Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with svchost.exe in "Temp"-folder


  • This topic is locked This topic is locked
7 replies to this topic

#1 wfang107

wfang107

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 16 July 2016 - 06:24 AM

Hey!

My PC is infected with the svchost.exe-virus. It's located in "C:\Users\Moritz\AppData\Local\Temp" and when i delete it with unlocker, after the restart it's there again. Spybot can't delete svchost.exe and AdwCleaner and JRT didn't even find it. FRST64 finally found it but now i need a fixlist to delete it. I'm german so FRST.txt was also german. I replaced some german scentences with english, i hope you'll understand it.

 

FRST.txt

 

Fix result of

Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-07-2016

Ran by Moritz (Administrator) auf ARNO (16-07-2016 12:56:53)
Running from C:\Users\Moritz\Desktop
Geladene Profile: Moritz (Verfügbare Profile: Moritz)
Platform: Windows 10 Home Version 1511 (X64) Language: German (Germany)
Internet Explorer Version 11 (Standard-Browser not found)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Gramblr\gramblr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Users\Moritz\AppData\Local\Temp\svchost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Moritz\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [gplyra] => C:\Users\Moritz\AppData\Roaming\gplyra\gplyra\start.cmd
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [RoccatTyon] => C:\Program Files (x86)\ROCCAT\Tyon Mouse\TyonMonitor.EXE [557056 2015-01-13] (ROCCAT GmbH)
HKLM-x32\...\Run: [RoccatTyonW] => C:\Program Files (x86)\ROCCAT\Tyon Mouse\TyonMonitorW.EXE [557056 2015-01-13] (ROCCAT GmbH)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [sun21] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [UM] => C:\Users\Moritz\AppData\Roaming\Update Manager\UM.EXE
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [949784 2016-03-22] (BlueStack Systems, Inc.)
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [Steam] => E:\Programme\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [Discord] => C:\Users\Moritz\AppData\Local\Discord\app-0.0.291\Discord.exe [57929912 2016-06-02] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [bd51a268668edf212421dec5247d3008] => C:\Users\Moritz\AppData\Local\Temp\svchost.exe [24064 2016-07-16] () <===== ACHTUNG
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Moritz\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Moritz\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Moritz\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Moritz\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Moritz\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Moritz\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ryos Driver.lnk [2015-03-02]
ShortcutTarget: Ryos Driver.lnk -> C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe (ROCCAT GmbH Co., Ltd.)
Startup: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bd51a268668edf212421dec5247d3008.exe [2016-07-16] ()
 
==================== Internet (Whitelisted) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{625890cd-259a-4365-bf68-d1b9d3434cbd}: [DhcpNameServer] 192.168.178.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-22] (Oracle Corporation)
BHO: DealbeaverBHO Class -> {A5C87FD0-85EF-45B6-AF57-BE74A5FF1768} -> C:\Program Files (x86)\Dealbeaver\Dealbeaver64.dll => Keine Datei
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-19] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-19] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default
FF Keyword.URL: undefined://undefined/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei]
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\Program Files (x86)\VLC\VLC\npvlc.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2942333276-3977313222-2008819515-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Moritz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2942333276-3977313222-2008819515-1001: SkypePlugin -> C:\Users\Moritz\AppData\Local\SkypePlugin\7.14.0.184\npGatewayNpapi.dll [2016-02-05] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2942333276-3977313222-2008819515-1001: SkypePlugin64 -> C:\Users\Moritz\AppData\Local\SkypePlugin\7.14.0.184\npGatewayNpapi-x64.dll [2016-02-05] (Skype Technologies S.A.)
FF SearchPlugin: C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default\searchplugins\p3s16eb4.xml [2016-06-26]
FF Extension: Dealbeaver - C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\6l5txdm8.default\Extensions\dealbeaver@dealbeaver.org.xpi [2016-05-04]
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\6l5txdm8.default\Extensions\ich@maltegoetz.de.xpi [2016-03-22]
FF Extension: Video DownloadHelper - C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\6l5txdm8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-29]
FF Extension: Adblock Plus - C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\6l5txdm8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-01]
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default\Extensions\ich@maltegoetz.de.xpi [2016-03-22]
FF Extension: Video DownloadHelper - C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-29]
FF Extension: Adblock Plus - C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-01]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www-searching.com/?pid=s&s=g6qzftpbl0cshmoaq,dcc19580-a526-4585-ada7-dbe52dec1258,&vp=ch&prd=set_ch
CHR Profile: C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-26]
CHR Extension: (YouTube) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-26]
CHR Extension: (Adblock Plus) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Video DownloadHelper) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-06-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-26]
CHR Extension: (Google Mail) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-26]
CHR Profile: C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Präsentationen) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-29]
CHR Extension: (Google Docs) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-29]
CHR Extension: (Google Drive) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-29]
CHR Extension: (YouTube) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-29]
CHR Extension: (Google Tabellen) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-29]
CHR Extension: (Google Docs Offline) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-29]
CHR Extension: (Skype) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-29]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-29]
CHR Extension: (Google Mail) - C:\Users\Moritz\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-05-12] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-03-22] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-22] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [917016 2016-03-22] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [249104 2016-06-24] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-06-03] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [9654352 2016-05-28] () [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-02-01] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-28] (Electronic Arts)
S3 SandraAgentSrv; E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\RpcAgentSrv.exe [73200 2015-07-06] (SiSoftware) [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 bazkservseagnrmr.exe; "C:\Program Files (x86)\Bevconesy\bazkservseagnrmr.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [X]
 
===================== Drivers (Whitelisted) ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-03-22] (BlueStack Systems)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 SANDRA; E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\WNt600x64\Sandra.sys [23112 2009-08-08] (SiSoftware)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [143096 2013-09-14] (Ray Hinchliffe)
U5 UnlockerDriver5; C:\Users\Moritz\Desktop\unlocker1.9.0-portable\x64\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VHidXInput; C:\Windows\System32\drivers\VXInput.sys [7424 2014-08-13] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 
==================== One Month Created Files and Folders ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2016-07-16 12:56 - 2016-07-16 12:57 - 00023497 _____ C:\Users\Moritz\Desktop\FRST.txt
2016-07-16 12:56 - 2016-07-16 12:56 - 02391040 _____ (Farbar) C:\Users\Moritz\Downloads\FRST64.exe
2016-07-16 12:56 - 2016-07-16 12:56 - 02391040 _____ (Farbar) C:\Users\Moritz\Desktop\FRST64.exe
2016-07-16 12:56 - 2016-07-16 12:56 - 00000000 ____D C:\FRST
2016-07-16 12:53 - 2016-07-16 12:53 - 01610560 _____ (Malwarebytes) C:\Users\Moritz\Downloads\JRT.exe
2016-07-16 12:53 - 2016-07-16 12:53 - 01610560 _____ (Malwarebytes) C:\Users\Moritz\Desktop\JRT.exe
2016-07-16 12:53 - 2016-07-16 12:53 - 00001190 _____ C:\Users\Moritz\Desktop\JRT.txt
2016-07-16 12:37 - 2016-07-16 12:37 - 03712064 _____ C:\Users\Moritz\Desktop\adwcleaner_5.201.exe
2016-07-16 02:52 - 2016-07-16 02:52 - 00260908 _____ C:\WINDOWS\Minidump\071616-5937-01.dmp
2016-07-16 01:52 - 2016-07-14 21:04 - 00453016 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160716-015257.backup
2016-07-16 01:48 - 2016-07-16 01:48 - 00000000 ____D C:\Users\Moritz\Desktop\unlocker1.9.0-portable
2016-07-15 23:57 - 2016-07-16 00:44 - 324317770 _____ C:\Users\Moritz\Desktop\Wir waren Könige.mp4
2016-07-14 23:22 - 2016-07-14 23:22 - 00001246 _____ C:\Users\Moritz\Desktop\Temp.lnk
2016-07-14 23:15 - 2016-07-14 23:15 - 00247948 _____ C:\WINDOWS\Minidump\071416-4671-01.dmp
2016-07-14 23:10 - 2016-07-14 23:10 - 00000000 ____D C:\Users\Moritz\Documents\Multisoft
2016-07-14 22:56 - 2016-07-14 23:15 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-14 22:56 - 2016-07-14 22:56 - 00246508 _____ C:\WINDOWS\Minidump\071416-6328-01.dmp
2016-07-14 21:04 - 2016-06-30 16:27 - 00452904 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160714-210445.backup
2016-07-12 21:42 - 2016-07-12 21:51 - 00000000 ____D C:\Users\Moritz\AppData\Roaming\TeamViewer
2016-07-12 17:11 - 2016-07-14 21:09 - 00368888 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-07-12 17:11 - 2016-07-12 18:09 - 00000000 ____D C:\Users\Moritz\AppData\Roaming\7DaysToDie
2016-07-12 17:11 - 2016-06-24 21:24 - 00249104 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2016-07-09 18:17 - 2016-07-09 18:17 - 00000833 _____ C:\Users\Moritz\AppData\Local\recently-used.xbel
2016-07-09 18:10 - 2016-07-09 18:10 - 00000000 ____D C:\Users\Moritz\AppData\Local\gegl-0.2
2016-07-09 18:10 - 2016-07-09 18:10 - 00000000 ____D C:\Users\Moritz\AppData\Local\fontconfig
2016-07-09 17:22 - 2016-07-09 17:23 - 00000000 ____D C:\Users\Moritz\Desktop\mods
2016-07-03 23:52 - 2016-07-03 23:52 - 00000000 ____D C:\Users\Moritz\AppData\Local\Macromedia
2016-07-03 21:51 - 2016-07-09 17:16 - 00000000 ____D C:\Users\Moritz\AppData\Roaming\GTAV Enhanced Native Trainer
2016-07-03 19:23 - 2016-07-05 13:23 - 00000000 ____D C:\Program Files\Rockstar Games
2016-07-03 19:20 - 2016-07-05 13:23 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-07-03 19:17 - 2016-07-03 19:17 - 00001266 _____ C:\Users\Moritz\Desktop\Grand Theft Auto V.lnk
2016-07-03 18:38 - 2016-07-03 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-07-03 16:11 - 2016-07-06 16:18 - 00001434 _____ C:\Users\Moritz\Desktop\=.txt
2016-07-03 15:38 - 2016-07-03 15:38 - 00001314 _____ C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\OpenIV.lnk
2016-07-03 15:38 - 2016-07-03 15:38 - 00001312 _____ C:\Users\Moritz\Desktop\OpenIV.lnk
2016-07-03 13:42 - 2016-07-03 13:43 - 00000000 ____D C:\Users\Moritz\AppData\Local\RealLifeRPG
2016-07-03 13:37 - 2016-07-03 13:43 - 00000000 ____D C:\Users\Moritz\AppData\Local\SquirrelTemp
2016-07-02 14:05 - 2016-07-02 14:05 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-07-02 14:05 - 2016-07-02 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-07-02 14:05 - 2016-07-02 14:05 - 00000000 ____D C:\Program Files\iTunes
2016-07-02 14:05 - 2016-07-02 14:05 - 00000000 ____D C:\Program Files\iPod
2016-07-02 14:05 - 2016-07-02 14:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-30 16:49 - 2016-06-30 16:49 - 00000000 ____D C:\Users\Moritz\AppData\Local\CEF
2016-06-30 16:27 - 2015-02-15 23:19 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160630-162753.backup
2016-06-30 15:22 - 2016-07-16 12:44 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-30 15:22 - 2016-07-16 12:32 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-30 15:22 - 2016-06-30 17:02 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-30 15:22 - 2016-06-30 17:02 - 00001366 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-30 15:22 - 2016-06-30 15:27 - 00003954 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-26 18:58 - 2016-07-16 12:43 - 00000000 ____D C:\AdwCleaner
2016-06-26 17:43 - 2016-06-26 17:43 - 00003298 _____ C:\WINDOWS\System32\Tasks\{9644D2D8-FA9C-4A19-A7A1-9703F57E77CC}
2016-06-26 17:14 - 2016-06-26 17:06 - 01273856 _____ C:\Users\Moritz\AppData\Roaming\Treefan.exe
2016-06-26 17:08 - 2016-06-26 17:20 - 00000000 ____D C:\Users\Moritz\AppData\Local\Ethash
2016-06-26 17:07 - 2016-06-29 19:10 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-06-26 17:07 - 2016-06-26 17:49 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-06-26 17:07 - 2016-06-26 17:07 - 00848437 _____ C:\Users\Moritz\AppData\Roaming\Bioair.bin
2016-06-26 17:07 - 2016-06-26 17:06 - 01273856 _____ C:\Users\Moritz\AppData\Roaming\Kinin.exe
2016-06-26 17:06 - 2016-06-26 17:07 - 00018288 _____ C:\Users\Moritz\AppData\Roaming\InstallationConfiguration.xml
2016-06-26 17:06 - 2016-06-26 17:06 - 00128512 _____ C:\Users\Moritz\AppData\Roaming\Installer.dat
2016-06-26 17:05 - 2015-02-15 23:19 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-06-26 15:47 - 2016-06-26 15:48 - 00000000 ____D C:\Users\Moritz\AppData\Local\PAYDAY 2
2016-06-24 23:38 - 2016-07-11 02:09 - 00000000 ____D C:\Users\Moritz\AppData\Local\Game Dev Tycoon - Steam
2016-06-24 23:19 - 2016-06-24 23:19 - 00000000 ____D C:\Users\Moritz\AppData\LocalLow\GameMechanics
2016-06-24 22:24 - 2016-06-24 22:24 - 00000000 ____D C:\Users\Moritz\AppData\LocalLow\Red Dot Games
2016-06-24 22:14 - 2016-06-24 22:14 - 00000212 _____ C:\Users\Moritz\Desktop\The Hat Man Shadow Ward.url
2016-06-24 22:14 - 2016-06-24 22:14 - 00000212 _____ C:\Users\Moritz\Desktop\PAYDAY 2.url
2016-06-24 22:14 - 2016-06-24 22:14 - 00000210 _____ C:\Users\Moritz\Desktop\Garry's Mod.url
2016-06-24 22:11 - 2016-06-24 22:11 - 00000212 _____ C:\Users\Moritz\Desktop\Game Dev Tycoon.url
2016-06-24 20:45 - 2016-06-24 20:45 - 00000212 _____ C:\Users\Moritz\Desktop\Outlast.url
2016-06-24 20:44 - 2016-06-24 20:44 - 00000212 _____ C:\Users\Moritz\Desktop\ARK Survival Evolved.url
2016-06-24 20:44 - 2016-06-24 20:44 - 00000212 _____ C:\Users\Moritz\Desktop\7 Days to Die.url
2016-06-16 20:04 - 2016-05-28 08:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-16 20:04 - 2016-05-28 08:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-16 20:04 - 2016-05-28 08:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-16 20:04 - 2016-05-28 08:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-16 20:04 - 2016-05-28 08:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-16 20:04 - 2016-05-28 07:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-16 20:04 - 2016-05-28 07:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-16 20:04 - 2016-05-28 07:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-16 20:04 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-16 20:04 - 2016-05-28 07:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-16 20:04 - 2016-05-28 07:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-16 20:04 - 2016-05-28 07:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-16 20:04 - 2016-05-28 07:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-16 20:04 - 2016-05-28 07:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-16 20:04 - 2016-05-28 07:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-16 20:04 - 2016-05-28 07:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-16 20:04 - 2016-05-28 07:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-16 20:04 - 2016-05-28 07:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-16 20:04 - 2016-05-28 07:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-16 20:04 - 2016-05-28 07:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-16 20:04 - 2016-05-28 07:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-16 20:04 - 2016-05-28 07:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-16 20:04 - 2016-05-28 07:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-16 20:04 - 2016-05-28 07:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-16 20:04 - 2016-05-28 07:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-16 20:04 - 2016-05-28 07:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-16 20:04 - 2016-05-28 07:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-16 20:04 - 2016-05-28 07:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-16 20:04 - 2016-05-28 07:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-16 20:04 - 2016-05-28 07:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-16 20:04 - 2016-05-28 07:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-16 20:04 - 2016-05-28 07:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-16 20:04 - 2016-05-28 07:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-16 20:04 - 2016-05-28 07:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-16 20:04 - 2016-05-28 07:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-16 20:04 - 2016-05-28 06:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-16 20:04 - 2016-05-28 06:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-16 20:04 - 2016-05-28 06:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-16 20:04 - 2016-05-28 06:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-16 20:04 - 2016-05-28 06:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-16 20:04 - 2016-05-28 06:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-16 20:04 - 2016-05-28 06:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-16 20:04 - 2016-05-28 06:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-16 20:04 - 2016-05-28 06:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-16 20:04 - 2016-05-28 06:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-16 20:04 - 2016-05-28 06:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-16 20:04 - 2016-05-28 06:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-16 20:04 - 2016-05-28 06:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-16 20:04 - 2016-05-28 06:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-16 20:04 - 2016-05-28 06:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-16 20:04 - 2016-05-28 06:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-16 20:04 - 2016-05-28 06:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-16 20:04 - 2016-05-28 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-16 20:04 - 2016-05-28 06:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-16 20:04 - 2016-05-28 06:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-16 20:04 - 2016-05-28 06:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-16 20:04 - 2016-05-28 06:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-16 20:04 - 2016-05-28 06:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-16 20:04 - 2016-05-28 06:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-16 20:04 - 2016-05-28 06:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-16 20:04 - 2016-05-28 06:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-16 20:04 - 2016-05-28 06:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-16 20:04 - 2016-05-28 06:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-16 20:04 - 2016-05-28 06:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-16 20:04 - 2016-05-28 06:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-16 20:04 - 2016-05-28 06:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-16 20:04 - 2016-05-28 06:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-16 20:04 - 2016-05-28 06:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-16 20:04 - 2016-05-28 06:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-16 20:04 - 2016-05-28 06:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-16 20:04 - 2016-05-28 06:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-16 20:04 - 2016-05-28 06:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-16 20:04 - 2016-05-28 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-16 20:04 - 2016-05-28 06:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-16 20:04 - 2016-05-28 06:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-16 20:04 - 2016-05-28 06:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-16 20:04 - 2016-05-28 06:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-16 20:04 - 2016-05-28 06:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-16 20:04 - 2016-05-28 06:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-16 20:04 - 2016-05-28 06:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-16 20:04 - 2016-05-28 06:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-16 20:04 - 2016-05-28 06:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-16 20:04 - 2016-05-28 06:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-16 20:04 - 2016-05-28 06:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-16 20:04 - 2016-05-28 06:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-16 20:04 - 2016-05-28 06:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-16 20:04 - 2016-05-28 06:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-16 20:04 - 2016-05-28 06:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-16 20:04 - 2016-05-28 06:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-16 20:04 - 2016-05-28 06:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-16 20:04 - 2016-05-28 06:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-16 20:04 - 2016-05-28 06:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-16 20:04 - 2016-05-28 06:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-16 20:04 - 2016-05-28 06:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-16 20:04 - 2016-05-28 06:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-16 20:04 - 2016-05-28 06:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-16 20:04 - 2016-05-28 06:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-16 20:04 - 2016-05-28 06:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-16 20:04 - 2016-05-28 06:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-16 20:04 - 2016-05-28 06:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-16 20:04 - 2016-05-28 06:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-16 20:04 - 2016-05-28 06:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-16 20:04 - 2016-05-28 06:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-16 20:04 - 2016-05-28 06:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-16 20:04 - 2016-05-28 06:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-16 20:04 - 2016-05-28 06:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-16 20:04 - 2016-05-28 06:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-16 20:04 - 2016-05-28 06:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-16 20:04 - 2016-05-28 06:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-16 20:04 - 2016-05-28 06:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-16 20:04 - 2016-05-28 06:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-16 20:04 - 2016-05-28 06:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-16 20:04 - 2016-05-28 06:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-16 20:04 - 2016-05-28 06:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-16 20:04 - 2016-05-28 06:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-16 20:04 - 2016-05-28 06:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-16 20:04 - 2016-05-28 06:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-16 20:04 - 2016-05-28 06:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-16 20:04 - 2016-05-28 06:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-16 20:04 - 2016-05-28 06:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-16 20:04 - 2016-05-28 06:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-16 20:04 - 2016-05-28 06:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-16 20:04 - 2016-05-28 06:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-16 20:04 - 2016-05-28 06:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-16 20:04 - 2016-05-28 06:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-16 20:04 - 2016-05-28 06:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-16 20:04 - 2016-05-28 06:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-16 20:04 - 2016-05-28 06:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-16 20:04 - 2016-05-28 06:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-16 20:04 - 2016-05-28 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-16 20:04 - 2016-05-28 06:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-16 20:04 - 2016-05-28 06:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-16 20:04 - 2016-05-28 06:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-16 20:04 - 2016-05-28 06:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-16 20:04 - 2016-05-28 06:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-16 20:04 - 2016-05-28 06:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-16 20:04 - 2016-05-28 06:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-16 20:04 - 2016-05-28 06:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-16 20:04 - 2016-05-28 06:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-16 20:04 - 2016-05-28 06:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-16 20:04 - 2016-05-28 06:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-16 20:04 - 2016-05-28 06:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-16 20:04 - 2016-05-28 06:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-16 20:04 - 2016-05-28 06:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-16 20:04 - 2016-05-28 06:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-16 20:04 - 2016-05-28 06:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-16 20:04 - 2016-05-28 06:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-16 20:04 - 2016-05-28 06:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-16 20:04 - 2016-05-28 06:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-16 20:04 - 2016-05-28 06:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-16 20:04 - 2016-05-28 06:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-16 20:04 - 2016-05-28 06:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-16 20:04 - 2016-05-28 06:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-16 20:04 - 2016-05-28 06:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-16 20:04 - 2016-05-28 06:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-16 20:04 - 2016-05-28 06:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-16 20:04 - 2016-05-28 06:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-16 20:04 - 2016-05-28 06:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-16 20:04 - 2016-05-28 06:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-16 20:04 - 2016-05-28 06:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-16 20:04 - 2016-05-28 06:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-16 20:04 - 2016-05-28 06:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-16 20:04 - 2016-05-28 06:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-16 20:04 - 2016-05-28 06:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-16 20:04 - 2016-05-28 06:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-16 20:04 - 2016-05-28 06:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-16 20:04 - 2016-05-28 06:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-16 20:04 - 2016-05-28 06:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-16 20:04 - 2016-05-28 06:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-16 20:04 - 2016-05-28 06:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-16 20:04 - 2016-05-28 06:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-16 20:04 - 2016-05-28 06:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-16 20:04 - 2016-05-28 06:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-16 20:04 - 2016-05-28 06:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-16 20:04 - 2016-05-28 05:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-16 20:04 - 2016-05-28 05:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-16 20:04 - 2016-05-28 05:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-16 20:04 - 2016-05-28 05:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-16 20:04 - 2016-05-28 05:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-16 20:04 - 2016-05-28 05:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-16 20:04 - 2016-05-28 05:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-16 20:04 - 2016-05-28 05:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-16 20:03 - 2016-05-28 08:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-16 20:03 - 2016-05-28 07:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-16 20:03 - 2016-05-28 07:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-16 20:03 - 2016-05-28 07:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-16 20:03 - 2016-05-28 07:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-16 20:03 - 2016-05-28 07:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-16 20:03 - 2016-05-28 07:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-16 20:03 - 2016-05-28 07:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-16 20:03 - 2016-05-28 06:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-16 20:03 - 2016-05-28 06:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-16 20:03 - 2016-05-28 06:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-16 20:03 - 2016-05-28 06:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-16 20:03 - 2016-05-28 06:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-16 20:03 - 2016-05-28 06:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-16 20:03 - 2016-05-28 06:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-16 20:03 - 2016-05-28 06:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-16 20:03 - 2016-05-28 06:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-16 20:03 - 2016-05-28 06:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-16 20:03 - 2016-05-28 06:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-16 20:03 - 2016-05-28 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-16 20:03 - 2016-05-28 06:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-16 20:03 - 2016-05-28 06:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-16 20:03 - 2016-05-28 06:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-16 20:03 - 2016-05-28 06:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-16 20:03 - 2016-05-28 06:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-16 20:03 - 2016-05-28 06:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-16 20:03 - 2016-05-28 06:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-16 20:03 - 2016-05-28 06:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-16 20:03 - 2016-05-28 06:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-16 20:03 - 2016-05-28 06:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-16 20:03 - 2016-05-28 06:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-16 20:03 - 2016-05-28 06:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-16 20:03 - 2016-05-28 05:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
 
==================== One Month Modified Files and Folders ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2016-07-16 12:57 - 2016-04-16 11:28 - 00000000 ____D C:\ProgramData\Gramblr
2016-07-16 12:54 - 2015-12-22 19:35 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-16 12:50 - 2016-04-07 20:35 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-16 12:50 - 2015-10-30 20:35 - 00776562 _____ C:\WINDOWS\system32\perfh007.dat
2016-07-16 12:50 - 2015-10-30 20:35 - 00155874 _____ C:\WINDOWS\system32\perfc007.dat
2016-07-16 12:50 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-16 12:49 - 2016-04-06 21:57 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-07-16 12:45 - 2015-07-20 19:02 - 00000000 ____D C:\Users\Moritz\AppData\Roaming\Skype
2016-07-16 12:44 - 2016-05-10 15:06 - 00000000 ___RD C:\Users\Moritz\iCloudDrive
2016-07-16 12:44 - 2016-04-07 20:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-16 12:44 - 2016-04-07 20:25 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-16 12:44 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-16 12:38 - 2016-04-07 20:25 - 00000000 ____D C:\Users\Moritz
2016-07-16 12:38 - 2014-11-14 20:18 - 00000000 ____D C:\Users\Moritz\AppData\Local\Apps\2.0
2016-07-16 12:34 - 2014-11-14 20:16 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0CFC21D0-93D3-4997-A94C-B29205296335}
2016-07-16 02:52 - 2016-04-04 19:04 - 987273657 _____ C:\WINDOWS\MEMORY.DMP
2016-07-16 01:48 - 2014-11-19 19:46 - 00000000 ____D C:\Users\Moritz\AppData\Local\CrashDumps
2016-07-15 22:33 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-15 22:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-14 23:11 - 2016-01-04 20:01 - 00000000 ____D C:\Users\Moritz\AppData\Roaming\Mp3tag
2016-07-14 23:10 - 2016-06-13 22:21 - 00000000 ____D C:\Users\Moritz\AppData\Roaming\Audacity
2016-07-14 23:10 - 2016-01-13 16:18 - 00001146 _____ C:\Users\Moritz\Desktop\City Car Driving.lnk
2016-07-14 23:10 - 2015-10-25 00:08 - 00000000 ____D C:\Users\Moritz\AppData\Roaming\vlc
2016-07-14 23:09 - 2015-10-25 00:10 - 00001408 _____ C:\Users\Moritz\Desktop\VLC.lnk
2016-07-14 22:29 - 2015-04-05 02:55 - 00000000 ____D C:\Users\Moritz\AppData\Roaming\TS3Client
2016-07-14 21:54 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-14 21:54 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-13 23:03 - 2016-05-22 12:01 - 00000159 _____ C:\Users\Moritz\Desktop\tsips.txt
2016-07-13 13:40 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-13 13:01 - 2015-07-20 19:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-13 13:01 - 2015-07-20 19:02 - 00000000 ____D C:\ProgramData\Skype
2016-07-10 14:54 - 2015-01-31 01:33 - 00000000 ____D C:\Users\Moritz\AppData\Local\ElevatedDiagnostics
2016-07-09 18:17 - 2015-11-06 00:29 - 00000000 ____D C:\Users\Moritz\.gimp-2.8
2016-07-09 18:16 - 2015-11-06 00:31 - 00000000 ____D C:\Users\Moritz\AppData\Local\gtk-2.0
2016-07-04 21:34 - 2016-04-08 18:07 - 00000000 ____D C:\Users\Moritz\Desktop\rndm2
2016-07-03 23:20 - 2014-10-22 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-03 18:44 - 2015-04-17 19:33 - 00000000 ____D C:\Users\Moritz\AppData\Local\Rockstar Games
2016-07-03 17:15 - 2014-10-22 17:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-03 15:38 - 2015-12-24 00:20 - 00000000 ____D C:\Users\Moritz\AppData\Roaming\New Technology Studio
2016-07-03 15:37 - 2015-02-25 17:36 - 00000000 ____D C:\Program Files\OBS
2016-07-03 15:37 - 2015-02-25 17:36 - 00000000 ____D C:\Program Files (x86)\OBS
2016-07-02 14:05 - 2015-07-19 17:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-30 17:02 - 2016-02-16 22:13 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-30 17:02 - 2016-02-16 22:13 - 00001129 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-30 16:22 - 2016-06-14 16:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-30 16:08 - 2014-11-15 05:06 - 00000000 ____D C:\Users\Moritz\AppData\Local\Packages
2016-06-30 15:54 - 2015-12-06 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SequoiaView
2016-06-30 15:27 - 2016-02-11 18:16 - 00004186 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-30 15:22 - 2014-11-14 20:18 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-26 20:03 - 2014-11-29 16:20 - 00000000 ____D C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-24 22:36 - 2014-11-29 18:07 - 00000000 ____D C:\Users\Moritz\Documents\My Games
2016-06-24 22:17 - 2015-04-05 02:54 - 00000000 ____D C:\Users\Moritz\AppData\Local\TeamSpeak 3 Client
2016-06-20 21:07 - 2016-05-13 00:41 - 00000000 ____D C:\Users\Moritz\AppData\Local\Arma 3
2016-06-20 20:48 - 2016-05-20 18:33 - 00000000 ____D C:\Users\Moritz\AppData\Local\Deployment
2016-06-17 22:00 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-17 20:42 - 2014-11-15 04:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-17 20:40 - 2016-04-07 20:24 - 00262920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-17 16:04 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-17 16:04 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-17 16:04 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-16 20:08 - 2014-09-24 01:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-16 20:05 - 2014-09-24 01:08 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 
2016-06-26 17:07 - 2016-06-26 17:07 - 0848437 _____ () C:\Users\Moritz\AppData\Roaming\Bioair.bin
2016-06-26 17:06 - 2016-06-26 17:07 - 0018288 _____ () C:\Users\Moritz\AppData\Roaming\InstallationConfiguration.xml
2016-06-26 17:06 - 2016-06-26 17:06 - 0128512 _____ () C:\Users\Moritz\AppData\Roaming\Installer.dat
2016-06-26 17:07 - 2016-06-26 17:06 - 1273856 _____ () C:\Users\Moritz\AppData\Roaming\Kinin.exe
2015-12-06 22:13 - 2015-07-04 12:29 - 14548992 _____ () C:\Users\Moritz\AppData\Roaming\Sandra.mdb
2016-06-26 17:14 - 2016-06-26 17:06 - 1273856 _____ () C:\Users\Moritz\AppData\Roaming\Treefan.exe
2016-07-09 18:17 - 2016-07-09 18:17 - 0000833 _____ () C:\Users\Moritz\AppData\Local\recently-used.xbel
2016-05-20 18:10 - 2016-05-22 22:59 - 9299813 _____ () C:\Users\Moritz\AppData\Local\TFARReallifeRPG.ts3_plugin
2016-01-12 22:57 - 2016-01-12 22:57 - 0000085 ___SH () C:\ProgramData\.zreglib
2016-04-07 20:25 - 2016-04-07 20:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Moritz\AppData\Local\Temp\svchost.exe
 
 
Some content of TEMP:
====================
C:\Users\Moritz\AppData\Local\Temp\GTA_V_Launcher_1_0_791_2.exe
C:\Users\Moritz\AppData\Local\Temp\libeay32.dll
C:\Users\Moritz\AppData\Local\Temp\msvcr120.dll
C:\Users\Moritz\AppData\Local\Temp\ovi-uninstall.exe
C:\Users\Moritz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Moritz\AppData\Local\Temp\sqlite3.dll
C:\Users\Moritz\AppData\Local\Temp\svchost.exe
 
 
==================== Bamital & volsnap Check =================
 
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 
LastRegBack: 2016-07-12 00:04
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 wfang107

wfang107
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 16 July 2016 - 05:38 PM

PUSH



#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:07 AM

Posted 18 July 2016 - 12:48 PM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

Can you please post the Addition.txt that was created when you ran FRST.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 wfang107

wfang107
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 19 July 2016 - 08:55 AM

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16-07-2016
durchgeführt von Moritz (2016-07-16 12:57:10)
Gestartet von C:\Users\Moritz\Desktop
Windows 10 Home Version 1511 (X64) (2016-04-07 20:33:19)
Start-Modus: Normal
==========================================================
 
 
==================== Konten: =============================
 
Administrator (S-1-5-21-2942333276-3977313222-2008819515-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2942333276-3977313222-2008819515-503 - Limited - Disabled)
Gast (S-1-5-21-2942333276-3977313222-2008819515-501 - Limited - Disabled)
Moritz (S-1-5-21-2942333276-3977313222-2008819515-1001 - Administrator - Enabled) => C:\Users\Moritz
 
==================== Sicherheits-Center ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installierte Programme ======================
 
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 
3DMark (HKLM-x32\...\{12d6e0d7-21d5-4755-9da2-70352c6f7558}) (Version: 1.5.915.0 - Futuremark)
3DMark (Version: 1.5.915.0 - Futuremark) Hidden
7 Days to Die (HKLM\...\Steam App 251570) (Version:  - The Fun Pimps)
A3Launcher version 0.1.1.9 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.1.9 - Maca134)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version:  - Ubisoft)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
BlueStacks App Player (HKLM-x32\...\{52A51D7F-6731-45B6-AE77-0D4B0ECC70B5}) (Version: 2.1.8.5663 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MX720 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX720_series) (Version:  - Canon Inc.)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version:  - Forward Development)
Cobra 11 - Highway Nights (remove only) (HKLM-x32\...\HighwayNights) (Version:  - )
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.10.63.1020 - Electronic Arts Inc.)
Europa Universalis IV (HKLM\...\Steam App 236850) (Version:  - Paradox Development Studio)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Futuremark SystemInfo (HKLM-x32\...\{AFBB2F94-A43D-46AD-8F77-66ACB3C71EDF}) (Version: 4.39.552.0 - Futuremark)
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.7.2 - Gramblr Team)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
LibreOffice 4.2.7.2 (HKLM-x32\...\{A313C39F-79A7-408B-97EE-8F958407D694}) (Version: 4.2.7.2 - The Document Foundation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 358.87 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenIV (HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Outlast (HKLM\...\Steam App 238320) (Version:  - Red Barrels)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealLifeRPG Launcher (HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\RealLifeRPG) (Version: 1.1.1 - RealLifeRPG)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
RLCommunity Launcher (HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\f5a87685ef47df1f) (Version: 1.1.0.0 - RLCommunity)
ROCCAT Ryos Keyboard Driver (HKLM-x32\...\{70F3EF93-44F4-446A-90B8-33DAB2799AF1}) (Version: 1.29.0006 - Roccat GmbH)
ROCCAT Tyon Mouse Driver (HKLM-x32\...\{27A9CD4B-AF7E-46FB-A7B5-AB549EB45C15}) (Version:  - Roccat GmbH)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SiSoftware Sandra Lite 2015.SP2b (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.42.2015.7 - SiSoftware)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{FAD5089C-EB67-442F-89A3-970BCD034D40}) (Version: 7.14.0.184 - Skype Technologies S.A.)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
TeamSpeak 3 Client (HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Hat Man: Shadow Ward (HKLM\...\Steam App 291010) (Version:  - Game Mechanics)
The SKIES (HKLM\...\Steam App 337950) (Version:  - Eforb)
Trials Fusion (HKLM-x32\...\Uplay Install 297) (Version:  - Ubisoft)
Unity Web Player (HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.14-0 - Bitnami)
 
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
CustomCLSID: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Moritz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001_Classes\CLSID\{AB08C8FC-971C-4AE2-B23D-D76AC42C46E9}\localserver32 -> C:\Users\Moritz\AppData\Local\SkypePlugin\7.14.0.184\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001_Classes\CLSID\{ABB7ECA5-6973-499F-B610-80173795847A}\InprocServer32 -> C:\Users\Moritz\AppData\Local\SkypePlugin\7.14.0.184\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Moritz\AppData\Local\SkypePlugin\7.14.0.184\EdgeCalling.exe (Skype Technologies S.A.)
 
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
Task: {113CE68D-09F1-4E05-9E23-462D1ECEE921} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {24860540-26B8-403E-BFC3-0BFB2D87B869} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {25155F27-9ABC-4426-9EF7-52FF5C68AE25} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {27D9C6C1-D011-430F-B08D-A7A597D0E988} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {466E45AD-AE44-42E8-97E4-48EC67E77FCD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {60862560-6A39-49E2-8795-D89794B8A6DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {61A10F6E-B558-4632-B3D5-07085051F4CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {6AC5DCCB-BA4B-4831-8E93-7DB3A5B61F4A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {77CA7FF9-E769-4B22-AC13-856F5E94E60C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {7C492B9C-8928-4867-A040-C0D908967FC5} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2942333276-3977313222-2008819515-1001
Task: {8BBC42BA-1335-4C7A-A6F8-8320BD5F1288} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {AA44939C-71BA-4E79-8913-89C933AFD2FB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {B50F794F-7DB5-47E7-99E0-8C99D2DA6362} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {B61803AD-291B-432A-A5F4-B5BC7AD76485} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {C1E0989E-3D2B-41C6-BB99-0384DD5E8ECD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {C369C035-0F7B-46A8-9BEE-4309CF6265AC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {C93231D6-7F46-4109-9547-2A45D3FF6D13} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {CB37DBD2-780C-4B0E-B0C2-8B9ABAB2A6A9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {D9AE7FEA-A28C-4E54-887F-68D0189E7395} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-16] (Microsoft Corporation)
Task: {DADD6FA9-7C5C-4400-93D6-1548097CACC0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {ECD135DC-9F14-4104-9BF8-54C4492A1DB4} - System32\Tasks\{9644D2D8-FA9C-4A19-A7A1-9703F57E77CC} => pcalua.exe -a C:\ProgramData\BrowsingSecure\uninstall.exe -d C:\Windows\ImmersiveControlPanel
Task: {F2FF5A89-23A3-4D8C-90D9-2048DAF89989} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {FDDD5C36-47D9-4DDF-9078-F79B77AAFC7D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Verknüpfungen =============================
 
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
 
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-07 20:24 - 2013-07-04 04:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-16 11:28 - 2016-05-28 21:36 - 09654352 _____ () C:\Program Files\Gramblr\gramblr.exe
2016-06-07 21:43 - 2016-01-12 06:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-12 21:07 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 21:07 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-23 22:01 - 2016-05-23 22:01 - 00959168 _____ () C:\Users\Moritz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () E:\Program Files\Notepad++\NppShell_06.dll
2016-04-19 20:57 - 2016-04-19 20:57 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-16 01:51 - 2016-07-16 01:51 - 00024064 _____ () C:\Users\Moritz\AppData\Local\Temp\svchost.exe
2016-04-07 21:22 - 2016-04-07 21:22 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 16:22 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-16 20:04 - 2016-05-28 05:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-16 20:04 - 2016-05-28 05:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-16 20:04 - 2016-05-28 05:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-16 20:04 - 2016-05-28 05:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-30 15:22 - 2016-06-23 15:26 - 02336584 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-30 15:22 - 2016-06-23 15:25 - 00107336 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll
2016-04-07 20:24 - 2016-07-16 12:44 - 00034960 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-04-07 20:24 - 2013-07-04 04:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-06-14 16:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-14 16:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-14 16:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-14 16:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-14 16:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-04-19 20:57 - 2016-04-19 20:57 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 20:57 - 2016-04-19 20:57 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00244024 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-20 20:43 - 2014-03-20 20:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-04 00:13 - 2016-01-12 06:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
 
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 
 
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 
 
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
Da befinden sich 7910 mehr Seiten.
 
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\123simsen.com -> www.123simsen.com
 
Da befinden sich 7910 mehr Seiten.
 
 
==================== Hosts Inhalt: ==========================
 
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 
2013-08-22 15:25 - 2016-07-16 01:52 - 00453118 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
Da befinden sich 15545 zusätzliche Einträge.
 
 
==================== Andere Bereiche ============================
 
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Moritz\Desktop\rndm3\Vom PC\images.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
 
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
 
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{11B0A4F6-5F20-4A8A-AB35-BCC2A4D912E9}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{E25E079E-2C15-4EB8-B0BC-18688B430731}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{ED5529E6-D44A-4AB4-873C-816A7D8ED8E7}] => (Allow) E:\Programme\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{84DCB54D-2CC5-47B2-9CCF-1CEB72924249}] => (Allow) E:\Programme\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{4C623B25-2753-407A-BC71-573C1D670D35}] => (Allow) LPort=1900
FirewallRules: [{1B6771B8-1CC7-44F1-9162-84AD161E7D8F}] => (Allow) LPort=2869
FirewallRules: [{3B325B7F-DB13-4A50-8B74-9B33F3495160}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{198F6E7D-4FD8-4CAA-8617-BEB6D69BF849}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{F5F4D19E-12B9-41BC-849F-AF3EC69FD509}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{30DC1CD1-E521-47DD-95D7-85ACA26A4830}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{40E27966-3439-4F17-884B-EBF332B7B611}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{4E0F7902-4034-4344-92ED-30DF443EC75E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2676B16A-8A86-4B4B-9CCF-7E03DC6329D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1ED23C4E-A6D4-4F49-A0DD-D4D37415A9F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0532BFB7-3CD8-4B21-8857-40E8DECF1B77}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{88CF356E-6A51-4FD7-86C9-E5249DC5E452}E:\program files (x86)\city car driving\bin\win32\starter.exe] => (Allow) E:\program files (x86)\city car driving\bin\win32\starter.exe
FirewallRules: [TCP Query User{945286B0-797F-4A6F-A141-6B8FC48C5A2E}E:\program files (x86)\city car driving\bin\win32\starter.exe] => (Allow) E:\program files (x86)\city car driving\bin\win32\starter.exe
FirewallRules: [{79C65DA0-276E-40AD-83E4-7724A5595A96}] => (Allow) E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\RpcAgentSrv.exe
FirewallRules: [UDP Query User{8B9914BC-BB2F-4176-A51D-7EA76607377F}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
FirewallRules: [TCP Query User{AEECB09A-6CCA-4DFC-B150-6B66920F4306}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
FirewallRules: [{6696DF6C-3D3E-4A6E-9D28-8248818E4E5E}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EEDC9AB2-64C5-434C-B4B6-E331FAD84BF2}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A59D84DF-A67A-4E11-B724-A6AB5B392903}] => (Allow) E:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{163BB1D1-48E7-486E-86C5-5BA6CA52BDAC}] => (Allow) E:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{422EA53D-32EC-4AF4-9873-4C2C1D94DDAD}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{61C23122-0757-40BA-835B-1F5CDC0A3A9F}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{DEF13A77-D633-4EF6-9EFE-049DC9E3BDB4}E:\xampp\mysql\bin\mysqld.exe] => (Block) E:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{923E6ADD-AC11-4600-BB7F-3D4D4674B048}E:\xampp\mysql\bin\mysqld.exe] => (Block) E:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{5F6BEDA5-C103-45F9-A8AA-A70C362AA354}] => (Allow) E:\xampp\apache\bin\httpd.exe
FirewallRules: [{FA8A3448-CF9C-4DFD-A816-F0D28A7DB838}] => (Block) E:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{D52636DA-FB64-4262-84A9-DFED920F8BA0}E:\xampp\apache\bin\httpd.exe] => (Allow) E:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{2A69E589-9B61-4727-BF70-C7CA123F9FCE}E:\xampp\apache\bin\httpd.exe] => (Allow) E:\xampp\apache\bin\httpd.exe
FirewallRules: [{EC225300-9700-40D2-98FD-EA6D5F9496A8}] => (Allow) E:\Programme\Spiele\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [{9EAB0A6E-6236-4450-8914-786F731CB878}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3DBB2065-B4C7-4F1C-AC13-0345DB7C8093}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F492382B-32EA-4979-B9C2-336901FD6408}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{E2BDE4EF-4B6B-425E-8BC1-2DA6DC880FC1}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{C806C054-1C10-4A93-B921-2ED68E12AA47}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{5D0BE5B7-13EE-47C3-B87B-D997B55BC43B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BA2C1357-A55B-4131-A666-D37DACC9FEA8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D7BFA391-9CC2-4397-8F6D-006C68536D95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A58AA539-4F75-4C46-8C00-4E906F5A281E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{38F73A7F-C480-4B6F-994F-DD0209A1AE6B}E:\programme\gta5.exe] => (Allow) E:\programme\gta5.exe
FirewallRules: [TCP Query User{D2257E75-30C9-4B70-A747-30F5EBB9EE09}E:\programme\gta5.exe] => (Allow) E:\programme\gta5.exe
FirewallRules: [{B03E1E75-BFA5-4325-AD83-A1658D94BCBA}] => (Allow) E:\Programme\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{FA18E9B2-CE27-45F1-B8D4-0CB7F5B939ED}] => (Allow) E:\Programme\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{312CBCB2-9FF4-481B-8EE4-D4FC44BE8D38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E824CE38-2ED2-4909-A24F-9321A80C866E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6E73FE4F-92C4-40B1-AA58-389E81675484}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C779F6C6-5EFC-43D3-A1E0-4A45CD608685}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3682D860-E6BE-4229-9263-DE138A92D13D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [UDP Query User{BD3AA3A7-0229-4E2C-BACF-EA77CFE3399B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{12B6AF13-4A24-48CA-BAB7-CC5B92A02FAB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{77DEE011-043D-4DC5-AA00-9C83EF7F4B57}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{18957504-F0D7-49AD-942B-73307F3C137D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5BA2CA1F-905C-420D-AFB2-52EF109F393E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9B876921-4AF6-4E04-9F13-ED3147D0AF71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FC01C18D-F216-4E3A-B539-723885800854}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{278136E5-3497-405D-97CE-211E4809BF24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9B8E773-5AAF-4950-B5CC-9BB32453AFF0}] => (Allow) E:\Programme\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{5DF2C57D-2276-4B17-AA2B-CED945B32062}] => (Allow) E:\Programme\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [UDP Query User{2135AA84-BDB9-41D7-A87B-88D5A98C7291}E:\programme\gta5.exe] => (Allow) E:\programme\gta5.exe
FirewallRules: [TCP Query User{4B5FAED7-AF0D-4A34-97F0-45FD9BE878EB}E:\programme\gta5.exe] => (Allow) E:\programme\gta5.exe
FirewallRules: [{E4AECC4C-D35B-4CAE-B28E-470C02829B06}] => (Allow) E:\Programme\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{847DFCFF-E426-457C-A755-91928EEAB734}] => (Allow) E:\Programme\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{84A18B59-2E2E-49FD-884A-AEE24EFF8B5A}] => (Allow) E:\Programme\Battlefield 4\bf4.exe
FirewallRules: [{4034EF49-3349-4995-82BF-AECDDA2DBC55}] => (Allow) E:\Programme\Battlefield 4\bf4.exe
FirewallRules: [{B36CDABA-EBF7-44E3-891D-D1CB975FADC4}] => (Allow) E:\Programme\Battlefield 4\bf4_x86.exe
FirewallRules: [{95B5D45C-45DF-492A-99C9-01E7083B2D02}] => (Allow) E:\Programme\Battlefield 4\bf4_x86.exe
FirewallRules: [{FC0F7961-301B-4F8B-B0C7-332601099513}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C432ECBA-4240-4527-8A11-64267D14E1E9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CC881A55-F21C-4800-945D-95E737F981D7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1A924A95-3DF2-4954-8D50-44C5A038EB6D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3C4C8081-A8E5-4CFF-8904-FD0B93A00CCE}] => (Allow) E:\Programme\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{1CC891DC-4829-4523-8894-CD5DD4E5A31D}] => (Allow) E:\Programme\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{3BADE217-62B0-423E-AFB3-7ECA1D9E0D02}] => (Block) C:\users\moritz\downloads\teamspeak3-server_win64-3.0.11.2\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [{DDDD1B66-3FF7-4082-A6F4-D575CD5C801A}] => (Block) C:\users\moritz\downloads\teamspeak3-server_win64-3.0.11.2\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [UDP Query User{3C5E10DC-81BA-4B08-86E3-0A684C9592F0}C:\users\moritz\downloads\teamspeak3-server_win64-3.0.11.2\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\moritz\downloads\teamspeak3-server_win64-3.0.11.2\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [TCP Query User{362712B1-C83B-47E6-948E-20839D37E36D}C:\users\moritz\downloads\teamspeak3-server_win64-3.0.11.2\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\moritz\downloads\teamspeak3-server_win64-3.0.11.2\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [{6A76D0AB-5260-46B3-ACE5-FED271CDE8FB}] => (Allow) E:\Programme\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{B57E9C9D-B793-4337-951C-0D7626C5AFBC}] => (Allow) E:\Programme\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [UDP Query User{C660D746-C24C-4F4F-95F6-FD27F0C0C755}E:\programme\spiele\assassin's creed unity\acu.exe] => (Allow) E:\programme\spiele\assassin's creed unity\acu.exe
FirewallRules: [TCP Query User{B9E92F20-E6B4-480A-AED3-08A149955B46}E:\programme\spiele\assassin's creed unity\acu.exe] => (Allow) E:\programme\spiele\assassin's creed unity\acu.exe
FirewallRules: [UDP Query User{7248E2B8-2C53-435C-8116-EA0B3175769E}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{1EE19D34-5EE8-4244-A311-836AA5660543}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{518DDD61-0180-4995-A4DC-7220A4A7F52B}E:\programme\spiele\far cry 4\bin\farcry4.exe] => (Allow) E:\programme\spiele\far cry 4\bin\farcry4.exe
FirewallRules: [TCP Query User{06CA8094-955C-4EDB-88E2-54452FCE800E}E:\programme\spiele\far cry 4\bin\farcry4.exe] => (Allow) E:\programme\spiele\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{F4BC3550-643C-4A2A-B33C-232253272526}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{8EA22E54-EE96-4754-BC8C-EDC9B0FC0724}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{26B00519-3979-4326-8557-C53315204D2F}] => (Allow) E:\Programme\Spiele\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{B739FC79-CB16-4AD8-9C7A-D9B37E51481B}] => (Allow) E:\Programme\Spiele\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{F134E396-1CB4-4ED8-B6F6-9A8DEE393CDD}] => (Allow) E:\Programme\Spiele\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{737FD509-CADD-4C77-BC5F-A385DD2D9BE4}] => (Allow) E:\Programme\Spiele\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{898E3421-1851-4646-AF81-C2CEFB1D8633}] => (Allow) E:\Programme\SimCity\SimCity\SimCity.exe
FirewallRules: [{29FA3E24-220B-4922-B57A-A90279843CD5}] => (Allow) E:\Programme\SimCity\SimCity\SimCity.exe
FirewallRules: [{D1E140A7-82E7-4BCE-9F0B-067F66997B62}] => (Allow) E:\Programme\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{0339621E-570A-412E-8AA6-8906153672F9}] => (Allow) E:\Programme\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [UDP Query User{B59B330F-914E-4E85-A7B3-AC10E4D93F40}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{10E49FA5-04BB-4776-8B35-29FE57574C2E}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{35439A03-3CB4-4C1A-B762-97F779195DDE}] => (Allow) E:\Programme\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{7424E9F6-D604-4AAC-AC3B-A385A03D65B0}] => (Allow) E:\Programme\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{ECD2DDBB-A412-4B37-979C-3AC89ACE02AE}] => (Allow) E:\Programme\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{5A842D8A-3DAC-49DB-A2E1-B616C0DD6F84}] => (Allow) E:\Programme\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{02AA498F-34FA-43AF-B425-B95CBC6BB700}] => (Allow) E:\Programme\Steam\Steam.exe
FirewallRules: [{A54F5EE3-9479-468D-8AC5-73AE0EA66666}] => (Allow) E:\Programme\Steam\Steam.exe
FirewallRules: [{7839E968-2CE1-4231-96D2-221D23B4AE80}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{03765E36-BF6C-454B-BA6B-B70A6EACCC9A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{72DFD37E-937F-432E-912E-4F4371D848E6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{60110BB9-6EA3-4A30-A452-3AA698D29ABC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{43392B05-BE30-41E2-B171-D045D1722828}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{ECED08FC-8BA9-43F4-97F1-688D074821D9}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{07597C17-FDA1-4C68-8150-AD1F5B244FF0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3319646-64CE-4A97-B037-3EC6976B8DE9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{668664E1-8EFE-4AAD-B819-176DC60CA2A0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B68C47A5-BE49-446D-BB65-AB0398E08FFB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3489D1D4-D981-40D5-8A58-501B17555C0C}] => (Allow) E:\Programme\Steam\steamapps\common\The SKIES\Skies.exe
FirewallRules: [{F4DC224C-7BDF-4CE7-8786-09D71257AB1C}] => (Allow) E:\Programme\Steam\steamapps\common\The SKIES\Skies.exe
FirewallRules: [{D8CA4C53-1C0C-42BB-BCBC-6F7985C1B5AA}] => (Allow) E:\Programme\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{11DD2F21-CBE3-4111-8BA1-84A79AF2DD7C}] => (Allow) E:\Programme\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3969FA6A-0255-46D2-8559-282D59E15787}] => (Allow) E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\WNt600x64\RpcSandraSrv.exe
FirewallRules: [{0B0D9097-E41F-40C5-88C5-41D40A6AB798}] => (Allow) E:\Programme\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{C139287E-38FF-463F-88A2-3C32DED913C3}] => (Allow) E:\Programme\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{918C9E23-7059-4D34-ADBE-2DCFC04D3800}E:\programme\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\programme\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{3218BC7E-F7FA-4102-AFF0-21E435FB5388}E:\programme\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\programme\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{F76DAA2F-FBAC-4E93-A340-5FCE2853344D}C:\users\moritz\appdata\roaming\bittorrent sync\btsync.exe] => (Block) C:\users\moritz\appdata\roaming\bittorrent sync\btsync.exe
FirewallRules: [UDP Query User{F8A54F64-F852-46A1-B36C-97940ED34434}C:\users\moritz\appdata\roaming\bittorrent sync\btsync.exe] => (Block) C:\users\moritz\appdata\roaming\bittorrent sync\btsync.exe
FirewallRules: [{CD301EB4-D7DA-4606-B201-5352C6F20F8E}] => (Allow) E:\Programme\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{F09B8F79-B9E3-42D4-AD88-33F0D8DA4192}] => (Allow) E:\Programme\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{67D9F641-3DBF-4084-BA91-43DB189A040A}] => (Allow) E:\Programme\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{B8EFF9CF-2AF4-4AB9-AA89-155013FC5991}] => (Allow) E:\Programme\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{5510B0ED-458B-4A76-B89B-9C55A961DA95}] => (Allow) E:\Programme\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{509494A2-7CE5-44F6-9CDA-A75E77420167}] => (Allow) E:\Programme\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{8F8AC5FD-6B7E-4479-9E54-CCF0EA95F529}] => (Allow) E:\Programme\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{EC047AC3-B4B0-4799-A29E-EBB8B76E0C3D}] => (Allow) E:\Programme\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{7A6004A9-7FB6-4F9C-8781-6D1AEBA75AC0}] => (Allow) E:\Programme\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{FF28B62C-1FD6-4334-BE2A-A29DC3FF0E6A}] => (Allow) E:\Programme\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{5B81FF8F-243F-47CA-9281-3D25AC32733D}] => (Allow) E:\Programme\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{41C0A4C8-5E5F-4BC2-8B69-1CD393249839}] => (Allow) E:\Programme\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{560358E6-2D8B-4B67-B1AA-3AE95FA4AC93}] => (Allow) E:\Programme\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{5B13D0D4-0C1F-4605-BAE5-883FB7497903}] => (Allow) E:\Programme\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{C03F7DF5-833C-41A4-88B7-F82EFC435F67}] => (Allow) E:\Programme\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{ACA2392E-C137-4FB0-8C0C-542BDF48549E}] => (Allow) E:\Programme\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{AB929A2D-8069-4902-A18F-F7F5D091CEFC}E:\programme\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) E:\programme\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{1C05D75B-9253-44A4-B65C-BCC2260152A2}E:\programme\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) E:\programme\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{5DE976ED-471F-49F4-B7AC-EBE633D3B6F4}] => (Allow) E:\Programme\Steam\steamapps\common\The Hat Man Shadow Ward\The Hat Man.exe
FirewallRules: [{D0380167-C518-4EA6-B7DB-4DBC031823DA}] => (Allow) E:\Programme\Steam\steamapps\common\The Hat Man Shadow Ward\The Hat Man.exe
FirewallRules: [{AB40C4F0-406D-4194-B180-453C77362D51}] => (Allow) E:\Programme\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{C36390BD-D71A-4F47-B7F3-FF42FE57EB60}] => (Allow) E:\Programme\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{56F70CC4-D0A6-48E5-A3E5-E2DC43901D0E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{23AE0346-CBE3-47D5-BE28-605698304CD7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C917A5FD-89C2-4AC6-BDBD-C6CDE796BE63}] => (Allow) E:\Programme\Grand Theft Auto V\GTA5.exe
FirewallRules: [{524B1A9B-DF18-40E7-AF3C-4C7387A65EBF}] => (Allow) E:\Programme\Grand Theft Auto V\GTA5.exe
FirewallRules: [{5EBF751C-7F6F-4CF6-8FE1-EDF160B881BF}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{48AE55A8-79C0-48B4-A39D-EFC9CBF52DA5}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{F8A8F537-D6F8-486F-BEF9-5772303246C9}] => (Allow) C:\Users\Moritz\AppData\Local\Temp\svchost.exe
FirewallRules: [{1A0314D5-3052-45F8-9441-4A265B8086B5}] => (Allow) C:\Users\Moritz\AppData\Local\Temp\svchost.exe
FirewallRules: [TCP Query User{764EC70D-AEBA-48B9-96A0-DF7037A49C17}E:\program files\program files (x86)\city car driving\bin\win32\starter.exe] => (Block) E:\program files\program files (x86)\city car driving\bin\win32\starter.exe
FirewallRules: [UDP Query User{C3DF3B25-E258-4E9D-9FF9-0E978EBD89B5}E:\program files\program files (x86)\city car driving\bin\win32\starter.exe] => (Block) E:\program files\program files (x86)\city car driving\bin\win32\starter.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Wiederherstellungspunkte =========================
 
ACHTUNG: Systemwiederherstellung ist deaktiviert
 
==================== Fehlerhafte Geräte im Gerätemanager =============
 
 
==================== Fehlereinträge in der Ereignisanzeige: =========================
 
Applikationsfehler:
==================
Error: (07/16/2016 12:44:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (07/16/2016 12:44:48 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (07/16/2016 12:44:48 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (07/16/2016 12:44:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
 
Error: (07/16/2016 12:44:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
Error: (07/16/2016 12:44:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
 
Error: (07/16/2016 12:44:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
Error: (07/16/2016 12:39:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (07/16/2016 12:39:34 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (07/16/2016 12:39:34 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
 
Systemfehler:
=============
Error: (07/16/2016 12:53:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error: (07/16/2016 12:46:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bazkservse Agent" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2 = Das System kann die angegebene Datei nicht finden.
 
 
Error: (07/16/2016 12:45:43 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT-AUTORITÄTNetzwerkdienstS-1-5-20LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 
Error: (07/16/2016 12:45:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT-AUTORITÄTNetzwerkdienstS-1-5-20LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 
Error: (07/16/2016 12:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_371f9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (07/16/2016 12:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _371f9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (07/16/2016 12:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_371f9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (07/16/2016 12:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_371f9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (07/16/2016 12:44:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 
Error: (07/16/2016 12:43:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel® Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
 
CodeIntegrity:
===================================
  Date: 2016-06-30 15:27:14.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-30 15:27:14.946
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-30 15:26:57.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-30 15:26:57.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-30 15:26:55.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-30 15:26:55.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-30 15:26:14.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-30 15:26:14.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-30 15:26:01.514
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-30 15:26:01.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Speicherinformationen =========================== 
 
Prozessor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 8135.26 MB
Verfügbarer physikalischer RAM: 5484.5 MB
Summe virtueller Speicher: 15559.26 MB
Verfügbarer virtueller Speicher: 12723.13 MB
 
==================== Laufwerke ================================
 
Drive c: (Windows) (Fixed) (Total:106.8 GB) (Free:31.84 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:382.82 GB) NTFS
 
==================== MBR & Partitionstabelle ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B03D86CD)
Partition 1: (Active) - (Size=450 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=106.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DA70D99F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== Ende von Addition.txt ============================


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:07 AM

Posted 20 July 2016 - 12:14 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[attachment=182683:fixlist.txt]

Let me know how the machine is running after this fix.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 wfang107

wfang107
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 24 July 2016 - 08:35 AM

Thanks, the Computer works so much faster now! Fixlog.txt (German) is down below. Thanks again, i apreciate it and will recommend you to my friends if they have problems with malware.

 

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24-07-2016
durchgeführt von Moritz (2016-07-24 15:29:31) Run:1
Gestartet von E:\rndm\BLeeDiNG CoMPuTeR\Farbar Recovery Scan Tool
Geladene Profile: Moritz (Verfügbare Profile: Moritz)
Start-Modus: Normal
==============================================
 
fixlist Inhalt:
*****************
HKLM-x32\...\Run: [sun21] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [UM] => C:\Users\Moritz\AppData\Roaming\Update Manager\UM.EXE
HKLM\...\Run: [gplyra] => C:\Users\Moritz\AppData\Roaming\gplyra\gplyra\start.cmd
C:\Users\Moritz\AppData\Roaming\gplyra\gplyra\start.cmd
C:\Users\Moritz\AppData\Local\Temp\svchost.exe
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\...\Run: [bd51a268668edf212421dec5247d3008] => C:\Users\Moritz\AppData\Local\Temp\svchost.exe [24064 2016-07-16] () <===== ACHTUNG
Startup: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bd51a268668edf212421dec5247d3008.exe [2016-07-16] ()
SearchScopes: HKU\S-1-5-21-2942333276-3977313222-2008819515-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: DealbeaverBHO Class -> {A5C87FD0-85EF-45B6-AF57-BE74A5FF1768} -> C:\Program Files (x86)\Dealbeaver\Dealbeaver64.dll => Keine Datei
FF ProfilePath: C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default
FF Keyword.URL: undefined://undefined/
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\Program Files (x86)\VLC\VLC\npvlc.dll [Keine Datei]
FF SearchPlugin: C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default\searchplugins\p3s16eb4.xml [2016-06-26]
FF Extension: Dealbeaver - C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\6l5txdm8.default\Extensions\dealbeaver@dealbeaver.org.xpi [2016-05-04]
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\6l5txdm8.default\Extensions\ich@maltegoetz.de.xpi [2016-03-22]
FF Extension: Video DownloadHelper - C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\6l5txdm8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-29]
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default\Extensions\ich@maltegoetz.de.xpi [2016-03-22]
FF Extension: Video DownloadHelper - C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-29]
CHR HomePage: Profile 1 -> hxxp://www-searching.com/?pid=s&s=g6qzftpbl0cshmoaq,dcc19580-a526-4585-ada7-dbe52dec1258,&vp=ch&prd=set_ch
S2 bazkservseagnrmr.exe; "C:\Program Files (x86)\Bevconesy\bazkservseagnrmr.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [X]
C:\Program Files (x86)\Bevconesy\bazkservseagnrmr.exe
Task: {113CE68D-09F1-4E05-9E23-462D1ECEE921} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {24860540-26B8-403E-BFC3-0BFB2D87B869} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {25155F27-9ABC-4426-9EF7-52FF5C68AE25} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Emptytemp:
Task: {466E45AD-AE44-42E8-97E4-48EC67E77FCD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {60862560-6A39-49E2-8795-D89794B8A6DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {77CA7FF9-E769-4B22-AC13-856F5E94E60C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {AA44939C-71BA-4E79-8913-89C933AFD2FB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {C1E0989E-3D2B-41C6-BB99-0384DD5E8ECD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {C369C035-0F7B-46A8-9BEE-4309CF6265AC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {C93231D6-7F46-4109-9547-2A45D3FF6D13} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {CB37DBD2-780C-4B0E-B0C2-8B9ABAB2A6A9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {DADD6FA9-7C5C-4400-93D6-1548097CACC0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {FDDD5C36-47D9-4DDF-9078-F79B77AAFC7D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
HOSTS:
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun21 => Wert erfolgreich entfernt
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\Software\Microsoft\Windows\CurrentVersion\Run\\UM => Wert erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gplyra => Wert erfolgreich entfernt
"C:\Users\Moritz\AppData\Roaming\gplyra\gplyra\start.cmd" => nicht gefunden.
"C:\Users\Moritz\AppData\Local\Temp\svchost.exe" => nicht gefunden.
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\Software\Microsoft\Windows\CurrentVersion\Run\\bd51a268668edf212421dec5247d3008 => Wert nicht gefunden.
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bd51a268668edf212421dec5247d3008.exe => nicht gefunden.
HKU\S-1-5-21-2942333276-3977313222-2008819515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5C87FD0-85EF-45B6-AF57-BE74A5FF1768}" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{A5C87FD0-85EF-45B6-AF57-BE74A5FF1768}" => Schlüssel erfolgreich entfernt
FF ProfilePath: C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default => FRST wurde darauf programmiert dieses Verzeichnis nicht zu verschieben.
Firefox "Keyword.URL" erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1" => Schlüssel erfolgreich entfernt
C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default\searchplugins\p3s16eb4.xml => erfolgreich verschoben
C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\6l5txdm8.default\Extensions\dealbeaver@dealbeaver.org.xpi => erfolgreich verschoben
C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\6l5txdm8.default\Extensions\ich@maltegoetz.de.xpi => erfolgreich verschoben
C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\6l5txdm8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => erfolgreich verschoben
C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default\Extensions\ich@maltegoetz.de.xpi => erfolgreich verschoben
C:\Users\Moritz\AppData\Roaming\Profiles\wmvq7xfo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => erfolgreich verschoben
Chrome HomePage => erfolgreich entfernt
bazkservseagnrmr.exe => Dienst erfolgreich entfernt
"C:\Program Files (x86)\Bevconesy\bazkservseagnrmr.exe" => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{113CE68D-09F1-4E05-9E23-462D1ECEE921}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{113CE68D-09F1-4E05-9E23-462D1ECEE921}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24860540-26B8-403E-BFC3-0BFB2D87B869}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24860540-26B8-403E-BFC3-0BFB2D87B869}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25155F27-9ABC-4426-9EF7-52FF5C68AE25}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25155F27-9ABC-4426-9EF7-52FF5C68AE25}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{466E45AD-AE44-42E8-97E4-48EC67E77FCD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{466E45AD-AE44-42E8-97E4-48EC67E77FCD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60862560-6A39-49E2-8795-D89794B8A6DE}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60862560-6A39-49E2-8795-D89794B8A6DE}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77CA7FF9-E769-4B22-AC13-856F5E94E60C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77CA7FF9-E769-4B22-AC13-856F5E94E60C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA44939C-71BA-4E79-8913-89C933AFD2FB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA44939C-71BA-4E79-8913-89C933AFD2FB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1E0989E-3D2B-41C6-BB99-0384DD5E8ECD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1E0989E-3D2B-41C6-BB99-0384DD5E8ECD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C369C035-0F7B-46A8-9BEE-4309CF6265AC}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C369C035-0F7B-46A8-9BEE-4309CF6265AC}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C93231D6-7F46-4109-9547-2A45D3FF6D13}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C93231D6-7F46-4109-9547-2A45D3FF6D13}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB37DBD2-780C-4B0E-B0C2-8B9ABAB2A6A9}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB37DBD2-780C-4B0E-B0C2-8B9ABAB2A6A9}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DADD6FA9-7C5C-4400-93D6-1548097CACC0}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DADD6FA9-7C5C-4400-93D6-1548097CACC0}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDDD5C36-47D9-4DDF-9078-F79B77AAFC7D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDDD5C36-47D9-4DDF-9078-F79B77AAFC7D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 220434235 B
Java, Flash, Steam htmlcache => 384877924 B
Windows/system/drivers => 1536448 B
Edge => 34161979 B
Chrome => 570596559 B
Firefox => 381016031 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 185847 B
NetworkService => 3947342 B
Moritz => 480885336 B
 
RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporäre Dateien entfernt.
 
================================
 
 
Das System musste neu gestartet werden.
 
==== Ende von Fixlog 15:29:53 ====


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:07 AM

Posted 24 July 2016 - 11:38 AM

Lets check for any leftovers.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

 

2.

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:07 AM

Posted 01 August 2016 - 06:18 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users