft.WindowsStore_8wekyb3d8bbwe!App-2144927142
Error: (09/09/2015 03:45:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WinStore.Mobile.exe2015.8.25.17cc01d0eb05badad3ab4294967295C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe03cf47f0-56f9-11e5-8412-40f02fc78a67Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbweApp
Error: (09/09/2015 03:45:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Acer)
Description: Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe+App
CodeIntegrity:
===================================
Date: 2015-09-09 15:51:17.239
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-08 14:20:31.924
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-07 20:38:15.771
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 18:19:21.554
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 18:12:36.498
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 03:11:29.361
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 03:11:29.278
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 03:11:28.668
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-29 19:14:28.459
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-27 17:21:10.389
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 51%
Installierter physikalischer RAM: 3976.27 MB
Verfügbarer physikalischer RAM: 1945.95 MB
Summe virtueller Speicher: 8584.27 MB
Verfügbarer virtueller Speicher: 5394.02 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:447.69 GB) (Free:232 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 92E21165)
Partition: GPT.
==================== Ende von Addition.txt ===========================
Und hier von Malware. Beim letzten Suchlauf wurde garnichts gefunden, also steht auch überhaupt nix hilfreiches im Protokoll, oder? Deswegen poste ich mal den Suchlauf davor (vor 3 Tagen). Code:
Dateisystem: NTFS
Benutzer: Admin
Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 389550
Abgelaufene Zeit: 26 Min., 27 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(keine bösartigen Elemente erkannt)
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswerte: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Ordner: 3
PUP.Optional.Amonetize, C:\Users\Admin\AppData\Local\2197, In Quarantäne, [28e741eccdbef83e6f4d81a36f947a86],
PUP.Optional.ProtectWindowsManager, C:\ProgramData\vWdsManProv, In Quarantäne, [57b8d855f299b28498c4af74d52e54ac],
PUP.Optional.ProtectWindowsManager, C:\ProgramData\vWdsManProv\update, In Quarantäne, [57b8d855f299b28498c4af74d52e54ac],
Dateien: 5
Adware.Agent, C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300_beta.exe, In Quarantäne, [de31e34aa6e50531e0e225b4c63b3bc5],
PUP.Optional.Amonetize, C:\Users\Admin\AppData\Local\2197\Updater.exe, In Quarantäne, [28e741eccdbef83e6f4d81a36f947a86],
PUP.Optional.Amonetize, C:\Users\Admin\AppData\Local\2197\status.cfg, In Quarantäne, [28e741eccdbef83e6f4d81a36f947a86],
PUP.Optional.Amonetize, C:\Users\Admin\AppData\Local\2197\Updater.xml, In Quarantäne, [28e741eccdbef83e6f4d81a36f947a86],
PUP.Optional.ProtectWindowsManager, C:\ProgramData\vWdsManProv\updateconf, In Quarantäne, [57b8d855f299b28498c4af74d52e54ac],
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end)
Noch zusätzlich z.B. von heute das tägliche Schutzprotokoll: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Detection, 11.09.2015 00:31, SYSTEM, ACER, Protection, Malicious Website Protection, Domain, 127.42.0.14, istatic.eshopcomp.com, 58811, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe,
Detection, 11.09.2015 00:31, SYSTEM, ACER, Protection, Malicious Website Protection, Domain, 127.42.0.14, istatic.eshopcomp.com, 58811, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe,
Detection, 11.09.2015 00:31, SYSTEM, ACER, Protection, Malicious Website Protection, Domain, 127.42.0.14, istatic.eshopcomp.com, 58814, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe,
Detection, 11.09.2015 00:31, SYSTEM, ACER, Protection, Malicious Website Protection, Domain, 127.42.0.14, istatic.eshopcomp.com, 58835, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe,
Detection, 11.09.2015 00:31, SYSTEM, ACER, Protection, Malicious Website Protection, Domain, 127.42.0.14, istatic.eshopcomp.com, 58836, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe,
Protection, 11.09.2015 00:31, SYSTEM, ACER, Protection, Malware Protection, Stopping,
Protection, 11.09.2015 00:31, SYSTEM, ACER, Protection, Malware Protection, Stopped,
(end)
Adwcleaner: Code:
# AdwCleaner v5.007 - Bericht erstellt am 10/09/2015 um 17:11:56
# Aktualisiert am 08/09/2015 von Xplode
# Datenbank : 2015-09-08.2 [Server]
# Betriebssystem : Windows 10 Home (x64)
# Benutzername : Admin - ACER
# Gestartet von : C:\Users\Admin\Desktop\adwcleaner_5.007.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8A847980-AB5F-48D8-A7D4-C200A0732B7B}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
***** [ Internetbrowser ] *****
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Gefunden : hxxp://www.oursurfing.com/?type=hp&ts=1440893500&z=bcf1a78db52e085cfc66815g9z3z1e9bcteccz9t1t&from=amt&uid=ST500LT012-9WS142_W0VJPDJBXXXXW0VJPDJB
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Gefunden : hxxp://www.oursurfing.com/?type=hp&ts=1440893500&z=bcf1a78db52e085cfc66815g9z3z1e9bcteccz9t1t&from=amt&uid=ST500LT012-9WS142_W0VJPDJBXXXXW0VJPDJB
*************************
C:\AdwCleanerDebug.txt - [55 Bytes] - [06/12/2014 13:37:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1357 Bytes] ##########
|
FRST 32-Bit | FRST 64-Bit
Lesestoff:
Malwarebytes Anti-Malware 
SecurityCheck und:
