Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Browser öffnet Tabs von alleine mit Werbung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.01.2017, 22:04   #1
Kingaru
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Hallo,
Unzwar habe ich mir leider vor 2 Tagen eine Datei heruntergeladen und musste feststellen, dass mein PC also mein Browser immer von selbst Tabs öffnet. ( ungefähr alle 2 min öffnen sich neue Tabs mit Werbung)

Ich würde mich freuen falls mir jemand helfen könnte

Mfg
KingAru

Alt 03.01.2017, 22:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Zitat:
Unzwar habe ich mir leider vor 2 Tagen eine Datei heruntergeladen
Und diese Datei hat keinen Namen, ist ein Staatsgeheimnis? Ebenso die Quelle dieser Datei?

Dein Betriebssystem lautet Windows 95?

Welche Browser betroffen sind müssen wir erraten?

Zitat:
Ich würde mich freuen falls mir jemand helfen könnte
Mit diesen Angaben kann das nur eine
__________________

__________________

Alt 03.01.2017, 22:34   #3
Kingaru
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Die Datei habe ich leider direkt gelöscht und ich finde auch den Namen nicht mehr.

Was ist mit der Quelle gemeint? Wie kann ich sie herausfinden/heraussuchen

Ich benutzte Windows 10 und es sind die Browser betroffen, die ich als Standardbrowser in Windows eingestellt habe. Ich hatte zunächst Opera und dann kamen dort diese Tabs . Daraufhin habe ich Opera deiinstalliert und die Tabs haben sich bei Explorer geöffnet
__________________

Alt 03.01.2017, 22:47   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Damit ist gemeint von wo genau du die Datei heruntergeladen hast. Und was du eigentlich vorhattest. Man lädst nicht einfach so irgendeine Datei herunter, du musst etwas ganz bestimmtes vorgehabt haben.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2017, 12:41   #5
Kingaru
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Ich wollte mir eine Demo vom Spiel Fernbussimulator downloaden
und habe die Datei auch ausgeführt jedoch musste ich schnell bemerken dass da etwas nicht stimmt
Genauen Link finde ich leider nicht mehr.


Alt 04.01.2017, 12:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Hmja. Das ist leider ein typisches Ärgernis unter Windows, weil man Software sich "von irgendwo" besorgen muss.

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
--> Browser öffnet Tabs von alleine mit Werbung

Alt 04.01.2017, 13:38   #7
Kingaru
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Hier der FRST.txt :


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
durchgeführt von Aruran (Administrator) auf ARU (04-01-2017 13:32:35)
Gestartet von C:\Users\Aruran\Desktop
Geladene Profile: Aruran & Administrator (Verfügbare Profile: Aruran & Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) D:\Anti-Malware\MBAMService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Malwarebytes) D:\Anti-Malware\mbamtray.exe
() C:\Program Files\ZAUU1FC4ZY\ZAUU1FC4Z.exe
() C:\Program Files\NSWWDIN18Z\NSWWDIN18.exe
() C:\Program Files\2LA9XOQK4R\2LA9XOQK4.exe
() C:\Program Files\Z06UCTZZ10\Z06UCTZZ1.exe
() C:\Users\Aruran\AppData\Local\Temp\NBGTI2CFT\NBGTI2CFT.exe
() C:\Program Files\G5NV6PMZQY\TUTAEOS0P.exe
() C:\Program Files\2UPOF0VUZ8\2UPOF0VUZ.exe
() C:\Program Files\H1ASR0KVAA\H1ASR0KVA.exe
() C:\Users\Aruran\AppData\Local\Temp\Y7QHIVYEP\Y7QHIVYEP.exe
() C:\Users\Aruran\AppData\Local\Temp\5ANZUSRV6\5ANZUSRV6.exe
() C:\Program Files\WSYN11RTPB\WSYN11RTP.exe
() C:\Users\Aruran\AppData\Local\Temp\O07ST4XN6\O07ST4XN6.exe
(Mega Limited) C:\Users\Aruran\AppData\Local\MEGAsync\MEGAsync.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Spotify Ltd) C:\Users\Aruran\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => D:\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-25] (Raptr, Inc)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [Spotify] => C:\Users\Aruran\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-04] (Spotify Ltd)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [Spotify Web Helper] => C:\Users\Aruran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-04] (Spotify Ltd)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [RRRV2SMXUP] => C:\Program Files\ZAUU1FC4ZY\ZAUU1FC4Z.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [1HNLNTZGDW] => C:\Program Files\NSWWDIN18Z\NSWWDIN18.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [4YFG394BZN] => C:\Program Files\2LA9XOQK4R\2LA9XOQK4.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [SA9EN75ICN] => C:\Program Files\Z06UCTZZ10\Z06UCTZZ1.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [DVQCLJMAEQ] => C:\Users\Aruran\AppData\Local\Temp\NBGTI2CFT\NBGTI2CFT.exe [369664 2017-01-01] () <===== ACHTUNG
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [AWFREW3ZKU] => C:\Program Files\394AHT7JYC\394AHT7JY.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [7VT3UPTOXR] => C:\Program Files\G5NV6PMZQY\TUTAEOS0P.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [48ALI829O4] => C:\Program Files\2UPOF0VUZ8\2UPOF0VUZ.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [B9FKZYJYPU] => C:\Program Files\H1ASR0KVAA\H1ASR0KVA.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [CIR0HP9PPD] => C:\Users\Aruran\AppData\Local\Temp\Y7QHIVYEP\Y7QHIVYEP.exe [369664 2017-01-01] () <===== ACHTUNG
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [0AYADRMO1L] => C:\Users\Aruran\AppData\Local\Temp\5ANZUSRV6\5ANZUSRV6.exe [369664 2017-01-01] () <===== ACHTUNG
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [HIG670TBSL] => C:\Program Files\WSYN11RTPB\WSYN11RTP.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [PM1WKY2Y7U] => C:\Users\Aruran\AppData\Local\Temp\O07ST4XN6\O07ST4XN6.exe [369664 2017-01-01] () <===== ACHTUNG
HKU\S-1-5-21-3707763914-2828650107-2775741400-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellExecuteHooks: Kein Name - {0E1572E8-CC3F-11E6-87D6-64006A5CFC23} - C:\Users\Aruran\AppData\Roaming\Lokiied\Coizis.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
Startup: C:\Users\Aruran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Aruran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-07-25]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Aruran\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a7a15b2f-a811-11e5-afad-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{be3dac52-00a2-4d01-92bc-b7116305b3b7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{be3dac52-00a2-4d01-92bc-b7116305b3b7}: [DhcpNameServer] 192.168.2.1 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3707763914-2828650107-2775741400-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001 -> {9FFEE954-DB75-492A-B1CA-BA23C9B83007} URL = hxxp://www.searchpage.com/index.php?v=n11.12.1.194&os_mj=10&os_mn=0&os_bitness=64&f=oJKf752nbc76&keywords={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-09] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-09] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-07-13] (DVDVideoSoft Ltd.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: zxukvx4r.default
FF ProfilePath: C:\Users\Aruran\AppData\Roaming\Mozilla\Firefox\Profiles\zxukvx4r.default [2017-01-02]
FF user.js: detected! => C:\Users\Aruran\AppData\Roaming\Mozilla\Firefox\Profiles\zxukvx4r.default\user.js [2015-12-11]
FF Keyword.URL: Mozilla\Firefox\Profiles\zxukvx4r.default -> user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-09] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Aruran\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3707763914-2828650107-2775741400-1001: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Aruran\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [Keine Datei]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Aruran\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-03] <==== ACHTUNG
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Aruran\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-01]
CHR Extension: (Chrome Media Router) - C:\Users\Aruran\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-03]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR StartupUrls: "hxxp://Google.com/hm?eq=U0EeCFZVBB8SRghGIVsBAgFAQhhGd1hZTA0VFVAOIgtcBRQUQwVCdVoPWQ8TQgwFIk0FA1oDB0VXfV5bFElXTwhkMlxZFX8YT1E="
OPR Session Restore: -> ist aktiviert.

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-21] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [564736 2017-01-04] () [Datei ist nicht signiert] <==== ACHTUNG
R2 Janersharemeing; C:\Program Files (x86)\Delyqgach\cktcontrols.dll [177152 2017-01-01] () [Datei ist nicht signiert]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625640 2015-04-24] (Lenovo)
R2 MBAMService; D:\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-09] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-14] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-31] (Razer Inc.)
R2 Themes; C:\WINDOWS\system32\themeservice.dll [59392 2015-10-30] (Microsoft Corporation) [DependOnService: iThemes5]<==== ACHTUNG
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [X]
S2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-07-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-07-24] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 KovaPlusFltr; C:\WINDOWS\system32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-04] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-04 13:32 - 2017-01-04 13:32 - 00021398 _____ C:\Users\Aruran\Desktop\FRST.txt
2017-01-04 13:32 - 2017-01-04 13:32 - 00000000 ____D C:\FRST
2017-01-04 13:31 - 2017-01-04 13:32 - 02418176 _____ (Farbar) C:\Users\Aruran\Desktop\FRST64.exe
2017-01-04 12:39 - 2017-01-04 12:39 - 00000000 ____D C:\ProgramData\WinSAPSvc
2017-01-04 12:39 - 2017-01-04 12:39 - 00000000 ____D C:\Program Files (x86)\WinArcher
2017-01-04 12:39 - 2017-01-04 12:39 - 00000000 ____D C:\Program Files (x86)\ks6ywgdk
2017-01-04 12:39 - 2017-01-04 12:39 - 00000000 ____D C:\Program Files (x86)\Gubed
2017-01-03 13:03 - 2017-01-03 12:55 - 276458601 ____N C:\Users\Aruran\Desktop\#32 Varo 4.mp4
2017-01-03 12:48 - 2017-01-03 12:53 - 179602814 _____ C:\Users\Aruran\Downloads\DER PALUTEN SNIPE.. • Minecraft VARO 4 _30 _ Fazon.mp4
2017-01-02 15:42 - 2016-11-22 10:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-01-02 15:42 - 2016-11-22 10:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-01-02 15:42 - 2016-11-22 10:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-01-02 15:42 - 2016-11-22 09:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-01-02 15:42 - 2016-11-22 09:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-01-02 15:42 - 2016-11-22 09:47 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-02 15:42 - 2016-11-22 09:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-01-02 15:42 - 2016-11-22 09:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-01-02 15:42 - 2016-11-22 08:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-01-02 15:42 - 2016-11-22 08:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-01-02 15:42 - 2016-11-22 08:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-01-02 15:42 - 2016-11-22 08:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-01-02 15:42 - 2016-11-22 08:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-01-02 15:42 - 2016-11-22 07:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-01-02 15:42 - 2016-11-22 07:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-01-02 15:42 - 2016-11-22 07:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-02 15:42 - 2016-11-22 07:34 - 18670080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-02 15:42 - 2016-11-22 07:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-01-02 15:42 - 2016-11-22 07:32 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-02 15:42 - 2016-11-22 07:17 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-02 15:39 - 2016-11-22 11:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-01-02 15:39 - 2016-11-22 09:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-01-02 15:39 - 2016-11-22 09:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-02 15:39 - 2016-11-22 09:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-02 15:38 - 2016-11-22 11:38 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-02 15:38 - 2016-11-22 11:38 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-02 15:38 - 2016-11-22 11:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-01-02 15:38 - 2016-11-22 10:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-01-02 15:38 - 2016-11-22 09:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-01-02 15:38 - 2016-11-22 09:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-01-02 15:38 - 2016-11-22 08:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-01-02 15:38 - 2016-11-22 08:14 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-02 15:38 - 2016-11-22 07:49 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-02 15:37 - 2016-11-22 11:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-01-02 15:37 - 2016-11-22 11:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-02 15:37 - 2016-11-22 09:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-02 15:37 - 2016-11-22 09:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-01-02 15:37 - 2016-11-22 09:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-01-02 15:37 - 2016-11-22 08:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-01-02 15:37 - 2016-11-22 08:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-02 15:37 - 2016-11-22 08:15 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-02 15:37 - 2016-11-22 08:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-02 15:37 - 2016-11-22 08:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-01-02 15:36 - 2016-11-22 12:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-01-02 15:36 - 2016-11-22 11:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-01-02 15:36 - 2016-11-22 11:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-01-02 15:36 - 2016-11-22 11:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-01-02 15:36 - 2016-11-22 11:02 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-02 15:36 - 2016-11-22 10:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-01-02 15:36 - 2016-11-22 10:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-01-02 15:36 - 2016-11-22 10:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-01-02 15:36 - 2016-11-22 09:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-01-02 15:36 - 2016-11-22 08:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-01-01 21:39 - 2017-01-01 22:14 - 00000306 __RSH C:\ProgramData\ntuser.pol
2017-01-01 21:28 - 2017-01-04 12:56 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-01 21:28 - 2017-01-03 22:17 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-01 21:28 - 2017-01-03 22:17 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-01 21:28 - 2017-01-03 22:17 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-01 21:28 - 2017-01-01 21:28 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-01 21:28 - 2017-01-01 21:28 - 00000645 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-01 21:28 - 2017-01-01 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-01 21:28 - 2017-01-01 21:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-01 21:28 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-01 21:06 - 2017-01-03 22:16 - 00000000 ____D C:\AdwCleaner
2017-01-01 20:45 - 2017-01-01 20:45 - 00000000 ____D C:\Program Files\WSYN11RTPB
2017-01-01 20:42 - 2017-01-01 20:42 - 00499350 _____ C:\WINDOWS\system32\errordetails.xml
2017-01-01 20:40 - 2017-01-01 20:40 - 00000000 ____D C:\Program Files\H1ASR0KVAA
2017-01-01 20:40 - 2017-01-01 20:40 - 00000000 ____D C:\Program Files\G5NV6PMZQY
2017-01-01 20:40 - 2017-01-01 20:40 - 00000000 ____D C:\Program Files\2UPOF0VUZ8
2017-01-01 20:39 - 2017-01-01 20:40 - 00000000 ____D C:\Program Files\394AHT7JYC
2017-01-01 20:36 - 2017-01-01 20:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-01-01 20:36 - 2017-01-01 20:36 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-01 20:36 - 2017-01-01 20:36 - 00000000 ____D C:\Program Files (x86)\GNR
2017-01-01 20:35 - 2017-01-01 20:35 - 00000000 ____D C:\Program Files\Z06UCTZZ10
2017-01-01 20:35 - 2017-01-01 20:35 - 00000000 ____D C:\Program Files\2LA9XOQK4R
2017-01-01 20:33 - 2017-01-01 20:34 - 00000000 ____D C:\Program Files\NSWWDIN18Z
2017-01-01 20:33 - 2017-01-01 20:33 - 00000000 ____D C:\Program Files\ZAUU1FC4ZY
2017-01-01 20:33 - 2017-01-01 20:33 - 00000000 _____ C:\TOSTACK
2017-01-01 20:32 - 2017-01-01 21:16 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-01 20:31 - 2017-01-04 12:39 - 00000000 ____D C:\Program Files (x86)\Delyqgach
2017-01-01 20:31 - 2017-01-01 21:04 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\Lokiied
2017-01-01 20:31 - 2017-01-01 20:31 - 00006116 _____ C:\WINDOWS\System32\Tasks\Pheroghtlqale Collector
2017-01-01 20:31 - 2017-01-01 20:31 - 00000000 ____D C:\Users\Aruran\AppData\Local\Qepoied
2017-01-01 20:31 - 2017-01-01 20:31 - 00000000 ____D C:\Program Files (x86)\Derwution Community
2016-12-24 13:44 - 2016-12-24 13:44 - 04368877 _____ C:\Users\Aruran\Desktop\Chalmaar-StarMusiQ.Com.mp3
2016-12-24 13:43 - 2016-12-24 13:43 - 13131127 _____ C:\Users\Aruran\Desktop\Tamil Music Video _ Vaalibam _ Oru Vaarthai Music Video _ Tha Mystro ft. Thinesh Se _ M.Kowtham.mp3
2016-12-24 13:41 - 2016-12-24 13:41 - 12414163 _____ C:\Users\Aruran\Desktop\Kadhala l Deepa Mathana l Official Music Video _ 5K.mp3
2016-12-23 21:48 - 2016-12-23 21:48 - 05242487 _____ C:\Users\Aruran\Desktop\Neeyum_Naanum_160kbps-StarMusiQ.Com.mp3
2016-12-22 18:09 - 2017-01-03 12:47 - 00003480 _____ C:\WINDOWS\setupact.log
2016-12-22 18:06 - 2016-12-22 18:06 - 00000000 ____D C:\Users\Aruran\AppData\LocalLow\AMD
2016-12-19 16:06 - 2016-12-19 16:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{B39DCCAA-0436-7B01-115A-E0070E00E8F9}
2016-12-19 16:06 - 2016-12-19 16:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{689EB747-DF35-00EC-B570-6AB16B35BA53}
2016-12-18 16:06 - 2016-12-18 16:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{F20603A7-45AD-B40C-1F74-17068C597159}
2016-12-18 16:06 - 2016-12-18 16:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{A8B45195-1F1F-E63E-863B-391E2A604E67}
2016-12-17 08:52 - 2016-12-17 08:52 - 04816161 _____ C:\Users\Aruran\Desktop\Aandipatti-StarMusiQ.Com.mp3
2016-12-17 08:52 - 2016-12-17 08:52 - 04629757 _____ C:\Users\Aruran\Desktop\Yennai_Maatrum_Kaadhale-StarMusiQ.Com.mp3
2016-12-17 08:48 - 2016-12-17 08:48 - 04274703 _____ C:\Users\Aruran\Desktop\Senjitaley-StarMusiQ.Com.mp3
2016-12-17 08:48 - 2016-12-17 08:48 - 04196763 _____ C:\Users\Aruran\Desktop\Remo_Nee_Kadhalan-StarMusiQ.Com.mp3
2016-12-17 08:47 - 2016-12-17 08:47 - 03967841 _____ C:\Users\Aruran\Desktop\Kadavule_Vidai-StarMusiQ.Com.mp3
2016-12-17 08:47 - 2016-12-17 08:47 - 03786315 _____ C:\Users\Aruran\Desktop\Alladhe_Siragiye-StarMusiQ.Com.mp3
2016-12-17 08:47 - 2016-12-17 08:47 - 03501758 _____ C:\Users\Aruran\Desktop\Come_Closer_(Sirikkadhey_Reprise)-StarMusiQ.Com.mp3
2016-12-17 08:47 - 2016-12-17 08:47 - 03346016 _____ C:\Users\Aruran\Desktop\Kadavule_Vidai_(Reprise)-StarMusiQ.Com.mp3
2016-12-17 08:46 - 2016-12-17 08:46 - 04519586 _____ C:\Users\Aruran\Desktop\Saitji_Saitji-StarMusiQ.Com.mp3
2016-12-17 08:45 - 2016-12-17 08:45 - 04974753 _____ C:\Users\Aruran\Desktop\Nee_Uravaaga-StarMusiQ.Com.mp3
2016-12-17 08:44 - 2016-12-17 08:44 - 03960854 _____ C:\Users\Aruran\Desktop\Nee_Tholaindhaayo-StarMusiQ.Com.mp3
2016-12-17 08:44 - 2016-12-17 08:44 - 03725742 _____ C:\Users\Aruran\Desktop\Un_Kadhal_Irundhal_Podhum_(Reprise)-StarMusiQ.Com.mp3
2016-12-17 08:44 - 2016-12-17 08:44 - 03576264 _____ C:\Users\Aruran\Desktop\Hey_Suzhali-StarMusiQ.Com.mp3
2016-12-17 08:43 - 2016-12-17 08:44 - 04673570 _____ C:\Users\Aruran\Desktop\Un_Kadhal_Irundhal_Podhum-StarMusiQ.Com.mp3
2016-12-17 08:42 - 2016-12-17 08:42 - 04331362 _____ C:\Users\Aruran\Desktop\Senthoora-StarMusiQ.Com.mp3
2016-12-17 08:42 - 2016-12-17 08:42 - 03743833 _____ C:\Users\Aruran\Desktop\Senthooran_(Reprise)-StarMusiQ.Com.mp3
2016-12-16 22:06 - 2016-12-16 22:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{CECE02B3-7965-B518-E4E7-2F25542EAD08}
2016-12-16 22:06 - 2016-12-16 22:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{58CCAE19-EF67-19B2-048E-8AA9CB0C36D6}
2016-12-16 13:22 - 2016-12-16 13:22 - 00003974 _____ C:\WINDOWS\System32\Tasks\{FA4CBE32-4DE7-0999-0AE0-D79F1C9059F7}
2016-12-16 13:22 - 2016-12-16 13:22 - 00003974 _____ C:\WINDOWS\System32\Tasks\{11F0C66E-A65B-71C5-D91F-1BAB456A64B0}
2016-12-09 10:33 - 2016-12-08 21:30 - 04734664 _____ () C:\Users\Aruran\Desktop\TechnicLauncher.exe
2016-12-09 10:16 - 2016-12-09 10:16 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-12-09 10:16 - 2016-12-09 10:16 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\Sun
2016-12-09 10:16 - 2016-12-09 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-09 10:16 - 2016-12-09 10:16 - 00000000 ____D C:\Program Files\Java
2016-12-09 10:13 - 2016-12-09 10:14 - 63235648 _____ (Oracle Corporation) C:\Users\Aruran\Desktop\jre-8u111-windows-x64.exe
2016-12-08 20:38 - 2016-12-08 20:41 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\.technic

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-04 13:23 - 2015-09-28 15:03 - 00000000 ____D C:\Users\Aruran\AppData\Local\Spotify
2017-01-04 12:47 - 2015-09-28 15:02 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\Spotify
2017-01-04 12:41 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-04 12:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-04 12:38 - 2015-06-18 13:50 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-04 12:36 - 2015-12-21 19:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-04 12:36 - 2015-09-17 19:04 - 00000000 __SHD C:\Users\Aruran\IntelGraphicsProfiles
2017-01-03 22:23 - 2015-12-21 19:44 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-03 22:23 - 2015-10-30 19:35 - 00775524 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-03 22:23 - 2015-10-30 19:35 - 00155338 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-03 22:23 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2017-01-03 22:17 - 2016-08-14 17:12 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-01-03 22:17 - 2015-12-21 19:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-03 22:17 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-01-03 11:35 - 2015-01-12 22:08 - 00000000 ____D C:\Users\Aruran\AppData\Local\Packages
2017-01-02 21:53 - 2015-12-21 21:02 - 00000000 ____D C:\Users\Aruran\AppData\Local\MicrosoftEdge
2017-01-02 20:37 - 2015-06-13 16:07 - 00000000 ____D C:\Users\Aruran\AppData\Local\Opera Software
2017-01-02 20:37 - 2015-06-13 16:06 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-02 20:30 - 2015-12-21 19:35 - 00357632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-02 16:50 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-02 16:29 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-01 21:35 - 2015-01-17 17:45 - 00000000 ____D C:\Program Files (x86)\d1c802b0-1c53-4d5f-913b-bee5d5ae526f
2017-01-01 21:35 - 2015-01-13 18:12 - 00000000 ____D C:\Program Files (x86)\901e8fd0-3b04-46c8-9b59-587dbc917638
2017-01-01 21:35 - 2015-01-13 16:44 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2017-01-01 21:29 - 2015-01-13 16:43 - 00000000 ____D C:\Program Files (x86)\AMD
2017-01-01 21:13 - 2015-12-21 19:37 - 00000000 ____D C:\Users\Aruran
2017-01-01 21:09 - 2015-02-07 16:22 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-01 20:36 - 2015-07-15 20:19 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2017-01-01 18:53 - 2016-09-18 14:41 - 00001073 _____ C:\Users\Aruran\Desktop\nativelog.txt
2017-01-01 18:53 - 2015-09-17 19:51 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\.minecraft
2016-12-31 18:29 - 2015-06-18 13:50 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-29 20:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-24 13:46 - 2015-09-17 19:04 - 00000000 ___RD C:\Users\Aruran\Music
2016-12-22 19:58 - 2015-09-17 19:30 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\Skype
2016-12-22 18:08 - 2015-09-17 19:41 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\TS3Client
2016-12-22 18:06 - 2015-01-12 22:08 - 00000000 ____D C:\Users\Aruran\AppData\LocalLow
2016-12-16 23:07 - 2015-10-30 08:24 - 00000000 _SHDC C:\WINDOWS\Installer
2016-12-16 23:02 - 2015-01-12 22:09 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 23:02 - 2015-01-12 22:09 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 23:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 22:52 - 2016-09-20 14:54 - 00000294 _____ C:\Users\Aruran\Desktop\Neues Textdokument.txt
2016-12-14 21:08 - 2015-01-14 14:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 21:08 - 2015-01-13 20:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 21:07 - 2015-01-14 14:53 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-14 15:48 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-13 16:38 - 2016-09-14 16:38 - 20632664 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-12-13 16:38 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 16:38 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 16:38 - 2015-06-18 13:50 - 00004014 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-12 00:03 - 2015-10-30 08:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:03 - 2015-10-30 08:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-09 10:10 - 2015-01-12 22:25 - 00000000 ____D C:\ProgramData\Oracle
2016-12-08 21:29 - 2015-12-21 19:37 - 00000000 ____D C:\Users\Aruran\AppData\Local\Microsoft
2016-12-08 20:53 - 2015-02-21 17:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-08 20:53 - 2015-02-21 17:48 - 00000000 ____D C:\ProgramData\Skype
2016-12-08 20:50 - 2016-08-14 19:24 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-07 15:11 - 2015-09-17 19:43 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\OBS
2016-12-07 14:59 - 2015-09-06 20:43 - 00000000 ____D C:\Program Files (x86)\OBS

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-04-07 14:51 - 2016-04-07 14:51 - 0011100 _____ () C:\Users\Aruran\AppData\Local\recently-used.xbel

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Aruran\AppData\Local\Temp\NBGTI2CFT\NBGTI2CFT.exe
C:\Users\Aruran\AppData\Local\Temp\Y7QHIVYEP\Y7QHIVYEP.exe
C:\Users\Aruran\AppData\Local\Temp\5ANZUSRV6\5ANZUSRV6.exe
C:\Users\Aruran\AppData\Local\Temp\O07ST4XN6\O07ST4XN6.exe


Einige Dateien in TEMP:
====================
C:\Users\Aruran\AppData\Local\Temp\60AC.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\763C.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\8BDB.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\8YJPCK20F9.exe
C:\Users\Aruran\AppData\Local\Temp\A17A.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\B503.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\B62D.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\B719.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Aruran\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2aj05l.dll
C:\Users\Aruran\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Aruran\AppData\Local\Temp\libeay32.dll
C:\Users\Aruran\AppData\Local\Temp\msvcr120.dll
C:\Users\Aruran\AppData\Local\Temp\NarutoOnline_de_2.3.0.4222_monetize.exe
C:\Users\Aruran\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aruran\AppData\Local\Temp\soundplus-installer.exe
C:\Users\Aruran\AppData\Local\Temp\sqlite3.dll
C:\Users\Aruran\AppData\Local\Temp\tmd_34011350.exe
C:\Users\Aruran\AppData\Local\Temp\tmd_34011909.exe
C:\Users\Aruran\AppData\Local\Temp\tmd_34014728.exe
C:\Users\Aruran\AppData\Local\Temp\tmd_34018948.exe
C:\Users\Aruran\AppData\Local\Temp\tmd_34019441.exe
C:\Users\Aruran\AppData\Local\Temp\YZDZ3RKHXE.exe
C:\Users\Aruran\AppData\Local\Temp\{7BEF2EC8-1B08-4966-94C4-4B34965D672D}.dll
C:\Users\Aruran\AppData\Local\Temp\~ct863A.tmp.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-12-29 20:16

==================== Ende von FRST.txt ============================
         
--- --- ---




Hier der Addition.txt :
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-01-2017
durchgeführt von Aruran (04-01-2017 13:33:09)
Gestartet von C:\Users\Aruran\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-21 19:40:27)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3707763914-2828650107-2775741400-500 - Administrator - Disabled) => C:\Users\Administrator
Aruran (S-1-5-21-3707763914-2828650107-2775741400-1001 - Administrator - Enabled) => C:\Users\Aruran
DefaultAccount (S-1-5-21-3707763914-2828650107-2775741400-503 - Limited - Disabled)
Gast (S-1-5-21-3707763914-2828650107-2775741400-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassins Creed Unity (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0025}) (Version: 6.0 - Black Box)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
BenVista PhotoZoom Pro 6.0.8 (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\PhotoZoom Pro 6) (Version: 6.0.8 - BenVista Ltd.)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bus Simulator 16 (HKLM\...\YnVzc2ltdWxhdG9yMTY_is1) (Version: 1 - )
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version:  - astragon)
Camtasia Studio 8 (HKLM-x32\...\{E7AFA156-D5CB-4B8C-843D-E7CA58D36B0A}) (Version: 8.6.0.2054 - TechSmith Corporation)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version:  - Forward Development)
Construction-Simulator 2015 (HKLM-x32\...\Steam App 289950) (Version:  - weltenbauer. Software Entwicklung GmbH)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd)
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dropbox (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.18.1 - SCS Software)
Farming Simulator 15 (HKLM-x32\...\Farming Simulator 15_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.60.713 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.60.713 - DVDVideoSoft Ltd.)
Freemake Audio Converter Version 1.1.3 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.3 - Ellora Assets Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Killing Floor (HKLM\...\Steam App 1250) (Version:  - Tripwire Interactive)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{9E2154A9-2953-4FAC-B943-052DD23057AF}) (Version: 7.0.1.27 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (HKLM\...\MX.{FB081787-6116-4FEA-83A4-D05DB9934C57}) (Version: 14.0.0.96 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Version: 14.0.0.96 - MAGIX Software GmbH) Hidden
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Standard 2007 (HKLM-x32\...\PRJSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PlanetSide 2 (2) (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\SOE-PlanetSide 2 (2)) (Version: 1.0.3.183 - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.2.12.0 - Razer Inc.)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.2.2.0 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SOE Web Installer (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\SOE Web Installer) (Version: 1.0.3.171 - Sony Online Entertainment)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{1E16FD84-D9BE-C7F6-B731-BCBED65A09AA}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0B456BE1-1419-4ECB-B378-AA54D62EF56E} - System32\Tasks\{CECE02B3-7965-B518-E4E7-2F25542EAD08} => C:\ProgramData\{05DDD3DF-B276-6474-5CC7-B86433FAE339}\0D3A5193-BA91-E638-BCD1-616F454D345A.exe <==== ACHTUNG
Task: {345BB094-D7CE-4485-B18B-BB6E6113E67F} - System32\Tasks\{689EB747-DF35-00EC-B570-6AB16B35BA53} => C:\ProgramData\{CC009523-7BAB-2288-230F-30FDE668E57E}\48BE59E1-FF15-EE4A-6008-FDDD5BEB120A.exe <==== ACHTUNG
Task: {351EFF6B-C86A-4118-A266-A51D5DE06CD9} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
Task: {3A81B063-6ED9-4222-A752-E278C14AB4F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3F4499B1-1084-4A66-AFDF-FDBAC970D4EC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {458306B3-8909-4ABE-A082-A4D69AC20A4C} - System32\Tasks\{51AD42E9-7519-41A3-9144-2B8A2A7B0F58} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\e366fc6e\9007857a.dll" <==== ACHTUNG
Task: {488FC130-EF5C-41A8-B33E-D2AED62E21F4} - System32\Tasks\Aufgaben der Ereignisanzeige\System_Microsoft-Windows-UserPnp_20001 => desktop [Argument = drucker]
Task: {4CB771CD-5932-489A-9AC5-800E4AE28EA2} - System32\Tasks\{FA4CBE32-4DE7-0999-0AE0-D79F1C9059F7} => C:\ProgramData\{62BB382F-D510-8F84-5DC3-EBD1D57EC79D}\E94FCAC8-5EE4-7D63-6411-6C42F26F2043.exe <==== ACHTUNG
Task: {6137476C-FE46-48DD-B0FC-3B3584A2EF54} - System32\Tasks\Pheroghtlqale Collector => C:\Program Files (x86)\Delyqgach\analatain.exe [2017-01-01] (Glarysoft Ltd)
Task: {7F22EA6C-A5D6-40B1-8DF3-49C7038DFE72} - System32\Tasks\{A8B45195-1F1F-E63E-863B-391E2A604E67} => C:\ProgramData\{569357B0-E138-E01B-DF7B-33C9598DB512}\A96D7853-1EC6-CFF8-8017-39589984F9B6.exe <==== ACHTUNG
Task: {8D76A3B0-447F-4E12-867B-3727A7DD52C9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {8FFB5DAA-7BF6-4F75-A127-4903D75EC4FC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {9A35D169-00F1-4A3F-9E5A-E7F1EAB861D4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {AE44564B-5525-4814-A13D-AE8C9C7A16C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B44CDA40-5508-4498-B93B-F0350CA7C81E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B5163DAF-6BBD-4D4C-9034-E7AE4963A329} - System32\Tasks\{675B675A-D0F0-D0F1-56D3-080DA1076E60} => C:\ProgramData\{88F78037-3F5C-379C-D3BE-B6783C70F4CA}\4EA4D68D-F90F-6126-5C54-2F00008CD9CA.exe <==== ACHTUNG
Task: {C12A4D22-A980-4748-939A-DC4FBAF8F887} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {C8808CE4-E380-4B23-84CA-83D2C4156C73} - System32\Tasks\{F20603A7-45AD-B40C-1F74-17068C597159} => C:\ProgramData\{F5B0148B-421B-A320-68D4-1FB6A68E977A}\B56BB539-02C0-0292-19D1-AF24E7E2B68C.exe <==== ACHTUNG
Task: {D5E0102C-0023-49F8-AD80-683B1AED1D39} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-14] (Microsoft Corporation)
Task: {D7DD0DEA-C193-4E85-9271-0002515D2453} - System32\Tasks\{11F0C66E-A65B-71C5-D91F-1BAB456A64B0} => C:\ProgramData\{632EDB6A-D485-6CC1-A891-F262EA8DC3DE}\E6427A4F-51E9-CDE4-D717-311225045A97.exe <==== ACHTUNG
Task: {E678182B-DA87-48B4-BB32-278B433E074A} - System32\Tasks\{58CCAE19-EF67-19B2-048E-8AA9CB0C36D6} => C:\ProgramData\{0A063EFE-BDAD-8955-3A52-44CE203D919E}\58766930-EFDD-DE9B-6D55-05DEC9A921D8.exe <==== ACHTUNG
Task: {E93758AC-FE24-4D87-B491-A4967B679F3C} - System32\Tasks\{B39DCCAA-0436-7B01-115A-E0070E00E8F9} => C:\ProgramData\{3386FBFE-842D-4C55-1EAE-4CDE7EA6597E}\A77CD74F-10D7-60E4-B02B-39DD9772AE03.exe <==== ACHTUNG
Task: {F87FCD1A-8F50-497B-8966-7D8081E30493} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {FA7C4B09-BF43-4198-B586-886BF9D4C302} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {FBF7D260-87B9-4097-8947-D6BE7A2D857D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-01 21:28 - 2016-12-14 12:55 - 02259232 _____ () D:\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-01 21:28 - 2016-12-14 12:55 - 02813904 _____ () D:\ANTI-MALWARE\arwlib.dll
2017-01-01 21:28 - 2016-12-14 12:55 - 02247632 _____ () D:\ANTI-MALWARE\MwacLib.dll
2015-05-09 21:12 - 2015-05-09 21:29 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-06-25 06:53 - 2015-06-25 06:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2015-08-14 23:33 - 2015-08-14 23:33 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-09-16 14:38 - 2016-09-16 14:38 - 00155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-11-09 17:17 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-09 17:17 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-31 20:45 - 2016-10-31 20:45 - 00592384 _____ () C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX64.dll
2015-07-18 00:35 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-21 19:33 - 2015-12-21 19:33 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-22 15:33 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-09 17:17 - 2016-10-25 05:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 17:17 - 2016-10-25 05:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 17:17 - 2016-10-25 05:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 17:17 - 2016-10-25 05:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-01-01 20:33 - 2017-01-01 20:33 - 00369664 _____ () C:\Program Files\ZAUU1FC4ZY\ZAUU1FC4Z.exe
2017-01-01 20:33 - 2017-01-01 20:34 - 00369664 _____ () C:\Program Files\NSWWDIN18Z\NSWWDIN18.exe
2017-01-01 20:35 - 2017-01-01 20:35 - 00369664 _____ () C:\Program Files\2LA9XOQK4R\2LA9XOQK4.exe
2017-01-01 20:35 - 2017-01-01 20:35 - 00369664 _____ () C:\Program Files\Z06UCTZZ10\Z06UCTZZ1.exe
2017-01-01 20:38 - 2017-01-01 20:38 - 00369664 _____ () C:\Users\Aruran\AppData\Local\Temp\NBGTI2CFT\NBGTI2CFT.exe
2017-01-01 20:40 - 2017-01-01 20:40 - 00369664 _____ () C:\Program Files\G5NV6PMZQY\TUTAEOS0P.exe
2017-01-01 20:40 - 2017-01-01 20:40 - 00369664 _____ () C:\Program Files\2UPOF0VUZ8\2UPOF0VUZ.exe
2017-01-01 20:40 - 2017-01-01 20:40 - 00369664 _____ () C:\Program Files\H1ASR0KVAA\H1ASR0KVA.exe
2017-01-01 20:43 - 2017-01-01 20:43 - 00369664 _____ () C:\Users\Aruran\AppData\Local\Temp\Y7QHIVYEP\Y7QHIVYEP.exe
2017-01-01 20:43 - 2017-01-01 20:43 - 00369664 _____ () C:\Users\Aruran\AppData\Local\Temp\5ANZUSRV6\5ANZUSRV6.exe
2017-01-01 20:45 - 2017-01-01 20:45 - 00369664 _____ () C:\Program Files\WSYN11RTPB\WSYN11RTP.exe
2017-01-01 20:48 - 2017-01-01 20:48 - 00369664 _____ () C:\Users\Aruran\AppData\Local\Temp\O07ST4XN6\O07ST4XN6.exe
2017-01-01 20:31 - 2017-01-01 20:31 - 00177152 _____ () c:\program files (x86)\delyqgach\cktcontrols.dll
2016-04-13 09:38 - 2016-04-13 09:38 - 00482304 _____ () C:\Users\Aruran\AppData\Local\MEGAsync\libsodium.dll
2015-08-01 12:43 - 2010-05-29 13:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\sony.com -> sony.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2017-01-01 20:33 - 00004386 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
34.195.153.94 www.google-analytics.com
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com

Da befinden sich 55 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-3707763914-2828650107-2775741400-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{6592864C-E7EC-45E0-B757-21D45B786EBB}C:\users\aruran\appdata\roaming\spotify\spotify.exe] => C:\users\aruran\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F5644A3C-5476-45E7-942D-9FD3B6FC27F1}C:\users\aruran\appdata\roaming\spotify\spotify.exe] => C:\users\aruran\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F2DFB349-EA2A-4749-A597-CCF4C4406999}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ACB08F27-F1B9-4B7F-8D62-FEB001F3ABC7}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A0102D9B-CFA6-465A-A51F-11127B0F2778}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C98F82BB-88CE-4964-9DC1-75C913AF09D3}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{C41F7B0E-8A41-4B85-8F51-566F3A40ED82}C:\program files\magix\video pro x7\video_pro_x.exe] => C:\program files\magix\video pro x7\video_pro_x.exe
FirewallRules: [UDP Query User{7E2F6382-13F6-47E4-AD6B-D68C0710E6FD}C:\program files\magix\video pro x7\video_pro_x.exe] => C:\program files\magix\video pro x7\video_pro_x.exe
FirewallRules: [{DCE5D83F-23A8-4C40-9B89-1100482DD27D}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{5E81C56F-E220-47ED-A69B-4AE7F4887427}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{63B02E80-A4C7-450E-A1F1-62560202372B}D:\farming simulator 15\x64\farmingsimulator2015game.exe] => D:\farming simulator 15\x64\farmingsimulator2015game.exe
FirewallRules: [UDP Query User{53CA883F-7F55-4E3B-A045-967CB42C98E6}D:\farming simulator 15\x64\farmingsimulator2015game.exe] => D:\farming simulator 15\x64\farmingsimulator2015game.exe
FirewallRules: [TCP Query User{89DBE122-D5CD-43AF-B0C4-91CB973B8666}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{31AF25F1-0204-43B3-9346-A2C9DD92EC87}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A49045E0-3EA6-4925-81D9-FF6ECB7A98B0}C:\program files (x86)\city car driving\bin\win32\starter.exe] => C:\program files (x86)\city car driving\bin\win32\starter.exe
FirewallRules: [UDP Query User{F1C17DB7-FDDF-4206-BB1B-A29AC9546477}C:\program files (x86)\city car driving\bin\win32\starter.exe] => C:\program files (x86)\city car driving\bin\win32\starter.exe
FirewallRules: [{0ADF5ACA-59E4-45EC-A77D-08779EB17C1B}] => D:\dayz\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{CDA74254-C62E-4740-BA98-2E57F6FC522A}] => D:\dayz\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{95C430E4-8152-4367-BA6A-3E65F6A7056A}D:\dayz\steamapps\common\dayz\dayz.exe] => D:\dayz\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{72C629BA-2917-4F55-AA89-9CEA04FC514F}D:\dayz\steamapps\common\dayz\dayz.exe] => D:\dayz\steamapps\common\dayz\dayz.exe
FirewallRules: [{45FD29B0-7B2E-451A-862D-3BB01F0A9905}] => C:\Program Files (x86)\Steam\steamapps\common\ConSim2015\ConSim2015.exe
FirewallRules: [{BE6659BE-A6C2-4804-A828-352A9F1304A4}] => C:\Program Files (x86)\Steam\steamapps\common\ConSim2015\ConSim2015.exe
FirewallRules: [TCP Query User{AD7CDB41-6F24-4763-9DFD-D05D5D09A278}D:\games\arma 3 apex\arma3.exe] => D:\games\arma 3 apex\arma3.exe
FirewallRules: [UDP Query User{7F6B232D-B712-4B18-8087-AFA88B6386E6}D:\games\arma 3 apex\arma3.exe] => D:\games\arma 3 apex\arma3.exe
FirewallRules: [TCP Query User{3266C74C-9F1C-4C21-A536-AB5A99962056}C:\users\aruran\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\aruran\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{CE72EB24-D4CD-45E8-92B0-7FD9150D1940}C:\users\aruran\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\aruran\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D48DCA08-33EC-40E7-A4BD-668F36B35AFC}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB9A80F6-C5A3-4718-8E3A-57312AFA3B2C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A731E16B-2ADA-479E-B764-84FAB07C7289}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{197D4D0B-FB9C-48D0-B350-3C3BBEE3A3C3}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B66ED58A-ECB8-44D5-85A2-EA2663CCA826}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{55C5914A-C594-48D2-8CAA-2352C36FA328}] => D:\steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{271C54E2-47B3-4879-B862-B004915BEB7C}] => D:\steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [TCP Query User{8E91E39E-5950-4F01-BE05-F935E663702E}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{FCC88078-D9B1-4803-9408-9D50E2202E6D}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8A3FFA5C-AE52-4543-A81E-C5DECAB85405}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{1874C557-2F47-40BB-8DEE-68D42BCEE279}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{4F0D9C6B-CA43-414A-A297-F000F7EA1134}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{91E34703-CF5F-4F14-901C-FB38F2E9CE1C}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{258660BE-CD7D-4DE8-A6E3-CDE3E552AC4E}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{09BA8A8C-E2BB-4BB6-A786-B55A56575BFC}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7B9D07F3-176A-48F2-85FA-DCAED0848EBA}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/03/2017 10:26:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: IPHLPAPI.DLL, Version: 10.0.10586.0, Zeitstempel: 0x5632d324
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000089c6
ID des fehlerhaften Prozesses: 0x734
Startzeit der fehlerhaften Anwendung: 0x01d26607fc2add65
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
Berichtskennung: 9e138a53-ffc6-4388-b7e4-91eb002d9c79
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (01/02/2017 09:59:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Aru)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/01/2017 10:08:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Aru)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/01/2017 09:24:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Aru)
Description: Das Paket „Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{66c1fdf7-6d26-49b7-8c04-911fedf6b248}“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (01/01/2017 09:22:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Smart_Registry_Care.exe, Version: 1.0.0.0, Zeitstempel: 0x5820a069
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.589, Zeitstempel: 0x57cf948c
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x1480
Startzeit der fehlerhaften Anwendung: 0x01d2646cbed2fb85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\GNR\src\Smart_Registry_Care.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\KERNELBASE.dll
Berichtskennung: a8a3404e-97f5-4076-92f3-910eb367d99a
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/01/2017 09:22:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Smart_Registry_Care.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ArgumentException
   bei System.Diagnostics.Process.GetProcessById(Int32, System.String)
   bei Smart_Registry_Care.App.KeepingAlive()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (01/01/2017 09:09:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Smart_Registry_Care.exe, Version: 1.0.0.0, Zeitstempel: 0x5820a069
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.589, Zeitstempel: 0x57cf948c
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f28
ID des fehlerhaften Prozesses: 0x2140
Startzeit der fehlerhaften Anwendung: 0x01d2646ae94e6671
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\GNR\src\Smart_Registry_Care.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\KERNELBASE.dll
Berichtskennung: db38c401-3415-4f9a-aaed-71e2a7d1a8c6
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/01/2017 09:09:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Smart_Registry_Care.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ArgumentException
   bei System.Diagnostics.Process.GetProcessById(Int32, System.String)
   bei Smart_Registry_Care.App.KeepingAlive()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (12/24/2016 01:46:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (12/24/2016 01:46:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.


Systemfehler:
=============
Error: (01/04/2017 12:39:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Archer" wurde mit folgendem Fehler beendet: 
Archer ist keine zulässige Win32-Anwendung.

Error: (01/04/2017 12:39:38 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/04/2017 12:39:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WinSAPSvc" wurde mit folgendem Fehler beendet: 
WinSAPSvc ist keine zulässige Win32-Anwendung.

Error: (01/04/2017 12:39:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "iThemes5" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/03/2017 11:01:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_48462" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/03/2017 11:01:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _48462" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/03/2017 11:01:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_48462" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/03/2017 11:01:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_48462" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/03/2017 10:26:46 PM) (Source: DCOM) (EventID: 10016) (User: Aru)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Aru\Aruran" (SID: S-1-5-21-3707763914-2828650107-2775741400-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/03/2017 10:20:32 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===================================
  Date: 2017-01-02 20:31:03.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-15 14:40:01.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-11 12:02:20.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-10 13:17:14.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-29 10:15:10.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-15 17:11:46.935
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-14 18:15:18.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-13 15:04:06.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-17 12:36:39.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-16 12:48:35.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 8055.7 MB
Verfügbarer physikalischer RAM: 5571.72 MB
Summe virtueller Speicher: 9335.7 MB
Verfügbarer virtueller Speicher: 6633.42 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.29 GB) (Free:1.39 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.39 GB) (Free:547.84 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 04.01.2017, 13:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2017, 14:07   #9
Kingaru
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Schritt 1:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.01.04.05
  rootkit: v2016.11.20.01

Windows 10 x64 NTFS
Internet Explorer 11.713.10586.0
Aruran :: ARU [administrator]

04.01.2017 13:52:23
mbar-log-2017-01-04 (13-52-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 368755
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iThemes5 (Adware.Elex) -> Delete on reboot. [38ad3d3a5d4b21151cfd0c9254ac817f]

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\THEMES|DependOnService (Trojan.Elex) -> Data: iThemes5^^ -> Delete on reboot. [50954f28c7e1a2944624eddfa8588977]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Common Files\Services\iThemes.dll (Adware.Elex) -> Delete on reboot. [38ad3d3a5d4b21151cfd0c9254ac817f]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Schritt 2 :

Code:
ATTFilter
14:04:18.0629 0x12c4  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
14:04:18.0629 0x12c4  UEFI system
14:04:21.0723 0x12c4  ============================================================
14:04:21.0723 0x12c4  Current date / time: 2017/01/04 14:04:21.0723
14:04:21.0723 0x12c4  SystemInfo:
14:04:21.0723 0x12c4  
14:04:21.0723 0x12c4  OS Version: 10.0.10586 ServicePack: 0.0
14:04:21.0723 0x12c4  Product type: Workstation
14:04:21.0723 0x12c4  ComputerName: ARU
14:04:21.0723 0x12c4  UserName: Aruran
14:04:21.0723 0x12c4  Windows directory: C:\WINDOWS
14:04:21.0723 0x12c4  System windows directory: C:\WINDOWS
14:04:21.0723 0x12c4  Running under WOW64
14:04:21.0723 0x12c4  Processor architecture: Intel x64
14:04:21.0723 0x12c4  Number of processors: 4
14:04:21.0723 0x12c4  Page size: 0x1000
14:04:21.0723 0x12c4  Boot type: Normal boot
14:04:21.0723 0x12c4  CodeIntegrityOptions = 0x00000001
14:04:21.0723 0x12c4  ============================================================
14:04:21.0785 0x12c4  KLMD registered as C:\WINDOWS\system32\drivers\07678251.sys
14:04:21.0785 0x12c4  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10586.672, osProperties = 0x19
14:04:21.0817 0x12c4  System UUID: {EF82A864-6780-CB34-D5BD-34A5A23C0BDF}
14:04:22.0004 0x12c4  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:04:22.0207 0x12c4  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:04:22.0270 0x12c4  ============================================================
14:04:22.0270 0x12c4  \Device\Harddisk0\DR0:
14:04:22.0270 0x12c4  GPT partitions:
14:04:22.0270 0x12c4  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C3B56C8C-F0AA-4FB4-AAE1-3143C1006935}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
14:04:22.0270 0x12c4  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {7B230AA8-0D9B-42E9-B650-56C47BDC0788}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x31800
14:04:22.0270 0x12c4  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {E8C8F43C-B72C-444B-919E-383B8F18788F}, Name: Microsoft reserved partition, StartLBA 0xC8000, BlocksNum 0x40000
14:04:22.0270 0x12c4  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F4EAB506-EDC4-48E5-B025-08974B562B6F}, Name: Basic data partition, StartLBA 0x108000, BlocksNum 0xEC93000
14:04:22.0270 0x12c4  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5D2FA3DD-C038-464D-8828-52954EA252AA}, Name: , StartLBA 0xED9B000, BlocksNum 0xE1000
14:04:22.0270 0x12c4  MBR partitions:
14:04:22.0270 0x12c4  \Device\Harddisk1\DR1:
14:04:22.0270 0x12c4  GPT partitions:
14:04:22.0270 0x12c4  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {CF86F0EB-7C32-40E9-8855-CE04BE805915}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
14:04:22.0270 0x12c4  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {75BA1B25-901B-4CC0-8A67-B24EE9630D7E}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
14:04:22.0270 0x12c4  MBR partitions:
14:04:22.0270 0x12c4  ============================================================
14:04:22.0270 0x12c4  C: <-> \Device\Harddisk0\DR0\Partition4
14:04:22.0285 0x12c4  D: <-> \Device\Harddisk1\DR1\Partition2
14:04:22.0285 0x12c4  ============================================================
14:04:22.0285 0x12c4  Initialize success
14:04:22.0285 0x12c4  ============================================================
14:04:31.0744 0x1a44  ============================================================
14:04:31.0744 0x1a44  Scan started
14:04:31.0744 0x1a44  Mode: Manual; 
14:04:31.0744 0x1a44  ============================================================
14:04:31.0744 0x1a44  KSN ping started
14:04:31.0994 0x1a44  KSN ping finished: true
14:04:32.0244 0x1a44  ================ Scan system memory ========================
14:04:32.0244 0x1a44  System memory - ok
14:04:32.0244 0x1a44  ================ Scan services =============================
14:04:32.0275 0x1a44  1394ohci - ok
14:04:32.0275 0x1a44  3ware - ok
14:04:32.0291 0x1a44  ACPI - ok
14:04:32.0291 0x1a44  acpiex - ok
14:04:32.0291 0x1a44  acpipagr - ok
14:04:32.0291 0x1a44  AcpiPmi - ok
14:04:32.0291 0x1a44  acpitime - ok
14:04:32.0306 0x1a44  [ B3C96DC286A6566185660E0760488725, D1833862E214E07C081A765C3AC9788632E133A56C67A19D27B8E79999D18B0C ] AdaptiveSleepService C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
14:04:32.0306 0x1a44  AdaptiveSleepService - ok
14:04:32.0306 0x1a44  [ C92B0A0957ACAD3CEEF502A2CA10ACB8, 78BF46318B69D9479ECDC83446DD8D454AA2A9A9D94B33C5FC68933DB18AFA3B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:04:32.0306 0x1a44  AdobeARMservice - ok
14:04:32.0338 0x1a44  [ 6F3C49799F770075E339E92B9B14AF21, 96295CA42275D7C22FEDC9567E8CCA4AB6584B7D38B4D1D62CCF197CA539C8A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:04:32.0338 0x1a44  AdobeFlashPlayerUpdateSvc - ok
14:04:32.0353 0x1a44  ADP80XX - ok
14:04:32.0353 0x1a44  AFD - ok
14:04:32.0353 0x1a44  agp440 - ok
14:04:32.0353 0x1a44  ahcache - ok
14:04:32.0353 0x1a44  AJRouter - ok
14:04:32.0353 0x1a44  ALG - ok
14:04:32.0369 0x1a44  [ 264B9AE7F91280A3A99560BE562CEEA8, 2FE338C2E9CA65C81DFE851873D7B2D3CB108E1F7CD4491FF6AA7874B0578528 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
14:04:32.0385 0x1a44  AMD External Events Utility - ok
14:04:32.0385 0x1a44  AmdK8 - ok
14:04:32.0385 0x1a44  [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd        C:\WINDOWS\system32\drivers\amdkmafd.sys
14:04:32.0385 0x1a44  amdkmafd - ok
14:04:32.0385 0x1a44  amdkmdag - ok
14:04:32.0400 0x1a44  [ D63F23E361FB774EDA3A5179E19CB64F, 8A72DA4C295748BB469F7D94D563219464E928114E7028FD49C6896351C92FA3 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
14:04:32.0400 0x1a44  amdkmdap - ok
14:04:32.0416 0x1a44  AmdPPM - ok
14:04:32.0416 0x1a44  amdsata - ok
14:04:32.0416 0x1a44  amdsbs - ok
14:04:32.0416 0x1a44  amdxata - ok
14:04:32.0416 0x1a44  AppID - ok
14:04:32.0416 0x1a44  AppIDSvc - ok
14:04:32.0416 0x1a44  Appinfo - ok
14:04:32.0431 0x1a44  [ 885888F8AAD89108A5EE2D0174690220, 9B148C117EBE400F40BF7F32B66B20AA4628BA9E233D707DFA2EB4A8A65E7C52 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:04:32.0431 0x1a44  Apple Mobile Device Service - ok
14:04:32.0431 0x1a44  AppMgmt - ok
14:04:32.0431 0x1a44  AppReadiness - ok
14:04:32.0431 0x1a44  AppXSvc - ok
14:04:32.0431 0x1a44  Archer - ok
14:04:32.0447 0x1a44  arcsas - ok
14:04:32.0447 0x1a44  AsyncMac - ok
14:04:32.0447 0x1a44  atapi - ok
14:04:32.0447 0x1a44  [ 0966FD5BAB1F9BE200875E9EED0A0A13, F4BE70C0581B51ED6DAE6412A5FF74AE310BF88DE89C5A5E5880BEED543B01D7 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
14:04:32.0447 0x1a44  AtiHDAudioService - ok
14:04:32.0447 0x1a44  AudioEndpointBuilder - ok
14:04:32.0447 0x1a44  Audiosrv - ok
14:04:32.0463 0x1a44  AxInstSV - ok
14:04:32.0463 0x1a44  b06bdrv - ok
14:04:32.0463 0x1a44  BasicDisplay - ok
14:04:32.0463 0x1a44  BasicRender - ok
14:04:32.0463 0x1a44  bcmfn - ok
14:04:32.0463 0x1a44  bcmfn2 - ok
14:04:32.0463 0x1a44  BDESVC - ok
14:04:32.0478 0x1a44  Beep - ok
14:04:32.0494 0x1a44  [ CE4DEB0464915A50371D1FCDD22BE6D0, 8CFDC981605DE5ED22DC07E892108445BDAE84FCACFAF2EB5E4417E0757B623D ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
14:04:32.0525 0x1a44  BEService - ok
14:04:32.0525 0x1a44  BFE - ok
14:04:32.0541 0x1a44  BITS - ok
14:04:32.0541 0x1a44  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:04:32.0556 0x1a44  Bonjour Service - ok
14:04:32.0556 0x1a44  bowser - ok
14:04:32.0556 0x1a44  BrokerInfrastructure - ok
14:04:32.0556 0x1a44  Browser - ok
14:04:32.0556 0x1a44  BthAvrcpTg - ok
14:04:32.0556 0x1a44  BthHFEnum - ok
14:04:32.0556 0x1a44  bthhfhid - ok
14:04:32.0572 0x1a44  BthHFSrv - ok
14:04:32.0572 0x1a44  BTHMODEM - ok
14:04:32.0572 0x1a44  bthserv - ok
14:04:32.0572 0x1a44  buttonconverter - ok
14:04:32.0572 0x1a44  CapImg - ok
14:04:32.0572 0x1a44  cdfs - ok
14:04:32.0572 0x1a44  CDPSvc - ok
14:04:32.0588 0x1a44  cdrom - ok
14:04:32.0588 0x1a44  CertPropSvc - ok
14:04:32.0588 0x1a44  circlass - ok
14:04:32.0588 0x1a44  CLFS - ok
14:04:32.0588 0x1a44  ClipSVC - ok
14:04:32.0588 0x1a44  CmBatt - ok
14:04:32.0603 0x1a44  CNG - ok
14:04:32.0603 0x1a44  cnghwassist - ok
14:04:32.0619 0x1a44  CompositeBus - ok
14:04:32.0619 0x1a44  COMSysApp - ok
14:04:32.0619 0x1a44  condrv - ok
14:04:32.0619 0x1a44  CoreMessagingRegistrar - ok
14:04:32.0650 0x1a44  [ 75C568E62A2BD89A869C34119A66D19B, 2954F25E511947728FE50AA76ACECE0B6952D1984301027F499E2F3DAAEB65D3 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
14:04:32.0728 0x1a44  cphs - ok
14:04:32.0728 0x1a44  CryptSvc - ok
14:04:32.0744 0x1a44  CSC - ok
14:04:32.0744 0x1a44  CscService - ok
14:04:32.0744 0x1a44  dam - ok
14:04:32.0744 0x1a44  DcomLaunch - ok
14:04:32.0744 0x1a44  DcpSvc - ok
14:04:32.0744 0x1a44  defragsvc - ok
14:04:32.0760 0x1a44  DeviceAssociationService - ok
14:04:32.0760 0x1a44  DeviceInstall - ok
14:04:32.0760 0x1a44  DevQueryBroker - ok
14:04:32.0760 0x1a44  Dfsc - ok
14:04:32.0760 0x1a44  [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
14:04:32.0775 0x1a44  dg_ssudbus - ok
14:04:32.0775 0x1a44  Dhcp - ok
14:04:32.0775 0x1a44  diagnosticshub.standardcollector.service - ok
14:04:32.0791 0x1a44  DiagTrack - ok
14:04:32.0806 0x1a44  [ 02C35E36934E63C38E6BF6F5BE50E957, CEE6BE141E6CEDC2EE96695AC431CF762511DBFF1EC32C3E00A11D2B5C4B7C1E ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
14:04:32.0838 0x1a44  Disc Soft Lite Bus Service - ok
14:04:32.0838 0x1a44  disk - ok
14:04:32.0838 0x1a44  DmEnrollmentSvc - ok
14:04:32.0838 0x1a44  dmvsc - ok
14:04:32.0838 0x1a44  dmwappushservice - ok
14:04:32.0838 0x1a44  Dnscache - ok
14:04:32.0853 0x1a44  dot3svc - ok
14:04:32.0853 0x1a44  DPS - ok
14:04:32.0853 0x1a44  drmkaud - ok
14:04:32.0853 0x1a44  DsmSvc - ok
14:04:32.0853 0x1a44  DsSvc - ok
14:04:32.0853 0x1a44  [ 679FF716052109392D870F6A6C4A3535, BEF1784448CCA4AF1D67ED68BD0C7CFE01A7719E98CACF92C2DCBFAA916DC57E ] dtlitescsibus   C:\WINDOWS\System32\drivers\dtlitescsibus.sys
14:04:32.0853 0x1a44  dtlitescsibus - ok
14:04:32.0853 0x1a44  [ E23FDD696839A4790682CA66C48D3F2F, F5F0721BDA751968224E52E75D0C309A3E084C430CD98E85A55AF622D16B9A44 ] dtliteusbbus    C:\WINDOWS\System32\drivers\dtliteusbbus.sys
14:04:32.0869 0x1a44  dtliteusbbus - ok
14:04:32.0869 0x1a44  DXGKrnl - ok
14:04:32.0869 0x1a44  Eaphost - ok
14:04:32.0869 0x1a44  ebdrv - ok
14:04:32.0869 0x1a44  EFS - ok
14:04:32.0869 0x1a44  EhStorClass - ok
14:04:32.0869 0x1a44  EhStorTcgDrv - ok
14:04:32.0869 0x1a44  embeddedmode - ok
14:04:32.0885 0x1a44  EntAppSvc - ok
14:04:32.0885 0x1a44  ErrDev - ok
14:04:32.0885 0x1a44  EventSystem - ok
14:04:32.0885 0x1a44  exfat - ok
14:04:32.0885 0x1a44  fastfat - ok
14:04:32.0885 0x1a44  Fax - ok
14:04:32.0885 0x1a44  fdc - ok
14:04:32.0900 0x1a44  fdPHost - ok
14:04:32.0900 0x1a44  FDResPub - ok
14:04:32.0900 0x1a44  fhsvc - ok
14:04:32.0900 0x1a44  FileCrypt - ok
14:04:32.0900 0x1a44  FileInfo - ok
14:04:32.0900 0x1a44  Filetrace - ok
14:04:32.0900 0x1a44  flpydisk - ok
14:04:32.0900 0x1a44  FltMgr - ok
14:04:32.0916 0x1a44  FontCache - ok
14:04:32.0916 0x1a44  FontCache3.0.0.0 - ok
14:04:32.0916 0x1a44  FsDepends - ok
14:04:32.0916 0x1a44  Fs_Rec - ok
14:04:32.0916 0x1a44  fvevol - ok
14:04:32.0916 0x1a44  gagp30kx - ok
14:04:32.0916 0x1a44  gencounter - ok
14:04:32.0916 0x1a44  genericusbfn - ok
14:04:32.0931 0x1a44  GPIOClx0101 - ok
14:04:32.0931 0x1a44  gpsvc - ok
14:04:32.0931 0x1a44  GpuEnergyDrv - ok
14:04:32.0931 0x1a44  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:04:32.0931 0x1a44  gupdate - ok
14:04:32.0947 0x1a44  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:04:32.0947 0x1a44  gupdatem - ok
14:04:32.0947 0x1a44  HdAudAddService - ok
14:04:32.0947 0x1a44  HDAudBus - ok
14:04:32.0947 0x1a44  HidBatt - ok
14:04:32.0947 0x1a44  HidBth - ok
14:04:32.0947 0x1a44  hidi2c - ok
14:04:32.0947 0x1a44  hidinterrupt - ok
14:04:32.0963 0x1a44  HidIr - ok
14:04:32.0963 0x1a44  hidserv - ok
14:04:32.0963 0x1a44  HidUsb - ok
14:04:32.0963 0x1a44  [ 492572D5C65636F598739552EBA3D3C1, 866C4683007E0DA2AD2B219A80B6EF34EE6972F8B5A248605AB39F735F0FF6DC ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
14:04:32.0963 0x1a44  HiPatchService - ok
14:04:32.0963 0x1a44  HomeGroupListener - ok
14:04:32.0963 0x1a44  HomeGroupProvider - ok
14:04:32.0963 0x1a44  HpSAMD - ok
14:04:32.0978 0x1a44  HTTP - ok
14:04:32.0978 0x1a44  hwpolicy - ok
14:04:32.0978 0x1a44  hyperkbd - ok
14:04:32.0978 0x1a44  i8042prt - ok
14:04:32.0978 0x1a44  iai2c - ok
14:04:32.0978 0x1a44  iaLPSS2i_I2C - ok
14:04:32.0978 0x1a44  iaLPSSi_GPIO - ok
14:04:32.0994 0x1a44  iaLPSSi_I2C - ok
14:04:32.0994 0x1a44  iaStorAV - ok
14:04:32.0994 0x1a44  iaStorV - ok
14:04:32.0994 0x1a44  ibbus - ok
14:04:32.0994 0x1a44  icssvc - ok
14:04:32.0994 0x1a44  IEEtwCollectorService - ok
14:04:33.0119 0x1a44  [ 658287D76E8D77C08AE98989F99B8948, DBA67B5772E1FE43ABDB3908A1CF86D76F2774BABC20359D2511F06A2A8CAC57 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
14:04:33.0228 0x1a44  igfx - ok
14:04:33.0244 0x1a44  [ A105AD05696D55E6E4F078ED850F6305, 8121A4226D2941EDD4809D516E7684E5C7164ADCF5AA4C8BC6620110625D3E8D ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
14:04:33.0307 0x1a44  igfxCUIService2.0.0.0 - ok
14:04:33.0307 0x1a44  IKEEXT - ok
14:04:33.0322 0x1a44  [ CF25067821BB89E87021E9493C178863, 1AA25378EFD977BC6CD9405A395FA2962770385FAB5A9A55FC95B5F6DFD8D1AE ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
14:04:33.0322 0x1a44  intaud_WaveExtensible - ok
14:04:33.0322 0x1a44  [ E300D1E37B737ED14F7A08CD5604E5D9, 5C1135081E29D7F4A97D5CAA2C8FBE1DD04EC7A3D8E648E69F2AA9EBDD88EBBB ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
14:04:33.0338 0x1a44  IntcDAud - ok
14:04:33.0338 0x1a44  intelide - ok
14:04:33.0338 0x1a44  intelpep - ok
14:04:33.0338 0x1a44  intelppm - ok
14:04:33.0338 0x1a44  IoQos - ok
14:04:33.0338 0x1a44  IpFilterDriver - ok
14:04:33.0353 0x1a44  iphlpsvc - ok
14:04:33.0353 0x1a44  IPMIDRV - ok
14:04:33.0353 0x1a44  IPNAT - ok
14:04:33.0353 0x1a44  [ 16A6D49E7698FC6F1730D3FF9F5561A8, 860D2601BA3A71C81A6B21F4D92A5E9C47772C9DE0F047D49000FA4A484D7932 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:04:33.0369 0x1a44  iPod Service - ok
14:04:33.0369 0x1a44  IRENUM - ok
14:04:33.0369 0x1a44  isapnp - ok
14:04:33.0369 0x1a44  iScsiPrt - ok
14:04:33.0385 0x1a44  [ 9C6F3F69163133FB8E56AC4A6E163452, BD6CAB093B5451B4CC85B4528DC0251C97A3D11CB3C1493D25F37B06F8CD2238 ] ISODrive        C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
14:04:33.0385 0x1a44  ISODrive - ok
14:04:33.0385 0x1a44  [ BFB76407E840891C84FB0FCB74B7F9A6, 8E05C823B8D040D94EA8821BBF877F48D8AD92DA13C03A48212DE2EA8F6CCF14 ] Janersharemeing C:\Program Files (x86)\Delyqgach\cktcontrols.dll
14:04:33.0385 0x1a44  Janersharemeing - ok
14:04:33.0385 0x1a44  kbdclass - ok
14:04:33.0400 0x1a44  kbdhid - ok
14:04:33.0400 0x1a44  kdnic - ok
14:04:33.0400 0x1a44  KeyIso - ok
14:04:33.0400 0x1a44  [ B355CDD82F914D681DADEF1049D8174A, EEC9BD077A51766D1827449200FB542201269891E1BECEA39CDCAF4755F15E0B ] KovaPlusFltr    C:\WINDOWS\system32\drivers\KovaPlusFltr.sys
14:04:33.0400 0x1a44  KovaPlusFltr - ok
14:04:33.0400 0x1a44  KSecDD - ok
14:04:33.0400 0x1a44  KSecPkg - ok
14:04:33.0400 0x1a44  ksthunk - ok
14:04:33.0416 0x1a44  KtmRm - ok
14:04:33.0416 0x1a44  LanmanServer - ok
14:04:33.0416 0x1a44  LanmanWorkstation - ok
14:04:33.0432 0x1a44  [ 466D09ACE5DC75439A00AD19618B2306, E7E2A19547B5E9A8CC890A36EA2998286A79CC1449F2EDDE52A57AE531A8B341 ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
14:04:33.0432 0x1a44  Lenovo EasyPlus Hotspot - ok
14:04:33.0432 0x1a44  lfsvc - ok
14:04:33.0447 0x1a44  LicenseManager - ok
14:04:33.0447 0x1a44  lltdio - ok
14:04:33.0447 0x1a44  lltdsvc - ok
14:04:33.0447 0x1a44  lmhosts - ok
14:04:33.0447 0x1a44  LSI_SAS - ok
14:04:33.0447 0x1a44  LSI_SAS2i - ok
14:04:33.0447 0x1a44  LSI_SAS3i - ok
14:04:33.0463 0x1a44  LSI_SSS - ok
14:04:33.0463 0x1a44  LSM - ok
14:04:33.0463 0x1a44  luafv - ok
14:04:33.0463 0x1a44  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
14:04:33.0478 0x1a44  LVRS64 - ok
14:04:33.0541 0x1a44  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
14:04:33.0619 0x1a44  LVUVC64 - ok
14:04:33.0619 0x1a44  MapsBroker - ok
14:04:33.0619 0x1a44  megasas - ok
14:04:33.0619 0x1a44  megasr - ok
14:04:33.0635 0x1a44  [ E7C9F74D8CAAB1FF7964C27C070FB16C, 76CCD9109E1031A336B7E275368520FFB60D500E24444B04066F205D1ED5BA2B ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
14:04:33.0635 0x1a44  MEIx64 - ok
14:04:33.0635 0x1a44  MessagingService - ok
14:04:33.0697 0x1a44  mlx4_bus - ok
14:04:33.0697 0x1a44  MMCSS - ok
14:04:33.0697 0x1a44  Modem - ok
14:04:33.0697 0x1a44  monitor - ok
14:04:33.0713 0x1a44  mouclass - ok
14:04:33.0713 0x1a44  mouhid - ok
14:04:33.0713 0x1a44  mountmgr - ok
14:04:33.0713 0x1a44  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:04:33.0713 0x1a44  MozillaMaintenance - ok
14:04:33.0713 0x1a44  mpsdrv - ok
14:04:33.0713 0x1a44  MpsSvc - ok
14:04:33.0728 0x1a44  MRxDAV - ok
14:04:33.0728 0x1a44  mrxsmb - ok
14:04:33.0728 0x1a44  mrxsmb10 - ok
14:04:33.0728 0x1a44  mrxsmb20 - ok
14:04:33.0728 0x1a44  MsBridge - ok
14:04:33.0728 0x1a44  MSDTC - ok
14:04:33.0728 0x1a44  Msfs - ok
14:04:33.0744 0x1a44  msgpiowin32 - ok
14:04:33.0744 0x1a44  mshidkmdf - ok
14:04:33.0744 0x1a44  mshidumdf - ok
14:04:33.0744 0x1a44  msisadrv - ok
14:04:33.0744 0x1a44  MSiSCSI - ok
14:04:33.0744 0x1a44  msiserver - ok
14:04:33.0744 0x1a44  MSKSSRV - ok
14:04:33.0744 0x1a44  MsLldp - ok
14:04:33.0760 0x1a44  MSPCLOCK - ok
14:04:33.0760 0x1a44  MSPQM - ok
14:04:33.0760 0x1a44  MsRPC - ok
14:04:33.0760 0x1a44  mssmbios - ok
14:04:33.0760 0x1a44  MSTEE - ok
14:04:33.0760 0x1a44  MTConfig - ok
14:04:33.0775 0x1a44  Mup - ok
14:04:33.0775 0x1a44  mvumis - ok
14:04:33.0775 0x1a44  NativeWifiP - ok
14:04:33.0775 0x1a44  NcaSvc - ok
14:04:33.0775 0x1a44  NcbService - ok
14:04:33.0775 0x1a44  NcdAutoSetup - ok
14:04:33.0775 0x1a44  ndfltr - ok
14:04:33.0791 0x1a44  NDIS - ok
14:04:33.0791 0x1a44  NdisCap - ok
14:04:33.0791 0x1a44  NdisImPlatform - ok
14:04:33.0791 0x1a44  NdisTapi - ok
14:04:33.0791 0x1a44  Ndisuio - ok
14:04:33.0791 0x1a44  NdisVirtualBus - ok
14:04:33.0791 0x1a44  NdisWan - ok
14:04:33.0791 0x1a44  ndiswanlegacy - ok
14:04:33.0807 0x1a44  ndproxy - ok
14:04:33.0807 0x1a44  Ndu - ok
14:04:33.0807 0x1a44  NetBIOS - ok
14:04:33.0807 0x1a44  NetBT - ok
14:04:33.0807 0x1a44  Netlogon - ok
14:04:33.0807 0x1a44  Netman - ok
14:04:33.0807 0x1a44  netprofm - ok
14:04:33.0822 0x1a44  NetSetupSvc - ok
14:04:33.0822 0x1a44  NetTcpPortSharing - ok
14:04:33.0822 0x1a44  NgcCtnrSvc - ok
14:04:33.0822 0x1a44  NgcSvc - ok
14:04:33.0822 0x1a44  NlaSvc - ok
14:04:33.0822 0x1a44  Npfs - ok
14:04:33.0838 0x1a44  npsvctrig - ok
14:04:33.0838 0x1a44  nsi - ok
14:04:33.0838 0x1a44  nsiproxy - ok
14:04:33.0838 0x1a44  NTFS - ok
14:04:33.0838 0x1a44  Null - ok
14:04:33.0838 0x1a44  nvraid - ok
14:04:33.0838 0x1a44  nvstor - ok
14:04:33.0838 0x1a44  nv_agp - ok
14:04:33.0853 0x1a44  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:04:33.0869 0x1a44  odserv - ok
14:04:33.0869 0x1a44  OneSyncSvc - ok
14:04:33.0932 0x1a44  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:04:33.0932 0x1a44  ose - ok
14:04:33.0932 0x1a44  p2pimsvc - ok
14:04:33.0932 0x1a44  p2psvc - ok
14:04:33.0932 0x1a44  Parport - ok
14:04:33.0932 0x1a44  partmgr - ok
14:04:33.0947 0x1a44  PcaSvc - ok
14:04:33.0947 0x1a44  pci - ok
14:04:33.0947 0x1a44  pciide - ok
14:04:33.0947 0x1a44  pcmcia - ok
14:04:33.0947 0x1a44  pcw - ok
14:04:33.0947 0x1a44  pdc - ok
14:04:33.0947 0x1a44  PEAUTH - ok
14:04:33.0947 0x1a44  PeerDistSvc - ok
14:04:33.0963 0x1a44  percsas2i - ok
14:04:33.0963 0x1a44  percsas3i - ok
14:04:33.0978 0x1a44  PerfHost - ok
14:04:33.0994 0x1a44  PhoneSvc - ok
14:04:33.0994 0x1a44  PimIndexMaintenanceSvc - ok
14:04:34.0041 0x1a44  pla - ok
14:04:34.0057 0x1a44  PlugPlay - ok
14:04:34.0057 0x1a44  PnkBstrA - ok
14:04:34.0057 0x1a44  PNRPAutoReg - ok
14:04:34.0057 0x1a44  PNRPsvc - ok
14:04:34.0057 0x1a44  PolicyAgent - ok
14:04:34.0057 0x1a44  Power - ok
14:04:34.0057 0x1a44  PptpMiniport - ok
14:04:34.0119 0x1a44  [ 2195908CEF288E1C10E5266B9DF75D29, 30E0664A03C58DD3B325A9A4A248AD1FA9297DD65F0D472C3AD90E21B238169F ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:04:34.0166 0x1a44  PrintNotify - ok
14:04:34.0166 0x1a44  Processor - ok
14:04:34.0166 0x1a44  ProfSvc - ok
14:04:34.0182 0x1a44  Psched - ok
14:04:34.0182 0x1a44  QWAVE - ok
14:04:34.0182 0x1a44  QWAVEdrv - ok
14:04:34.0182 0x1a44  RasAcd - ok
14:04:34.0182 0x1a44  RasAgileVpn - ok
14:04:34.0182 0x1a44  RasAuto - ok
14:04:34.0182 0x1a44  Rasl2tp - ok
14:04:34.0197 0x1a44  RasMan - ok
14:04:34.0197 0x1a44  RasPppoe - ok
14:04:34.0197 0x1a44  RasSstp - ok
14:04:34.0197 0x1a44  [ 7269DB4C306D673389848B29C343F12F, 1229FF7A06461D2CB0EB9F366F98538D8C28C9C1F70FCAC86DD04115A114B996 ] Razer Game Scanner Service C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
14:04:34.0197 0x1a44  Razer Game Scanner Service - ok
14:04:34.0197 0x1a44  rdbss - ok
14:04:34.0213 0x1a44  rdpbus - ok
14:04:34.0213 0x1a44  RDPDR - ok
14:04:34.0213 0x1a44  RdpVideoMiniport - ok
14:04:34.0213 0x1a44  rdyboost - ok
14:04:34.0213 0x1a44  ReFSv1 - ok
14:04:34.0213 0x1a44  RemoteAccess - ok
14:04:34.0228 0x1a44  RemoteRegistry - ok
14:04:34.0228 0x1a44  RetailDemo - ok
14:04:34.0228 0x1a44  RpcEptMapper - ok
14:04:34.0228 0x1a44  RpcLocator - ok
14:04:34.0228 0x1a44  RpcSs - ok
14:04:34.0228 0x1a44  rspndr - ok
14:04:34.0228 0x1a44  rt640x64 - ok
14:04:34.0244 0x1a44  [ 9FE061CEBE2478FABC37BBA9557C6DAA, 8D995FD75DDCC14C7C63661314F0061CD827D89CE23116842082ACF528664E37 ] RzKLService     C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
14:04:34.0244 0x1a44  RzKLService - ok
14:04:34.0244 0x1a44  [ 0C90E6CEA576095888E779E5BD9DD060, 8A13A92D5A8E577E2B919CC879FA8CFA1FAD0A6BFF0CF4FCC59B8E74AB22A673 ] rzpmgrk         C:\Windows\system32\drivers\rzpmgrk.sys
14:04:34.0244 0x1a44  rzpmgrk - ok
14:04:34.0244 0x1a44  s3cap - ok
14:04:34.0244 0x1a44  SamSs - ok
14:04:34.0244 0x1a44  sbp2port - ok
14:04:34.0260 0x1a44  SCardSvr - ok
14:04:34.0260 0x1a44  ScDeviceEnum - ok
14:04:34.0260 0x1a44  scfilter - ok
14:04:34.0260 0x1a44  Schedule - ok
14:04:34.0260 0x1a44  SCPolicySvc - ok
14:04:34.0260 0x1a44  sdbus - ok
14:04:34.0260 0x1a44  SDRSVC - ok
14:04:34.0275 0x1a44  sdstor - ok
14:04:34.0275 0x1a44  seclogon - ok
14:04:34.0275 0x1a44  SENS - ok
14:04:34.0275 0x1a44  SensorDataService - ok
14:04:34.0275 0x1a44  SensorService - ok
14:04:34.0275 0x1a44  SensrSvc - ok
14:04:34.0275 0x1a44  SerCx - ok
14:04:34.0275 0x1a44  SerCx2 - ok
14:04:34.0291 0x1a44  Serenum - ok
14:04:34.0291 0x1a44  Serial - ok
14:04:34.0291 0x1a44  sermouse - ok
14:04:34.0291 0x1a44  SessionEnv - ok
14:04:34.0291 0x1a44  sfloppy - ok
14:04:34.0291 0x1a44  SharedAccess - ok
14:04:34.0307 0x1a44  ShellHWDetection - ok
14:04:34.0307 0x1a44  SiSRaid2 - ok
14:04:34.0307 0x1a44  SiSRaid4 - ok
14:04:34.0307 0x1a44  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:04:34.0322 0x1a44  SkypeUpdate - ok
14:04:34.0322 0x1a44  smphost - ok
14:04:34.0322 0x1a44  SmsRouter - ok
14:04:34.0322 0x1a44  SNMPTRAP - ok
14:04:34.0322 0x1a44  spaceport - ok
14:04:34.0322 0x1a44  SpbCx - ok
14:04:34.0338 0x1a44  Spooler - ok
14:04:34.0338 0x1a44  sppsvc - ok
14:04:34.0338 0x1a44  srv - ok
14:04:34.0338 0x1a44  srv2 - ok
14:04:34.0338 0x1a44  srvnet - ok
14:04:34.0338 0x1a44  SSDPSRV - ok
14:04:34.0338 0x1a44  SstpSvc - ok
14:04:34.0354 0x1a44  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
14:04:34.0354 0x1a44  ssudmdm - ok
14:04:34.0354 0x1a44  [ 76F7D7217FBDAB77798A2A244ACD641F, E65CF2CE789E721CEFCA35DF5100304C56135459DA2421DB2A0DF9E6E9DDE70F ] ssudserd        C:\WINDOWS\system32\DRIVERS\ssudserd.sys
14:04:34.0354 0x1a44  ssudserd - ok
14:04:34.0369 0x1a44  StateRepository - ok
14:04:34.0385 0x1a44  [ 90E22D7CDE08E07446D238A569BCAB7C, 3D4F413D0B0C9CF28D06E0476F24AC6441C8678DF786D9971B39C91C9F9B8020 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:04:34.0400 0x1a44  Steam Client Service - ok
14:04:34.0416 0x1a44  stexstor - ok
14:04:34.0416 0x1a44  stisvc - ok
14:04:34.0416 0x1a44  storahci - ok
14:04:34.0416 0x1a44  storflt - ok
14:04:34.0416 0x1a44  stornvme - ok
14:04:34.0416 0x1a44  storqosflt - ok
14:04:34.0416 0x1a44  StorSvc - ok
14:04:34.0432 0x1a44  storufs - ok
14:04:34.0432 0x1a44  storvsc - ok
14:04:34.0432 0x1a44  svsvc - ok
14:04:34.0432 0x1a44  swenum - ok
14:04:34.0432 0x1a44  swprv - ok
14:04:34.0432 0x1a44  Synth3dVsc - ok
14:04:34.0432 0x1a44  SysMain - ok
14:04:34.0432 0x1a44  SystemEventsBroker - ok
14:04:34.0447 0x1a44  TabletInputService - ok
14:04:34.0447 0x1a44  TapiSrv - ok
14:04:34.0447 0x1a44  Tcpip - ok
14:04:34.0447 0x1a44  Tcpip6 - ok
14:04:34.0447 0x1a44  tcpipreg - ok
14:04:34.0447 0x1a44  tdx - ok
14:04:34.0463 0x1a44  terminpt - ok
14:04:34.0463 0x1a44  TermService - ok
14:04:34.0463 0x1a44  Themes - ok
14:04:34.0463 0x1a44  TieringEngineService - ok
14:04:34.0463 0x1a44  tiledatamodelsvc - ok
14:04:34.0463 0x1a44  TimeBroker - ok
14:04:34.0463 0x1a44  TPM - ok
14:04:34.0479 0x1a44  TrkWks - ok
14:04:34.0479 0x1a44  TrustedInstaller - ok
14:04:34.0479 0x1a44  tsusbflt - ok
14:04:34.0479 0x1a44  TsUsbGD - ok
14:04:34.0510 0x1a44  [ 82B220AAC7079DBD34F014589E5A5886, F5F82C0C9BB13F041CA3750A478E2062BCF1A64AC901655413A61A719DFC34F2 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
14:04:34.0541 0x1a44  TuneUp.UtilitiesSvc - ok
14:04:34.0557 0x1a44  [ DB3C912A851FCA6358FED4D53DAA7E91, B35375EC9AF61D829489D9B278605E2098D6402419E79EB24C65D3B65816AEBC ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
14:04:34.0557 0x1a44  TuneUpUtilitiesDrv - ok
14:04:34.0557 0x1a44  tunnel - ok
14:04:34.0557 0x1a44  tzautoupdate - ok
14:04:34.0557 0x1a44  uagp35 - ok
14:04:34.0557 0x1a44  UASPStor - ok
14:04:34.0557 0x1a44  UcmCx0101 - ok
14:04:34.0572 0x1a44  UcmUcsi - ok
14:04:34.0572 0x1a44  Ucx01000 - ok
14:04:34.0572 0x1a44  UdeCx - ok
14:04:34.0572 0x1a44  udfs - ok
14:04:34.0572 0x1a44  UEFI - ok
14:04:34.0572 0x1a44  Ufx01000 - ok
14:04:34.0572 0x1a44  UfxChipidea - ok
14:04:34.0572 0x1a44  ufxsynopsys - ok
14:04:34.0588 0x1a44  UI0Detect - ok
14:04:34.0588 0x1a44  uliagpkx - ok
14:04:34.0588 0x1a44  umbus - ok
14:04:34.0588 0x1a44  UmPass - ok
14:04:34.0588 0x1a44  UmRdpService - ok
14:04:34.0588 0x1a44  UnistoreSvc - ok
14:04:34.0650 0x1a44  UnlockerDriver5 - ok
14:04:34.0650 0x1a44  upnphost - ok
14:04:34.0666 0x1a44  UrsChipidea - ok
14:04:34.0666 0x1a44  UrsCx01000 - ok
14:04:34.0666 0x1a44  UrsSynopsys - ok
14:04:34.0666 0x1a44  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
14:04:34.0666 0x1a44  USBAAPL64 - ok
14:04:34.0666 0x1a44  usbaudio - ok
14:04:34.0666 0x1a44  usbccgp - ok
14:04:34.0682 0x1a44  usbcir - ok
14:04:34.0682 0x1a44  usbehci - ok
14:04:34.0682 0x1a44  usbhub - ok
14:04:34.0682 0x1a44  USBHUB3 - ok
14:04:34.0682 0x1a44  usbohci - ok
14:04:34.0682 0x1a44  usbprint - ok
14:04:34.0682 0x1a44  usbser - ok
14:04:34.0697 0x1a44  USBSTOR - ok
14:04:34.0697 0x1a44  usbuhci - ok
14:04:34.0697 0x1a44  USBXHCI - ok
14:04:34.0697 0x1a44  UserDataSvc - ok
14:04:34.0760 0x1a44  UserManager - ok
14:04:34.0760 0x1a44  UsoSvc - ok
14:04:34.0760 0x1a44  VaultSvc - ok
14:04:34.0760 0x1a44  vdrvroot - ok
14:04:34.0760 0x1a44  vds - ok
14:04:34.0775 0x1a44  VerifierExt - ok
14:04:34.0775 0x1a44  vhdmp - ok
14:04:34.0775 0x1a44  vhf - ok
14:04:34.0775 0x1a44  vmbus - ok
14:04:34.0775 0x1a44  VMBusHID - ok
14:04:34.0775 0x1a44  vmicguestinterface - ok
14:04:34.0775 0x1a44  vmicheartbeat - ok
14:04:34.0775 0x1a44  vmickvpexchange - ok
14:04:34.0791 0x1a44  vmicrdv - ok
14:04:34.0791 0x1a44  vmicshutdown - ok
14:04:34.0791 0x1a44  vmictimesync - ok
14:04:34.0791 0x1a44  vmicvmsession - ok
14:04:34.0791 0x1a44  vmicvss - ok
14:04:34.0791 0x1a44  volmgr - ok
14:04:34.0791 0x1a44  volmgrx - ok
14:04:34.0807 0x1a44  volsnap - ok
14:04:34.0807 0x1a44  vpci - ok
14:04:34.0807 0x1a44  vsmraid - ok
14:04:34.0807 0x1a44  VSS - ok
14:04:34.0807 0x1a44  VSTXRAID - ok
14:04:34.0807 0x1a44  vwifibus - ok
14:04:34.0807 0x1a44  vwififlt - ok
14:04:34.0822 0x1a44  W32Time - ok
14:04:34.0822 0x1a44  WacomPen - ok
14:04:34.0822 0x1a44  WalletService - ok
14:04:34.0822 0x1a44  wanarp - ok
14:04:34.0822 0x1a44  wanarpv6 - ok
14:04:34.0822 0x1a44  wbengine - ok
14:04:34.0822 0x1a44  WbioSrvc - ok
14:04:34.0822 0x1a44  Wcmsvc - ok
14:04:34.0838 0x1a44  wcncsvc - ok
14:04:34.0838 0x1a44  WcsPlugInService - ok
14:04:34.0838 0x1a44  WdBoot - ok
14:04:34.0838 0x1a44  Wdf01000 - ok
14:04:34.0838 0x1a44  WdFilter - ok
14:04:34.0838 0x1a44  WdiServiceHost - ok
14:04:34.0838 0x1a44  WdiSystemHost - ok
14:04:34.0854 0x1a44  wdiwifi - ok
14:04:34.0854 0x1a44  WdNisDrv - ok
14:04:34.0854 0x1a44  WdNisSvc - ok
14:04:34.0854 0x1a44  WebClient - ok
14:04:34.0854 0x1a44  Wecsvc - ok
14:04:34.0854 0x1a44  WEPHOSTSVC - ok
14:04:34.0854 0x1a44  wercplsupport - ok
14:04:34.0869 0x1a44  WerSvc - ok
14:04:34.0869 0x1a44  WFPLWFS - ok
14:04:34.0869 0x1a44  WiaRpc - ok
14:04:34.0869 0x1a44  WIMMount - ok
14:04:34.0869 0x1a44  WinDefend - ok
14:04:34.0869 0x1a44  WindowsTrustedRT - ok
14:04:34.0869 0x1a44  WindowsTrustedRTProxy - ok
14:04:34.0885 0x1a44  WinHttpAutoProxySvc - ok
14:04:34.0885 0x1a44  WinMad - ok
14:04:34.0885 0x1a44  Winmgmt - ok
14:04:34.0885 0x1a44  WinRM - ok
14:04:34.0916 0x1a44  WinSAPSvc - ok
14:04:34.0916 0x1a44  WINUSB - ok
14:04:34.0916 0x1a44  WinVerbs - ok
14:04:34.0916 0x1a44  WlanSvc - ok
14:04:34.0916 0x1a44  wlidsvc - ok
14:04:34.0932 0x1a44  WmiAcpi - ok
14:04:34.0932 0x1a44  wmiApSrv - ok
14:04:34.0932 0x1a44  WMPNetworkSvc - ok
14:04:34.0932 0x1a44  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
14:04:34.0947 0x1a44  Wof - ok
14:04:34.0947 0x1a44  workfolderssvc - ok
14:04:34.0947 0x1a44  wpcfltr - ok
14:04:34.0947 0x1a44  WPDBusEnum - ok
14:04:34.0947 0x1a44  WpdUpFltr - ok
14:04:34.0947 0x1a44  WpnService - ok
14:04:34.0947 0x1a44  ws2ifsl - ok
14:04:34.0963 0x1a44  wscsvc - ok
14:04:34.0963 0x1a44  WSearch - ok
14:04:34.0963 0x1a44  WSService - ok
14:04:34.0963 0x1a44  wuauserv - ok
14:04:34.0963 0x1a44  WudfPf - ok
14:04:34.0963 0x1a44  WUDFRd - ok
14:04:34.0963 0x1a44  wudfsvc - ok
14:04:34.0979 0x1a44  WUDFWpdFs - ok
14:04:34.0979 0x1a44  WUDFWpdMtp - ok
14:04:34.0979 0x1a44  WwanSvc - ok
14:04:34.0979 0x1a44  XblAuthManager - ok
14:04:34.0979 0x1a44  XblGameSave - ok
14:04:34.0979 0x1a44  xboxgip - ok
14:04:34.0979 0x1a44  XboxNetApiSvc - ok
14:04:34.0994 0x1a44  xinputhid - ok
14:04:34.0994 0x1a44  xusb22 - ok
14:04:34.0994 0x1a44  ================ Scan global ===============================
14:04:34.0994 0x1a44  [ Global ] - ok
14:04:34.0994 0x1a44  ================ Scan MBR ==================================
14:04:35.0010 0x1a44  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:04:35.0010 0x1a44  \Device\Harddisk0\DR0 - ok
14:04:35.0010 0x1a44  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:04:35.0010 0x1a44  \Device\Harddisk1\DR1 - ok
14:04:35.0010 0x1a44  ================ Scan VBR ==================================
14:04:35.0010 0x1a44  [ F34C6C8BDD2F2B423BA82B7143E3DE9F ] \Device\Harddisk0\DR0\Partition1
14:04:35.0010 0x1a44  \Device\Harddisk0\DR0\Partition1 - ok
14:04:35.0010 0x1a44  [ 91907FCDCC3FACB5134DC8F31681E705 ] \Device\Harddisk0\DR0\Partition2
14:04:35.0010 0x1a44  \Device\Harddisk0\DR0\Partition2 - ok
14:04:35.0025 0x1a44  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
14:04:35.0025 0x1a44  \Device\Harddisk0\DR0\Partition3 - ok
14:04:35.0025 0x1a44  [ CC9F718B39272690F3A3F404E4CAAB71 ] \Device\Harddisk0\DR0\Partition4
14:04:35.0025 0x1a44  \Device\Harddisk0\DR0\Partition4 - ok
14:04:35.0025 0x1a44  [ CB20367BC638F9D7BFA981F1C9C29D1F ] \Device\Harddisk0\DR0\Partition5
14:04:35.0025 0x1a44  \Device\Harddisk0\DR0\Partition5 - ok
14:04:35.0025 0x1a44  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
14:04:35.0025 0x1a44  \Device\Harddisk1\DR1\Partition1 - ok
14:04:35.0025 0x1a44  [ D9DD146B3C85BC780E82A29E8F847C2E ] \Device\Harddisk1\DR1\Partition2
14:04:35.0025 0x1a44  \Device\Harddisk1\DR1\Partition2 - ok
14:04:35.0025 0x1a44  ================ Scan generic autorun ======================
14:04:35.0025 0x1a44  [ 9C3F26DCA9142F16ED3D7EE8AB4E417D, 867AD96CB5738266E5BC93E424EA1673881C5F5FBF19C7B699F800C7206CA929 ] C:\Program Files\iTunes\iTunesHelper.exe
14:04:35.0041 0x1a44  iTunesHelper - ok
14:04:35.0166 0x1a44  [ D1B65D57E6DDCB32DA3689D02A8488C4, 43345C754840A89DD080CC267A798E2648BEFE97BE6556A7DC327D274BAE8280 ] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
14:04:35.0260 0x1a44  StartCN - ok
14:04:35.0275 0x1a44  [ 3951404EBA1AE7C13F72BBB73AE9079C, 5F01537AD8DF9A80C435037EDA62B33052A7026A55CC155E2F595D6DBD65828E ] C:\Program Files (x86)\Raptr\raptrstub.exe
14:04:35.0275 0x1a44  Raptr - ok
14:04:35.0291 0x1a44  [ F41D82EAF620AC7094956D4F3E872728, 380AACFAFA4D558DBECDFE8523B79453B94E9F67E116806623208BD0E12BFE0C ] C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE
14:04:35.0291 0x1a44  RoccatKova+ - ok
14:04:35.0307 0x1a44  [ A8AD6D36CA5A1D7E280621BB7E8117CA, 5E6A5589D72E8FF7A739D14739D06FBE218C4132943E643BD0317EDC8FD8952E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:04:35.0307 0x1a44  SunJavaUpdateSched - ok
14:04:35.0338 0x1a44  OneDriveSetup - ok
14:04:35.0338 0x1a44  OneDriveSetup - ok
14:04:35.0401 0x1a44  [ 83617B22205AE74AA31FF3CC145E2132, 5684D6523922A662799B408D8BC26FFC7D2212F633B82045919562F30C224F1E ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
14:04:35.0463 0x1a44  msnmsgr - ok
14:04:35.0573 0x1a44  [ C654101E928F9C1EC19A3C3AA78D4482, 925C51A2B1DD082EA5F7035CDAD481F6017DD943B005042703CCE1D5F9572AF2 ] C:\Users\Aruran\AppData\Roaming\Spotify\Spotify.exe
14:04:35.0666 0x1a44  Spotify - ok
14:04:35.0697 0x1a44  [ 0C2D8CBA28E12D170FC5343F03E6D20C, 73A66AEF5D89E69E6B19172328AC043542FD7628DD44A569B23625261A0B56FB ] C:\Users\Aruran\AppData\Roaming\Spotify\SpotifyWebHelper.exe
14:04:35.0713 0x1a44  Spotify Web Helper - ok
14:04:35.0729 0x1a44  [ 2010CA459E5EC8F9D5FC8B000D130294, 058FF215A3AAD04F2A4CF23B2CC62A5EA28F5A705EFA689DCE9126720CF33229 ] C:\Users\Aruran\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:04:35.0729 0x1a44  OneDrive - ok
14:04:35.0729 0x1a44  Skype - ok
14:04:35.0807 0x1a44  [ 1C1072F58A01A87AC73D53AEEFAB4323, FE62D7CB39EA2CF16BD32FDFCD5E3F14971B5AF1D9D3C9A7B0E0FA53722D6C1B ] C:\Program Files\DAEMON Tools Lite\DTAgent.exe
14:04:35.0854 0x1a44  DAEMON Tools Lite Automount - ok
14:04:35.0869 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\ZAUU1FC4ZY\ZAUU1FC4Z.exe
14:04:35.0869 0x1a44  RRRV2SMXUP - ok
14:04:35.0885 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\NSWWDIN18Z\NSWWDIN18.exe
14:04:35.0885 0x1a44  1HNLNTZGDW - ok
14:04:35.0901 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\2LA9XOQK4R\2LA9XOQK4.exe
14:04:35.0901 0x1a44  4YFG394BZN - ok
14:04:35.0916 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\Z06UCTZZ10\Z06UCTZZ1.exe
14:04:35.0916 0x1a44  SA9EN75ICN - ok
14:04:35.0963 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Users\Aruran\AppData\Local\Temp\NBGTI2CFT\NBGTI2CFT.exe
14:04:35.0963 0x1a44  DVQCLJMAEQ - ok
14:04:35.0979 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\394AHT7JYC\394AHT7JY.exe
14:04:35.0979 0x1a44  AWFREW3ZKU - ok
14:04:35.0979 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\G5NV6PMZQY\TUTAEOS0P.exe
14:04:35.0994 0x1a44  7VT3UPTOXR - ok
14:04:35.0994 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\2UPOF0VUZ8\2UPOF0VUZ.exe
14:04:36.0010 0x1a44  48ALI829O4 - ok
14:04:36.0010 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\H1ASR0KVAA\H1ASR0KVA.exe
14:04:36.0010 0x1a44  B9FKZYJYPU - ok
14:04:36.0026 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Users\Aruran\AppData\Local\Temp\Y7QHIVYEP\Y7QHIVYEP.exe
14:04:36.0026 0x1a44  CIR0HP9PPD - ok
14:04:36.0041 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Users\Aruran\AppData\Local\Temp\5ANZUSRV6\5ANZUSRV6.exe
14:04:36.0041 0x1a44  0AYADRMO1L - ok
14:04:36.0057 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\WSYN11RTPB\WSYN11RTP.exe
14:04:36.0057 0x1a44  HIG670TBSL - ok
14:04:36.0073 0x1a44  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Users\Aruran\AppData\Local\Temp\O07ST4XN6\O07ST4XN6.exe
14:04:36.0073 0x1a44  PM1WKY2Y7U - ok
14:04:36.0073 0x1a44  OneDriveSetup - ok
14:04:36.0073 0x1a44  WAB Migrate - ok
14:04:36.0073 0x1a44  Waiting for KSN requests completion. In queue: 40
14:04:37.0088 0x1a44  Have new async UDS detects: 13
14:04:37.0088 0x1a44  0AYADRMO1L - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:37.0119 0x1a44  0AYADRMO1L ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:37.0119 0x1a44  Force sending object to P2P due to detect: C:\Users\Aruran\AppData\Local\Temp\5ANZUSRV6\5ANZUSRV6.exe
14:04:37.0338 0x1a44  Object send P2P result: true
14:04:37.0542 0x1a44  4YFG394BZN - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:37.0542 0x1a44  4YFG394BZN ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:37.0542 0x1a44  Force sending object to P2P due to detect: C:\Program Files\2LA9XOQK4R\2LA9XOQK4.exe
14:04:37.0792 0x1a44  Object send P2P result: true
14:04:37.0995 0x1a44  PM1WKY2Y7U - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:37.0995 0x1a44  PM1WKY2Y7U ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:37.0995 0x1a44  Force sending object to P2P due to detect: C:\Users\Aruran\AppData\Local\Temp\O07ST4XN6\O07ST4XN6.exe
14:04:38.0213 0x1a44  Object send P2P result: true
14:04:38.0495 0x1a44  DVQCLJMAEQ - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:38.0495 0x1a44  DVQCLJMAEQ ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:38.0495 0x1a44  Force sending object to P2P due to detect: C:\Users\Aruran\AppData\Local\Temp\NBGTI2CFT\NBGTI2CFT.exe
14:04:38.0714 0x1a44  Object send P2P result: true
14:04:38.0917 0x1a44  CIR0HP9PPD - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:38.0917 0x1a44  CIR0HP9PPD ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:38.0917 0x1a44  Force sending object to P2P due to detect: C:\Users\Aruran\AppData\Local\Temp\Y7QHIVYEP\Y7QHIVYEP.exe
14:04:39.0151 0x1a44  Object send P2P result: true
14:04:39.0511 0x1a44  1HNLNTZGDW - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:39.0511 0x1a44  1HNLNTZGDW ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:39.0511 0x1a44  Force sending object to P2P due to detect: C:\Program Files\NSWWDIN18Z\NSWWDIN18.exe
14:04:39.0745 0x1a44  Object send P2P result: true
14:04:39.0932 0x1a44  SA9EN75ICN - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:39.0932 0x1a44  SA9EN75ICN ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:39.0932 0x1a44  Force sending object to P2P due to detect: C:\Program Files\Z06UCTZZ10\Z06UCTZZ1.exe
14:04:40.0167 0x1a44  Object send P2P result: true
14:04:40.0354 0x1a44  AWFREW3ZKU - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:40.0354 0x1a44  AWFREW3ZKU ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:40.0354 0x1a44  Force sending object to P2P due to detect: C:\Program Files\394AHT7JYC\394AHT7JY.exe
14:04:40.0573 0x1a44  Object send P2P result: true
14:04:40.0729 0x1a44  7VT3UPTOXR - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:40.0729 0x1a44  7VT3UPTOXR ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:40.0729 0x1a44  Force sending object to P2P due to detect: C:\Program Files\G5NV6PMZQY\TUTAEOS0P.exe
14:04:40.0948 0x1a44  Object send P2P result: true
14:04:41.0136 0x1a44  HIG670TBSL - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:41.0136 0x1a44  HIG670TBSL ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:41.0136 0x1a44  Force sending object to P2P due to detect: C:\Program Files\WSYN11RTPB\WSYN11RTP.exe
14:04:41.0355 0x1a44  Object send P2P result: true
14:04:41.0542 0x1a44  48ALI829O4 - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:41.0542 0x1a44  48ALI829O4 ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:41.0542 0x1a44  Force sending object to P2P due to detect: C:\Program Files\2UPOF0VUZ8\2UPOF0VUZ.exe
14:04:41.0761 0x1a44  Object send P2P result: true
14:04:41.0933 0x1a44  B9FKZYJYPU - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:41.0933 0x1a44  B9FKZYJYPU ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:41.0933 0x1a44  Force sending object to P2P due to detect: C:\Program Files\H1ASR0KVAA\H1ASR0KVA.exe
14:04:42.0151 0x1a44  Object send P2P result: true
14:04:42.0308 0x1a44  RRRV2SMXUP - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:04:42.0308 0x1a44  RRRV2SMXUP ( UDS:DangerousObject.Multi.Generic ) - infected
14:04:42.0308 0x1a44  Force sending object to P2P due to detect: C:\Program Files\ZAUU1FC4ZY\ZAUU1FC4Z.exe
14:04:42.0527 0x1a44  Object send P2P result: true
14:04:42.0714 0x1a44  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.672 ), 0x60100 ( disabled : updated )
14:04:42.0714 0x1a44  Win FW state via NFP2: enabled ( trusted )
14:04:42.0902 0x1a44  ============================================================
14:04:42.0902 0x1a44  Scan finished
14:04:42.0902 0x1a44  ============================================================
14:04:42.0902 0x1ca0  Detected object count: 13
14:04:42.0902 0x1ca0  Actual detected object count: 13
14:05:39.0821 0x1ca0  0AYADRMO1L ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  0AYADRMO1L ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  4YFG394BZN ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  4YFG394BZN ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  PM1WKY2Y7U ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  PM1WKY2Y7U ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  DVQCLJMAEQ ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  DVQCLJMAEQ ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  CIR0HP9PPD ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  CIR0HP9PPD ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  1HNLNTZGDW ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  1HNLNTZGDW ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  SA9EN75ICN ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  SA9EN75ICN ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  AWFREW3ZKU ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  AWFREW3ZKU ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  7VT3UPTOXR ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  7VT3UPTOXR ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  HIG670TBSL ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  HIG670TBSL ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  48ALI829O4 ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0821 0x1ca0  48ALI829O4 ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0821 0x1ca0  B9FKZYJYPU ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0837 0x1ca0  B9FKZYJYPU ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:05:39.0837 0x1ca0  RRRV2SMXUP ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:05:39.0837 0x1ca0  RRRV2SMXUP ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
         

Alt 04.01.2017, 14:10   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Bitte genauer lesen

1. du sollst was genau machen, wenn MBAR fündig wurde?
2. tdsskiller sollst du wie einstellen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2017, 14:31   #11
Kingaru
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Schritt 1:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.01.04.06
  rootkit: v2016.11.20.01

Windows 10 x64 NTFS
Internet Explorer 11.713.10586.0
Aruran :: ARU [administrator]

04.01.2017 14:16:53
mbar-log-2017-01-04 (14-16-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 368807
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Schritt 2 :

Code:
ATTFilter
14:28:07.0284 0x07d8  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
14:28:07.0284 0x07d8  UEFI system
14:28:15.0832 0x07d8  ============================================================
14:28:15.0832 0x07d8  Current date / time: 2017/01/04 14:28:15.0832
14:28:15.0832 0x07d8  SystemInfo:
14:28:15.0832 0x07d8  
14:28:15.0832 0x07d8  OS Version: 10.0.10586 ServicePack: 0.0
14:28:15.0832 0x07d8  Product type: Workstation
14:28:15.0832 0x07d8  ComputerName: ARU
14:28:15.0832 0x07d8  UserName: Aruran
14:28:15.0832 0x07d8  Windows directory: C:\WINDOWS
14:28:15.0832 0x07d8  System windows directory: C:\WINDOWS
14:28:15.0832 0x07d8  Running under WOW64
14:28:15.0832 0x07d8  Processor architecture: Intel x64
14:28:15.0832 0x07d8  Number of processors: 4
14:28:15.0832 0x07d8  Page size: 0x1000
14:28:15.0832 0x07d8  Boot type: Normal boot
14:28:15.0832 0x07d8  CodeIntegrityOptions = 0x00000001
14:28:15.0832 0x07d8  ============================================================
14:28:15.0879 0x07d8  KLMD registered as C:\WINDOWS\system32\drivers\92638577.sys
14:28:15.0879 0x07d8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10586.672, osProperties = 0x19
14:28:15.0926 0x07d8  System UUID: {EF82A864-6780-CB34-D5BD-34A5A23C0BDF}
14:28:16.0113 0x07d8  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:28:16.0113 0x07d8  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:28:16.0129 0x07d8  ============================================================
14:28:16.0129 0x07d8  \Device\Harddisk0\DR0:
14:28:16.0129 0x07d8  GPT partitions:
14:28:16.0129 0x07d8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C3B56C8C-F0AA-4FB4-AAE1-3143C1006935}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
14:28:16.0129 0x07d8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {7B230AA8-0D9B-42E9-B650-56C47BDC0788}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x31800
14:28:16.0129 0x07d8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {E8C8F43C-B72C-444B-919E-383B8F18788F}, Name: Microsoft reserved partition, StartLBA 0xC8000, BlocksNum 0x40000
14:28:16.0129 0x07d8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F4EAB506-EDC4-48E5-B025-08974B562B6F}, Name: Basic data partition, StartLBA 0x108000, BlocksNum 0xEC93000
14:28:16.0129 0x07d8  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5D2FA3DD-C038-464D-8828-52954EA252AA}, Name: , StartLBA 0xED9B000, BlocksNum 0xE1000
14:28:16.0129 0x07d8  MBR partitions:
14:28:16.0129 0x07d8  \Device\Harddisk1\DR1:
14:28:16.0301 0x07d8  GPT partitions:
14:28:16.0301 0x07d8  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {CF86F0EB-7C32-40E9-8855-CE04BE805915}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
14:28:16.0301 0x07d8  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {75BA1B25-901B-4CC0-8A67-B24EE9630D7E}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
14:28:16.0301 0x07d8  MBR partitions:
14:28:16.0301 0x07d8  ============================================================
14:28:16.0316 0x07d8  C: <-> \Device\Harddisk0\DR0\Partition4
14:28:16.0316 0x07d8  D: <-> \Device\Harddisk1\DR1\Partition2
14:28:16.0316 0x07d8  ============================================================
14:28:16.0316 0x07d8  Initialize success
14:28:16.0316 0x07d8  ============================================================
14:28:48.0509 0x2284  ============================================================
14:28:48.0509 0x2284  Scan started
14:28:48.0509 0x2284  Mode: Manual; SigCheck; TDLFS; 
14:28:48.0509 0x2284  ============================================================
14:28:48.0509 0x2284  KSN ping started
14:28:48.0681 0x2284  KSN ping finished: true
14:28:49.0322 0x2284  ================ Scan system memory ========================
14:28:49.0322 0x2284  System memory - ok
14:28:49.0322 0x2284  ================ Scan services =============================
14:28:49.0369 0x2284  1394ohci - ok
14:28:49.0369 0x2284  3ware - ok
14:28:49.0369 0x2284  ACPI - ok
14:28:49.0369 0x2284  acpiex - ok
14:28:49.0369 0x2284  acpipagr - ok
14:28:49.0369 0x2284  AcpiPmi - ok
14:28:49.0369 0x2284  acpitime - ok
14:28:49.0384 0x2284  [ B3C96DC286A6566185660E0760488725, D1833862E214E07C081A765C3AC9788632E133A56C67A19D27B8E79999D18B0C ] AdaptiveSleepService C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
14:28:49.0400 0x2284  AdaptiveSleepService - ok
14:28:49.0416 0x2284  [ C92B0A0957ACAD3CEEF502A2CA10ACB8, 78BF46318B69D9479ECDC83446DD8D454AA2A9A9D94B33C5FC68933DB18AFA3B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:28:49.0416 0x2284  AdobeARMservice - ok
14:28:49.0447 0x2284  [ 6F3C49799F770075E339E92B9B14AF21, 96295CA42275D7C22FEDC9567E8CCA4AB6584B7D38B4D1D62CCF197CA539C8A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:28:49.0462 0x2284  AdobeFlashPlayerUpdateSvc - ok
14:28:49.0462 0x2284  ADP80XX - ok
14:28:49.0462 0x2284  AFD - ok
14:28:49.0478 0x2284  agp440 - ok
14:28:49.0478 0x2284  ahcache - ok
14:28:49.0478 0x2284  AJRouter - ok
14:28:49.0478 0x2284  ALG - ok
14:28:49.0494 0x2284  [ 264B9AE7F91280A3A99560BE562CEEA8, 2FE338C2E9CA65C81DFE851873D7B2D3CB108E1F7CD4491FF6AA7874B0578528 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
14:28:49.0494 0x2284  AMD External Events Utility - ok
14:28:49.0494 0x2284  AmdK8 - ok
14:28:49.0494 0x2284  [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd        C:\WINDOWS\system32\drivers\amdkmafd.sys
14:28:49.0509 0x2284  amdkmafd - ok
14:28:49.0509 0x2284  amdkmdag - ok
14:28:49.0525 0x2284  [ D63F23E361FB774EDA3A5179E19CB64F, 8A72DA4C295748BB469F7D94D563219464E928114E7028FD49C6896351C92FA3 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
14:28:49.0541 0x2284  amdkmdap - ok
14:28:49.0541 0x2284  AmdPPM - ok
14:28:49.0541 0x2284  amdsata - ok
14:28:49.0541 0x2284  amdsbs - ok
14:28:49.0541 0x2284  amdxata - ok
14:28:49.0541 0x2284  AppID - ok
14:28:49.0541 0x2284  AppIDSvc - ok
14:28:49.0556 0x2284  Appinfo - ok
14:28:49.0556 0x2284  [ 885888F8AAD89108A5EE2D0174690220, 9B148C117EBE400F40BF7F32B66B20AA4628BA9E233D707DFA2EB4A8A65E7C52 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:28:49.0556 0x2284  Apple Mobile Device Service - ok
14:28:49.0556 0x2284  AppMgmt - ok
14:28:49.0572 0x2284  AppReadiness - ok
14:28:49.0572 0x2284  AppXSvc - ok
14:28:49.0572 0x2284  Archer - ok
14:28:49.0572 0x2284  arcsas - ok
14:28:49.0572 0x2284  AsyncMac - ok
14:28:49.0572 0x2284  atapi - ok
14:28:49.0588 0x2284  [ 0966FD5BAB1F9BE200875E9EED0A0A13, F4BE70C0581B51ED6DAE6412A5FF74AE310BF88DE89C5A5E5880BEED543B01D7 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
14:28:49.0588 0x2284  AtiHDAudioService - ok
14:28:49.0603 0x2284  AudioEndpointBuilder - ok
14:28:49.0603 0x2284  Audiosrv - ok
14:28:49.0603 0x2284  AxInstSV - ok
14:28:49.0603 0x2284  b06bdrv - ok
14:28:49.0603 0x2284  BasicDisplay - ok
14:28:49.0603 0x2284  BasicRender - ok
14:28:49.0603 0x2284  bcmfn - ok
14:28:49.0619 0x2284  bcmfn2 - ok
14:28:49.0619 0x2284  BDESVC - ok
14:28:49.0619 0x2284  Beep - ok
14:28:49.0650 0x2284  [ CE4DEB0464915A50371D1FCDD22BE6D0, 8CFDC981605DE5ED22DC07E892108445BDAE84FCACFAF2EB5E4417E0757B623D ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
14:28:49.0681 0x2284  BEService - ok
14:28:49.0697 0x2284  BFE - ok
14:28:49.0697 0x2284  BITS - ok
14:28:49.0697 0x2284  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:28:49.0713 0x2284  Bonjour Service - ok
14:28:49.0713 0x2284  bowser - ok
14:28:49.0713 0x2284  BrokerInfrastructure - ok
14:28:49.0713 0x2284  Browser - ok
14:28:49.0728 0x2284  BthAvrcpTg - ok
14:28:49.0728 0x2284  BthHFEnum - ok
14:28:49.0728 0x2284  bthhfhid - ok
14:28:49.0728 0x2284  BthHFSrv - ok
14:28:49.0728 0x2284  BTHMODEM - ok
14:28:49.0744 0x2284  bthserv - ok
14:28:49.0744 0x2284  buttonconverter - ok
14:28:49.0744 0x2284  CapImg - ok
14:28:49.0744 0x2284  cdfs - ok
14:28:49.0744 0x2284  CDPSvc - ok
14:28:49.0744 0x2284  cdrom - ok
14:28:49.0744 0x2284  CertPropSvc - ok
14:28:49.0744 0x2284  circlass - ok
14:28:49.0759 0x2284  CLFS - ok
14:28:49.0759 0x2284  ClipSVC - ok
14:28:49.0759 0x2284  CmBatt - ok
14:28:49.0759 0x2284  CNG - ok
14:28:49.0759 0x2284  cnghwassist - ok
14:28:49.0775 0x2284  CompositeBus - ok
14:28:49.0791 0x2284  COMSysApp - ok
14:28:49.0791 0x2284  condrv - ok
14:28:49.0791 0x2284  CoreMessagingRegistrar - ok
14:28:49.0822 0x2284  [ 75C568E62A2BD89A869C34119A66D19B, 2954F25E511947728FE50AA76ACECE0B6952D1984301027F499E2F3DAAEB65D3 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
14:28:49.0838 0x2284  cphs - ok
14:28:49.0838 0x2284  CryptSvc - ok
14:28:49.0838 0x2284  CSC - ok
14:28:49.0838 0x2284  CscService - ok
14:28:49.0838 0x2284  dam - ok
14:28:49.0838 0x2284  DcomLaunch - ok
14:28:49.0853 0x2284  DcpSvc - ok
14:28:49.0853 0x2284  defragsvc - ok
14:28:49.0853 0x2284  DeviceAssociationService - ok
14:28:49.0853 0x2284  DeviceInstall - ok
14:28:49.0853 0x2284  DevQueryBroker - ok
14:28:49.0853 0x2284  Dfsc - ok
14:28:49.0869 0x2284  [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
14:28:49.0869 0x2284  dg_ssudbus - ok
14:28:49.0869 0x2284  Dhcp - ok
14:28:49.0869 0x2284  diagnosticshub.standardcollector.service - ok
14:28:49.0884 0x2284  DiagTrack - ok
14:28:49.0900 0x2284  [ 02C35E36934E63C38E6BF6F5BE50E957, CEE6BE141E6CEDC2EE96695AC431CF762511DBFF1EC32C3E00A11D2B5C4B7C1E ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
14:28:49.0931 0x2284  Disc Soft Lite Bus Service - ok
14:28:49.0947 0x2284  disk - ok
14:28:49.0947 0x2284  DmEnrollmentSvc - ok
14:28:49.0947 0x2284  dmvsc - ok
14:28:49.0947 0x2284  dmwappushservice - ok
14:28:49.0947 0x2284  Dnscache - ok
14:28:49.0947 0x2284  dot3svc - ok
14:28:49.0963 0x2284  DPS - ok
14:28:49.0963 0x2284  drmkaud - ok
14:28:49.0963 0x2284  DsmSvc - ok
14:28:49.0963 0x2284  DsSvc - ok
14:28:49.0963 0x2284  [ 679FF716052109392D870F6A6C4A3535, BEF1784448CCA4AF1D67ED68BD0C7CFE01A7719E98CACF92C2DCBFAA916DC57E ] dtlitescsibus   C:\WINDOWS\System32\drivers\dtlitescsibus.sys
14:28:49.0978 0x2284  dtlitescsibus - ok
14:28:49.0978 0x2284  [ E23FDD696839A4790682CA66C48D3F2F, F5F0721BDA751968224E52E75D0C309A3E084C430CD98E85A55AF622D16B9A44 ] dtliteusbbus    C:\WINDOWS\System32\drivers\dtliteusbbus.sys
14:28:49.0978 0x2284  dtliteusbbus - ok
14:28:49.0978 0x2284  DXGKrnl - ok
14:28:49.0978 0x2284  Eaphost - ok
14:28:49.0994 0x2284  ebdrv - ok
14:28:49.0994 0x2284  EFS - ok
14:28:49.0994 0x2284  EhStorClass - ok
14:28:49.0994 0x2284  EhStorTcgDrv - ok
14:28:49.0994 0x2284  embeddedmode - ok
14:28:49.0994 0x2284  EntAppSvc - ok
14:28:49.0994 0x2284  ErrDev - ok
14:28:50.0009 0x2284  EventSystem - ok
14:28:50.0009 0x2284  exfat - ok
14:28:50.0009 0x2284  fastfat - ok
14:28:50.0009 0x2284  Fax - ok
14:28:50.0009 0x2284  fdc - ok
14:28:50.0009 0x2284  fdPHost - ok
14:28:50.0009 0x2284  FDResPub - ok
14:28:50.0025 0x2284  fhsvc - ok
14:28:50.0025 0x2284  FileCrypt - ok
14:28:50.0025 0x2284  FileInfo - ok
14:28:50.0025 0x2284  Filetrace - ok
14:28:50.0025 0x2284  flpydisk - ok
14:28:50.0025 0x2284  FltMgr - ok
14:28:50.0025 0x2284  FontCache - ok
14:28:50.0041 0x2284  FontCache3.0.0.0 - ok
14:28:50.0041 0x2284  FsDepends - ok
14:28:50.0041 0x2284  Fs_Rec - ok
14:28:50.0041 0x2284  fvevol - ok
14:28:50.0041 0x2284  gagp30kx - ok
14:28:50.0041 0x2284  gencounter - ok
14:28:50.0041 0x2284  genericusbfn - ok
14:28:50.0056 0x2284  GPIOClx0101 - ok
14:28:50.0056 0x2284  gpsvc - ok
14:28:50.0056 0x2284  GpuEnergyDrv - ok
14:28:50.0056 0x2284  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:28:50.0072 0x2284  gupdate - ok
14:28:50.0072 0x2284  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:28:50.0072 0x2284  gupdatem - ok
14:28:50.0072 0x2284  HdAudAddService - ok
14:28:50.0088 0x2284  HDAudBus - ok
14:28:50.0088 0x2284  HidBatt - ok
14:28:50.0088 0x2284  HidBth - ok
14:28:50.0088 0x2284  hidi2c - ok
14:28:50.0088 0x2284  hidinterrupt - ok
14:28:50.0088 0x2284  HidIr - ok
14:28:50.0088 0x2284  hidserv - ok
14:28:50.0088 0x2284  HidUsb - ok
14:28:50.0103 0x2284  [ 492572D5C65636F598739552EBA3D3C1, 866C4683007E0DA2AD2B219A80B6EF34EE6972F8B5A248605AB39F735F0FF6DC ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
14:28:50.0103 0x2284  HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
14:28:50.0322 0x2284  Detect skipped due to KSN trusted
14:28:50.0322 0x2284  HiPatchService - ok
14:28:50.0322 0x2284  HomeGroupListener - ok
14:28:50.0322 0x2284  HomeGroupProvider - ok
14:28:50.0338 0x2284  HpSAMD - ok
14:28:50.0338 0x2284  HTTP - ok
14:28:50.0338 0x2284  hwpolicy - ok
14:28:50.0338 0x2284  hyperkbd - ok
14:28:50.0338 0x2284  i8042prt - ok
14:28:50.0338 0x2284  iai2c - ok
14:28:50.0353 0x2284  iaLPSS2i_I2C - ok
14:28:50.0353 0x2284  iaLPSSi_GPIO - ok
14:28:50.0353 0x2284  iaLPSSi_I2C - ok
14:28:50.0353 0x2284  iaStorAV - ok
14:28:50.0353 0x2284  iaStorV - ok
14:28:50.0353 0x2284  ibbus - ok
14:28:50.0353 0x2284  icssvc - ok
14:28:50.0353 0x2284  IEEtwCollectorService - ok
14:28:50.0494 0x2284  [ 658287D76E8D77C08AE98989F99B8948, DBA67B5772E1FE43ABDB3908A1CF86D76F2774BABC20359D2511F06A2A8CAC57 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
14:28:50.0634 0x2284  igfx - ok
14:28:50.0650 0x2284  [ A105AD05696D55E6E4F078ED850F6305, 8121A4226D2941EDD4809D516E7684E5C7164ADCF5AA4C8BC6620110625D3E8D ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
14:28:50.0666 0x2284  igfxCUIService2.0.0.0 - ok
14:28:50.0666 0x2284  IKEEXT - ok
14:28:50.0666 0x2284  [ CF25067821BB89E87021E9493C178863, 1AA25378EFD977BC6CD9405A395FA2962770385FAB5A9A55FC95B5F6DFD8D1AE ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
14:28:50.0666 0x2284  intaud_WaveExtensible - ok
14:28:50.0681 0x2284  [ E300D1E37B737ED14F7A08CD5604E5D9, 5C1135081E29D7F4A97D5CAA2C8FBE1DD04EC7A3D8E648E69F2AA9EBDD88EBBB ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
14:28:50.0697 0x2284  IntcDAud - ok
14:28:50.0697 0x2284  intelide - ok
14:28:50.0697 0x2284  intelpep - ok
14:28:50.0697 0x2284  intelppm - ok
14:28:50.0697 0x2284  IoQos - ok
14:28:50.0713 0x2284  IpFilterDriver - ok
14:28:50.0713 0x2284  iphlpsvc - ok
14:28:50.0713 0x2284  IPMIDRV - ok
14:28:50.0713 0x2284  IPNAT - ok
14:28:50.0728 0x2284  [ 16A6D49E7698FC6F1730D3FF9F5561A8, 860D2601BA3A71C81A6B21F4D92A5E9C47772C9DE0F047D49000FA4A484D7932 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:28:50.0744 0x2284  iPod Service - ok
14:28:50.0744 0x2284  IRENUM - ok
14:28:50.0744 0x2284  isapnp - ok
14:28:50.0744 0x2284  iScsiPrt - ok
14:28:50.0744 0x2284  [ 9C6F3F69163133FB8E56AC4A6E163452, BD6CAB093B5451B4CC85B4528DC0251C97A3D11CB3C1493D25F37B06F8CD2238 ] ISODrive        C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
14:28:50.0759 0x2284  ISODrive - ok
14:28:50.0759 0x2284  [ BFB76407E840891C84FB0FCB74B7F9A6, 8E05C823B8D040D94EA8821BBF877F48D8AD92DA13C03A48212DE2EA8F6CCF14 ] Janersharemeing C:\Program Files (x86)\Delyqgach\cktcontrols.dll
14:28:50.0775 0x2284  Janersharemeing - detected UnsignedFile.Multi.Generic ( 1 )
14:28:51.0009 0x2284  Janersharemeing ( UnsignedFile.Multi.Generic ) - warning
14:28:51.0213 0x2284  kbdclass - ok
14:28:51.0213 0x2284  kbdhid - ok
14:28:51.0213 0x2284  kdnic - ok
14:28:51.0213 0x2284  KeyIso - ok
14:28:51.0213 0x2284  [ B355CDD82F914D681DADEF1049D8174A, EEC9BD077A51766D1827449200FB542201269891E1BECEA39CDCAF4755F15E0B ] KovaPlusFltr    C:\WINDOWS\system32\drivers\KovaPlusFltr.sys
14:28:51.0228 0x2284  KovaPlusFltr - ok
14:28:51.0228 0x2284  KSecDD - ok
14:28:51.0228 0x2284  KSecPkg - ok
14:28:51.0228 0x2284  ksthunk - ok
14:28:51.0228 0x2284  KtmRm - ok
14:28:51.0244 0x2284  LanmanServer - ok
14:28:51.0244 0x2284  LanmanWorkstation - ok
14:28:51.0260 0x2284  [ 466D09ACE5DC75439A00AD19618B2306, E7E2A19547B5E9A8CC890A36EA2998286A79CC1449F2EDDE52A57AE531A8B341 ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
14:28:51.0275 0x2284  Lenovo EasyPlus Hotspot - ok
14:28:51.0275 0x2284  lfsvc - ok
14:28:51.0275 0x2284  LicenseManager - ok
14:28:51.0275 0x2284  lltdio - ok
14:28:51.0275 0x2284  lltdsvc - ok
14:28:51.0275 0x2284  lmhosts - ok
14:28:51.0291 0x2284  LSI_SAS - ok
14:28:51.0291 0x2284  LSI_SAS2i - ok
14:28:51.0291 0x2284  LSI_SAS3i - ok
14:28:51.0291 0x2284  LSI_SSS - ok
14:28:51.0291 0x2284  LSM - ok
14:28:51.0291 0x2284  luafv - ok
14:28:51.0306 0x2284  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
14:28:51.0306 0x2284  LVRS64 - ok
14:28:51.0385 0x2284  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
14:28:51.0478 0x2284  LVUVC64 - ok
14:28:51.0478 0x2284  MapsBroker - ok
14:28:51.0478 0x2284  megasas - ok
14:28:51.0478 0x2284  megasr - ok
14:28:51.0494 0x2284  [ E7C9F74D8CAAB1FF7964C27C070FB16C, 76CCD9109E1031A336B7E275368520FFB60D500E24444B04066F205D1ED5BA2B ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
14:28:51.0494 0x2284  MEIx64 - ok
14:28:51.0494 0x2284  MessagingService - ok
14:28:51.0572 0x2284  mlx4_bus - ok
14:28:51.0572 0x2284  MMCSS - ok
14:28:51.0572 0x2284  Modem - ok
14:28:51.0572 0x2284  monitor - ok
14:28:51.0572 0x2284  mouclass - ok
14:28:51.0572 0x2284  mouhid - ok
14:28:51.0572 0x2284  mountmgr - ok
14:28:51.0588 0x2284  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:28:51.0588 0x2284  MozillaMaintenance - ok
14:28:51.0588 0x2284  mpsdrv - ok
14:28:51.0588 0x2284  MpsSvc - ok
14:28:51.0588 0x2284  MRxDAV - ok
14:28:51.0603 0x2284  mrxsmb - ok
14:28:51.0603 0x2284  mrxsmb10 - ok
14:28:51.0603 0x2284  mrxsmb20 - ok
14:28:51.0603 0x2284  MsBridge - ok
14:28:51.0603 0x2284  MSDTC - ok
14:28:51.0603 0x2284  Msfs - ok
14:28:51.0619 0x2284  msgpiowin32 - ok
14:28:51.0619 0x2284  mshidkmdf - ok
14:28:51.0619 0x2284  mshidumdf - ok
14:28:51.0619 0x2284  msisadrv - ok
14:28:51.0619 0x2284  MSiSCSI - ok
14:28:51.0619 0x2284  msiserver - ok
14:28:51.0619 0x2284  MSKSSRV - ok
14:28:51.0635 0x2284  MsLldp - ok
14:28:51.0635 0x2284  MSPCLOCK - ok
14:28:51.0635 0x2284  MSPQM - ok
14:28:51.0635 0x2284  MsRPC - ok
14:28:51.0635 0x2284  mssmbios - ok
14:28:51.0635 0x2284  MSTEE - ok
14:28:51.0635 0x2284  MTConfig - ok
14:28:51.0650 0x2284  Mup - ok
14:28:51.0650 0x2284  mvumis - ok
14:28:51.0650 0x2284  NativeWifiP - ok
14:28:51.0650 0x2284  NcaSvc - ok
14:28:51.0650 0x2284  NcbService - ok
14:28:51.0650 0x2284  NcdAutoSetup - ok
14:28:51.0666 0x2284  ndfltr - ok
14:28:51.0666 0x2284  NDIS - ok
14:28:51.0666 0x2284  NdisCap - ok
14:28:51.0666 0x2284  NdisImPlatform - ok
14:28:51.0666 0x2284  NdisTapi - ok
14:28:51.0666 0x2284  Ndisuio - ok
14:28:51.0681 0x2284  NdisVirtualBus - ok
14:28:51.0681 0x2284  NdisWan - ok
14:28:51.0681 0x2284  ndiswanlegacy - ok
14:28:51.0681 0x2284  ndproxy - ok
14:28:51.0681 0x2284  Ndu - ok
14:28:51.0681 0x2284  NetBIOS - ok
14:28:51.0681 0x2284  NetBT - ok
14:28:51.0697 0x2284  Netlogon - ok
14:28:51.0697 0x2284  Netman - ok
14:28:51.0697 0x2284  netprofm - ok
14:28:51.0697 0x2284  NetSetupSvc - ok
14:28:51.0697 0x2284  NetTcpPortSharing - ok
14:28:51.0713 0x2284  NgcCtnrSvc - ok
14:28:51.0713 0x2284  NgcSvc - ok
14:28:51.0713 0x2284  NlaSvc - ok
14:28:51.0713 0x2284  Npfs - ok
14:28:51.0713 0x2284  npsvctrig - ok
14:28:51.0713 0x2284  nsi - ok
14:28:51.0713 0x2284  nsiproxy - ok
14:28:51.0728 0x2284  NTFS - ok
14:28:51.0728 0x2284  Null - ok
14:28:51.0728 0x2284  nvraid - ok
14:28:51.0728 0x2284  nvstor - ok
14:28:51.0728 0x2284  nv_agp - ok
14:28:51.0744 0x2284  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:28:51.0760 0x2284  odserv - ok
14:28:51.0760 0x2284  OneSyncSvc - ok
14:28:51.0822 0x2284  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:28:51.0822 0x2284  ose - ok
14:28:51.0838 0x2284  p2pimsvc - ok
14:28:51.0838 0x2284  p2psvc - ok
14:28:51.0838 0x2284  Parport - ok
14:28:51.0838 0x2284  partmgr - ok
14:28:51.0838 0x2284  PcaSvc - ok
14:28:51.0838 0x2284  pci - ok
14:28:51.0838 0x2284  pciide - ok
14:28:51.0838 0x2284  pcmcia - ok
14:28:51.0853 0x2284  pcw - ok
14:28:51.0853 0x2284  pdc - ok
14:28:51.0853 0x2284  PEAUTH - ok
14:28:51.0853 0x2284  PeerDistSvc - ok
14:28:51.0853 0x2284  percsas2i - ok
14:28:51.0853 0x2284  percsas3i - ok
14:28:51.0885 0x2284  PerfHost - ok
14:28:51.0885 0x2284  PhoneSvc - ok
14:28:51.0885 0x2284  PimIndexMaintenanceSvc - ok
14:28:51.0947 0x2284  pla - ok
14:28:51.0963 0x2284  PlugPlay - ok
14:28:51.0963 0x2284  PnkBstrA - ok
14:28:51.0963 0x2284  PNRPAutoReg - ok
14:28:51.0963 0x2284  PNRPsvc - ok
14:28:51.0963 0x2284  PolicyAgent - ok
14:28:51.0963 0x2284  Power - ok
14:28:51.0963 0x2284  PptpMiniport - ok
14:28:52.0025 0x2284  [ 2195908CEF288E1C10E5266B9DF75D29, 30E0664A03C58DD3B325A9A4A248AD1FA9297DD65F0D472C3AD90E21B238169F ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:28:52.0119 0x2284  PrintNotify - ok
14:28:52.0135 0x2284  Processor - ok
14:28:52.0135 0x2284  ProfSvc - ok
14:28:52.0135 0x2284  Psched - ok
14:28:52.0135 0x2284  QWAVE - ok
14:28:52.0135 0x2284  QWAVEdrv - ok
14:28:52.0135 0x2284  RasAcd - ok
14:28:52.0135 0x2284  RasAgileVpn - ok
14:28:52.0150 0x2284  RasAuto - ok
14:28:52.0150 0x2284  Rasl2tp - ok
14:28:52.0150 0x2284  RasMan - ok
14:28:52.0150 0x2284  RasPppoe - ok
14:28:52.0150 0x2284  RasSstp - ok
14:28:52.0150 0x2284  [ 7269DB4C306D673389848B29C343F12F, 1229FF7A06461D2CB0EB9F366F98538D8C28C9C1F70FCAC86DD04115A114B996 ] Razer Game Scanner Service C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
14:28:52.0166 0x2284  Razer Game Scanner Service - ok
14:28:52.0166 0x2284  rdbss - ok
14:28:52.0166 0x2284  rdpbus - ok
14:28:52.0166 0x2284  RDPDR - ok
14:28:52.0181 0x2284  RdpVideoMiniport - ok
14:28:52.0181 0x2284  rdyboost - ok
14:28:52.0181 0x2284  ReFSv1 - ok
14:28:52.0181 0x2284  RemoteAccess - ok
14:28:52.0181 0x2284  RemoteRegistry - ok
14:28:52.0181 0x2284  RetailDemo - ok
14:28:52.0181 0x2284  RpcEptMapper - ok
14:28:52.0197 0x2284  RpcLocator - ok
14:28:52.0197 0x2284  RpcSs - ok
14:28:52.0197 0x2284  rspndr - ok
14:28:52.0197 0x2284  rt640x64 - ok
14:28:52.0213 0x2284  [ 9FE061CEBE2478FABC37BBA9557C6DAA, 8D995FD75DDCC14C7C63661314F0061CD827D89CE23116842082ACF528664E37 ] RzKLService     C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
14:28:52.0213 0x2284  RzKLService - ok
14:28:52.0213 0x2284  [ 0C90E6CEA576095888E779E5BD9DD060, 8A13A92D5A8E577E2B919CC879FA8CFA1FAD0A6BFF0CF4FCC59B8E74AB22A673 ] rzpmgrk         C:\Windows\system32\drivers\rzpmgrk.sys
14:28:52.0213 0x2284  rzpmgrk - ok
14:28:52.0228 0x2284  s3cap - ok
14:28:52.0228 0x2284  SamSs - ok
14:28:52.0228 0x2284  sbp2port - ok
14:28:52.0228 0x2284  SCardSvr - ok
14:28:52.0228 0x2284  ScDeviceEnum - ok
14:28:52.0228 0x2284  scfilter - ok
14:28:52.0228 0x2284  Schedule - ok
14:28:52.0228 0x2284  SCPolicySvc - ok
14:28:52.0244 0x2284  sdbus - ok
14:28:52.0244 0x2284  SDRSVC - ok
14:28:52.0244 0x2284  sdstor - ok
14:28:52.0244 0x2284  seclogon - ok
14:28:52.0244 0x2284  SENS - ok
14:28:52.0244 0x2284  SensorDataService - ok
14:28:52.0260 0x2284  SensorService - ok
14:28:52.0260 0x2284  SensrSvc - ok
14:28:52.0260 0x2284  SerCx - ok
14:28:52.0260 0x2284  SerCx2 - ok
14:28:52.0260 0x2284  Serenum - ok
14:28:52.0260 0x2284  Serial - ok
14:28:52.0260 0x2284  sermouse - ok
14:28:52.0275 0x2284  SessionEnv - ok
14:28:52.0275 0x2284  sfloppy - ok
14:28:52.0275 0x2284  SharedAccess - ok
14:28:52.0275 0x2284  ShellHWDetection - ok
14:28:52.0275 0x2284  SiSRaid2 - ok
14:28:52.0275 0x2284  SiSRaid4 - ok
14:28:52.0291 0x2284  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:28:52.0306 0x2284  SkypeUpdate - ok
14:28:52.0306 0x2284  smphost - ok
14:28:52.0306 0x2284  SmsRouter - ok
14:28:52.0322 0x2284  SNMPTRAP - ok
14:28:52.0322 0x2284  spaceport - ok
14:28:52.0322 0x2284  SpbCx - ok
14:28:52.0322 0x2284  Spooler - ok
14:28:52.0322 0x2284  sppsvc - ok
14:28:52.0322 0x2284  srv - ok
14:28:52.0322 0x2284  srv2 - ok
14:28:52.0322 0x2284  srvnet - ok
14:28:52.0338 0x2284  SSDPSRV - ok
14:28:52.0338 0x2284  SstpSvc - ok
14:28:52.0338 0x2284  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
14:28:52.0353 0x2284  ssudmdm - ok
14:28:52.0353 0x2284  [ 76F7D7217FBDAB77798A2A244ACD641F, E65CF2CE789E721CEFCA35DF5100304C56135459DA2421DB2A0DF9E6E9DDE70F ] ssudserd        C:\WINDOWS\system32\DRIVERS\ssudserd.sys
14:28:52.0353 0x2284  ssudserd - ok
14:28:52.0369 0x2284  StateRepository - ok
14:28:52.0385 0x2284  [ 90E22D7CDE08E07446D238A569BCAB7C, 3D4F413D0B0C9CF28D06E0476F24AC6441C8678DF786D9971B39C91C9F9B8020 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:28:52.0416 0x2284  Steam Client Service - ok
14:28:52.0416 0x2284  stexstor - ok
14:28:52.0416 0x2284  stisvc - ok
14:28:52.0431 0x2284  storahci - ok
14:28:52.0431 0x2284  storflt - ok
14:28:52.0431 0x2284  stornvme - ok
14:28:52.0431 0x2284  storqosflt - ok
14:28:52.0431 0x2284  StorSvc - ok
14:28:52.0431 0x2284  storufs - ok
14:28:52.0431 0x2284  storvsc - ok
14:28:52.0431 0x2284  svsvc - ok
14:28:52.0447 0x2284  swenum - ok
14:28:52.0447 0x2284  swprv - ok
14:28:52.0447 0x2284  Synth3dVsc - ok
14:28:52.0447 0x2284  SysMain - ok
14:28:52.0447 0x2284  SystemEventsBroker - ok
14:28:52.0447 0x2284  TabletInputService - ok
14:28:52.0447 0x2284  TapiSrv - ok
14:28:52.0463 0x2284  Tcpip - ok
14:28:52.0463 0x2284  Tcpip6 - ok
14:28:52.0463 0x2284  tcpipreg - ok
14:28:52.0463 0x2284  tdx - ok
14:28:52.0463 0x2284  terminpt - ok
14:28:52.0463 0x2284  TermService - ok
14:28:52.0463 0x2284  Themes - ok
14:28:52.0478 0x2284  TieringEngineService - ok
14:28:52.0478 0x2284  tiledatamodelsvc - ok
14:28:52.0478 0x2284  TimeBroker - ok
14:28:52.0478 0x2284  TPM - ok
14:28:52.0478 0x2284  TrkWks - ok
14:28:52.0478 0x2284  TrustedInstaller - ok
14:28:52.0478 0x2284  tsusbflt - ok
14:28:52.0494 0x2284  TsUsbGD - ok
14:28:52.0525 0x2284  [ 82B220AAC7079DBD34F014589E5A5886, F5F82C0C9BB13F041CA3750A478E2062BCF1A64AC901655413A61A719DFC34F2 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
14:28:52.0572 0x2284  TuneUp.UtilitiesSvc - ok
14:28:52.0572 0x2284  [ DB3C912A851FCA6358FED4D53DAA7E91, B35375EC9AF61D829489D9B278605E2098D6402419E79EB24C65D3B65816AEBC ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
14:28:52.0572 0x2284  TuneUpUtilitiesDrv - ok
14:28:52.0572 0x2284  tunnel - ok
14:28:52.0572 0x2284  tzautoupdate - ok
14:28:52.0588 0x2284  uagp35 - ok
14:28:52.0588 0x2284  UASPStor - ok
14:28:52.0588 0x2284  UcmCx0101 - ok
14:28:52.0588 0x2284  UcmUcsi - ok
14:28:52.0588 0x2284  Ucx01000 - ok
14:28:52.0588 0x2284  UdeCx - ok
14:28:52.0588 0x2284  udfs - ok
14:28:52.0588 0x2284  UEFI - ok
14:28:52.0603 0x2284  Ufx01000 - ok
14:28:52.0603 0x2284  UfxChipidea - ok
14:28:52.0603 0x2284  ufxsynopsys - ok
14:28:52.0603 0x2284  UI0Detect - ok
14:28:52.0603 0x2284  uliagpkx - ok
14:28:52.0619 0x2284  umbus - ok
14:28:52.0619 0x2284  UmPass - ok
14:28:52.0619 0x2284  UmRdpService - ok
14:28:52.0619 0x2284  UnistoreSvc - ok
14:28:52.0681 0x2284  UnlockerDriver5 - ok
14:28:52.0681 0x2284  upnphost - ok
14:28:52.0681 0x2284  UrsChipidea - ok
14:28:52.0681 0x2284  UrsCx01000 - ok
14:28:52.0681 0x2284  UrsSynopsys - ok
14:28:52.0697 0x2284  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
14:28:52.0697 0x2284  USBAAPL64 - ok
14:28:52.0713 0x2284  usbaudio - ok
14:28:52.0713 0x2284  usbccgp - ok
14:28:52.0713 0x2284  usbcir - ok
14:28:52.0713 0x2284  usbehci - ok
14:28:52.0713 0x2284  usbhub - ok
14:28:52.0713 0x2284  USBHUB3 - ok
14:28:52.0713 0x2284  usbohci - ok
14:28:52.0728 0x2284  usbprint - ok
14:28:52.0728 0x2284  usbser - ok
14:28:52.0728 0x2284  USBSTOR - ok
14:28:52.0728 0x2284  usbuhci - ok
14:28:52.0728 0x2284  USBXHCI - ok
14:28:52.0728 0x2284  UserDataSvc - ok
14:28:52.0791 0x2284  UserManager - ok
14:28:52.0791 0x2284  UsoSvc - ok
14:28:52.0806 0x2284  VaultSvc - ok
14:28:52.0806 0x2284  vdrvroot - ok
14:28:52.0806 0x2284  vds - ok
14:28:52.0806 0x2284  VerifierExt - ok
14:28:52.0806 0x2284  vhdmp - ok
14:28:52.0806 0x2284  vhf - ok
14:28:52.0822 0x2284  vmbus - ok
14:28:52.0822 0x2284  VMBusHID - ok
14:28:52.0822 0x2284  vmicguestinterface - ok
14:28:52.0822 0x2284  vmicheartbeat - ok
14:28:52.0822 0x2284  vmickvpexchange - ok
14:28:52.0822 0x2284  vmicrdv - ok
14:28:52.0822 0x2284  vmicshutdown - ok
14:28:52.0838 0x2284  vmictimesync - ok
14:28:52.0838 0x2284  vmicvmsession - ok
14:28:52.0838 0x2284  vmicvss - ok
14:28:52.0838 0x2284  volmgr - ok
14:28:52.0838 0x2284  volmgrx - ok
14:28:52.0838 0x2284  volsnap - ok
14:28:52.0838 0x2284  vpci - ok
14:28:52.0853 0x2284  vsmraid - ok
14:28:52.0853 0x2284  VSS - ok
14:28:52.0853 0x2284  VSTXRAID - ok
14:28:52.0853 0x2284  vwifibus - ok
14:28:52.0853 0x2284  vwififlt - ok
14:28:52.0853 0x2284  W32Time - ok
14:28:52.0853 0x2284  WacomPen - ok
14:28:52.0869 0x2284  WalletService - ok
14:28:52.0869 0x2284  wanarp - ok
14:28:52.0869 0x2284  wanarpv6 - ok
14:28:52.0869 0x2284  wbengine - ok
14:28:52.0869 0x2284  WbioSrvc - ok
14:28:52.0869 0x2284  Wcmsvc - ok
14:28:52.0869 0x2284  wcncsvc - ok
14:28:52.0885 0x2284  WcsPlugInService - ok
14:28:52.0885 0x2284  WdBoot - ok
14:28:52.0885 0x2284  Wdf01000 - ok
14:28:52.0885 0x2284  WdFilter - ok
14:28:52.0885 0x2284  WdiServiceHost - ok
14:28:52.0885 0x2284  WdiSystemHost - ok
14:28:52.0885 0x2284  wdiwifi - ok
14:28:52.0900 0x2284  WdNisDrv - ok
14:28:52.0900 0x2284  WdNisSvc - ok
14:28:52.0900 0x2284  WebClient - ok
14:28:52.0900 0x2284  Wecsvc - ok
14:28:52.0900 0x2284  WEPHOSTSVC - ok
14:28:52.0900 0x2284  wercplsupport - ok
14:28:52.0900 0x2284  WerSvc - ok
14:28:52.0916 0x2284  WFPLWFS - ok
14:28:52.0916 0x2284  WiaRpc - ok
14:28:52.0916 0x2284  WIMMount - ok
14:28:52.0916 0x2284  WinDefend - ok
14:28:52.0916 0x2284  WindowsTrustedRT - ok
14:28:52.0916 0x2284  WindowsTrustedRTProxy - ok
14:28:52.0931 0x2284  WinHttpAutoProxySvc - ok
14:28:52.0931 0x2284  WinMad - ok
14:28:52.0931 0x2284  Winmgmt - ok
14:28:52.0931 0x2284  WinRM - ok
14:28:52.0963 0x2284  WinSAPSvc - ok
14:28:52.0963 0x2284  WINUSB - ok
14:28:52.0963 0x2284  WinVerbs - ok
14:28:52.0963 0x2284  WlanSvc - ok
14:28:52.0963 0x2284  wlidsvc - ok
14:28:52.0963 0x2284  WmiAcpi - ok
14:28:52.0978 0x2284  wmiApSrv - ok
14:28:52.0978 0x2284  WMPNetworkSvc - ok
14:28:52.0978 0x2284  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
14:28:52.0994 0x2284  Wof - ok
14:28:52.0994 0x2284  workfolderssvc - ok
14:28:52.0994 0x2284  wpcfltr - ok
14:28:53.0010 0x2284  WPDBusEnum - ok
14:28:53.0010 0x2284  WpdUpFltr - ok
14:28:53.0010 0x2284  WpnService - ok
14:28:53.0010 0x2284  ws2ifsl - ok
14:28:53.0010 0x2284  wscsvc - ok
14:28:53.0010 0x2284  WSearch - ok
14:28:53.0025 0x2284  WSService - ok
14:28:53.0025 0x2284  wuauserv - ok
14:28:53.0025 0x2284  WudfPf - ok
14:28:53.0025 0x2284  WUDFRd - ok
14:28:53.0025 0x2284  wudfsvc - ok
14:28:53.0025 0x2284  WUDFWpdFs - ok
14:28:53.0025 0x2284  WUDFWpdMtp - ok
14:28:53.0041 0x2284  WwanSvc - ok
14:28:53.0041 0x2284  XblAuthManager - ok
14:28:53.0041 0x2284  XblGameSave - ok
14:28:53.0041 0x2284  xboxgip - ok
14:28:53.0041 0x2284  XboxNetApiSvc - ok
14:28:53.0041 0x2284  xinputhid - ok
14:28:53.0056 0x2284  xusb22 - ok
14:28:53.0056 0x2284  ================ Scan global ===============================
14:28:53.0056 0x2284  [ Global ] - ok
14:28:53.0056 0x2284  ================ Scan MBR ==================================
14:28:53.0056 0x2284  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:28:53.0072 0x2284  \Device\Harddisk0\DR0 - ok
14:28:53.0072 0x2284  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:28:53.0166 0x2284  \Device\Harddisk1\DR1 - ok
14:28:53.0166 0x2284  ================ Scan VBR ==================================
14:28:53.0166 0x2284  [ F34C6C8BDD2F2B423BA82B7143E3DE9F ] \Device\Harddisk0\DR0\Partition1
14:28:53.0166 0x2284  \Device\Harddisk0\DR0\Partition1 - ok
14:28:53.0166 0x2284  [ 91907FCDCC3FACB5134DC8F31681E705 ] \Device\Harddisk0\DR0\Partition2
14:28:53.0166 0x2284  \Device\Harddisk0\DR0\Partition2 - ok
14:28:53.0166 0x2284  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
14:28:53.0166 0x2284  \Device\Harddisk0\DR0\Partition3 - ok
14:28:53.0166 0x2284  [ CC9F718B39272690F3A3F404E4CAAB71 ] \Device\Harddisk0\DR0\Partition4
14:28:53.0166 0x2284  \Device\Harddisk0\DR0\Partition4 - ok
14:28:53.0181 0x2284  [ CB20367BC638F9D7BFA981F1C9C29D1F ] \Device\Harddisk0\DR0\Partition5
14:28:53.0181 0x2284  \Device\Harddisk0\DR0\Partition5 - ok
14:28:53.0181 0x2284  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
14:28:53.0181 0x2284  \Device\Harddisk1\DR1\Partition1 - ok
14:28:53.0181 0x2284  [ D9DD146B3C85BC780E82A29E8F847C2E ] \Device\Harddisk1\DR1\Partition2
14:28:53.0181 0x2284  \Device\Harddisk1\DR1\Partition2 - ok
14:28:53.0181 0x2284  ================ Scan generic autorun ======================
14:28:53.0181 0x2284  [ 9C3F26DCA9142F16ED3D7EE8AB4E417D, 867AD96CB5738266E5BC93E424EA1673881C5F5FBF19C7B699F800C7206CA929 ] C:\Program Files\iTunes\iTunesHelper.exe
14:28:53.0197 0x2284  iTunesHelper - ok
14:28:53.0322 0x2284  [ D1B65D57E6DDCB32DA3689D02A8488C4, 43345C754840A89DD080CC267A798E2648BEFE97BE6556A7DC327D274BAE8280 ] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
14:28:53.0447 0x2284  StartCN - ok
14:28:53.0447 0x2284  [ 3951404EBA1AE7C13F72BBB73AE9079C, 5F01537AD8DF9A80C435037EDA62B33052A7026A55CC155E2F595D6DBD65828E ] C:\Program Files (x86)\Raptr\raptrstub.exe
14:28:53.0463 0x2284  Raptr - ok
14:28:53.0463 0x2284  [ F41D82EAF620AC7094956D4F3E872728, 380AACFAFA4D558DBECDFE8523B79453B94E9F67E116806623208BD0E12BFE0C ] C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE
14:28:53.0494 0x2284  RoccatKova+ - detected UnsignedFile.Multi.Generic ( 1 )
14:28:53.0682 0x2284  RoccatKova+ ( UnsignedFile.Multi.Generic ) - warning
14:28:53.0885 0x2284  [ A8AD6D36CA5A1D7E280621BB7E8117CA, 5E6A5589D72E8FF7A739D14739D06FBE218C4132943E643BD0317EDC8FD8952E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:28:53.0900 0x2284  SunJavaUpdateSched - ok
14:28:53.0932 0x2284  OneDriveSetup - ok
14:28:53.0932 0x2284  OneDriveSetup - ok
14:28:53.0994 0x2284  [ 83617B22205AE74AA31FF3CC145E2132, 5684D6523922A662799B408D8BC26FFC7D2212F633B82045919562F30C224F1E ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
14:28:54.0072 0x2284  msnmsgr - ok
14:28:54.0197 0x2284  [ C654101E928F9C1EC19A3C3AA78D4482, 925C51A2B1DD082EA5F7035CDAD481F6017DD943B005042703CCE1D5F9572AF2 ] C:\Users\Aruran\AppData\Roaming\Spotify\Spotify.exe
14:28:54.0322 0x2284  Spotify - ok
14:28:54.0338 0x2284  [ 0C2D8CBA28E12D170FC5343F03E6D20C, 73A66AEF5D89E69E6B19172328AC043542FD7628DD44A569B23625261A0B56FB ] C:\Users\Aruran\AppData\Roaming\Spotify\SpotifyWebHelper.exe
14:28:54.0369 0x2284  Spotify Web Helper - ok
14:28:54.0385 0x2284  [ 2010CA459E5EC8F9D5FC8B000D130294, 058FF215A3AAD04F2A4CF23B2CC62A5EA28F5A705EFA689DCE9126720CF33229 ] C:\Users\Aruran\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:28:54.0400 0x2284  OneDrive - ok
14:28:54.0400 0x2284  Skype - ok
14:28:54.0478 0x2284  [ 1C1072F58A01A87AC73D53AEEFAB4323, FE62D7CB39EA2CF16BD32FDFCD5E3F14971B5AF1D9D3C9A7B0E0FA53722D6C1B ] C:\Program Files\DAEMON Tools Lite\DTAgent.exe
14:28:54.0557 0x2284  DAEMON Tools Lite Automount - ok
14:28:54.0572 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\ZAUU1FC4ZY\ZAUU1FC4Z.exe
14:28:54.0588 0x2284  RRRV2SMXUP - detected UnsignedFile.Multi.Generic ( 1 )
14:28:54.0869 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:54.0869 0x2284  RRRV2SMXUP ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:54.0869 0x2284  Force sending object to P2P due to detect: C:\Program Files\ZAUU1FC4ZY\ZAUU1FC4Z.exe
14:28:55.0135 0x2284  Object send P2P result: true
14:28:55.0307 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\NSWWDIN18Z\NSWWDIN18.exe
14:28:55.0322 0x2284  1HNLNTZGDW - detected UnsignedFile.Multi.Generic ( 1 )
14:28:55.0322 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:55.0322 0x2284  1HNLNTZGDW ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:55.0322 0x2284  Force sending object to P2P due to detect: C:\Program Files\NSWWDIN18Z\NSWWDIN18.exe
14:28:55.0557 0x2284  Object send P2P result: true
14:28:55.0760 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\2LA9XOQK4R\2LA9XOQK4.exe
14:28:55.0776 0x2284  4YFG394BZN - detected UnsignedFile.Multi.Generic ( 1 )
14:28:55.0776 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:55.0776 0x2284  4YFG394BZN ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:55.0776 0x2284  Force sending object to P2P due to detect: C:\Program Files\2LA9XOQK4R\2LA9XOQK4.exe
14:28:56.0041 0x2284  Object send P2P result: true
14:28:56.0244 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\Z06UCTZZ10\Z06UCTZZ1.exe
14:28:56.0260 0x2284  SA9EN75ICN - detected UnsignedFile.Multi.Generic ( 1 )
14:28:56.0260 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:56.0260 0x2284  SA9EN75ICN ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:56.0260 0x2284  Force sending object to P2P due to detect: C:\Program Files\Z06UCTZZ10\Z06UCTZZ1.exe
14:28:56.0510 0x2284  Object send P2P result: true
14:28:56.0760 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Users\Aruran\AppData\Local\Temp\NBGTI2CFT\NBGTI2CFT.exe
14:28:56.0776 0x2284  DVQCLJMAEQ - detected UnsignedFile.Multi.Generic ( 1 )
14:28:56.0776 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:56.0776 0x2284  DVQCLJMAEQ ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:56.0776 0x2284  Force sending object to P2P due to detect: C:\Users\Aruran\AppData\Local\Temp\NBGTI2CFT\NBGTI2CFT.exe
14:28:56.0994 0x2284  Object send P2P result: true
14:28:57.0166 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\394AHT7JYC\394AHT7JY.exe
14:28:57.0182 0x2284  AWFREW3ZKU - detected UnsignedFile.Multi.Generic ( 1 )
14:28:57.0182 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:57.0182 0x2284  AWFREW3ZKU ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:57.0182 0x2284  Force sending object to P2P due to detect: C:\Program Files\394AHT7JYC\394AHT7JY.exe
14:28:57.0401 0x2284  Object send P2P result: true
14:28:57.0588 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\G5NV6PMZQY\TUTAEOS0P.exe
14:28:57.0604 0x2284  7VT3UPTOXR - detected UnsignedFile.Multi.Generic ( 1 )
14:28:57.0604 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:57.0604 0x2284  7VT3UPTOXR ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:57.0604 0x2284  Force sending object to P2P due to detect: C:\Program Files\G5NV6PMZQY\TUTAEOS0P.exe
14:28:57.0823 0x2284  Object send P2P result: true
14:28:58.0088 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\2UPOF0VUZ8\2UPOF0VUZ.exe
14:28:58.0104 0x2284  48ALI829O4 - detected UnsignedFile.Multi.Generic ( 1 )
14:28:58.0104 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:58.0104 0x2284  48ALI829O4 ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:58.0104 0x2284  Force sending object to P2P due to detect: C:\Program Files\2UPOF0VUZ8\2UPOF0VUZ.exe
14:28:58.0338 0x2284  Object send P2P result: true
14:28:58.0541 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\H1ASR0KVAA\H1ASR0KVA.exe
14:28:58.0557 0x2284  B9FKZYJYPU - detected UnsignedFile.Multi.Generic ( 1 )
14:28:58.0557 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:58.0557 0x2284  B9FKZYJYPU ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:58.0557 0x2284  Force sending object to P2P due to detect: C:\Program Files\H1ASR0KVAA\H1ASR0KVA.exe
14:28:58.0791 0x2284  Object send P2P result: true
14:28:58.0963 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Users\Aruran\AppData\Local\Temp\Y7QHIVYEP\Y7QHIVYEP.exe
14:28:58.0979 0x2284  CIR0HP9PPD - detected UnsignedFile.Multi.Generic ( 1 )
14:28:58.0979 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:58.0979 0x2284  CIR0HP9PPD ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:58.0979 0x2284  Force sending object to P2P due to detect: C:\Users\Aruran\AppData\Local\Temp\Y7QHIVYEP\Y7QHIVYEP.exe
14:28:59.0213 0x2284  Object send P2P result: true
14:28:59.0385 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Users\Aruran\AppData\Local\Temp\5ANZUSRV6\5ANZUSRV6.exe
14:28:59.0401 0x2284  0AYADRMO1L - detected UnsignedFile.Multi.Generic ( 1 )
14:28:59.0401 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:59.0401 0x2284  0AYADRMO1L ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:59.0401 0x2284  Force sending object to P2P due to detect: C:\Users\Aruran\AppData\Local\Temp\5ANZUSRV6\5ANZUSRV6.exe
14:28:59.0635 0x2284  Object send P2P result: true
14:28:59.0807 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Program Files\WSYN11RTPB\WSYN11RTP.exe
14:28:59.0823 0x2284  HIG670TBSL - detected UnsignedFile.Multi.Generic ( 1 )
14:28:59.0823 0x2284  Detect turned to UDS exact due to KSN untrusted
14:28:59.0823 0x2284  HIG670TBSL ( UDS:DangerousObject.Multi.Generic ) - infected
14:28:59.0823 0x2284  Force sending object to P2P due to detect: C:\Program Files\WSYN11RTPB\WSYN11RTP.exe
14:29:00.0057 0x2284  Object send P2P result: true
14:29:00.0245 0x2284  [ DEB8E6A98FC21D740860BFBE0C94BBAE, 01DA2FCC00388EC679F8EA96BB57B7876848FA743ECC2A99483324CF11473DF7 ] C:\Users\Aruran\AppData\Local\Temp\O07ST4XN6\O07ST4XN6.exe
14:29:00.0260 0x2284  PM1WKY2Y7U - detected UnsignedFile.Multi.Generic ( 1 )
14:29:00.0260 0x2284  Detect turned to UDS exact due to KSN untrusted
14:29:00.0260 0x2284  PM1WKY2Y7U ( UDS:DangerousObject.Multi.Generic ) - infected
14:29:00.0260 0x2284  Force sending object to P2P due to detect: C:\Users\Aruran\AppData\Local\Temp\O07ST4XN6\O07ST4XN6.exe
14:29:00.0495 0x2284  Object send P2P result: true
14:29:00.0667 0x2284  OneDriveSetup - ok
14:29:00.0667 0x2284  WAB Migrate - ok
14:29:00.0682 0x2284  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.672 ), 0x60100 ( disabled : updated )
14:29:00.0682 0x2284  Win FW state via NFP2: enabled ( trusted )
14:29:00.0839 0x2284  ============================================================
14:29:00.0839 0x2284  Scan finished
14:29:00.0839 0x2284  ============================================================
14:29:00.0839 0x1658  Detected object count: 15
14:29:00.0839 0x1658  Actual detected object count: 15
14:29:44.0886 0x1658  Janersharemeing ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  Janersharemeing ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  RoccatKova+ ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  RoccatKova+ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  RRRV2SMXUP ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  RRRV2SMXUP ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  1HNLNTZGDW ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  1HNLNTZGDW ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  4YFG394BZN ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  4YFG394BZN ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  SA9EN75ICN ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  SA9EN75ICN ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  DVQCLJMAEQ ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  DVQCLJMAEQ ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  AWFREW3ZKU ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  AWFREW3ZKU ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  7VT3UPTOXR ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  7VT3UPTOXR ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  48ALI829O4 ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  48ALI829O4 ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  B9FKZYJYPU ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  B9FKZYJYPU ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  CIR0HP9PPD ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  CIR0HP9PPD ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  0AYADRMO1L ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  0AYADRMO1L ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  HIG670TBSL ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  HIG670TBSL ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
14:29:44.0886 0x1658  PM1WKY2Y7U ( UDS:DangerousObject.Multi.Generic ) - skipped by user
14:29:44.0886 0x1658  PM1WKY2Y7U ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
         

Alt 04.01.2017, 15:26   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



da is ja richtig was los auf deinem Rechner

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2017, 15:51   #13
Kingaru
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Schritt 1 :

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v6.041 - Bericht erstellt am 04/01/2017 um 15:46:58
# Aktualisiert am 16/12/2016 von Malwarebytes
# Datenbank : 2017-01-03.1 [Lokal]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : Aruran - ARU
# Gestartet von : C:\Users\Aruran\Desktop\AdwCleaner_6.041.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

[-] Dienst gelöscht: WinSAPSvc
[-] Dienst gelöscht: Archer


***** [ Ordner ] *****

[-] Ordner gelöscht: C:\ProgramData\WinSAPSvc
[#] Ordner mit Neustart gelöscht: C:\ProgramData\winsapsvc
[-] Ordner gelöscht: C:\Program Files (x86)\WinArcher
[#] Ordner mit Neustart gelöscht: C:\Program Files (x86)\winarcher
[-] Ordner gelöscht: C:\Program Files (x86)\Gubed


***** [ Dateien ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\ScreenShot
[-] Schlüssel gelöscht: HKLM\SOFTWARE\WinArcher
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1538 Bytes] - [01/01/2017 21:13:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [1696 Bytes] - [01/01/2017 21:18:47]
C:\AdwCleaner\AdwCleaner[C3].txt - [1685 Bytes] - [01/01/2017 21:22:17]
C:\AdwCleaner\AdwCleaner[C4].txt - [1956 Bytes] - [02/01/2017 21:58:49]
C:\AdwCleaner\AdwCleaner[C5].txt - [1791 Bytes] - [03/01/2017 22:16:45]
C:\AdwCleaner\AdwCleaner[C6].txt - [3939 Bytes] - [04/01/2017 15:46:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [33870 Bytes] - [01/01/2017 21:08:28]
C:\AdwCleaner\AdwCleaner[S1].txt - [1680 Bytes] - [01/01/2017 21:13:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [1854 Bytes] - [01/01/2017 21:18:39]
C:\AdwCleaner\AdwCleaner[S3].txt - [1896 Bytes] - [01/01/2017 21:22:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [2139 Bytes] - [02/01/2017 21:57:08]
C:\AdwCleaner\AdwCleaner[S5].txt - [2020 Bytes] - [03/01/2017 22:16:36]
C:\AdwCleaner\AdwCleaner[S6].txt - [4464 Bytes] - [04/01/2017 15:46:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [4524 Bytes] ##########
         
--- --- ---

[/CODE]


Schritt 2 :

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by Aruran (Administrator) on 04.01.2017 at 15:49:07,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3 

Successfully deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tuneup utilities 2014.lnk (Shortcut) 
Successfully deleted: C:\Users\Aruran\AppData\Roaming\Mozilla\Firefox\Profiles\zxukvx4r.default\user.js (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)

Deleted the following from C:\Users\Aruran\AppData\Roaming\Mozilla\Firefox\Profiles\zxukvx4r.default\prefs.js
user_pref(browser.search.searchengine.uid, CrucialXCT128MX100SSD1_14370D3BBF8B0D3BBF8B);
user_pref(browser.urlbar.suggest.searches, true);



Registry: 2 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9FFEE954-DB75-492A-B1CA-BA23C9B83007} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.01.2017 at 15:49:42,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 04.01.2017, 16:00   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2017, 16:18   #15
Kingaru
 
Browser öffnet Tabs von alleine mit Werbung - Standard

Browser öffnet Tabs von alleine mit Werbung



FRST Logs :


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
durchgeführt von Aruran (Administrator) auf ARU (04-01-2017 16:16:04)
Gestartet von C:\Users\Aruran\Desktop
Geladene Profile: Aruran (Verfügbare Profile: Aruran & Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-25] (Raptr, Inc)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [Spotify] => C:\Users\Aruran\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-04] (Spotify Ltd)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [Spotify Web Helper] => C:\Users\Aruran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-04] (Spotify Ltd)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [RRRV2SMXUP] => C:\Program Files\ZAUU1FC4ZY\ZAUU1FC4Z.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [1HNLNTZGDW] => C:\Program Files\NSWWDIN18Z\NSWWDIN18.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [4YFG394BZN] => C:\Program Files\2LA9XOQK4R\2LA9XOQK4.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [SA9EN75ICN] => C:\Program Files\Z06UCTZZ10\Z06UCTZZ1.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [DVQCLJMAEQ] => C:\Users\Aruran\AppData\Local\Temp\NBGTI2CFT\NBGTI2CFT.exe [369664 2017-01-01] () <===== ACHTUNG
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [AWFREW3ZKU] => C:\Program Files\394AHT7JYC\394AHT7JY.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [7VT3UPTOXR] => C:\Program Files\G5NV6PMZQY\TUTAEOS0P.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [48ALI829O4] => C:\Program Files\2UPOF0VUZ8\2UPOF0VUZ.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [B9FKZYJYPU] => C:\Program Files\H1ASR0KVAA\H1ASR0KVA.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [CIR0HP9PPD] => C:\Users\Aruran\AppData\Local\Temp\Y7QHIVYEP\Y7QHIVYEP.exe [369664 2017-01-01] () <===== ACHTUNG
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [0AYADRMO1L] => C:\Users\Aruran\AppData\Local\Temp\5ANZUSRV6\5ANZUSRV6.exe [369664 2017-01-01] () <===== ACHTUNG
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [HIG670TBSL] => C:\Program Files\WSYN11RTPB\WSYN11RTP.exe [369664 2017-01-01] ()
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Run: [PM1WKY2Y7U] => C:\Users\Aruran\AppData\Local\Temp\O07ST4XN6\O07ST4XN6.exe [369664 2017-01-01] () <===== ACHTUNG
ShellExecuteHooks: Kein Name - {0E1572E8-CC3F-11E6-87D6-64006A5CFC23} - C:\Users\Aruran\AppData\Roaming\Lokiied\Coizis.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
Startup: C:\Users\Aruran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Aruran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-07-25]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Aruran\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a7a15b2f-a811-11e5-afad-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{be3dac52-00a2-4d01-92bc-b7116305b3b7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{be3dac52-00a2-4d01-92bc-b7116305b3b7}: [DhcpNameServer] 192.168.2.1 192.168.2.1
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-09] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-09] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-07-13] (DVDVideoSoft Ltd.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: zxukvx4r.default
FF ProfilePath: C:\Users\Aruran\AppData\Roaming\Mozilla\Firefox\Profiles\zxukvx4r.default [2017-01-04]
FF Keyword.URL: Mozilla\Firefox\Profiles\zxukvx4r.default -> user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-09] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Aruran\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3707763914-2828650107-2775741400-1001: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Aruran\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [Keine Datei]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Aruran\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-04] <==== ACHTUNG
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Aruran\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-01]
CHR Extension: (Chrome Media Router) - C:\Users\Aruran\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR StartupUrls: "hxxp://Google.com/hm?eq=U0EeCFZVBB8SRghGIVsBAgFAQhhGd1hZTA0VFVAOIgtcBRQUQwVCdVoPWQ8TQgwFIk0FA1oDB0VXfV5bFElXTwhkMlxZFX8YT1E="
OPR Session Restore: -> ist aktiviert.

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-21] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Janersharemeing; C:\Program Files (x86)\Delyqgach\cktcontrols.dll [177152 2017-01-01] () [Datei ist nicht signiert]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625640 2015-04-24] (Lenovo)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-09] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-14] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-31] (Razer Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-07-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-07-24] (Disc Soft Ltd)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 KovaPlusFltr; C:\WINDOWS\system32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-04 15:49 - 2017-01-04 15:49 - 00001390 _____ C:\Users\Aruran\Desktop\JRT.txt
2017-01-04 15:48 - 2017-01-04 15:48 - 01663040 _____ (Malwarebytes) C:\Users\Aruran\Downloads\JRT.exe
2017-01-04 15:48 - 2017-01-04 15:48 - 01663040 _____ (Malwarebytes) C:\Users\Aruran\Desktop\JRT.exe
2017-01-04 15:44 - 2017-01-04 15:44 - 03977168 _____ C:\Users\Aruran\Downloads\AdwCleaner_6.041.exe
2017-01-04 15:44 - 2017-01-04 15:44 - 03977168 _____ C:\Users\Aruran\Desktop\AdwCleaner_6.041.exe
2017-01-04 14:54 - 2017-01-04 14:54 - 00162380 _____ ( ) C:\Users\Aruran\Downloads\FlashPlayerPro.exe.cii0wb0.partial
2017-01-04 14:28 - 2017-01-04 14:32 - 00098580 _____ C:\TDSSKiller.3.1.0.12_04.01.2017_14.28.07_log.txt
2017-01-04 14:27 - 2017-01-04 14:27 - 00000562 _____ C:\TDSSKiller.3.1.0.12_04.01.2017_14.27.28_log.txt
2017-01-04 14:04 - 2017-01-04 14:15 - 00096676 _____ C:\TDSSKiller.3.1.0.12_04.01.2017_14.04.18_log.txt
2017-01-04 14:04 - 2017-01-04 14:04 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Aruran\Desktop\tdsskiller.exe
2017-01-04 14:03 - 2017-01-04 14:04 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Aruran\Downloads\tdsskiller.exe
2017-01-04 13:52 - 2017-01-04 15:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-04 13:52 - 2017-01-04 14:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-04 13:52 - 2017-01-04 13:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-04 13:51 - 2017-01-04 14:27 - 00000000 ____D C:\Users\Aruran\Desktop\mbar
2017-01-04 13:51 - 2017-01-04 14:16 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-04 13:50 - 2017-01-04 13:50 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Aruran\Desktop\mbar-1.09.3.1001.exe
2017-01-04 13:49 - 2017-01-04 13:49 - 01496584 _____ C:\Users\Aruran\Desktop\Malwarebytes Anti Rootkit - CHIP-Installer.exe
2017-01-04 13:33 - 2017-01-04 13:33 - 00056953 _____ C:\Users\Aruran\Desktop\Addition.txt
2017-01-04 13:32 - 2017-01-04 16:16 - 00018595 _____ C:\Users\Aruran\Desktop\FRST.txt
2017-01-04 13:32 - 2017-01-04 16:16 - 00000000 ____D C:\FRST
2017-01-04 13:31 - 2017-01-04 13:32 - 02418176 _____ (Farbar) C:\Users\Aruran\Desktop\FRST64.exe
2017-01-04 12:39 - 2017-01-04 12:39 - 00000000 ____D C:\Program Files (x86)\ks6ywgdk
2017-01-03 13:03 - 2017-01-03 12:55 - 276458601 ____N C:\Users\Aruran\Desktop\#32 Varo 4.mp4
2017-01-03 12:48 - 2017-01-03 12:53 - 179602814 _____ C:\Users\Aruran\Downloads\DER PALUTEN SNIPE.. • Minecraft VARO 4 _30 _ Fazon.mp4
2017-01-02 15:42 - 2016-11-22 10:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-01-02 15:42 - 2016-11-22 10:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-01-02 15:42 - 2016-11-22 10:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-01-02 15:42 - 2016-11-22 09:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-01-02 15:42 - 2016-11-22 09:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-01-02 15:42 - 2016-11-22 09:47 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-02 15:42 - 2016-11-22 09:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-01-02 15:42 - 2016-11-22 09:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-01-02 15:42 - 2016-11-22 08:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-01-02 15:42 - 2016-11-22 08:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-01-02 15:42 - 2016-11-22 08:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-01-02 15:42 - 2016-11-22 08:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-01-02 15:42 - 2016-11-22 08:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-01-02 15:42 - 2016-11-22 07:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-01-02 15:42 - 2016-11-22 07:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-01-02 15:42 - 2016-11-22 07:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-02 15:42 - 2016-11-22 07:34 - 18670080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-02 15:42 - 2016-11-22 07:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-01-02 15:42 - 2016-11-22 07:32 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-02 15:42 - 2016-11-22 07:17 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-02 15:39 - 2016-11-22 11:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-01-02 15:39 - 2016-11-22 09:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-01-02 15:39 - 2016-11-22 09:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-02 15:39 - 2016-11-22 09:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-02 15:38 - 2016-11-22 11:38 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-02 15:38 - 2016-11-22 11:38 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-02 15:38 - 2016-11-22 11:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-01-02 15:38 - 2016-11-22 10:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-01-02 15:38 - 2016-11-22 09:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-01-02 15:38 - 2016-11-22 09:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-01-02 15:38 - 2016-11-22 08:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-01-02 15:38 - 2016-11-22 08:14 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-02 15:38 - 2016-11-22 07:49 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-02 15:37 - 2016-11-22 11:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-01-02 15:37 - 2016-11-22 11:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-02 15:37 - 2016-11-22 09:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-02 15:37 - 2016-11-22 09:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-01-02 15:37 - 2016-11-22 09:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-01-02 15:37 - 2016-11-22 08:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-01-02 15:37 - 2016-11-22 08:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-02 15:37 - 2016-11-22 08:15 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-02 15:37 - 2016-11-22 08:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-02 15:37 - 2016-11-22 08:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-01-02 15:36 - 2016-11-22 12:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-01-02 15:36 - 2016-11-22 11:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-01-02 15:36 - 2016-11-22 11:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-01-02 15:36 - 2016-11-22 11:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-01-02 15:36 - 2016-11-22 11:02 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-02 15:36 - 2016-11-22 10:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-01-02 15:36 - 2016-11-22 10:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-01-02 15:36 - 2016-11-22 10:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-01-02 15:36 - 2016-11-22 09:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-01-02 15:36 - 2016-11-22 08:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-01-01 21:39 - 2017-01-04 15:46 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-01 21:06 - 2017-01-04 15:46 - 00000000 ____D C:\AdwCleaner
2017-01-01 20:45 - 2017-01-01 20:45 - 00000000 ____D C:\Program Files\WSYN11RTPB
2017-01-01 20:42 - 2017-01-01 20:42 - 00499350 _____ C:\WINDOWS\system32\errordetails.xml
2017-01-01 20:40 - 2017-01-01 20:40 - 00000000 ____D C:\Program Files\H1ASR0KVAA
2017-01-01 20:40 - 2017-01-01 20:40 - 00000000 ____D C:\Program Files\G5NV6PMZQY
2017-01-01 20:40 - 2017-01-01 20:40 - 00000000 ____D C:\Program Files\2UPOF0VUZ8
2017-01-01 20:39 - 2017-01-01 20:40 - 00000000 ____D C:\Program Files\394AHT7JYC
2017-01-01 20:36 - 2017-01-01 20:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-01-01 20:36 - 2017-01-01 20:36 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-01 20:36 - 2017-01-01 20:36 - 00000000 ____D C:\Program Files (x86)\GNR
2017-01-01 20:35 - 2017-01-01 20:35 - 00000000 ____D C:\Program Files\Z06UCTZZ10
2017-01-01 20:35 - 2017-01-01 20:35 - 00000000 ____D C:\Program Files\2LA9XOQK4R
2017-01-01 20:33 - 2017-01-01 20:34 - 00000000 ____D C:\Program Files\NSWWDIN18Z
2017-01-01 20:33 - 2017-01-01 20:33 - 00000000 ____D C:\Program Files\ZAUU1FC4ZY
2017-01-01 20:33 - 2017-01-01 20:33 - 00000000 _____ C:\TOSTACK
2017-01-01 20:32 - 2017-01-01 21:16 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-01 20:31 - 2017-01-04 14:01 - 00000000 ____D C:\Program Files (x86)\Delyqgach
2017-01-01 20:31 - 2017-01-01 21:04 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\Lokiied
2017-01-01 20:31 - 2017-01-01 20:31 - 00006116 _____ C:\WINDOWS\System32\Tasks\Pheroghtlqale Collector
2017-01-01 20:31 - 2017-01-01 20:31 - 00000000 ____D C:\Users\Aruran\AppData\Local\Qepoied
2017-01-01 20:31 - 2017-01-01 20:31 - 00000000 ____D C:\Program Files (x86)\Derwution Community
2016-12-23 21:48 - 2016-12-23 21:48 - 05242487 _____ C:\Users\Aruran\Desktop\Neeyum_Naanum_160kbps-StarMusiQ.Com.mp3
2016-12-22 18:09 - 2017-01-03 12:47 - 00003480 _____ C:\WINDOWS\setupact.log
2016-12-22 18:06 - 2016-12-22 18:06 - 00000000 ____D C:\Users\Aruran\AppData\LocalLow\AMD
2016-12-19 16:06 - 2016-12-19 16:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{B39DCCAA-0436-7B01-115A-E0070E00E8F9}
2016-12-19 16:06 - 2016-12-19 16:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{689EB747-DF35-00EC-B570-6AB16B35BA53}
2016-12-18 16:06 - 2016-12-18 16:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{F20603A7-45AD-B40C-1F74-17068C597159}
2016-12-18 16:06 - 2016-12-18 16:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{A8B45195-1F1F-E63E-863B-391E2A604E67}
2016-12-16 22:06 - 2016-12-16 22:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{CECE02B3-7965-B518-E4E7-2F25542EAD08}
2016-12-16 22:06 - 2016-12-16 22:06 - 00003974 _____ C:\WINDOWS\System32\Tasks\{58CCAE19-EF67-19B2-048E-8AA9CB0C36D6}
2016-12-16 13:22 - 2016-12-16 13:22 - 00003974 _____ C:\WINDOWS\System32\Tasks\{FA4CBE32-4DE7-0999-0AE0-D79F1C9059F7}
2016-12-16 13:22 - 2016-12-16 13:22 - 00003974 _____ C:\WINDOWS\System32\Tasks\{11F0C66E-A65B-71C5-D91F-1BAB456A64B0}
2016-12-09 10:33 - 2016-12-08 21:30 - 04734664 _____ () C:\Users\Aruran\Desktop\TechnicLauncher.exe
2016-12-09 10:16 - 2016-12-09 10:16 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-12-09 10:16 - 2016-12-09 10:16 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\Sun
2016-12-09 10:16 - 2016-12-09 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-09 10:16 - 2016-12-09 10:16 - 00000000 ____D C:\Program Files\Java
2016-12-09 10:13 - 2016-12-09 10:14 - 63235648 _____ (Oracle Corporation) C:\Users\Aruran\Desktop\jre-8u111-windows-x64.exe
2016-12-08 20:38 - 2016-12-08 20:41 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\.technic

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-04 15:51 - 2015-12-21 19:44 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-04 15:51 - 2015-10-30 19:35 - 00775524 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-04 15:51 - 2015-10-30 19:35 - 00155338 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-04 15:51 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2017-01-04 15:47 - 2016-08-14 17:12 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-01-04 15:47 - 2015-12-21 19:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-04 15:47 - 2015-12-21 19:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-04 15:47 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-01-04 15:47 - 2015-09-17 19:04 - 00000000 __SHD C:\Users\Aruran\IntelGraphicsProfiles
2017-01-04 15:38 - 2015-06-18 13:50 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-04 14:01 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-01-04 13:40 - 2016-09-06 16:26 - 00000000 ____D C:\Users\Aruran\Desktop\thillana parasu
2017-01-04 13:38 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-04 13:23 - 2015-09-28 15:03 - 00000000 ____D C:\Users\Aruran\AppData\Local\Spotify
2017-01-04 12:47 - 2015-09-28 15:02 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\Spotify
2017-01-04 12:41 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-03 11:35 - 2015-01-12 22:08 - 00000000 ____D C:\Users\Aruran\AppData\Local\Packages
2017-01-02 21:53 - 2015-12-21 21:02 - 00000000 ____D C:\Users\Aruran\AppData\Local\MicrosoftEdge
2017-01-02 20:37 - 2015-06-13 16:07 - 00000000 ____D C:\Users\Aruran\AppData\Local\Opera Software
2017-01-02 20:37 - 2015-06-13 16:06 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-02 20:30 - 2015-12-21 19:35 - 00357632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-02 16:50 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-02 16:29 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-01 21:35 - 2015-01-17 17:45 - 00000000 ____D C:\Program Files (x86)\d1c802b0-1c53-4d5f-913b-bee5d5ae526f
2017-01-01 21:35 - 2015-01-13 18:12 - 00000000 ____D C:\Program Files (x86)\901e8fd0-3b04-46c8-9b59-587dbc917638
2017-01-01 21:35 - 2015-01-13 16:44 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2017-01-01 21:29 - 2015-01-13 16:43 - 00000000 ____D C:\Program Files (x86)\AMD
2017-01-01 21:13 - 2015-12-21 19:37 - 00000000 ____D C:\Users\Aruran
2017-01-01 21:09 - 2015-02-07 16:22 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-01 20:36 - 2015-07-15 20:19 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2017-01-01 18:53 - 2016-09-18 14:41 - 00001073 _____ C:\Users\Aruran\Desktop\nativelog.txt
2017-01-01 18:53 - 2015-09-17 19:51 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\.minecraft
2016-12-31 18:29 - 2015-06-18 13:50 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-29 20:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-24 13:46 - 2015-09-17 19:04 - 00000000 ___RD C:\Users\Aruran\Music
2016-12-22 19:58 - 2015-09-17 19:30 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\Skype
2016-12-22 18:08 - 2015-09-17 19:41 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\TS3Client
2016-12-22 18:06 - 2015-01-12 22:08 - 00000000 ____D C:\Users\Aruran\AppData\LocalLow
2016-12-16 23:07 - 2015-10-30 08:24 - 00000000 _SHDC C:\WINDOWS\Installer
2016-12-16 23:02 - 2015-01-12 22:09 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 23:02 - 2015-01-12 22:09 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 23:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 22:52 - 2016-09-20 14:54 - 00000294 _____ C:\Users\Aruran\Desktop\Neues Textdokument.txt
2016-12-14 21:08 - 2015-01-14 14:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 21:08 - 2015-01-13 20:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 21:07 - 2015-01-14 14:53 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-14 15:48 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-13 16:38 - 2016-09-14 16:38 - 20632664 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-12-13 16:38 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 16:38 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 16:38 - 2015-06-18 13:50 - 00004014 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-12 00:03 - 2015-10-30 08:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:03 - 2015-10-30 08:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-09 10:10 - 2015-01-12 22:25 - 00000000 ____D C:\ProgramData\Oracle
2016-12-08 21:29 - 2015-12-21 19:37 - 00000000 ____D C:\Users\Aruran\AppData\Local\Microsoft
2016-12-08 20:53 - 2015-02-21 17:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-08 20:53 - 2015-02-21 17:48 - 00000000 ____D C:\ProgramData\Skype
2016-12-08 20:50 - 2016-08-14 19:24 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-07 15:11 - 2015-09-17 19:43 - 00000000 ____D C:\Users\Aruran\AppData\Roaming\OBS
2016-12-07 14:59 - 2015-09-06 20:43 - 00000000 ____D C:\Program Files (x86)\OBS

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-04-07 14:51 - 2016-04-07 14:51 - 0011100 _____ () C:\Users\Aruran\AppData\Local\recently-used.xbel

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Aruran\AppData\Local\Temp\NBGTI2CFT\NBGTI2CFT.exe
C:\Users\Aruran\AppData\Local\Temp\Y7QHIVYEP\Y7QHIVYEP.exe
C:\Users\Aruran\AppData\Local\Temp\5ANZUSRV6\5ANZUSRV6.exe
C:\Users\Aruran\AppData\Local\Temp\O07ST4XN6\O07ST4XN6.exe


Einige Dateien in TEMP:
====================
C:\Users\Aruran\AppData\Local\Temp\60AC.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\763C.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\8BDB.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\8YJPCK20F9.exe
C:\Users\Aruran\AppData\Local\Temp\A17A.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\B503.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\B62D.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\B719.tmp.exe
C:\Users\Aruran\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Aruran\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2aj05l.dll
C:\Users\Aruran\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Aruran\AppData\Local\Temp\libeay32.dll
C:\Users\Aruran\AppData\Local\Temp\msvcr120.dll
C:\Users\Aruran\AppData\Local\Temp\NarutoOnline_de_2.3.0.4222_monetize.exe
C:\Users\Aruran\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aruran\AppData\Local\Temp\soundplus-installer.exe
C:\Users\Aruran\AppData\Local\Temp\sqlite3.dll
C:\Users\Aruran\AppData\Local\Temp\tmd_34011350.exe
C:\Users\Aruran\AppData\Local\Temp\tmd_34011909.exe
C:\Users\Aruran\AppData\Local\Temp\tmd_34014728.exe
C:\Users\Aruran\AppData\Local\Temp\tmd_34018948.exe
C:\Users\Aruran\AppData\Local\Temp\tmd_34019441.exe
C:\Users\Aruran\AppData\Local\Temp\YZDZ3RKHXE.exe
C:\Users\Aruran\AppData\Local\Temp\{7BEF2EC8-1B08-4966-94C4-4B34965D672D}.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-12-29 20:16

==================== Ende von FRST.txt ============================
         
--- --- ---



Addition :

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-01-2017
durchgeführt von Aruran (04-01-2017 16:16:28)
Gestartet von C:\Users\Aruran\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-21 19:40:27)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3707763914-2828650107-2775741400-500 - Administrator - Disabled) => C:\Users\Administrator
Aruran (S-1-5-21-3707763914-2828650107-2775741400-1001 - Administrator - Enabled) => C:\Users\Aruran
DefaultAccount (S-1-5-21-3707763914-2828650107-2775741400-503 - Limited - Disabled)
Gast (S-1-5-21-3707763914-2828650107-2775741400-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassins Creed Unity (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0025}) (Version: 6.0 - Black Box)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
BenVista PhotoZoom Pro 6.0.8 (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\PhotoZoom Pro 6) (Version: 6.0.8 - BenVista Ltd.)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bus Simulator 16 (HKLM\...\YnVzc2ltdWxhdG9yMTY_is1) (Version: 1 - )
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version:  - astragon)
Camtasia Studio 8 (HKLM-x32\...\{E7AFA156-D5CB-4B8C-843D-E7CA58D36B0A}) (Version: 8.6.0.2054 - TechSmith Corporation)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version:  - Forward Development)
Construction-Simulator 2015 (HKLM-x32\...\Steam App 289950) (Version:  - weltenbauer. Software Entwicklung GmbH)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd)
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dropbox (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.18.1 - SCS Software)
Farming Simulator 15 (HKLM-x32\...\Farming Simulator 15_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.60.713 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.60.713 - DVDVideoSoft Ltd.)
Freemake Audio Converter Version 1.1.3 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.3 - Ellora Assets Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Killing Floor (HKLM\...\Steam App 1250) (Version:  - Tripwire Interactive)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{9E2154A9-2953-4FAC-B943-052DD23057AF}) (Version: 7.0.1.27 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (HKLM\...\MX.{FB081787-6116-4FEA-83A4-D05DB9934C57}) (Version: 14.0.0.96 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Version: 14.0.0.96 - MAGIX Software GmbH) Hidden
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Standard 2007 (HKLM-x32\...\PRJSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PlanetSide 2 (2) (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\SOE-PlanetSide 2 (2)) (Version: 1.0.3.183 - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.2.12.0 - Razer Inc.)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.2.2.0 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SOE Web Installer (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\SOE Web Installer) (Version: 1.0.3.171 - Sony Online Entertainment)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{1E16FD84-D9BE-C7F6-B731-BCBED65A09AA}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Aruran\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0B456BE1-1419-4ECB-B378-AA54D62EF56E} - System32\Tasks\{CECE02B3-7965-B518-E4E7-2F25542EAD08} => C:\ProgramData\{05DDD3DF-B276-6474-5CC7-B86433FAE339}\0D3A5193-BA91-E638-BCD1-616F454D345A.exe <==== ACHTUNG
Task: {345BB094-D7CE-4485-B18B-BB6E6113E67F} - System32\Tasks\{689EB747-DF35-00EC-B570-6AB16B35BA53} => C:\ProgramData\{CC009523-7BAB-2288-230F-30FDE668E57E}\48BE59E1-FF15-EE4A-6008-FDDD5BEB120A.exe <==== ACHTUNG
Task: {3A81B063-6ED9-4222-A752-E278C14AB4F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3F4499B1-1084-4A66-AFDF-FDBAC970D4EC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {458306B3-8909-4ABE-A082-A4D69AC20A4C} - System32\Tasks\{51AD42E9-7519-41A3-9144-2B8A2A7B0F58} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\e366fc6e\9007857a.dll" <==== ACHTUNG
Task: {488FC130-EF5C-41A8-B33E-D2AED62E21F4} - System32\Tasks\Aufgaben der Ereignisanzeige\System_Microsoft-Windows-UserPnp_20001 => desktop [Argument = drucker]
Task: {4CB771CD-5932-489A-9AC5-800E4AE28EA2} - System32\Tasks\{FA4CBE32-4DE7-0999-0AE0-D79F1C9059F7} => C:\ProgramData\{62BB382F-D510-8F84-5DC3-EBD1D57EC79D}\E94FCAC8-5EE4-7D63-6411-6C42F26F2043.exe <==== ACHTUNG
Task: {6137476C-FE46-48DD-B0FC-3B3584A2EF54} - System32\Tasks\Pheroghtlqale Collector => C:\Program Files (x86)\Delyqgach\analatain.exe [2017-01-01] (Glarysoft Ltd)
Task: {7F22EA6C-A5D6-40B1-8DF3-49C7038DFE72} - System32\Tasks\{A8B45195-1F1F-E63E-863B-391E2A604E67} => C:\ProgramData\{569357B0-E138-E01B-DF7B-33C9598DB512}\A96D7853-1EC6-CFF8-8017-39589984F9B6.exe <==== ACHTUNG
Task: {8D76A3B0-447F-4E12-867B-3727A7DD52C9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {8FFB5DAA-7BF6-4F75-A127-4903D75EC4FC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {9A35D169-00F1-4A3F-9E5A-E7F1EAB861D4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {AE44564B-5525-4814-A13D-AE8C9C7A16C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B44CDA40-5508-4498-B93B-F0350CA7C81E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B5163DAF-6BBD-4D4C-9034-E7AE4963A329} - System32\Tasks\{675B675A-D0F0-D0F1-56D3-080DA1076E60} => C:\ProgramData\{88F78037-3F5C-379C-D3BE-B6783C70F4CA}\4EA4D68D-F90F-6126-5C54-2F00008CD9CA.exe <==== ACHTUNG
Task: {C12A4D22-A980-4748-939A-DC4FBAF8F887} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {C8808CE4-E380-4B23-84CA-83D2C4156C73} - System32\Tasks\{F20603A7-45AD-B40C-1F74-17068C597159} => C:\ProgramData\{F5B0148B-421B-A320-68D4-1FB6A68E977A}\B56BB539-02C0-0292-19D1-AF24E7E2B68C.exe <==== ACHTUNG
Task: {D5E0102C-0023-49F8-AD80-683B1AED1D39} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-14] (Microsoft Corporation)
Task: {D7DD0DEA-C193-4E85-9271-0002515D2453} - System32\Tasks\{11F0C66E-A65B-71C5-D91F-1BAB456A64B0} => C:\ProgramData\{632EDB6A-D485-6CC1-A891-F262EA8DC3DE}\E6427A4F-51E9-CDE4-D717-311225045A97.exe <==== ACHTUNG
Task: {E678182B-DA87-48B4-BB32-278B433E074A} - System32\Tasks\{58CCAE19-EF67-19B2-048E-8AA9CB0C36D6} => C:\ProgramData\{0A063EFE-BDAD-8955-3A52-44CE203D919E}\58766930-EFDD-DE9B-6D55-05DEC9A921D8.exe <==== ACHTUNG
Task: {E93758AC-FE24-4D87-B491-A4967B679F3C} - System32\Tasks\{B39DCCAA-0436-7B01-115A-E0070E00E8F9} => C:\ProgramData\{3386FBFE-842D-4C55-1EAE-4CDE7EA6597E}\A77CD74F-10D7-60E4-B02B-39DD9772AE03.exe <==== ACHTUNG
Task: {F87FCD1A-8F50-497B-8966-7D8081E30493} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {FA7C4B09-BF43-4198-B586-886BF9D4C302} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {FBF7D260-87B9-4097-8947-D6BE7A2D857D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Aruran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-09 21:12 - 2015-05-09 21:29 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-08-14 23:33 - 2015-08-14 23:33 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-06-25 06:53 - 2015-06-25 06:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2016-11-09 17:17 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-09 17:17 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-31 20:45 - 2016-10-31 20:45 - 00592384 _____ () C:\Users\Aruran\AppData\Local\MEGAsync\ShellExtX64.dll
2015-12-21 19:33 - 2015-12-21 19:33 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-22 15:33 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-09 17:17 - 2016-10-25 05:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 17:17 - 2016-10-25 05:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 17:17 - 2016-10-25 05:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 17:17 - 2016-10-25 05:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-16 14:38 - 2016-09-16 14:38 - 00155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2017-01-01 20:31 - 2017-01-01 20:31 - 00177152 _____ () c:\program files (x86)\delyqgach\cktcontrols.dll
2017-01-02 15:29 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-02 15:29 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\sony.com -> sony.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2017-01-01 20:33 - 00004386 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
34.195.153.94 www.google-analytics.com
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com

Da befinden sich 55 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3707763914-2828650107-2775741400-1001\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{6592864C-E7EC-45E0-B757-21D45B786EBB}C:\users\aruran\appdata\roaming\spotify\spotify.exe] => C:\users\aruran\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F5644A3C-5476-45E7-942D-9FD3B6FC27F1}C:\users\aruran\appdata\roaming\spotify\spotify.exe] => C:\users\aruran\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F2DFB349-EA2A-4749-A597-CCF4C4406999}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ACB08F27-F1B9-4B7F-8D62-FEB001F3ABC7}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A0102D9B-CFA6-465A-A51F-11127B0F2778}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C98F82BB-88CE-4964-9DC1-75C913AF09D3}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{C41F7B0E-8A41-4B85-8F51-566F3A40ED82}C:\program files\magix\video pro x7\video_pro_x.exe] => C:\program files\magix\video pro x7\video_pro_x.exe
FirewallRules: [UDP Query User{7E2F6382-13F6-47E4-AD6B-D68C0710E6FD}C:\program files\magix\video pro x7\video_pro_x.exe] => C:\program files\magix\video pro x7\video_pro_x.exe
FirewallRules: [{DCE5D83F-23A8-4C40-9B89-1100482DD27D}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{5E81C56F-E220-47ED-A69B-4AE7F4887427}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{63B02E80-A4C7-450E-A1F1-62560202372B}D:\farming simulator 15\x64\farmingsimulator2015game.exe] => D:\farming simulator 15\x64\farmingsimulator2015game.exe
FirewallRules: [UDP Query User{53CA883F-7F55-4E3B-A045-967CB42C98E6}D:\farming simulator 15\x64\farmingsimulator2015game.exe] => D:\farming simulator 15\x64\farmingsimulator2015game.exe
FirewallRules: [TCP Query User{89DBE122-D5CD-43AF-B0C4-91CB973B8666}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{31AF25F1-0204-43B3-9346-A2C9DD92EC87}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A49045E0-3EA6-4925-81D9-FF6ECB7A98B0}C:\program files (x86)\city car driving\bin\win32\starter.exe] => C:\program files (x86)\city car driving\bin\win32\starter.exe
FirewallRules: [UDP Query User{F1C17DB7-FDDF-4206-BB1B-A29AC9546477}C:\program files (x86)\city car driving\bin\win32\starter.exe] => C:\program files (x86)\city car driving\bin\win32\starter.exe
FirewallRules: [{0ADF5ACA-59E4-45EC-A77D-08779EB17C1B}] => D:\dayz\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{CDA74254-C62E-4740-BA98-2E57F6FC522A}] => D:\dayz\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{95C430E4-8152-4367-BA6A-3E65F6A7056A}D:\dayz\steamapps\common\dayz\dayz.exe] => D:\dayz\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{72C629BA-2917-4F55-AA89-9CEA04FC514F}D:\dayz\steamapps\common\dayz\dayz.exe] => D:\dayz\steamapps\common\dayz\dayz.exe
FirewallRules: [{45FD29B0-7B2E-451A-862D-3BB01F0A9905}] => C:\Program Files (x86)\Steam\steamapps\common\ConSim2015\ConSim2015.exe
FirewallRules: [{BE6659BE-A6C2-4804-A828-352A9F1304A4}] => C:\Program Files (x86)\Steam\steamapps\common\ConSim2015\ConSim2015.exe
FirewallRules: [TCP Query User{AD7CDB41-6F24-4763-9DFD-D05D5D09A278}D:\games\arma 3 apex\arma3.exe] => D:\games\arma 3 apex\arma3.exe
FirewallRules: [UDP Query User{7F6B232D-B712-4B18-8087-AFA88B6386E6}D:\games\arma 3 apex\arma3.exe] => D:\games\arma 3 apex\arma3.exe
FirewallRules: [TCP Query User{3266C74C-9F1C-4C21-A536-AB5A99962056}C:\users\aruran\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\aruran\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{CE72EB24-D4CD-45E8-92B0-7FD9150D1940}C:\users\aruran\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\aruran\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D48DCA08-33EC-40E7-A4BD-668F36B35AFC}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB9A80F6-C5A3-4718-8E3A-57312AFA3B2C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A731E16B-2ADA-479E-B764-84FAB07C7289}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{197D4D0B-FB9C-48D0-B350-3C3BBEE3A3C3}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B66ED58A-ECB8-44D5-85A2-EA2663CCA826}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{55C5914A-C594-48D2-8CAA-2352C36FA328}] => D:\steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{271C54E2-47B3-4879-B862-B004915BEB7C}] => D:\steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [TCP Query User{8E91E39E-5950-4F01-BE05-F935E663702E}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{FCC88078-D9B1-4803-9408-9D50E2202E6D}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8A3FFA5C-AE52-4543-A81E-C5DECAB85405}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{1874C557-2F47-40BB-8DEE-68D42BCEE279}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{4F0D9C6B-CA43-414A-A297-F000F7EA1134}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{91E34703-CF5F-4F14-901C-FB38F2E9CE1C}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{258660BE-CD7D-4DE8-A6E3-CDE3E552AC4E}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{09BA8A8C-E2BB-4BB6-A786-B55A56575BFC}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7B9D07F3-176A-48F2-85FA-DCAED0848EBA}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/04/2017 04:02:43 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/04/2017 03:57:31 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/04/2017 03:57:21 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/04/2017 03:57:15 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/04/2017 03:52:39 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/04/2017 03:50:04 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/04/2017 03:49:48 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/04/2017 03:49:42 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/04/2017 03:49:14 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/03/2017 10:26:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: IPHLPAPI.DLL, Version: 10.0.10586.0, Zeitstempel: 0x5632d324
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000089c6
ID des fehlerhaften Prozesses: 0x734
Startzeit der fehlerhaften Anwendung: 0x01d26607fc2add65
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
Berichtskennung: 9e138a53-ffc6-4388-b7e4-91eb002d9c79
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge


Systemfehler:
=============
Error: (01/04/2017 03:50:35 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/04/2017 03:49:25 PM) (Source: DCOM) (EventID: 10016) (User: Aru)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Aru\Aruran" (SID: S-1-5-21-3707763914-2828650107-2775741400-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2017 03:49:25 PM) (Source: DCOM) (EventID: 10016) (User: Aru)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Aru\Aruran" (SID: S-1-5-21-3707763914-2828650107-2775741400-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2017 03:49:25 PM) (Source: DCOM) (EventID: 10016) (User: Aru)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Aru\Aruran" (SID: S-1-5-21-3707763914-2828650107-2775741400-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2017 03:49:25 PM) (Source: DCOM) (EventID: 10016) (User: Aru)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Aru\Aruran" (SID: S-1-5-21-3707763914-2828650107-2775741400-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2017 03:49:25 PM) (Source: DCOM) (EventID: 10016) (User: Aru)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Aru\Aruran" (SID: S-1-5-21-3707763914-2828650107-2775741400-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2017 03:49:25 PM) (Source: DCOM) (EventID: 10016) (User: Aru)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Aru\Aruran" (SID: S-1-5-21-3707763914-2828650107-2775741400-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2017 03:49:25 PM) (Source: DCOM) (EventID: 10016) (User: Aru)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Aru\Aruran" (SID: S-1-5-21-3707763914-2828650107-2775741400-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2017 03:49:25 PM) (Source: DCOM) (EventID: 10016) (User: Aru)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Aru\Aruran" (SID: S-1-5-21-3707763914-2828650107-2775741400-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2017 03:49:25 PM) (Source: DCOM) (EventID: 10016) (User: Aru)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Aru\Aruran" (SID: S-1-5-21-3707763914-2828650107-2775741400-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


CodeIntegrity:
===================================
  Date: 2017-01-02 20:31:03.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-15 14:40:01.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-11 12:02:20.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-10 13:17:14.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-29 10:15:10.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-15 17:11:46.935
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-14 18:15:18.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-13 15:04:06.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-17 12:36:39.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-16 12:48:35.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 23%
Installierter physikalischer RAM: 8055.7 MB
Verfügbarer physikalischer RAM: 6185.26 MB
Summe virtueller Speicher: 9335.7 MB
Verfügbarer virtueller Speicher: 7414.48 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.29 GB) (Free:1.35 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.39 GB) (Free:547.87 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Antwort

Themen zu Browser öffnet Tabs von alleine mit Werbung
browser, datei, feststellen, freue, min, neue, neue tabs, neue tabs mit werbung, stelle, tabs mit werbung, tabs-öffen-von-alleine, tagen, von selbst, werbun, werbung, würde, öffnen, öffnet



Ähnliche Themen: Browser öffnet Tabs von alleine mit Werbung


  1. Browser öffnet ständig neue Tabs mit werbung etc.
    Plagegeister aller Art und deren Bekämpfung - 29.09.2016 (22)
  2. Browser öffnet bei jedem Klick neue Tabs und Werbung
    Plagegeister aller Art und deren Bekämpfung - 15.12.2015 (15)
  3. Browser Tabs öffnen sich von alleine in IE und FF
    Log-Analyse und Auswertung - 09.11.2015 (5)
  4. Inernet öffnet sich von alleine + Tabs öffnen sich mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 08.12.2014 (27)
  5. Browser öffnet selbsständig Tabs mit Werbung und ad einblendungen.
    Log-Analyse und Auswertung - 08.12.2014 (3)
  6. Win8.1 x64 - Browser ist überflutet mir Werbung und öffnet Tabs
    Log-Analyse und Auswertung - 04.11.2014 (16)
  7. Browser öffnet alleine Werbe-Seiten (z.B Java-Aktualisierungen; Casino o. Finanzen), zeigt auf den Seiten übermäßig viel Werbung an.
    Log-Analyse und Auswertung - 08.08.2014 (7)
  8. Mozilla öffnet von alleine neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (8)
  9. Internet Browser öffnet selbststädnig Tabs und neue Fenster mit Werbung
    Log-Analyse und Auswertung - 10.07.2014 (8)
  10. Windows 8: Browser öffnet Werbung in Tabs
    Log-Analyse und Auswertung - 06.06.2014 (5)
  11. Windows 7 Ultimate: Google Chrome öffnet von alleine neue Fenster mit Werbung oder neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (19)
  12. Youtube ist voll mit Werbung und Browser öffnet alleine Tabs
    Log-Analyse und Auswertung - 22.04.2014 (15)
  13. Windows XP: Firefox öffnet Tabs von alleine.
    Log-Analyse und Auswertung - 16.09.2013 (9)
  14. Pc schreibt von alleine und öffnet Tabs
    Plagegeister aller Art und deren Bekämpfung - 22.06.2011 (7)
  15. Firefox öffnet Tabs mit Werbung / Anstelle einer verlinkten URL öffnet sich Werbung
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (4)
  16. Browser (IE und Firefox) öfnnen von alleine Fenster mit vielen Tabs
    Log-Analyse und Auswertung - 13.12.2009 (11)
  17. Browser öffnet sich von alleine mit Werbung
    Mülltonne - 23.09.2008 (0)

Zum Thema Browser öffnet Tabs von alleine mit Werbung - Hallo, Unzwar habe ich mir leider vor 2 Tagen eine Datei heruntergeladen und musste feststellen, dass mein PC also mein Browser immer von selbst Tabs öffnet. ( ungefähr alle 2 - Browser öffnet Tabs von alleine mit Werbung...
Archiv
Du betrachtest: Browser öffnet Tabs von alleine mit Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.