Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   (Steam)Trojaner eingefangen (https://www.trojaner-board.de/168701-steam-trojaner-eingefangen.html)

ha00x7 14.07.2015 18:52
(Steam)Trojaner eingefangen
 
Hallo allersits :)
Hab mir leider (ja, mein eigenes Verschulden, da ich relativ blöd war) einen Trojaner eingefangen. wollte mir das "Programm" cleanvoice (Cleanvoice.net - Website besuch angeblich unbedenklich, nur nichts downloaden) downloaden um mit Bekannten ein Spiel zu spielen. Nur haben die mich reingelegt und ich habe anstatt des Programms einen Virus an Hals, der mir meinen Steam Account geklaut hat.
Funktion: Bin mir nicht wirklich sicher, wie der Trojaner funktioniert, habe aber meine Vermutung, die zum Teil auch begründet ist.Zum einen nehme ich an, dass ein Keylogger dabei ist, ichwurd nämlich komplett aus Steam rausgeworfen und habe das Login-Fenster gesehen und da leider auch meine Daten reingeschrieben. Allerdings müsste (wenn Steam denn keine Sicherheitslücke hat) auch ein Remote Zugriff auf meinen PC durchgeführt worden sein, denn wenn man sich mit einen Steam Account zum ersten mal auf einem neuen PC anmeldet, kann man 7 Tage lang nicht die Items handeln, was bei mir aber trotzdem geschehen ist. Hoffe, das hilft irgendwie weiter.

Wäre nett, wenn sich das einer ansehen könnte und mir auch beim entfernen behilflich sein könnte. Auch eine Einschätzung, ob auch andere Programm außer Steam betroffen sind, wäre gut, denn der PC wird von meiner ganzen Familie benutzt (u.a. Onlinebanking). Stehe nämlich kurz davor, alles platt zu machen, würde dann aber ewig Zeit verschwenden müssen ,alles wieder draufzuspielen bzw. zu re-downloaden.

Hatte gestern Abend noch AVG drüberlaufen lassen, hat 32 Bedrohungen gefunden und eliminiert. Wenn mir jemand sagt, wie ich da nachträglich an die Logs rankomme, poste ich die natürlich auch.

FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Luca (administrator) on DESKTOP_PC on 14-07-2015 19:27:43
Running from C:\Users\Luca\Desktop
Loaded Profiles: Luca & UpdatusUser & HomeGroupUser$ (Available Profiles: Luca & UpdatusUser & HomeGroupUser$)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Mad Catz Inc) C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(NVIDIA Corporation) C:\ProgramData\NVIDIA\Updatus\ApplicationOntology\NvOAWrapperCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Skillbrains) C:\Users\Luca\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [976672 2013-03-24] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [R.A.T.TE] => C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe [195072 2014-02-11] (Mad Catz Inc)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843992 2013-10-24] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [AgataSoft ShutDown Pro] => C:\Program Files (x86)\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe [2344960 2011-11-19] (AgataSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [Millionenklick Bot] => D:\Family\Luca\Bots\Millionenklick\Millionenklick Bot.exe [525312 2014-09-14] (lulu297)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [LightShot] => C:\Users\Luca\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-03] (Electronic Arts)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-05-18]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2014-06-16]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGITECH.lnk [2015-05-26]
ShortcutTarget: LOGITECH.lnk -> C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49594;https=127.0.0.1:49594;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&q={searchTerms}
HKU\S-1-5-21-256598819-3792072900-69910656-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487
HKU\S-1-5-21-256598819-3792072900-69910656-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-256598819-3792072900-69910656-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&ts=1435449079&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-256598819-3792072900-69910656-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&ts=1435449079&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-256598819-3792072900-69910656-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&ts=1435449079&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-256598819-3792072900-69910656-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&ts=1435449079&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-256598819-3792072900-69910656-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&ts=1435449079&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-256598819-3792072900-69910656-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-04] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-04] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{03620E07-CD8C-45CD-8CF0-8BF6BC1A97A3}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{55DC6518-081E-4FAF-A126-373F9D85F4D7}: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: web.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-10] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-256598819-3792072900-69910656-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-27] ()
FF user.js: detected! => C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\user.js [2015-07-12]
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\searchplugins\ask-search.xml [2015-04-04]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml [2015-06-28]
FF Extension: deskCut - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\deskCutv2@gmail.com [2015-07-10]
FF Extension: iMacros for Firefox - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-06-01]
FF Extension: Search App by Ask - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [2015-01-31]
FF Extension: Adblock Plus - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\extensions\searchffv2@gmail.com

Chrome:
=======
CHR Profile: C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-17]
CHR Extension: (Steam inventory helper) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2015-05-28]
CHR Extension: (Stylish) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-12-17]
CHR Extension: (LoungeDestroyer) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-03-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-05]
CHR Extension: (AllDebrid Chrome Extension) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjbgnpehbhpibonmjjjbjaoechnlcaf [2014-12-17]
CHR Extension: (Ghostery) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]

Opera:
=======
OPR StartupUrls: "hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-06-03] (Futuremark)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-14] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 0c632643; "C:\Windows\system32\rundll32.exe" "c:\progra~3\intere~1\InterenetOptimizerSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                          )
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24040 2014-02-12] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [51560 2014-02-12] (Saitek)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-09-08] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-09-08] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-09-08] (Acronis International GmbH)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 19:27 - 2015-07-14 19:28 - 00024157 _____ C:\Users\Luca\Desktop\FRST.txt
2015-07-14 19:27 - 2015-07-14 19:27 - 02133504 _____ (Farbar) C:\Users\Luca\Desktop\FRST64.exe
2015-07-14 19:27 - 2015-07-14 19:27 - 00000000 ____D C:\FRST
2015-07-13 21:53 - 2015-07-13 22:08 - 364941040 _____ (Doctor Web, Ltd.) C:\Users\Luca\Desktop\Nicht bestätigt 474896.crdownload
2015-07-12 22:27 - 2015-07-12 22:27 - 00000000 ____D C:\Users\Luca\AppData\Roaming\AVG2015
2015-07-12 22:27 - 2015-07-12 22:27 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-12 22:26 - 2015-07-12 22:26 - 00000000 ____D C:\Users\Luca\AppData\Roaming\TuneUp Software
2015-07-12 22:26 - 2015-07-12 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-12 22:25 - 2015-07-12 22:46 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-12 22:25 - 2015-07-12 22:25 - 00000000 ___HD C:\$AVG
2015-07-12 22:25 - 2015-07-12 22:25 - 00000000 ____D C:\Program Files (x86)\AVG
2015-07-12 22:22 - 2015-07-14 19:28 - 00000000 ____D C:\ProgramData\MFAData
2015-07-12 22:22 - 2015-07-12 22:50 - 00000000 ____D C:\Users\Luca\AppData\Local\Avg2015
2015-07-12 22:22 - 2015-07-12 22:22 - 00000000 ____D C:\Users\Luca\AppData\Local\MFAData
2015-07-06 21:44 - 2015-07-12 19:42 - 00002756 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2015-07-04 00:23 - 2015-07-04 00:23 - 00000000 ____D C:\Users\Luca\AppData\Local\CEF
2015-06-28 14:44 - 2015-06-28 14:45 - 00000000 ____D C:\Users\Luca\AppData\Local\CyberGhost
2015-06-28 14:44 - 2015-06-28 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-06-28 14:44 - 2015-06-28 14:44 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-06-28 01:51 - 2015-07-13 22:46 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-06-28 01:51 - 2015-07-13 21:21 - 00000000 ____D C:\Users\Luca\AppData\Roaming\istartsurf
2015-06-28 01:51 - 2015-06-28 22:47 - 00000000 ____D C:\Program Files (x86)\JDownloader
2015-06-28 01:51 - 2015-06-28 01:51 - 00001997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2015-06-28 01:51 - 2015-06-28 01:51 - 00001941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2015-06-28 01:51 - 2015-06-28 01:51 - 00001920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2015-06-28 01:51 - 2015-06-28 01:51 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-06-27 23:33 - 2015-06-27 23:33 - 00003094 _____ C:\Windows\System32\Tasks\{60270AB4-FE1E-4A55-AEB1-453462D3B7B7}
2015-06-27 03:36 - 2015-07-04 00:28 - 00000022 _____ C:\Windows\GPU-Z.INI
2015-06-27 03:36 - 2015-06-27 03:36 - 00000000 ____D C:\Temp
2015-06-27 03:35 - 2015-06-27 03:35 - 00000000 ____D C:\Users\Luca\AppData\Local\Futuremark
2015-06-27 03:35 - 2015-06-27 03:35 - 00000000 ____D C:\Program Files (x86)\Futuremark
2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-06-16 15:55 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-06-15 21:12 - 2015-06-15 21:12 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-15 21:12 - 2015-06-15 21:12 - 00000000 ____D C:\Program Files (x86)\TeamViewer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 19:28 - 2014-05-14 16:38 - 01078108 _____ C:\Windows\WindowsUpdate.log
2015-07-14 19:26 - 2014-05-29 12:31 - 00000000 ____D C:\ProgramData\Origin
2015-07-14 19:24 - 2015-01-01 23:58 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2015-07-14 19:24 - 2014-06-13 13:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 19:22 - 2014-05-23 14:53 - 00000214 _____ C:\Windows\Tasks\AutoKMS.job
2015-07-14 19:22 - 2014-05-14 17:55 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-14 19:22 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 19:22 - 2009-07-14 06:51 - 00083585 _____ C:\Windows\setupact.log
2015-07-13 23:08 - 2014-12-17 23:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 22:15 - 2014-11-25 23:00 - 00000000 ____D C:\AdwCleaner
2015-07-13 21:38 - 2014-05-15 02:28 - 00698964 _____ C:\Windows\system32\perfh007.dat
2015-07-13 21:38 - 2014-05-15 02:28 - 00149104 _____ C:\Windows\system32\perfc007.dat
2015-07-13 21:38 - 2009-07-14 07:13 - 01618760 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-13 21:32 - 2009-07-14 06:45 - 00032960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 21:32 - 2009-07-14 06:45 - 00032960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 21:25 - 2014-05-27 22:19 - 00000000 ____D C:\Program Files\CamStudio 2.7
2015-07-12 22:51 - 2015-01-28 19:56 - 00000000 ____D C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-12 22:46 - 2014-05-23 14:53 - 00000000 ____D C:\Windows\AutoKMS
2015-07-12 22:42 - 2015-06-07 20:01 - 00000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
2015-07-12 21:47 - 2014-05-14 18:56 - 00000000 ____D C:\Users\Luca\AppData\Roaming\TS3Client
2015-07-12 19:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-10 10:24 - 2014-06-13 13:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-10 10:24 - 2014-06-13 13:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 10:24 - 2014-06-13 13:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-03 21:52 - 2014-09-08 23:27 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-29 20:31 - 2014-10-18 01:32 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-28 22:11 - 2014-06-19 23:09 - 00000000 ____D C:\Users\Luca\AppData\Local\CrashDumps
2015-06-28 19:20 - 2010-11-21 05:47 - 00022284 _____ C:\Windows\PFRO.log
2015-06-28 02:44 - 2014-06-11 20:39 - 00000000 ____D C:\Users\Luca\AppData\Roaming\Skype
2015-06-27 23:33 - 2014-06-11 20:38 - 00000000 ____D C:\ProgramData\Skype
2015-06-27 04:23 - 2015-04-04 12:46 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2015-06-25 23:01 - 2014-12-26 11:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-16 09:14 - 2014-05-23 14:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-16 08:19 - 2009-07-14 06:45 - 00409208 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-15 21:14 - 2014-05-14 18:32 - 00109280 _____ C:\Users\Luca\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2014-05-27 22:21 - 2014-05-27 22:21 - 0000046 _____ () C:\Users\Luca\AppData\Roaming\Camdata.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0000408 _____ () C:\Users\Luca\AppData\Roaming\CamLayout.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0000408 _____ () C:\Users\Luca\AppData\Roaming\CamShapes.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0004535 _____ () C:\Users\Luca\AppData\Roaming\CamStudio.cfg
2014-05-27 22:19 - 2014-05-27 22:19 - 0000096 _____ () C:\Users\Luca\AppData\Roaming\version2.xml
2014-10-19 22:40 - 2014-10-19 22:40 - 0000003 _____ () C:\Users\Luca\AppData\Local\updater.log
2014-10-19 22:40 - 2014-11-21 23:46 - 0000435 _____ () C:\Users\Luca\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
C:\Users\Luca\AppData\Local\Temp\130799225347608206.exe
C:\Users\Luca\AppData\Local\Temp\13079922536195902759.exe
C:\Users\Luca\AppData\Local\Temp\130799226102701395.exe
C:\Users\Luca\AppData\Local\Temp\13079922610983180360.exe
C:\Users\Luca\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Luca\AppData\Local\Temp\APNSetup.exe
C:\Users\Luca\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Luca\AppData\Local\Temp\FreeYouTubeDownload.exe
C:\Users\Luca\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Luca\AppData\Local\Temp\nscE802.exe
C:\Users\Luca\AppData\Local\Temp\nsi33D1.exe
C:\Users\Luca\AppData\Local\Temp\nsn31CD.exe
C:\Users\Luca\AppData\Local\Temp\nss4D0E.exe
C:\Users\Luca\AppData\Local\Temp\nss4F31.exe
C:\Users\Luca\AppData\Local\Temp\optprosetup.exe
C:\Users\Luca\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Luca\AppData\Local\Temp\tmp1640.exe
C:\Users\Luca\AppData\Local\Temp\tmp1CAD.exe
C:\Users\Luca\AppData\Local\Temp\tmp3076.exe
C:\Users\Luca\AppData\Local\Temp\tmp8BEE.exe
C:\Users\Luca\AppData\Local\Temp\tmp9158.exe
C:\Users\Luca\AppData\Local\Temp\tmp9975.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-08 19:06

==================== End of log ============================
Additional.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Luca at 2015-07-14 19:28:39
Running from C:\Users\Luca\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-256598819-3792072900-69910656-500 - Administrator - Disabled)
Gast (S-1-5-21-256598819-3792072900-69910656-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-256598819-3792072900-69910656-1009 - Limited - Enabled) => C:\Users\HomeGroupUser$
Luca (S-1-5-21-256598819-3792072900-69910656-1001 - Administrator - Enabled) => C:\Users\Luca
UpdatusUser (S-1-5-21-256598819-3792072900-69910656-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\Steam App 223850) (Version:  - Futuremark)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{D1CBB979-E0F5-464C-ACCB-4071078DA04A}Visible) (Version: 17.0.6614 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6614 - Acronis) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AgataSoft ShutDown Pro (HKLM-x32\...\AgataSoft ShutDown Pro_is1) (Version:  - AgataSoft)
Anno 1404 (HKLM-x32\...\Steam App 33250) (Version:  - Blue Byte)
Anno 2070 (HKLM-x32\...\Steam App 48240) (Version:  - BlueByte)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.1.22.01 (HKLM\...\AutoHotkey) (Version: 1.1.22.01 - Lexikos)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6081 - AVG Technologies) Hidden
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
CameraBag 2 (HKLM-x32\...\Steam App 100410) (Version:  - Nevercenter Ltd. Co.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version:  - Codemasters Racing Studio)
DisplayFusion (HKLM-x32\...\Steam App 227260) (Version:  - Binary Fortress Software)
DisplayFusion 7.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.1.0.0 - Binary Fortress Software)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
European Ship Simulator (HKLM-x32\...\Steam App 299250) (Version:  - Excalibur)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Farming Simulator 15 (HKLM-x32\...\Steam App 313160) (Version:  - Giants Software)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version:  - Bugbear Entertainment)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.53.128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.53.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.38.530 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{AFBB2F94-A43D-46AD-8F77-66ACB3C71EDF}) (Version: 4.39.552.0 - Futuremark)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.37.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.37.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version:  - Piranha – Bytes)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Halo: Spartan Assault (HKLM-x32\...\Steam App 277430) (Version:  - Vanguard Games)
Hatred (HKLM-x32\...\Steam App 341940) (Version:  - Destructive Creations)
iMacros for Chrome File Access 1.0.0.805 (HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\{97ABEAC7-C6E1-46F1-957B-F395EA4662B5}_is1) (Version: 1.0.0.805 - Ipswitch, Inc)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - OP Productions LLC)
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version:  - istartsurf) <==== ATTENTION
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Need for Speed: Hot Pursuit (HKLM-x32\...\Steam App 47870) (Version:  - Criterion Games)
Need for Speed: SHIFT (HKLM-x32\...\Steam App 24870) (Version:  - Slightly Mad Studios)
Need for Speed: Undercover (HKLM-x32\...\Steam App 17430) (Version:  - EA Black Box)
Nero 8 Lite (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.20.0 - UpdatePack.nl)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
POSTAL (HKLM-x32\...\Steam App 232770) (Version:  - Running With Scissors)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Proxy Searcher (HKLM-x32\...\{B71B6705-FBE8-4CC1-BAE4-89C8153F28C1}) (Version: 3.90.0000 - Proxy Searcher)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
R.A.T.TE (HKLM\...\{0BE3138E-CB5E-4C09-8E06-B09BA9FEF86B}) (Version: 7.0.31.77 - Mad Catz Inc)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RollerCoaster Tycoon: Deluxe (HKLM-x32\...\Steam App 285310) (Version:  - Chris Sawyer Productions)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1801}) (Version: 12.24.1.51 - APN, LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version:  - Firaxis Games)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Startfenster (HKLM-x32\...\Startfenster) (Version:  - Startfenster)
StormFall (HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\StormFall) (Version:  - StormFall) <==== ATTENTION!
Stronghold 2 (HKLM-x32\...\Steam App 40960) (Version:  - FireFly Studios)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - FireFly Studios)
Stronghold HD (HKLM-x32\...\Steam App 40950) (Version:  - FireFly Studios)
Stronghold Legends (HKLM-x32\...\Steam App 40980) (Version:  - FireFly Studios)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TransOcean - The Shipping Company (HKLM-x32\...\Steam App 289930) (Version:  - Deck 13 Hamburg)
Tropico (HKLM-x32\...\Steam App 33520) (Version:  - PopTop Software)
Tropico 2: Pirate Cove (HKLM-x32\...\Steam App 33530) (Version:  - PopTop Software)
Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version:  - Haemimont Games)
Tropico 3: Absolute Power (HKLM-x32\...\Steam App 57600) (Version:  - Haemimont Games)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A5C9382-0E00-4532-92F5-07543E3510F8} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe
Task: {2EF28B42-CF8F-4D01-AD3F-8A207259E3C2} - System32\Tasks\{B0F4523B-924C-491E-A430-863010EF0DD7} => pcalua.exe -a E:\Software\setupstb.exe -d E:\Software
Task: {484F6719-5400-457F-AC26-301C0F3A92A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10] (Adobe Systems Incorporated)
Task: {662FE758-E87C-4AAB-9B31-653A9F674EA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {9198F801-EEC9-41DD-A23C-8B3A81E90F54} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {B8851C4E-13F6-40D1-9C61-09A514E8D3DE} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS\AutoKMS.exe
Task: {C932AD86-4E13-42B3-8FE8-DDC10B3EFEF1} - System32\Tasks\{57501C99-93C1-43E0-B15B-786A5A40C275} => pcalua.exe -a D:\Downloads\RAT_TE_Mouse_7_0_31_77_x64_Drivers.exe -d D:\Downloads
Task: {E4B31AE3-B617-40FC-A39D-8FC37CCFE4CD} - System32\Tasks\{A4D93269-E48D-4486-ACB5-535C1407A8BC} => pcalua.exe -a C:\Users\Luca\Downloads\jxpiinstall.exe -d C:\Users\Luca\Downloads
Task: {F1014AB2-B41E-4407-B85D-E7F30FB671B3} - System32\Tasks\{60270AB4-FE1E-4A55-AEB1-453462D3B7B7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.5.64.102/de/go/help.faq.installer?LastError=1603
Task: {F2FE4109-BC93-450D-8946-B6EA6EDBC4A4} - System32\Tasks\Opera scheduled Autoupdate 1412090103 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {FA298245-66F8-4219-B626-78B40F365DB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-14 17:55 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-01 10:32 - 2013-10-01 10:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-05 20:30 - 2015-01-14 21:33 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 20:23 - 2015-03-12 20:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 20:23 - 2015-03-12 20:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-11-04 22:53 - 2015-07-03 21:51 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-10-24 17:06 - 2013-10-24 17:06 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2013-10-24 17:06 - 2013-10-24 17:06 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-10 12:02 - 2013-10-10 12:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-10-24 17:09 - 2013-10-24 17:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-256598819-3792072900-69910656-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Luca\AppData\Roaming\DisplayFusion\Wallpaper_1
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DBA68E34-7652-46DC-B5FA-0AE05B1DEDFC}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{33995451-1CF4-466B-B784-189DB6C00171}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{B0407B0B-75DA-48BF-90D8-78018C086525}D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{EE649718-12A4-4BEA-A2AC-D8EFFA2D43C2}D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{7CD5B520-2F4E-47D3-8F1E-0681896F7D7F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9B0944AE-8336-471A-9F8F-5170D9FC2B97}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{8A7E8A5D-3A1A-4CFA-B7F4-C3DCD6294C92}D:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{C2D8BE19-90C4-44DD-944A-5310381F0BD1}D:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3.exe
FirewallRules: [{417CDB09-0335-41CE-BDDC-D649BA3E84DB}] => (Allow) D:\SteamLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{096C0DFD-B2E0-48F3-815F-6F9E51DF7B34}] => (Allow) D:\SteamLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{222A88F6-BC7B-48B8-8787-1CF58E43A26B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D7BE6E42-71F3-4459-82AA-85D55AD80774}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{E218A742-4B37-48C0-A40E-4861D3C1A83B}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [UDP Query User{7BDAE82A-E891-4A05-B5CB-3CCB2FD87706}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{2311D28B-81AF-40CC-BE37-5A37D6B7A3D4}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{9D9EFA32-32DC-4195-8AD4-43EBB2F69490}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7C05F50C-6C44-4627-A39C-858AD6024B00}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{065554BF-D5AB-453C-90FB-730370445355}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C7EEEA6F-90CC-432A-A3FF-454757D4C34D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C5A98D47-BBBF-4D5A-8100-17AA776A9139}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E1BFD8B9-C39F-403F-9C69-93EFAA5FEDB8}] => (Allow) D:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{F6872B6E-2CF3-45AF-9B42-A002FB426DBB}] => (Allow) D:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{6E64B0FF-E056-4183-8CAF-F66C03CDE454}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AC9F7437-4DDE-46E1-8AD1-97502C896876}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{954EC990-343B-4145-92BB-A969FDD7D664}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{CB0564BE-46F8-4FE9-BEED-CB6283C56033}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{E8D9982B-8625-49DA-9B7E-90C9BBEF2487}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{863F9AB2-3EB6-47F9-BB04-67E8AEAE3095}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{642AF5C2-4829-4949-BFC3-2C6365893B7C}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{BE02A6C5-CD31-4441-9C53-C81EE8136120}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{F782ABE2-1B32-4A90-90AC-1723E1903CF8}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{C5BCCA98-13AA-437B-A71B-19717FA7FA09}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{3D33BF0F-79C1-44AF-9043-010A1CD25297}] => (Allow) LPort=1688
FirewallRules: [{5A5798EB-835F-4CEA-BF76-A02630F88D42}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B4B2BEFA-CE3D-4D4A-A148-AAF3E98FAE66}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{25D80223-715D-45EB-ADAE-30DCC724E8D6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{160FE598-2F2F-45BE-AC66-68C4C8253D1E}] => (Allow) D:\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{7C4C1A85-C02D-40D0-9A0A-AE241AD8F75E}] => (Allow) D:\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{B0A4A874-8EE4-498F-88CE-7D26E5DB6688}] => (Allow) D:\SteamLibrary\SteamApps\common\DisplayFusion\DisplayFusionLauncher.exe
FirewallRules: [{09C4F18C-A0C6-4E1F-BEC2-99E50B9BE211}] => (Allow) D:\SteamLibrary\SteamApps\common\DisplayFusion\DisplayFusionLauncher.exe
FirewallRules: [{E153F530-64AB-4732-899D-D1ADF46B6164}] => (Allow) D:\SteamLibrary\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{F8EA581A-20BD-4928-BF24-D932FDED7E87}] => (Allow) D:\SteamLibrary\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{A103FF8A-A648-4ADA-998C-09D79FA8DC12}] => (Allow) D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{12ED01DB-F751-4F66-9060-33CE83231349}] => (Allow) D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{BB021B85-96DC-49FB-BACB-4136DBC137A3}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{04993319-79C1-4C9C-B4AD-D17AFBCCF1F3}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{B54EB214-BA66-4A43-9538-9E3504D315DD}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{40B975DE-31FE-4D79-B940-33FF4088019C}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{F943CB23-6A63-4130-9D61-BD359D4D2FA8}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{178DA789-5C05-4D91-AE6F-C9242B5763B4}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{87C625A5-FB4D-44FF-952F-FC96F4D8BCDB}] => (Allow) D:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{31E718A6-685C-415B-B294-C21E60E122AD}] => (Allow) D:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{895E4065-F604-498B-99B5-0E4874E48BFC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{71AAC3E0-8C52-45B2-BAD6-8AA4C2446734}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{E886A371-66A0-4D80-AC53-A778660035F6}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{939FE3B9-19E4-4D66-9A07-ACB2DF7E08CC}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{59E8ACEC-7431-4807-8EAE-55A68C7C4AC2}] => (Allow) D:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{300C9DEF-C906-495F-99E5-BD1A0208DCA9}] => (Allow) D:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{0A4A415A-A57D-4FA0-9F3E-CC89F194C55D}] => (Allow) D:\SteamLibrary\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{5F7B0E24-9C14-4561-9758-91087AFE50AD}] => (Allow) D:\SteamLibrary\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{C5B87386-F6A1-47B7-AC68-04ABFEE8C954}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{4A56D74A-3A07-4094-B9D3-2F51B24DA4BC}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{26495F20-D5EB-4107-BE98-0FFABD242E62}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{80141C19-45AE-4839-BF6B-B2E302F93324}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{EEDE14A9-60FB-455E-8D2E-D4FBBCB2FBFF}] => (Allow) D:\SteamLibrary\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{35CB8B62-21E7-4B72-B061-E5F7172CA69E}] => (Allow) D:\SteamLibrary\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{8D61AF57-C619-46EB-B91C-9830EFD5DB70}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{39A0F014-F904-45D5-91B9-8BEDA50D9D43}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{D1FD72F5-A2E0-4C34-A228-B90AC0F56462}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{38FABA4C-34C1-4794-9988-577023411ADB}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{F7E167B0-3BCC-4C5F-8152-95577225B4F5}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{3CCA1424-3A65-481B-AD3B-08664A46BFDA}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{9CD5E8F8-BF9D-4405-A01F-0AC583F46FB4}] => (Allow) D:\SteamLibrary\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{1B2F6D21-C9A3-4161-ABF2-63990CB9F1E0}] => (Allow) D:\SteamLibrary\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{B8EA160B-99BE-47F0-873B-BF79ED6A5BD7}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{A1B411B9-80DC-4E59-BC54-9639028D1C73}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{1E6C2E43-599D-45A9-82AC-47441CA7C1D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{13208E56-8888-43EC-954D-0C918A22D667}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B43CAF1F-3B0D-4A31-956F-E36C289D46DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{8EC82C9C-073E-45EB-8D07-9B1E59109766}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0B2D8287-A6C9-4C84-A09F-558C0036DCBA}] => (Allow) D:\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{BC12B4B4-2F08-4E55-A0A6-7F10F4EECEC7}] => (Allow) D:\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{FA1E62F6-6721-4AAA-8F4B-69344A66D35C}] => (Allow) D:\SteamLibrary\SteamApps\common\DiRT Showdown\showdown.exe
FirewallRules: [{4E66C25E-44F4-4863-AB7A-1A53341753E1}] => (Allow) D:\SteamLibrary\SteamApps\common\DiRT Showdown\showdown.exe
FirewallRules: [{12D218C5-FAA3-4227-98F3-E3867AF5C2D9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5EA99E36-CBF4-4D21-9049-380316BC190F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0AD3AB2D-98F1-4CB8-9242-5EF706915D8C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B72DEFC1-E31D-403F-8AF3-D869036BD551}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FADF0E04-9759-44FF-9173-17F6C859D962}] => (Allow) D:\Origin Spiele\Battlefield 3\bf3.exe
FirewallRules: [{FC90CBA7-EA6A-4D45-9417-C30ED29A0BE6}] => (Allow) D:\Origin Spiele\Battlefield 3\bf3.exe
FirewallRules: [{F6B602A8-BA19-4C16-A58F-BDA0A2589FF8}] => (Allow) D:\Origin Spiele\FIFA 14\Game\fifa14.exe
FirewallRules: [{CA63EF2B-B481-4952-892F-4C1176C8995E}] => (Allow) D:\Origin Spiele\FIFA 14\Game\fifa14.exe
FirewallRules: [{86B3337A-5EB8-479A-AE8E-5537D43F3FB2}] => (Allow) D:\SteamLibrary\SteamApps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{98CD4535-4902-4F62-BA17-B251A0BBAEC0}] => (Allow) D:\SteamLibrary\SteamApps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{C1E8AED3-72FB-4450-82F8-E414724E8B8A}] => (Allow) D:\SteamLibrary\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{1B95A360-A8EC-4417-8E1E-3BFB30B66354}] => (Allow) D:\SteamLibrary\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{9A8F6B91-5002-4F5A-A20D-7A8BF2A6AE18}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{0BD26821-2079-4C99-81D7-A5DBB034419D}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{84495CAA-8390-4AED-A8D3-0C3DFC05331F}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{29DA9C9E-65B7-426F-9D27-16FA5DABB7E4}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{4D1BBD67-B986-4296-8C4C-3AE83D1B2686}] => (Allow) D:\SteamLibrary\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{0C875CE3-9CAF-48FF-8410-39041FFC27F1}] => (Allow) D:\SteamLibrary\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{D81037E1-1E2D-43E4-8169-F57C23B69786}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold 2\Stronghold2.exe
FirewallRules: [{6C13BABB-F670-4B04-B937-15FC4E81EE62}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold 2\Stronghold2.exe
FirewallRules: [{F0015D76-3253-4147-B74C-97493A9963AC}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{2B24C4E1-0F78-4D69-85FD-7D034CF0402D}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{2BA6F01B-896A-434A-8756-DE44DE601D36}] => (Allow) D:\SteamLibrary\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{5B3972E4-26EE-4494-8345-A06990EC14CB}] => (Allow) D:\SteamLibrary\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{8E359691-C717-4CA2-A18B-6F1C6756759D}] => (Allow) D:\Origin Spiele\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{CACBC071-9421-44DB-997E-DE6CB904BBA2}] => (Allow) D:\Origin Spiele\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{3BC8F499-A3A6-4E29-AD1A-06A7586A8923}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{034F4E92-D96B-4020-A96B-AE864B70520F}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{5C63D423-36AA-4232-BF68-01DADB93FAD9}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{F2C8EAA2-017E-4AD1-9338-F827F61421BD}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{3F02DF4E-408D-493E-BC92-613009A418B4}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold\Stronghold.exe
FirewallRules: [{AB8E531F-DE92-4105-9688-0A95BF6F855C}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold\Stronghold.exe
FirewallRules: [{E3EB59E8-B60E-4DD4-92F5-33C12EC64E05}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{65DD10F5-915E-4916-A882-B7A075706911}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{D8252270-D059-435B-A120-9C75CF817BFB}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{134ED40F-D8E2-4597-9598-825746BCDDD9}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{514FEE2A-7D43-467F-8C50-72124064A04E}] => (Allow) D:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BFA1182D-B7E7-4684-975C-3ADBD5B1516C}] => (Allow) D:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{2DA79AD3-D0A2-47B1-AE11-54864DC3CF78}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{47A53C92-5335-45E6-B5CB-5FEDB0EB37B4}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{39258988-2924-4FEA-8F16-CD58BD2BCE19}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2BE17B84-575E-4F24-8BE7-65A9EDBAA8D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1B521B97-7BEF-4540-8416-DD6319A58003}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{97CE4176-54CA-4F90-8A1D-E5451A870FA1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{59866E24-BAEA-4300-B995-19E3FB13912D}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{7BA3E386-4C85-435F-B946-8CF1AD6702C9}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{01E88105-0190-4806-AECD-C29562394257}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{1648BCFC-A825-4C1C-97DA-55153D377ADA}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{3C48DC9A-2BBE-4CDB-B982-20555450C1F1}] => (Allow) C:\Program Files\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{F963731D-6AEE-458F-AFF1-500ABF5EBBAD}] => (Allow) C:\Program Files\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{FA0D97C8-4817-41AD-AF28-2F526837E8E5}] => (Allow) D:\SteamLibrary\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{8795885F-5F77-4040-8130-56ADE88308CC}] => (Allow) D:\SteamLibrary\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{B4E91F83-A62F-4647-98EF-56809D9C85D7}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{16FA07C2-6737-4761-BA12-00EBDF8FA285}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [TCP Query User{015D79BC-8B1C-45B4-AB6C-604E6CA109B3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{77D821D3-B2F9-4121-8A4E-1FED35B2BD8D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{89362707-DD56-4B89-9217-3CD61B0F9C97}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1C31087B-2371-48CE-B290-AE2309D303D2}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{7178D3FE-48E5-41FC-AA36-223C6BC25B15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89602D04-CABC-42AD-86A0-8C654E116B3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B67A905D-BD43-41A4-90BD-004B85A58217}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{201D1E32-7E29-450F-9126-157CDF0444B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25B1AE3F-A466-4B66-A475-850273CD2D60}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{529F1722-273E-4BA2-9313-9E9E82941D3A}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{9299EE86-6B8B-41E6-A48A-BA3E5F14ABF0}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{82D9BEEE-16B5-4E2E-8845-9A82ED4B635C}] => (Allow) D:\SteamLibrary\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{41004D45-19B3-4C8B-89C1-32DDB976C337}] => (Allow) D:\SteamLibrary\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{251D197B-7583-450F-AF8F-8D6781846A4E}] => (Allow) D:\SteamLibrary\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{2F319220-2D06-4D47-9353-03B03C840E03}] => (Allow) D:\SteamLibrary\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{9C2F284F-B9E9-4228-A721-802AFF19B4F1}] => (Allow) D:\SteamLibrary\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{06550E52-2AB9-4775-9019-A331AD924BAF}] => (Allow) D:\SteamLibrary\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{7AB86D3A-53F5-46CB-B4FA-AF429E0EE14E}] => (Allow) D:\SteamLibrary\SteamApps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{E70E4820-7363-46DA-8D12-E892E682D57F}] => (Allow) D:\SteamLibrary\SteamApps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{DC0B3649-B4EE-4B4F-9445-972667ECDAC6}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{4D4B2FED-A6EA-4CE3-BA69-E4EA9AB7CBF8}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{3D7EEBD2-C713-457F-9308-A8AEBAC68467}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x86\FarmingSimulator2015Game.exe
FirewallRules: [{B996786C-8455-413C-9786-6C8245B02DE1}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x86\FarmingSimulator2015Game.exe
FirewallRules: [{D3E19D10-3D1A-4E66-B2FA-06052414F886}] => (Allow) D:\SteamLibrary\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{BD2045AE-C6D3-4956-837E-72AB1F0FD9BF}] => (Allow) D:\SteamLibrary\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{CDF952B5-0F9E-47ED-8E1D-919B7E5845F3}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Undercover\nfs.exe
FirewallRules: [{E192A11E-F168-4D6D-8951-816B9A56EB41}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Undercover\nfs.exe
FirewallRules: [{17351489-A119-40BF-99C1-C48C7F0FC322}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{835E3114-2DC7-460B-AB0F-CC1660D4FCF2}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{23C32C48-6B5C-43ED-B616-6157A0ABC90E}] => (Allow) D:\SteamLibrary\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{61DA436D-D4DF-4132-BAA2-0AC73F15B828}] => (Allow) D:\SteamLibrary\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{700D7229-528D-4BD9-B114-A737AA001FBA}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0908B44A-E095-43ED-9F70-61775F2194A8}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{2E21512D-5D09-428F-8D4F-F81686127C57}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{1DBEC68D-779C-4A89-AACE-F54EA85A86D6}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{CEE2F5E9-97C1-4847-9E94-6A59DB3038C3}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\Rust.exe
FirewallRules: [{DC339F41-DBE9-4C25-A350-488B4EB0F82B}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\Rust.exe
FirewallRules: [{7DA63770-737A-4CB6-9AAA-313F55FA69CD}] => (Allow) D:\SteamLibrary\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{05F10FE0-776E-4DED-9581-D6A2EADDE246}] => (Allow) D:\SteamLibrary\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{F7F89ACF-98AA-43C4-B6CA-1983950925C4}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{C5E94706-9DEE-4139-B039-2A6BB210DF54}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{5EAAF11D-D518-49CB-A158-6E1F144AD224}] => (Block) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{1B2B7C63-5B54-4539-9871-52B3AAC2B566}] => (Block) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{63806BB4-88D9-43D1-AA7D-D69A590FEEBB}] => (Allow) D:\SteamLibrary\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{951C634C-7865-495D-935F-572C4DFBE872}] => (Allow) D:\SteamLibrary\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{BBFE0526-91A1-48F0-8CF0-2DBA0E5E767C}] => (Allow) D:\SteamLibrary\SteamApps\common\Halo Spartan Assault\HaloSpartanAssault.exe
FirewallRules: [{8408BB34-28CC-4C7A-A5E7-BE68AC2BAF3D}] => (Allow) D:\SteamLibrary\SteamApps\common\Halo Spartan Assault\HaloSpartanAssault.exe
FirewallRules: [{33710B19-13D1-4B3E-8992-1836961DA894}] => (Allow) D:\SteamLibrary\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{7D492F3C-FF99-4A09-986A-5DAB7F7F2FBC}] => (Allow) D:\SteamLibrary\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{207CF2D6-397B-4358-891B-75B2D7BDA304}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{129F3D47-13C4-4671-981C-FF5E5354DE97}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{3205B19C-D3C6-4782-913B-EE644AAE47BA}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{0F637E27-515E-4B56-B4DB-DE71DAADC755}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{9EB5343F-EE3E-445D-B6E9-C17998556D54}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{5292A280-F6A9-400E-A042-91CC7B849ED6}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{4B7BAB29-7F77-4B82-9CE3-0038CD212FE5}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico\Tropico.EXE
FirewallRules: [{7DDB0B81-B9F1-4A68-BC33-1645C3BB800E}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico\Tropico.EXE
FirewallRules: [{14426D95-D26F-4609-9BFD-634CE2E4A4F7}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 2\Tropico2.exe
FirewallRules: [{365BD242-16DB-4498-B832-FE5CDA753F25}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 2\Tropico2.exe
FirewallRules: [{470E5971-35F1-486D-9D27-ADA8B1E1CE88}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 3\Tropico3.exe
FirewallRules: [{3D075A38-DBC3-4019-A286-BA18F5126559}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 3\Tropico3.exe
FirewallRules: [{386A7C51-6C2E-4440-97B0-B53497183AEA}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{1C7DDA57-87F4-487A-B07F-64B6284A819F}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{FCDACEF6-95C3-469F-A839-84737006A343}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3A34913F-42F1-447F-A416-7FC10AFDD53B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6A76DF05-A941-43B6-91E0-D9A22BEEAEE9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{682B6B90-7C15-409F-AFDD-5FEB247D887D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8032D0D9-9F21-4D40-8F38-268CD5069DF4}] => (Allow) D:\SteamLibrary\SteamApps\common\CameraBag 2\CameraBag 2.exe
FirewallRules: [{E00C1395-8DDB-4251-97E3-AAE330BC9CA1}] => (Allow) D:\SteamLibrary\SteamApps\common\CameraBag 2\CameraBag 2.exe
FirewallRules: [{2986C909-63AB-453C-9B22-1DBF0ED75F74}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{2B71AC90-0142-471D-AF36-3643EC3242AF}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{A874B22E-0529-4BB3-B0EF-7EBCE72BBFB4}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{4843ADED-285C-40F5-BA4F-76CF08DF470C}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{B3081755-BC6D-4A66-9249-B3876A43F7F4}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{91A5A120-1321-499B-8129-A52AEDFC7989}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{4DBB8F6A-0040-4023-9A03-960DACF3B186}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{F6E7FE19-B3D9-4998-A300-787D5A6D1697}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{C8DE0954-F437-43A7-AC62-98FE15EB8995}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{9C42F770-B4AF-4C72-8A0F-AF705894CA5D}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{9460F9A0-444A-4322-A845-BD9965ED1199}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{56988FA4-A88D-432E-BEE9-0025D74C1B0F}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{1C4CD1E8-2298-4626-A880-F8AF1EE77B58}] => (Allow) D:\SteamLibrary\SteamApps\common\European Ship Simulator\ess.exe
FirewallRules: [{2B436408-81B3-4781-AC5B-25CFA2D2D25B}] => (Allow) D:\SteamLibrary\SteamApps\common\European Ship Simulator\ess.exe
FirewallRules: [{0A2BEEE8-80DE-482D-8B6C-C970398EC695}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{38202C9F-5153-4718-89D6-593FD1D2339C}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3449539C-CBC8-4228-A34B-29559E85351B}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{29A15FF3-6F56-43D7-9D3D-2AB649A120C0}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{1ADB30BE-99FA-40E3-A8DC-DFD4E7C113A8}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{6EBC367F-4007-4437-B968-73C68480BFAC}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [TCP Query User{A1F47366-94D7-41FF-B1EC-7F58CA16F6EC}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{BA8BEF85-FB69-4191-92FC-A2882E0AD3A8}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{8725D830-A947-47A6-A8E7-A1A65702A0A7}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{9C6E5625-C45C-4CD5-8B30-68DB42584CB8}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{69193C28-D784-4206-9F53-8B5319630E01}] => (Allow) D:\SteamLibrary\SteamApps\common\Need For Speed Shift\SHIFT.exe
FirewallRules: [{65709C18-FC69-437F-A9C8-DB151ADC2470}] => (Allow) D:\SteamLibrary\SteamApps\common\Need For Speed Shift\SHIFT.exe
FirewallRules: [{B7CF1521-BFA3-46BD-A5B2-3B03312249EA}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe
FirewallRules: [{5CA59999-37DC-406C-9295-28829AF79772}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe
FirewallRules: [{2D4577C3-7115-473C-BB05-0C8403A03099}] => (Allow) D:\SteamLibrary\SteamApps\common\TransOcean - The Shipping Company\TransOcean.exe
FirewallRules: [{372742CC-A012-42C6-B348-41911AA70590}] => (Allow) D:\SteamLibrary\SteamApps\common\TransOcean - The Shipping Company\TransOcean.exe
FirewallRules: [{DE41DCBD-11E1-4F7B-A49C-73AC546917FC}] => (Allow) D:\SteamLibrary\SteamApps\common\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{E7DE18E9-CB6E-48E3-84EE-EF86A804C281}] => (Allow) D:\SteamLibrary\SteamApps\common\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{201AA12A-F513-476C-A76C-7B7DA6B97497}] => (Allow) C:\Program Files\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{047FB682-1F97-4B5B-A72A-CA34AD9A14A8}] => (Allow) C:\Program Files\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{77F81EA8-A8FA-441C-91F3-F49A80BCF634}] => (Allow) C:\Program Files\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{2767A58D-37B1-4C87-8204-92D88A9D2B24}] => (Allow) C:\Program Files\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{04B7C4A2-FA23-4DD2-A389-E503E46D8F61}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8EEE210F-214F-487C-B82C-42BE128F0856}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D5C2C97D-C43C-4533-9F82-5A41F0AA5DB6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{916AB88C-3FCF-4D58-BC9B-77B088F2B2A7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8EA7E60B-FC9E-46C3-BB56-EDB1A868D4B5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{7EDADAC4-F517-4F5D-8E9F-AE2FEE34140A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2F52D7F2-55A0-4143-9942-54FA2AAD9336}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2330BF5F-8A92-468A-8F96-059255CA48DE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0C51CA0F-E2F6-4416-8C42-D32684286F95}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2015 07:24:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: daemonu.exe, Version: 3.10.8.2, Zeitstempel: 0x514ce7b6
Name des fehlerhaften Moduls: daemonu.exe, Version: 3.10.8.2, Zeitstempel: 0x514ce7b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004e946
ID des fehlerhaften Prozesses: 0xbf8
Startzeit der fehlerhaften Anwendung: 0xdaemonu.exe0
Pfad der fehlerhaften Anwendung: daemonu.exe1
Pfad des fehlerhaften Moduls: daemonu.exe2
Berichtskennung: daemonu.exe3

Error: (07/14/2015 07:23:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 09:27:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/13/2015 09:16:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: daemonu.exe, Version: 3.10.8.2, Zeitstempel: 0x514ce7b6
Name des fehlerhaften Moduls: daemonu.exe, Version: 3.10.8.2, Zeitstempel: 0x514ce7b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004e946
ID des fehlerhaften Prozesses: 0x9cc
Startzeit der fehlerhaften Anwendung: 0xdaemonu.exe0
Pfad der fehlerhaften Anwendung: daemonu.exe1
Pfad des fehlerhaften Moduls: daemonu.exe2
Berichtskennung: daemonu.exe3

Error: (07/13/2015 09:13:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 10:45:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: daemonu.exe, Version: 3.10.8.2, Zeitstempel: 0x514ce7b6
Name des fehlerhaften Moduls: daemonu.exe, Version: 3.10.8.2, Zeitstempel: 0x514ce7b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004e946
ID des fehlerhaften Prozesses: 0x8fc
Startzeit der fehlerhaften Anwendung: 0xdaemonu.exe0
Pfad der fehlerhaften Anwendung: daemonu.exe1
Pfad des fehlerhaften Moduls: daemonu.exe2
Berichtskennung: daemonu.exe3

Error: (07/12/2015 10:44:46 PM) (Source: System Restore) (EventID: 8205) (User: )
Description: Die Systemwiederherstellung wurde nicht abgeschlossen, da nicht genügend freier Speicherplatz auf dem Volume (Installed AVG 2015) verfügbar war.

Error: (07/12/2015 10:44:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 10:38:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x58c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3

Error: (07/12/2015 10:16:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "(F:)" wurde aufgrund eines Fehlers nicht defragmentiert: Falscher Parameter. (0x80070057)


System errors:
=============
Error: (07/14/2015 07:24:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 07:22:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Interenet Optimizer erreicht.

Error: (07/13/2015 09:16:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/13/2015 09:12:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Interenet Optimizer erreicht.

Error: (07/12/2015 10:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 10:43:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IHProtect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5

Error: (07/12/2015 10:43:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Interenet Optimizer erreicht.

Error: (07/12/2015 10:39:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/12/2015 10:39:20 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "DiagTrack" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/12/2015 10:38:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (07/14/2015 07:24:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe3.10.8.2514ce7b6daemonu.exe3.10.8.2514ce7b6c00000050004e946bf801d0be59bc671258C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe3beb7528-2a4d-11e5-9149-bcaec532781d

Error: (07/14/2015 07:23:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 09:27:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\windows\temp\7zs9cae.tmp\offercast3410_avg_.exe

Error: (07/13/2015 09:16:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe3.10.8.2514ce7b6daemonu.exe3.10.8.2514ce7b6c00000050004e9469cc01d0bd9fdfefdaa4C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exea9a2377f-2993-11e5-975c-bcaec532781d

Error: (07/13/2015 09:13:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 10:45:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe3.10.8.2514ce7b6daemonu.exe3.10.8.2514ce7b6c00000050004e9468fc01d0bce36dda265eC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exee3799020-28d6-11e5-8ad9-bcaec532781d

Error: (07/12/2015 10:44:46 PM) (Source: System Restore) (EventID: 8205) (User: )
Description: Installed AVG 2015

Error: (07/12/2015 10:44:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 10:38:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18869556366f2c000000d000000000006ec1258c01d0bcc9efc3e6e1C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllff1f3562-28d5-11e5-a4f1-bcaec532781d

Error: (07/12/2015 10:16:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (F:)Falscher Parameter. (0x80070057)


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 38%
Total physical RAM: 8183.05 MB
Available physical RAM: 5067.2 MB
Total Virtual: 16364.32 MB
Available Virtual: 13485.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:3.12 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:649.71 GB) (Free:188.72 GB) NTFS
Drive f: () (Removable) (Total:3.73 GB) (Free:2.93 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: BF2F5BF4)
Partition 1: (Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=649.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 3EA4546E)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End of log ============================

schrauber 14.07.2015 19:06
Hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

ha00x7 14.07.2015 19:28
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.14.05
  rootkit: v2015.07.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Luca :: DESKTOP_PC [administrator]

14.07.2015 20:11:56
mbar-log-2015-07-14 (20-11-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 441133
Time elapsed: 14 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\600440862 (Rogue.Multiple) -> Delete on reboot. [6e3f49985e2cfa3c8ed1ffc269990cf4]

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Neustart hat das Programm keinen erfordert/erwünscht. Werde ich jetzt manuell durchführen.

EDIT: 2ter Scan: Keine Malware gefunden

schrauber 15.07.2015 09:52
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    istartsurf uninstall

    Search App by Ask

    StormFall


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

ha00x7 15.07.2015 19:04
Die 3 angegebenen Programme wurden entfernt.

ComboFix musste einmal abgebrochen werden, nachdem AVG (trotz deaktivierung) die combofix.exe als schädlich erkannte. Habe dann AVG deinstalliert und Combofix neu gestartet. Hier das Log:

Code:
ComboFix 15-07-12.01 - Luca 15.07.2015  19:56:22.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8183.5346 [GMT 2:00]
ausgeführt von:: c:\users\Luca\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Phone\Skype.exe
c:\programdata\ntuser.pol
c:\windows\security\logs\scecomp.log
.
---- Vorheriger Suchlauf -------
.
c:\users\Luca\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BA80B9C7-A4FC-4AD7-8F71-27898F3834C4}.xps
c:\users\Luca\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E6B87241-2A50-419B-87CB-FB7F5092FC55}.xps
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-06-15 bis 2015-07-15  ))))))))))))))))))))))))))))))
.
.
2015-07-15 17:59 . 2015-07-15 17:59        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2015-07-15 17:59 . 2015-07-15 17:59        --------        d-----w-        c:\users\HomeGroupUser$\AppData\Local\temp
2015-07-15 17:59 . 2015-07-15 17:59        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-07-15 17:24 . 2015-07-15 17:24        18009776        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-07-15 17:16 . 2015-07-15 17:16        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-07-14 18:11 . 2015-07-14 18:11        --------        d-----w-        c:\programdata\Malwarebytes
2015-07-14 18:11 . 2015-07-14 18:49        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-07-14 18:11 . 2015-07-14 18:35        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-14 18:10 . 2015-07-14 18:35        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-07-14 17:27 . 2015-07-14 17:29        --------        d-----w-        C:\FRST
2015-07-12 20:27 . 2015-07-12 20:27        --------        d-----w-        c:\users\Luca\AppData\Roaming\AVG2015
2015-07-12 20:27 . 2015-07-15 17:55        --------        d-----w-        c:\program files\Common Files\AV
2015-07-12 20:26 . 2015-07-12 20:26        --------        d-----w-        c:\users\Luca\AppData\Roaming\TuneUp Software
2015-07-12 20:25 . 2015-07-15 17:54        --------        d-----w-        c:\programdata\AVG2015
2015-07-12 20:25 . 2015-07-15 17:54        --------        d-----w-        C:\$AVG
2015-07-12 20:25 . 2015-07-12 20:25        --------        d-----w-        c:\program files (x86)\AVG
2015-07-12 20:22 . 2015-07-15 17:55        --------        d-----w-        c:\programdata\MFAData
2015-07-12 20:22 . 2015-07-12 20:50        --------        d-----w-        c:\users\Luca\AppData\Local\Avg2015
2015-07-12 20:22 . 2015-07-12 20:22        --------        d--h--w-        c:\programdata\Common Files
2015-07-12 20:22 . 2015-07-12 20:22        --------        d-----w-        c:\users\Luca\AppData\Local\MFAData
2015-07-10 18:42 . 2015-06-12 07:50        12221144        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{387836CA-0F01-48D1-BB2A-ADD7E5AB51CF}\mpengine.dll
2015-07-03 22:23 . 2015-07-03 22:23        --------        d-----w-        c:\users\Luca\AppData\Local\CEF
2015-06-28 12:44 . 2015-06-28 12:45        --------        d-----w-        c:\users\Luca\AppData\Local\CyberGhost
2015-06-28 12:44 . 2015-06-28 12:44        --------        d-----w-        c:\program files\CyberGhost 5
2015-06-27 23:51 . 2015-06-27 23:51        --------        d-----w-        c:\programdata\IHProtectUpDate
2015-06-27 23:51 . 2015-07-13 20:46        --------        d-----w-        c:\program files (x86)\MiuiTab
2015-06-27 23:51 . 2015-07-13 19:21        --------        d-----w-        c:\users\Luca\AppData\Roaming\istartsurf
2015-06-27 23:51 . 2015-06-28 20:47        --------        d-----w-        c:\program files (x86)\JDownloader
2015-06-27 01:36 . 2015-06-27 01:36        --------        d-----w-        C:\Temp
2015-06-27 01:35 . 2015-06-27 01:35        --------        d-----w-        c:\users\Luca\AppData\Local\Futuremark
2015-06-27 01:35 . 2015-06-27 01:35        --------        d-----w-        c:\program files (x86)\Futuremark
2015-06-15 19:12 . 2015-06-15 19:12        --------        d-----w-        c:\program files (x86)\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-10 08:24 . 2014-06-13 11:26        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-10 08:24 . 2014-06-13 11:26        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 11:30 . 2010-11-21 03:27        300704        ------w-        c:\windows\system32\MpSigStub.exe
2015-06-09 20:34 . 2014-06-15 18:51        140135120        ----a-w-        c:\windows\system32\MRT.exe
2015-06-01 19:16 . 2015-06-10 17:04        389840        ----a-w-        c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-10 17:04        24917504        ----a-w-        c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-09 18:51        5569984        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-09 18:51        155584        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-09 18:51        95680        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-09 18:51        1728960        ----a-w-        c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-09 18:51        243712        ----a-w-        c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-09 18:51        362496        ----a-w-        c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-09 18:51        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-09 18:51        215040        ----a-w-        c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-09 18:51        1255424        ----a-w-        c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-09 18:51        210944        ----a-w-        c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-09 18:51        879104        ----a-w-        c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-09 18:51        86528        ----a-w-        c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-09 18:51        29184        ----a-w-        c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-09 18:51        136192        ----a-w-        c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-09 18:51        503808        ----a-w-        c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-09 18:51        113664        ----a-w-        c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 18:51        50176        ----a-w-        c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-09 18:51        28160        ----a-w-        c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-09 18:51        342016        ----a-w-        c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-09 18:51        314880        ----a-w-        c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-09 18:51        309760        ----a-w-        c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-09 18:51        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-09 18:51        728576        ----a-w-        c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-09 18:51        424960        ----a-w-        c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-09 18:51        1461760        ----a-w-        c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-09 18:51        1162752        ----a-w-        c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-09 18:51        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-09 18:51        22016        ----a-w-        c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-09 18:51        879104        ----a-w-        c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-09 18:51        404992        ----a-w-        c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-09 18:51        47104        ----a-w-        c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-09 18:51        112640        ----a-w-        c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-09 18:51        296960        ----a-w-        c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-09 18:51        43008        ----a-w-        c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-09 18:51        104448        ----a-w-        c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-09 18:51        31232        ----a-w-        c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-09 18:51        19456        ----a-w-        c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-09 18:51        338432        ----a-w-        c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-09 18:51        64000        ----a-w-        c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-09 18:51        60416        ----a-w-        c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-09 18:51        146432        ----a-w-        c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-09 18:51        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        6656        ----a-w-        c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-09 18:51        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:51        686080        ----a-w-        c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-09 18:51        3989440        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-09 18:51        3934144        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-09 18:51        1310744        ----a-w-        c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-09 18:51        172032        ----a-w-        c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-09 18:51        65536        ----a-w-        c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-09 18:51        635392        ----a-w-        c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-09 18:51        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-09 18:51        248832        ----a-w-        c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-09 18:51        92160        ----a-w-        c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 18:51        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-09 18:51        221184        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-09 18:51        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-09 18:51        259584        ----a-w-        c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-09 18:51        551424        ----a-w-        c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-09 18:51        17408        ----a-w-        c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-09 18:51        641536        ----a-w-        c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-09 18:51        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-09 18:51        40448        ----a-w-        c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-09 18:51        364544        ----a-w-        c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-09 18:51        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-09 18:51        37888        ----a-w-        c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-09 18:51        82944        ----a-w-        c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-09 18:51        17408        ----a-w-        c:\windows\SysWow64\diskperf.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2015-01-07 6886752]
"Millionenklick Bot"="d:\family\Luca\Bots\Millionenklick\Millionenklick Bot.exe" [2014-09-14 525312]
"LightShot"="c:\users\Luca\AppData\Local\Skillbrains\lightshot\Lightshot.exe" [2014-06-18 226560]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-07-03 3632112]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2015-03-18 911032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-10-24 7843992]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-10-10 1104616]
"AgataSoft ShutDown Pro"="c:\program files (x86)\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe" [2011-11-18 2344960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-05-21 130864]
.
c:\users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LOGITECH.lnk - c:\program files\Logitech Gaming Software\LCore.exe [2015-3-12 13318424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2013-3-1 21946368]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-6-16 1140736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 0c632643;Interenet Optimizer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-07 20:09        991048        ----a-w-        c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-13 08:24]
.
2015-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17 21:22]
.
2015-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17 21:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-10-01 08:32        2818216        ----a-w-        c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-10-01 08:32        2818216        ----a-w-        c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-10-01 08:32        2818216        ----a-w-        c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1783296]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-03-24 976672]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"R.A.T.TE"="c:\program files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe" [2014-02-11 195072]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-07-18 519408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2015-03-12 13318424]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487
mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&q={searchTerms}
mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487
mStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>;*.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\
FF - prefs.js: browser.startup.homepage - web.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-Steam App 10 - c:\program files\Steam\steam.exe
AddRemove-Steam App 100410 - c:\program files\Steam\steam.exe
AddRemove-Steam App 105600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 12360 - c:\program files\Steam\steam.exe
AddRemove-Steam App 17410 - c:\program files\Steam\steam.exe
AddRemove-Steam App 17430 - c:\program files\Steam\steam.exe
AddRemove-Steam App 200210 - c:\program files\Steam\steam.exe
AddRemove-Steam App 201700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 202970 - c:\program files\Steam\steam.exe
AddRemove-Steam App 202990 - c:\program files\Steam\steam.exe
AddRemove-Steam App 206420 - c:\program files\Steam\steam.exe
AddRemove-Steam App 212910 - c:\program files\Steam\steam.exe
AddRemove-Steam App 219740 - c:\program files\Steam\steam.exe
AddRemove-Steam App 220240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 221100 - c:\program files\Steam\steam.exe
AddRemove-Steam App 222900 - c:\program files\Steam\steam.exe
AddRemove-Steam App 223470 - c:\program files\Steam\steam.exe
AddRemove-Steam App 223850 - c:\program files\Steam\steam.exe
AddRemove-Steam App 226700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 227260 - c:\program files\Steam\steam.exe
AddRemove-Steam App 227300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 232770 - c:\program files\Steam\steam.exe
AddRemove-Steam App 233250 - c:\program files\Steam\steam.exe
AddRemove-Steam App 23490 - c:\program files\Steam\steam.exe
AddRemove-Steam App 238460 - c:\program files\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 24240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 242920 - c:\program files\Steam\steam.exe
AddRemove-Steam App 24740 - c:\program files\Steam\steam.exe
AddRemove-Steam App 24870 - c:\program files\Steam\steam.exe
AddRemove-Steam App 255710 - c:\program files\Steam\steam.exe
AddRemove-Steam App 271590 - c:\program files\Steam\steam.exe
AddRemove-Steam App 277430 - c:\program files\Steam\steam.exe
AddRemove-Steam App 285310 - c:\program files\Steam\steam.exe
AddRemove-Steam App 288470 - c:\program files\Steam\steam.exe
AddRemove-Steam App 289930 - c:\program files\Steam\steam.exe
AddRemove-Steam App 299250 - c:\program files\Steam\steam.exe
AddRemove-Steam App 300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 313160 - c:\program files\Steam\steam.exe
AddRemove-Steam App 320 - c:\program files\Steam\steam.exe
AddRemove-Steam App 33250 - c:\program files\Steam\steam.exe
AddRemove-Steam App 33520 - c:\program files\Steam\steam.exe
AddRemove-Steam App 33530 - c:\program files\Steam\steam.exe
AddRemove-Steam App 341940 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3910 - c:\program files\Steam\steam.exe
AddRemove-Steam App 39500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 40950 - c:\program files\Steam\steam.exe
AddRemove-Steam App 40960 - c:\program files\Steam\steam.exe
AddRemove-Steam App 40980 - c:\program files\Steam\steam.exe
AddRemove-Steam App 43110 - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-Steam App 47400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4760 - c:\program files\Steam\steam.exe
AddRemove-Steam App 47870 - c:\program files\Steam\steam.exe
AddRemove-Steam App 48240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 57600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 57690 - c:\program files\Steam\steam.exe
AddRemove-Steam App 63380 - c:\program files\Steam\steam.exe
AddRemove-Steam App 72850 - c:\program files\Steam\steam.exe
AddRemove-Steam App 730 - c:\program files\Steam\steam.exe
AddRemove-Steam App 80 - c:\program files\Steam\steam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_191_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_191_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_191_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_191_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-15  20:01:01
ComboFix-quarantined-files.txt  2015-07-15 18:01
.
Vor Suchlauf: 4.514.594.816 Bytes frei
Nach Suchlauf: 4.339.273.728 Bytes frei
.
- - End Of File - - CD142CB1B014053FAB459901C0D06E48
A36C5E4F47E84449FF07ED3517B43A31

schrauber 16.07.2015 07:48
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

ha00x7 17.07.2015 19:45
mbam.txt:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 17.07.2015
Suchlauf-Zeit: 20:10:38
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.17.05
Rootkit Datenbank: v2015.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Luca

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 450789
Verstrichene Zeit: 8 Min, 46 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 7
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [2455034095f5e452726b5858719241bf],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [db9e2d161f6b3600d47b8741a85b07f9],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [a3d6eb5897f370c6356773539f6404fc],
PUP.Optional.InterenetOptimizer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\0c632643, In Quarantäne, [3445a1a2b8d22c0aaf9ce4d0bb48867a],
PUP.Optional.PlusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.1, In Quarantäne, [275291b2c4c6d95decddf9ef7f8411ef],
PUP.Optional.BestMarkIt.A, HKU\S-1-5-21-256598819-3792072900-69910656-1001\SOFTWARE\APPDATALOW\SOFTWARE\best_markit, In Quarantäne, [c3b6251ed4b668ceee8daa3e976ca858],
PUP.Optional.Qone8, HKU\S-1-5-21-256598819-3792072900-69910656-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a9d083c093f7d5611886090d6f9642be],

Registrierungswerte: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, In Quarantäne, [a3d6eb5897f370c6356773539f6404fc]

Registrierungsdaten: 6
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487),Ersetzt,[42379da6e0aab77f4cca82539471659b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&q={searchTerms}),Ersetzt,[c8b12d169feb84b2b264bf16c44127d9]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487),Ersetzt,[641545fe404a082ef52133a221e49967]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487),Ersetzt,[5b1e54ef0e7cd363f323e9ecaf56a759]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487&q={searchTerms}),Ersetzt,[463378cb8307fb3bcb4b1fb6af56ad53]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-256598819-3792072900-69910656-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487),Ersetzt,[7ffaf35008827fb736de16bf4fb69070]

Ordner: 5
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\code, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [0178f94a7911ca6c88aeefae8e750ef2],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [0178f94a7911ca6c88aeefae8e750ef2],

Dateien: 37
PUP.Optional.SelectNGo.A, C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, In Quarantäne, [79000c37d7b379bd9becad00bc47dc24],
PUP.Optional.SelectNGo.A, C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, In Quarantäne, [d4a5ef5469217cba1275a10c927101ff],
PUP.Optional.IStartSurf.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml, In Quarantäne, [e79245feef9b191d74079138c24145bb],
PUP.Optional.Vbates.A, C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage, In Quarantäne, [83f6370c0b7fe4525ad43897bc4730d0],
PUP.Optional.Vbates.A, C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage-journal, In Quarantäne, [cdac6fd43951b97d0f1f00cf659e5ba5],
PUP.Optional.ReMarkable.A, C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, In Quarantäne, [b1c85ee51476fd39396f3ff074916a96],
PUP.Optional.ReMarkable.A, C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, In Quarantäne, [a4d56dd69febd363e5c3dd528f76f20e],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage, In Quarantäne, [3643360d830779bd362e41f63ec7aa56],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal, In Quarantäne, [cdac380b7f0b8aacb5afd95e26dfba46],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\593.json, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\MessageBox.xml, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\un.ini, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\uninstallDlg2.xml, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\bg.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\bg1.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\bk_shadow.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\button.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\button1.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\checkbox.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\checkbox_select.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\checked.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\close.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\loading_bg.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\loading_light.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\min.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\scrollbar.bmp, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\Thumbs.db, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\unchecked.png, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\code\code1.jpg, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\code\code2.jpg, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\code\code3.jpg, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\code\code4.jpg, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\code\code5.jpg, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\code\code6.jpg, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\istartsurf\images\code\Thumbs.db, In Quarantäne, [f8816ad99feb0c2a06130880f31057a9],
PUP.Optional.QuickStart.A, C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[f881dc674d3d33034b8052cbe22425db]
PUP.Optional.IStartSurf.A, C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\search.json, Gut: (), Schlecht: (istartsurf), Ersetzt,[2f4ae45fd1b9a29498f7d04bc640bb45]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
ADWcleaner:

Code:
# AdwCleaner v4.208 - Bericht erstellt 17/07/2015 um 20:31:51
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Luca - DESKTOP_PC
# Gestarted von : C:\Users\Luca\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Program Files (x86)\miuitab
Ordner Gelöscht : C:\Users\Luca\AppData\Local\StormFall
Ordner Gelöscht : C:\Users\Luca\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\user.js
Datei Gelöscht : C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage
Datei Gelöscht : C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Datei Gelöscht : C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : StormFall TW1
Task Gelöscht : StormFall TW2
Task Gelöscht : StormFall W1
Task Gelöscht : StormFall W2

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com]
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SDP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Tune
Schlüssel Gelöscht : HKCU\Software\PRODUCTSETUP
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tune
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49594;hxxps=127.0.0.1:49594;
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;*.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v33.1 (x86 de)

[stxqekyz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[stxqekyz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v43.0.2357.132


-\\ Opera v24.0.1558.64

[C:\Users\Luca\AppData\Roaming\Opera Software\Opera Stable\Preferences] - Gelöscht [Startup_URLs] : hxxp://www.istartsurf.com/?type=hp&ts=1435449039&z=04ccbc55e7144435afb718cg5zdccw3zezdtaeem0w&from=cor&uid=WDCXWD7500AALX-009BA0_WD-WCATR764548745487

*************************

AdwCleaner[R0].txt - [9624 Bytes] - [25/11/2014 23:00:44]
AdwCleaner[R1].txt - [9811 Bytes] - [25/11/2014 23:23:01]
AdwCleaner[R2].txt - [5463 Bytes] - [16/12/2014 23:36:48]
AdwCleaner[R3].txt - [9970 Bytes] - [13/07/2015 22:10:57]
AdwCleaner[R4].txt - [5439 Bytes] - [17/07/2015 20:28:17]
AdwCleaner[S0].txt - [9565 Bytes] - [25/11/2014 23:24:30]
AdwCleaner[S1].txt - [6965 Bytes] - [16/12/2014 23:38:23]
AdwCleaner[S2].txt - [4458 Bytes] - [17/07/2015 20:31:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4517  Bytes] ##########
JRT.txt

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Luca on 17.07.2015 at 20:36:24,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Luca\Appdata\LocalLow\company



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Luca\AppData\Roaming\mozilla\firefox\profiles\stxqekyz.default\minidumps [27 files]



~~~ Chrome


[C:\Users\Luca\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Luca\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Luca\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Luca\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.07.2015 at 20:40:47,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Luca (administrator) on DESKTOP_PC on 17-07-2015 20:41:35
Running from C:\Users\Luca\Desktop
Loaded Profiles: Luca (Available Profiles: Luca & UpdatusUser & HomeGroupUser$)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [976672 2013-03-24] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [R.A.T.TE] => C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe [195072 2014-02-11] (Mad Catz Inc)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843992 2013-10-24] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [AgataSoft ShutDown Pro] => C:\Program Files (x86)\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe [2344960 2011-11-19] (AgataSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [Millionenklick Bot] => D:\Family\Luca\Bots\Millionenklick\Millionenklick Bot.exe [525312 2014-09-14] (lulu297)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [LightShot] => C:\Users\Luca\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-03] (Electronic Arts)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-05-18]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2014-06-16]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGITECH.lnk [2015-05-26]
ShortcutTarget: LOGITECH.lnk -> C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49594;https=127.0.0.1:49594;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-256598819-3792072900-69910656-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-04] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-04] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{03620E07-CD8C-45CD-8CF0-8BF6BC1A97A3}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{55DC6518-081E-4FAF-A126-373F9D85F4D7}: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default
FF Homepage: web.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-10] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-256598819-3792072900-69910656-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-27] ()
FF Extension: deskCut - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\deskCutv2@gmail.com [2015-07-10]
FF Extension: iMacros for Firefox - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-06-01]
FF Extension: Adblock Plus - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]

Chrome:
=======
CHR Profile: C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-17]
CHR Extension: (Steam inventory helper) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2015-05-28]
CHR Extension: (Stylish) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-12-17]
CHR Extension: (LoungeDestroyer) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-03-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-05]
CHR Extension: (AllDebrid Chrome Extension) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjbgnpehbhpibonmjjjbjaoechnlcaf [2014-12-17]
CHR Extension: (Ghostery) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
S2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-06-03] (Futuremark)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-03] (Electronic Arts)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-14] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                          )
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24040 2014-02-12] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [51560 2014-02-12] (Saitek)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-09-08] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-09-08] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-09-08] (Acronis International GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-17 20:41 - 2015-07-17 20:41 - 00017217 _____ C:\Users\Luca\Desktop\FRST.txt
2015-07-17 20:40 - 2015-07-17 20:40 - 00001407 _____ C:\Users\Luca\Desktop\JRT.txt
2015-07-17 20:25 - 2015-07-17 20:25 - 00011696 _____ C:\Users\Luca\Desktop\mbam.txt
2015-07-17 20:09 - 2015-07-17 20:09 - 00001098 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-17 20:09 - 2015-07-17 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-17 20:09 - 2015-07-17 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-17 20:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-17 20:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-17 20:08 - 2015-07-17 20:08 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Luca\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-17 20:08 - 2015-07-17 20:08 - 02248704 _____ C:\Users\Luca\Desktop\AdwCleaner_4.208.exe
2015-07-17 20:08 - 2015-07-17 20:08 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Luca\Desktop\JRT.exe
2015-07-15 20:01 - 2015-07-15 20:01 - 00029476 _____ C:\ComboFix.txt
2015-07-15 19:24 - 2015-07-15 20:01 - 00000000 ____D C:\Qoobox
2015-07-15 19:24 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-15 19:24 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-15 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-15 19:23 - 2015-07-15 19:59 - 00000000 ____D C:\Windows\erdnt
2015-07-15 19:22 - 2015-07-15 19:23 - 05632449 ____R (Swearware) C:\Users\Luca\Desktop\ComboFix.exe
2015-07-15 19:16 - 2015-07-15 19:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Luca\Desktop\revosetup95.exe
2015-07-15 19:16 - 2015-07-15 19:16 - 00001260 _____ C:\Users\Luca\Desktop\Revo Uninstaller.lnk
2015-07-15 19:16 - 2015-07-15 19:16 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-14 20:11 - 2015-07-17 20:34 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 20:11 - 2015-07-17 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-14 20:11 - 2015-07-14 20:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-14 20:10 - 2015-07-14 20:49 - 00000000 ____D C:\Users\Luca\Desktop\mbar
2015-07-14 20:10 - 2015-07-14 20:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Luca\Desktop\mbar-1.09.1.1004.exe
2015-07-14 20:10 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-14 19:27 - 2015-07-17 20:41 - 00000000 ____D C:\FRST
2015-07-14 19:27 - 2015-07-14 19:27 - 02133504 _____ (Farbar) C:\Users\Luca\Desktop\FRST64.exe
2015-07-13 21:53 - 2015-07-13 22:08 - 364941040 _____ (Doctor Web, Ltd.) C:\Users\Luca\Desktop\Nicht bestätigt 474896.crdownload
2015-07-12 22:27 - 2015-07-15 19:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-12 22:26 - 2015-07-12 22:26 - 00000000 ____D C:\Users\Luca\AppData\Roaming\TuneUp Software
2015-07-12 22:25 - 2015-07-17 20:02 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-12 22:25 - 2015-07-15 19:54 - 00000000 ____D C:\$AVG
2015-07-12 22:22 - 2015-07-17 20:02 - 00000000 ____D C:\ProgramData\MFAData
2015-07-12 22:22 - 2015-07-12 22:22 - 00000000 ____D C:\Users\Luca\AppData\Local\MFAData
2015-07-04 00:23 - 2015-07-04 00:23 - 00000000 ____D C:\Users\Luca\AppData\Local\CEF
2015-06-28 14:44 - 2015-06-28 14:45 - 00000000 ____D C:\Users\Luca\AppData\Local\CyberGhost
2015-06-28 14:44 - 2015-06-28 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-06-28 14:44 - 2015-06-28 14:44 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-06-28 01:51 - 2015-06-28 22:47 - 00000000 ____D C:\Program Files (x86)\JDownloader
2015-06-28 01:51 - 2015-06-28 01:51 - 00001997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2015-06-28 01:51 - 2015-06-28 01:51 - 00001941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2015-06-28 01:51 - 2015-06-28 01:51 - 00001920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2015-06-27 23:33 - 2015-06-27 23:33 - 00003094 _____ C:\Windows\System32\Tasks\{60270AB4-FE1E-4A55-AEB1-453462D3B7B7}
2015-06-27 03:36 - 2015-07-04 00:28 - 00000022 _____ C:\Windows\GPU-Z.INI
2015-06-27 03:36 - 2015-06-27 03:36 - 00000000 ____D C:\Temp
2015-06-27 03:35 - 2015-06-27 03:35 - 00000000 ____D C:\Users\Luca\AppData\Local\Futuremark
2015-06-27 03:35 - 2015-06-27 03:35 - 00000000 ____D C:\Program Files (x86)\Futuremark

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-17 20:37 - 2014-05-14 16:38 - 01177057 _____ C:\Windows\WindowsUpdate.log
2015-07-17 20:37 - 2009-07-14 06:45 - 00032960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 20:37 - 2009-07-14 06:45 - 00032960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 20:34 - 2014-05-29 12:31 - 00000000 ____D C:\ProgramData\Origin
2015-07-17 20:33 - 2014-12-17 23:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-17 20:32 - 2014-06-13 13:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 20:32 - 2014-05-14 17:55 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-17 20:32 - 2010-11-21 05:47 - 00045020 _____ C:\Windows\PFRO.log
2015-07-17 20:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-17 20:32 - 2009-07-14 06:51 - 00083865 _____ C:\Windows\setupact.log
2015-07-17 20:31 - 2014-11-25 23:00 - 00000000 ____D C:\AdwCleaner
2015-07-17 20:24 - 2014-06-13 13:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-17 20:24 - 2014-06-13 13:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-17 20:24 - 2014-06-13 13:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-17 20:21 - 2014-12-17 23:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-17 20:10 - 2014-12-17 23:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 20:10 - 2014-12-17 23:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 20:01 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-15 19:59 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-14 21:43 - 2015-04-05 01:08 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-14 21:43 - 2015-04-05 01:08 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-14 20:34 - 2015-01-01 23:58 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2015-07-13 21:38 - 2014-05-15 02:28 - 00698964 _____ C:\Windows\system32\perfh007.dat
2015-07-13 21:38 - 2014-05-15 02:28 - 00149104 _____ C:\Windows\system32\perfc007.dat
2015-07-13 21:38 - 2009-07-14 07:13 - 01618760 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-13 21:25 - 2014-05-27 22:19 - 00000000 ____D C:\Program Files\CamStudio 2.7
2015-07-12 22:51 - 2015-01-28 19:56 - 00000000 ____D C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-12 22:46 - 2014-05-23 14:53 - 00000000 ____D C:\Windows\AutoKMS
2015-07-12 21:47 - 2014-05-14 18:56 - 00000000 ____D C:\Users\Luca\AppData\Roaming\TS3Client
2015-07-12 19:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-03 21:52 - 2014-09-08 23:27 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-29 20:31 - 2014-10-18 01:32 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-28 22:11 - 2014-06-19 23:09 - 00000000 ____D C:\Users\Luca\AppData\Local\CrashDumps
2015-06-28 02:44 - 2014-06-11 20:39 - 00000000 ____D C:\Users\Luca\AppData\Roaming\Skype
2015-06-27 23:33 - 2014-06-11 20:38 - 00000000 ____D C:\ProgramData\Skype
2015-06-25 23:01 - 2014-12-26 11:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-05-27 22:21 - 2014-05-27 22:21 - 0000046 _____ () C:\Users\Luca\AppData\Roaming\Camdata.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0000408 _____ () C:\Users\Luca\AppData\Roaming\CamLayout.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0000408 _____ () C:\Users\Luca\AppData\Roaming\CamShapes.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0004535 _____ () C:\Users\Luca\AppData\Roaming\CamStudio.cfg
2014-05-27 22:19 - 2014-05-27 22:19 - 0000096 _____ () C:\Users\Luca\AppData\Roaming\version2.xml
2014-10-19 22:40 - 2014-10-19 22:40 - 0000003 _____ () C:\Users\Luca\AppData\Local\updater.log
2014-10-19 22:40 - 2014-11-21 23:46 - 0000435 _____ () C:\Users\Luca\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
C:\Users\Luca\AppData\Local\Temp\Quarantine.exe
C:\Users\Luca\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-14 21:20

==================== End of log ============================
--- --- ---


Additions.txt

[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Luca at 2015-07-17 20:42:04
Running from C:\Users\Luca\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-256598819-3792072900-69910656-500 - Administrator - Disabled)
Gast (S-1-5-21-256598819-3792072900-69910656-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-256598819-3792072900-69910656-1009 - Limited - Enabled) => C:\Users\HomeGroupUser$
Luca (S-1-5-21-256598819-3792072900-69910656-1001 - Administrator - Enabled) => C:\Users\Luca
UpdatusUser (S-1-5-21-256598819-3792072900-69910656-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\Steam App 223850) (Version:  - Futuremark)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{D1CBB979-E0F5-464C-ACCB-4071078DA04A}Visible) (Version: 17.0.6614 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6614 - Acronis) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AgataSoft ShutDown Pro (HKLM-x32\...\AgataSoft ShutDown Pro_is1) (Version:  - AgataSoft)
Anno 1404 (HKLM-x32\...\Steam App 33250) (Version:  - Blue Byte)
Anno 2070 (HKLM-x32\...\Steam App 48240) (Version:  - BlueByte)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.1.22.01 (HKLM\...\AutoHotkey) (Version: 1.1.22.01 - Lexikos)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
CameraBag 2 (HKLM-x32\...\Steam App 100410) (Version:  - Nevercenter Ltd. Co.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version:  - Codemasters Racing Studio)
DisplayFusion (HKLM-x32\...\Steam App 227260) (Version:  - Binary Fortress Software)
DisplayFusion 7.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.1.0.0 - Binary Fortress Software)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
European Ship Simulator (HKLM-x32\...\Steam App 299250) (Version:  - Excalibur)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Farming Simulator 15 (HKLM-x32\...\Steam App 313160) (Version:  - Giants Software)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version:  - Bugbear Entertainment)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.53.128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.53.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.38.530 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{AFBB2F94-A43D-46AD-8F77-66ACB3C71EDF}) (Version: 4.39.552.0 - Futuremark)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.37.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.37.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version:  - Piranha – Bytes)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Halo: Spartan Assault (HKLM-x32\...\Steam App 277430) (Version:  - Vanguard Games)
Hatred (HKLM-x32\...\Steam App 341940) (Version:  - Destructive Creations)
iMacros for Chrome File Access 1.0.0.805 (HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\{97ABEAC7-C6E1-46F1-957B-F395EA4662B5}_is1) (Version: 1.0.0.805 - Ipswitch, Inc)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - OP Productions LLC)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Need for Speed: Hot Pursuit (HKLM-x32\...\Steam App 47870) (Version:  - Criterion Games)
Need for Speed: SHIFT (HKLM-x32\...\Steam App 24870) (Version:  - Slightly Mad Studios)
Need for Speed: Undercover (HKLM-x32\...\Steam App 17430) (Version:  - EA Black Box)
Nero 8 Lite (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.20.0 - UpdatePack.nl)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
POSTAL (HKLM-x32\...\Steam App 232770) (Version:  - Running With Scissors)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Proxy Searcher (HKLM-x32\...\{B71B6705-FBE8-4CC1-BAE4-89C8153F28C1}) (Version: 3.90.0000 - Proxy Searcher)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
R.A.T.TE (HKLM\...\{0BE3138E-CB5E-4C09-8E06-B09BA9FEF86B}) (Version: 7.0.31.77 - Mad Catz Inc)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RollerCoaster Tycoon: Deluxe (HKLM-x32\...\Steam App 285310) (Version:  - Chris Sawyer Productions)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version:  - Firaxis Games)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Startfenster (HKLM-x32\...\Startfenster) (Version:  - Startfenster)
Stronghold 2 (HKLM-x32\...\Steam App 40960) (Version:  - FireFly Studios)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - FireFly Studios)
Stronghold HD (HKLM-x32\...\Steam App 40950) (Version:  - FireFly Studios)
Stronghold Legends (HKLM-x32\...\Steam App 40980) (Version:  - FireFly Studios)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TransOcean - The Shipping Company (HKLM-x32\...\Steam App 289930) (Version:  - Deck 13 Hamburg)
Tropico (HKLM-x32\...\Steam App 33520) (Version:  - PopTop Software)
Tropico 2: Pirate Cove (HKLM-x32\...\Steam App 33530) (Version:  - PopTop Software)
Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version:  - Haemimont Games)
Tropico 3: Absolute Power (HKLM-x32\...\Steam App 57600) (Version:  - Haemimont Games)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

17-07-2015 20:36:26 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-15 19:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EF28B42-CF8F-4D01-AD3F-8A207259E3C2} - System32\Tasks\{B0F4523B-924C-491E-A430-863010EF0DD7} => pcalua.exe -a E:\Software\setupstb.exe -d E:\Software
Task: {484F6719-5400-457F-AC26-301C0F3A92A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-17] (Adobe Systems Incorporated)
Task: {662FE758-E87C-4AAB-9B31-653A9F674EA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {9198F801-EEC9-41DD-A23C-8B3A81E90F54} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {C932AD86-4E13-42B3-8FE8-DDC10B3EFEF1} - System32\Tasks\{57501C99-93C1-43E0-B15B-786A5A40C275} => pcalua.exe -a D:\Downloads\RAT_TE_Mouse_7_0_31_77_x64_Drivers.exe -d D:\Downloads
Task: {E4B31AE3-B617-40FC-A39D-8FC37CCFE4CD} - System32\Tasks\{A4D93269-E48D-4486-ACB5-535C1407A8BC} => pcalua.exe -a C:\Users\Luca\Downloads\jxpiinstall.exe -d C:\Users\Luca\Downloads
Task: {F1014AB2-B41E-4407-B85D-E7F30FB671B3} - System32\Tasks\{60270AB4-FE1E-4A55-AEB1-453462D3B7B7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.5.64.102/de/go/help.faq.installer?LastError=1603
Task: {F2FE4109-BC93-450D-8946-B6EA6EDBC4A4} - System32\Tasks\Opera scheduled Autoupdate 1412090103 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {FA298245-66F8-4219-B626-78B40F365DB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-10-01 10:32 - 2013-10-01 10:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-24 17:06 - 2013-10-24 17:06 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-24 17:09 - 2013-10-24 17:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-07-07 22:09 - 2015-07-07 05:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-07 22:09 - 2015-07-07 05:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-256598819-3792072900-69910656-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Luca\AppData\Roaming\DisplayFusion\Wallpaper_1
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DBA68E34-7652-46DC-B5FA-0AE05B1DEDFC}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{33995451-1CF4-466B-B784-189DB6C00171}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{B0407B0B-75DA-48BF-90D8-78018C086525}D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{EE649718-12A4-4BEA-A2AC-D8EFFA2D43C2}D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{7CD5B520-2F4E-47D3-8F1E-0681896F7D7F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9B0944AE-8336-471A-9F8F-5170D9FC2B97}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{8A7E8A5D-3A1A-4CFA-B7F4-C3DCD6294C92}D:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{C2D8BE19-90C4-44DD-944A-5310381F0BD1}D:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3.exe
FirewallRules: [{417CDB09-0335-41CE-BDDC-D649BA3E84DB}] => (Allow) D:\SteamLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{096C0DFD-B2E0-48F3-815F-6F9E51DF7B34}] => (Allow) D:\SteamLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{222A88F6-BC7B-48B8-8787-1CF58E43A26B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D7BE6E42-71F3-4459-82AA-85D55AD80774}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{E218A742-4B37-48C0-A40E-4861D3C1A83B}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [UDP Query User{7BDAE82A-E891-4A05-B5CB-3CCB2FD87706}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{2311D28B-81AF-40CC-BE37-5A37D6B7A3D4}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{9D9EFA32-32DC-4195-8AD4-43EBB2F69490}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7C05F50C-6C44-4627-A39C-858AD6024B00}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{065554BF-D5AB-453C-90FB-730370445355}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C7EEEA6F-90CC-432A-A3FF-454757D4C34D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C5A98D47-BBBF-4D5A-8100-17AA776A9139}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E1BFD8B9-C39F-403F-9C69-93EFAA5FEDB8}] => (Allow) D:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{F6872B6E-2CF3-45AF-9B42-A002FB426DBB}] => (Allow) D:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{6E64B0FF-E056-4183-8CAF-F66C03CDE454}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AC9F7437-4DDE-46E1-8AD1-97502C896876}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{954EC990-343B-4145-92BB-A969FDD7D664}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{CB0564BE-46F8-4FE9-BEED-CB6283C56033}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{E8D9982B-8625-49DA-9B7E-90C9BBEF2487}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{863F9AB2-3EB6-47F9-BB04-67E8AEAE3095}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{642AF5C2-4829-4949-BFC3-2C6365893B7C}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{BE02A6C5-CD31-4441-9C53-C81EE8136120}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{F782ABE2-1B32-4A90-90AC-1723E1903CF8}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{C5BCCA98-13AA-437B-A71B-19717FA7FA09}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{3D33BF0F-79C1-44AF-9043-010A1CD25297}] => (Allow) LPort=1688
FirewallRules: [{5A5798EB-835F-4CEA-BF76-A02630F88D42}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B4B2BEFA-CE3D-4D4A-A148-AAF3E98FAE66}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{25D80223-715D-45EB-ADAE-30DCC724E8D6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{160FE598-2F2F-45BE-AC66-68C4C8253D1E}] => (Allow) D:\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{7C4C1A85-C02D-40D0-9A0A-AE241AD8F75E}] => (Allow) D:\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{B0A4A874-8EE4-498F-88CE-7D26E5DB6688}] => (Allow) D:\SteamLibrary\SteamApps\common\DisplayFusion\DisplayFusionLauncher.exe
FirewallRules: [{09C4F18C-A0C6-4E1F-BEC2-99E50B9BE211}] => (Allow) D:\SteamLibrary\SteamApps\common\DisplayFusion\DisplayFusionLauncher.exe
FirewallRules: [{E153F530-64AB-4732-899D-D1ADF46B6164}] => (Allow) D:\SteamLibrary\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{F8EA581A-20BD-4928-BF24-D932FDED7E87}] => (Allow) D:\SteamLibrary\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{A103FF8A-A648-4ADA-998C-09D79FA8DC12}] => (Allow) D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{12ED01DB-F751-4F66-9060-33CE83231349}] => (Allow) D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{BB021B85-96DC-49FB-BACB-4136DBC137A3}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{04993319-79C1-4C9C-B4AD-D17AFBCCF1F3}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{B54EB214-BA66-4A43-9538-9E3504D315DD}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{40B975DE-31FE-4D79-B940-33FF4088019C}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{F943CB23-6A63-4130-9D61-BD359D4D2FA8}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{178DA789-5C05-4D91-AE6F-C9242B5763B4}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{87C625A5-FB4D-44FF-952F-FC96F4D8BCDB}] => (Allow) D:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{31E718A6-685C-415B-B294-C21E60E122AD}] => (Allow) D:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{895E4065-F604-498B-99B5-0E4874E48BFC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{71AAC3E0-8C52-45B2-BAD6-8AA4C2446734}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{E886A371-66A0-4D80-AC53-A778660035F6}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{939FE3B9-19E4-4D66-9A07-ACB2DF7E08CC}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{59E8ACEC-7431-4807-8EAE-55A68C7C4AC2}] => (Allow) D:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{300C9DEF-C906-495F-99E5-BD1A0208DCA9}] => (Allow) D:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{0A4A415A-A57D-4FA0-9F3E-CC89F194C55D}] => (Allow) D:\SteamLibrary\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{5F7B0E24-9C14-4561-9758-91087AFE50AD}] => (Allow) D:\SteamLibrary\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{C5B87386-F6A1-47B7-AC68-04ABFEE8C954}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{4A56D74A-3A07-4094-B9D3-2F51B24DA4BC}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{26495F20-D5EB-4107-BE98-0FFABD242E62}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{80141C19-45AE-4839-BF6B-B2E302F93324}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{EEDE14A9-60FB-455E-8D2E-D4FBBCB2FBFF}] => (Allow) D:\SteamLibrary\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{35CB8B62-21E7-4B72-B061-E5F7172CA69E}] => (Allow) D:\SteamLibrary\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{8D61AF57-C619-46EB-B91C-9830EFD5DB70}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{39A0F014-F904-45D5-91B9-8BEDA50D9D43}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{D1FD72F5-A2E0-4C34-A228-B90AC0F56462}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{38FABA4C-34C1-4794-9988-577023411ADB}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{F7E167B0-3BCC-4C5F-8152-95577225B4F5}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{3CCA1424-3A65-481B-AD3B-08664A46BFDA}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{9CD5E8F8-BF9D-4405-A01F-0AC583F46FB4}] => (Allow) D:\SteamLibrary\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{1B2F6D21-C9A3-4161-ABF2-63990CB9F1E0}] => (Allow) D:\SteamLibrary\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{B8EA160B-99BE-47F0-873B-BF79ED6A5BD7}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{A1B411B9-80DC-4E59-BC54-9639028D1C73}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{1E6C2E43-599D-45A9-82AC-47441CA7C1D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{13208E56-8888-43EC-954D-0C918A22D667}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B43CAF1F-3B0D-4A31-956F-E36C289D46DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{8EC82C9C-073E-45EB-8D07-9B1E59109766}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0B2D8287-A6C9-4C84-A09F-558C0036DCBA}] => (Allow) D:\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{BC12B4B4-2F08-4E55-A0A6-7F10F4EECEC7}] => (Allow) D:\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{FA1E62F6-6721-4AAA-8F4B-69344A66D35C}] => (Allow) D:\SteamLibrary\SteamApps\common\DiRT Showdown\showdown.exe
FirewallRules: [{4E66C25E-44F4-4863-AB7A-1A53341753E1}] => (Allow) D:\SteamLibrary\SteamApps\common\DiRT Showdown\showdown.exe
FirewallRules: [{12D218C5-FAA3-4227-98F3-E3867AF5C2D9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5EA99E36-CBF4-4D21-9049-380316BC190F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0AD3AB2D-98F1-4CB8-9242-5EF706915D8C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B72DEFC1-E31D-403F-8AF3-D869036BD551}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FADF0E04-9759-44FF-9173-17F6C859D962}] => (Allow) D:\Origin Spiele\Battlefield 3\bf3.exe
FirewallRules: [{FC90CBA7-EA6A-4D45-9417-C30ED29A0BE6}] => (Allow) D:\Origin Spiele\Battlefield 3\bf3.exe
FirewallRules: [{F6B602A8-BA19-4C16-A58F-BDA0A2589FF8}] => (Allow) D:\Origin Spiele\FIFA 14\Game\fifa14.exe
FirewallRules: [{CA63EF2B-B481-4952-892F-4C1176C8995E}] => (Allow) D:\Origin Spiele\FIFA 14\Game\fifa14.exe
FirewallRules: [{86B3337A-5EB8-479A-AE8E-5537D43F3FB2}] => (Allow) D:\SteamLibrary\SteamApps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{98CD4535-4902-4F62-BA17-B251A0BBAEC0}] => (Allow) D:\SteamLibrary\SteamApps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{C1E8AED3-72FB-4450-82F8-E414724E8B8A}] => (Allow) D:\SteamLibrary\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{1B95A360-A8EC-4417-8E1E-3BFB30B66354}] => (Allow) D:\SteamLibrary\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{9A8F6B91-5002-4F5A-A20D-7A8BF2A6AE18}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{0BD26821-2079-4C99-81D7-A5DBB034419D}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{84495CAA-8390-4AED-A8D3-0C3DFC05331F}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{29DA9C9E-65B7-426F-9D27-16FA5DABB7E4}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{4D1BBD67-B986-4296-8C4C-3AE83D1B2686}] => (Allow) D:\SteamLibrary\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{0C875CE3-9CAF-48FF-8410-39041FFC27F1}] => (Allow) D:\SteamLibrary\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{D81037E1-1E2D-43E4-8169-F57C23B69786}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold 2\Stronghold2.exe
FirewallRules: [{6C13BABB-F670-4B04-B937-15FC4E81EE62}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold 2\Stronghold2.exe
FirewallRules: [{F0015D76-3253-4147-B74C-97493A9963AC}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{2B24C4E1-0F78-4D69-85FD-7D034CF0402D}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{2BA6F01B-896A-434A-8756-DE44DE601D36}] => (Allow) D:\SteamLibrary\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{5B3972E4-26EE-4494-8345-A06990EC14CB}] => (Allow) D:\SteamLibrary\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{8E359691-C717-4CA2-A18B-6F1C6756759D}] => (Allow) D:\Origin Spiele\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{CACBC071-9421-44DB-997E-DE6CB904BBA2}] => (Allow) D:\Origin Spiele\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{3BC8F499-A3A6-4E29-AD1A-06A7586A8923}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{034F4E92-D96B-4020-A96B-AE864B70520F}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{5C63D423-36AA-4232-BF68-01DADB93FAD9}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{F2C8EAA2-017E-4AD1-9338-F827F61421BD}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{3F02DF4E-408D-493E-BC92-613009A418B4}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold\Stronghold.exe
FirewallRules: [{AB8E531F-DE92-4105-9688-0A95BF6F855C}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold\Stronghold.exe
FirewallRules: [{E3EB59E8-B60E-4DD4-92F5-33C12EC64E05}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{65DD10F5-915E-4916-A882-B7A075706911}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{D8252270-D059-435B-A120-9C75CF817BFB}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{134ED40F-D8E2-4597-9598-825746BCDDD9}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{514FEE2A-7D43-467F-8C50-72124064A04E}] => (Allow) D:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BFA1182D-B7E7-4684-975C-3ADBD5B1516C}] => (Allow) D:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{2DA79AD3-D0A2-47B1-AE11-54864DC3CF78}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{47A53C92-5335-45E6-B5CB-5FEDB0EB37B4}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{39258988-2924-4FEA-8F16-CD58BD2BCE19}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2BE17B84-575E-4F24-8BE7-65A9EDBAA8D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1B521B97-7BEF-4540-8416-DD6319A58003}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{97CE4176-54CA-4F90-8A1D-E5451A870FA1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{59866E24-BAEA-4300-B995-19E3FB13912D}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{7BA3E386-4C85-435F-B946-8CF1AD6702C9}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{01E88105-0190-4806-AECD-C29562394257}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{1648BCFC-A825-4C1C-97DA-55153D377ADA}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{3C48DC9A-2BBE-4CDB-B982-20555450C1F1}] => (Allow) C:\Program Files\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{F963731D-6AEE-458F-AFF1-500ABF5EBBAD}] => (Allow) C:\Program Files\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{FA0D97C8-4817-41AD-AF28-2F526837E8E5}] => (Allow) D:\SteamLibrary\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{8795885F-5F77-4040-8130-56ADE88308CC}] => (Allow) D:\SteamLibrary\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{B4E91F83-A62F-4647-98EF-56809D9C85D7}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{16FA07C2-6737-4761-BA12-00EBDF8FA285}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [TCP Query User{015D79BC-8B1C-45B4-AB6C-604E6CA109B3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{77D821D3-B2F9-4121-8A4E-1FED35B2BD8D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{89362707-DD56-4B89-9217-3CD61B0F9C97}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1C31087B-2371-48CE-B290-AE2309D303D2}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{7178D3FE-48E5-41FC-AA36-223C6BC25B15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89602D04-CABC-42AD-86A0-8C654E116B3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B67A905D-BD43-41A4-90BD-004B85A58217}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{201D1E32-7E29-450F-9126-157CDF0444B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25B1AE3F-A466-4B66-A475-850273CD2D60}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{529F1722-273E-4BA2-9313-9E9E82941D3A}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{9299EE86-6B8B-41E6-A48A-BA3E5F14ABF0}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{82D9BEEE-16B5-4E2E-8845-9A82ED4B635C}] => (Allow) D:\SteamLibrary\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{41004D45-19B3-4C8B-89C1-32DDB976C337}] => (Allow) D:\SteamLibrary\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{251D197B-7583-450F-AF8F-8D6781846A4E}] => (Allow) D:\SteamLibrary\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{2F319220-2D06-4D47-9353-03B03C840E03}] => (Allow) D:\SteamLibrary\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{9C2F284F-B9E9-4228-A721-802AFF19B4F1}] => (Allow) D:\SteamLibrary\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{06550E52-2AB9-4775-9019-A331AD924BAF}] => (Allow) D:\SteamLibrary\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{7AB86D3A-53F5-46CB-B4FA-AF429E0EE14E}] => (Allow) D:\SteamLibrary\SteamApps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{E70E4820-7363-46DA-8D12-E892E682D57F}] => (Allow) D:\SteamLibrary\SteamApps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{DC0B3649-B4EE-4B4F-9445-972667ECDAC6}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{4D4B2FED-A6EA-4CE3-BA69-E4EA9AB7CBF8}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{3D7EEBD2-C713-457F-9308-A8AEBAC68467}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x86\FarmingSimulator2015Game.exe
FirewallRules: [{B996786C-8455-413C-9786-6C8245B02DE1}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x86\FarmingSimulator2015Game.exe
FirewallRules: [{D3E19D10-3D1A-4E66-B2FA-06052414F886}] => (Allow) D:\SteamLibrary\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{BD2045AE-C6D3-4956-837E-72AB1F0FD9BF}] => (Allow) D:\SteamLibrary\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{CDF952B5-0F9E-47ED-8E1D-919B7E5845F3}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Undercover\nfs.exe
FirewallRules: [{E192A11E-F168-4D6D-8951-816B9A56EB41}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Undercover\nfs.exe
FirewallRules: [{17351489-A119-40BF-99C1-C48C7F0FC322}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{835E3114-2DC7-460B-AB0F-CC1660D4FCF2}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{23C32C48-6B5C-43ED-B616-6157A0ABC90E}] => (Allow) D:\SteamLibrary\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{61DA436D-D4DF-4132-BAA2-0AC73F15B828}] => (Allow) D:\SteamLibrary\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{700D7229-528D-4BD9-B114-A737AA001FBA}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0908B44A-E095-43ED-9F70-61775F2194A8}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{2E21512D-5D09-428F-8D4F-F81686127C57}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{1DBEC68D-779C-4A89-AACE-F54EA85A86D6}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{CEE2F5E9-97C1-4847-9E94-6A59DB3038C3}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\Rust.exe
FirewallRules: [{DC339F41-DBE9-4C25-A350-488B4EB0F82B}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\Rust.exe
FirewallRules: [{7DA63770-737A-4CB6-9AAA-313F55FA69CD}] => (Allow) D:\SteamLibrary\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{05F10FE0-776E-4DED-9581-D6A2EADDE246}] => (Allow) D:\SteamLibrary\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{F7F89ACF-98AA-43C4-B6CA-1983950925C4}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{C5E94706-9DEE-4139-B039-2A6BB210DF54}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{5EAAF11D-D518-49CB-A158-6E1F144AD224}] => (Block) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{1B2B7C63-5B54-4539-9871-52B3AAC2B566}] => (Block) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{63806BB4-88D9-43D1-AA7D-D69A590FEEBB}] => (Allow) D:\SteamLibrary\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{951C634C-7865-495D-935F-572C4DFBE872}] => (Allow) D:\SteamLibrary\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{BBFE0526-91A1-48F0-8CF0-2DBA0E5E767C}] => (Allow) D:\SteamLibrary\SteamApps\common\Halo Spartan Assault\HaloSpartanAssault.exe
FirewallRules: [{8408BB34-28CC-4C7A-A5E7-BE68AC2BAF3D}] => (Allow) D:\SteamLibrary\SteamApps\common\Halo Spartan Assault\HaloSpartanAssault.exe
FirewallRules: [{33710B19-13D1-4B3E-8992-1836961DA894}] => (Allow) D:\SteamLibrary\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{7D492F3C-FF99-4A09-986A-5DAB7F7F2FBC}] => (Allow) D:\SteamLibrary\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{207CF2D6-397B-4358-891B-75B2D7BDA304}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{129F3D47-13C4-4671-981C-FF5E5354DE97}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{3205B19C-D3C6-4782-913B-EE644AAE47BA}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{0F637E27-515E-4B56-B4DB-DE71DAADC755}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{9EB5343F-EE3E-445D-B6E9-C17998556D54}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{5292A280-F6A9-400E-A042-91CC7B849ED6}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{4B7BAB29-7F77-4B82-9CE3-0038CD212FE5}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico\Tropico.EXE
FirewallRules: [{7DDB0B81-B9F1-4A68-BC33-1645C3BB800E}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico\Tropico.EXE
FirewallRules: [{14426D95-D26F-4609-9BFD-634CE2E4A4F7}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 2\Tropico2.exe
FirewallRules: [{365BD242-16DB-4498-B832-FE5CDA753F25}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 2\Tropico2.exe
FirewallRules: [{470E5971-35F1-486D-9D27-ADA8B1E1CE88}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 3\Tropico3.exe
FirewallRules: [{3D075A38-DBC3-4019-A286-BA18F5126559}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 3\Tropico3.exe
FirewallRules: [{386A7C51-6C2E-4440-97B0-B53497183AEA}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{1C7DDA57-87F4-487A-B07F-64B6284A819F}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{FCDACEF6-95C3-469F-A839-84737006A343}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3A34913F-42F1-447F-A416-7FC10AFDD53B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6A76DF05-A941-43B6-91E0-D9A22BEEAEE9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{682B6B90-7C15-409F-AFDD-5FEB247D887D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8032D0D9-9F21-4D40-8F38-268CD5069DF4}] => (Allow) D:\SteamLibrary\SteamApps\common\CameraBag 2\CameraBag 2.exe
FirewallRules: [{E00C1395-8DDB-4251-97E3-AAE330BC9CA1}] => (Allow) D:\SteamLibrary\SteamApps\common\CameraBag 2\CameraBag 2.exe
FirewallRules: [{2986C909-63AB-453C-9B22-1DBF0ED75F74}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{2B71AC90-0142-471D-AF36-3643EC3242AF}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{A874B22E-0529-4BB3-B0EF-7EBCE72BBFB4}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{4843ADED-285C-40F5-BA4F-76CF08DF470C}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{B3081755-BC6D-4A66-9249-B3876A43F7F4}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{91A5A120-1321-499B-8129-A52AEDFC7989}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{4DBB8F6A-0040-4023-9A03-960DACF3B186}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{F6E7FE19-B3D9-4998-A300-787D5A6D1697}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{C8DE0954-F437-43A7-AC62-98FE15EB8995}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{9C42F770-B4AF-4C72-8A0F-AF705894CA5D}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{9460F9A0-444A-4322-A845-BD9965ED1199}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{56988FA4-A88D-432E-BEE9-0025D74C1B0F}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{1C4CD1E8-2298-4626-A880-F8AF1EE77B58}] => (Allow) D:\SteamLibrary\SteamApps\common\European Ship Simulator\ess.exe
FirewallRules: [{2B436408-81B3-4781-AC5B-25CFA2D2D25B}] => (Allow) D:\SteamLibrary\SteamApps\common\European Ship Simulator\ess.exe
FirewallRules: [{0A2BEEE8-80DE-482D-8B6C-C970398EC695}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{38202C9F-5153-4718-89D6-593FD1D2339C}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3449539C-CBC8-4228-A34B-29559E85351B}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{29A15FF3-6F56-43D7-9D3D-2AB649A120C0}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{1ADB30BE-99FA-40E3-A8DC-DFD4E7C113A8}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{6EBC367F-4007-4437-B968-73C68480BFAC}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [TCP Query User{A1F47366-94D7-41FF-B1EC-7F58CA16F6EC}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{BA8BEF85-FB69-4191-92FC-A2882E0AD3A8}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{8725D830-A947-47A6-A8E7-A1A65702A0A7}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{9C6E5625-C45C-4CD5-8B30-68DB42584CB8}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{69193C28-D784-4206-9F53-8B5319630E01}] => (Allow) D:\SteamLibrary\SteamApps\common\Need For Speed Shift\SHIFT.exe
FirewallRules: [{65709C18-FC69-437F-A9C8-DB151ADC2470}] => (Allow) D:\SteamLibrary\SteamApps\common\Need For Speed Shift\SHIFT.exe
FirewallRules: [{B7CF1521-BFA3-46BD-A5B2-3B03312249EA}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe
FirewallRules: [{5CA59999-37DC-406C-9295-28829AF79772}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe
FirewallRules: [{2D4577C3-7115-473C-BB05-0C8403A03099}] => (Allow) D:\SteamLibrary\SteamApps\common\TransOcean - The Shipping Company\TransOcean.exe
FirewallRules: [{372742CC-A012-42C6-B348-41911AA70590}] => (Allow) D:\SteamLibrary\SteamApps\common\TransOcean - The Shipping Company\TransOcean.exe
FirewallRules: [{DE41DCBD-11E1-4F7B-A49C-73AC546917FC}] => (Allow) D:\SteamLibrary\SteamApps\common\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{E7DE18E9-CB6E-48E3-84EE-EF86A804C281}] => (Allow) D:\SteamLibrary\SteamApps\common\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{201AA12A-F513-476C-A76C-7B7DA6B97497}] => (Allow) C:\Program Files\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{047FB682-1F97-4B5B-A72A-CA34AD9A14A8}] => (Allow) C:\Program Files\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{77F81EA8-A8FA-441C-91F3-F49A80BCF634}] => (Allow) C:\Program Files\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{2767A58D-37B1-4C87-8204-92D88A9D2B24}] => (Allow) C:\Program Files\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{04B7C4A2-FA23-4DD2-A389-E503E46D8F61}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7EDADAC4-F517-4F5D-8E9F-AE2FEE34140A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2F52D7F2-55A0-4143-9942-54FA2AAD9336}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2015 08:34:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 08:22:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 08:20:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x78c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3

Error: (07/17/2015 08:04:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2015 09:01:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x850
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3

Error: (07/15/2015 07:54:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (07/15/2015 07:26:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/15/2015 07:07:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 09:43:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0xa4c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3

Error: (07/14/2015 08:33:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: daemonu.exe, Version: 3.10.8.2, Zeitstempel: 0x514ce7b6
Name des fehlerhaften Moduls: daemonu.exe, Version: 3.10.8.2, Zeitstempel: 0x514ce7b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004e946
ID des fehlerhaften Prozesses: 0xc80
Startzeit der fehlerhaften Anwendung: 0xdaemonu.exe0
Pfad der fehlerhaften Anwendung: daemonu.exe1
Pfad des fehlerhaften Moduls: daemonu.exe2
Berichtskennung: daemonu.exe3


System errors:
=============
Error: (07/17/2015 08:39:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (07/17/2015 08:37:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acronis Sync Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2015 08:37:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2015 08:37:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2015 08:37:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2015 08:37:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/17/2015 08:37:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberGhost 5 Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/17/2015 08:37:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2015 08:37:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/17/2015 08:37:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/17/2015 08:34:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 08:22:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 08:20:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18869556366f2c000000d000000000006ec1278c01d0c0badb2975c2C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll771ba6b5-2cb0-11e5-940c-bcaec532781d

Error: (07/17/2015 08:04:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2015 09:01:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18869556366f2c000000d000000000006ec1285001d0bf20a716e2d0C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlle432f476-2b23-11e5-b0b5-bcaec532781d

Error: (07/15/2015 07:54:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (07/15/2015 07:26:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\windows\temp\7zs9cae.tmp\offercast3410_avg_.exe

Error: (07/15/2015 07:07:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 09:43:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18869556366f2c000000d000000000006ec12a4c01d0be6328255ab6C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlla62e0c9e-2a60-11e5-997d-bcaec532781d

Error: (07/14/2015 08:33:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe3.10.8.2514ce7b6daemonu.exe3.10.8.2514ce7b6c00000050004e946c8001d0be632ea9ff56C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exee3309634-2a56-11e5-997d-bcaec532781d


CodeIntegrity Errors:
===================================
  Date: 2015-07-15 19:59:21.806
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-15 19:59:21.773
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-15 19:59:21.739
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-15 19:59:21.706
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-15 19:30:16.834
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-15 19:30:16.798
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 8183.05 MB
Available physical RAM: 5689.43 MB
Total Virtual: 16364.32 MB
Available Virtual: 13530.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:3.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:649.71 GB) (Free:188.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: BF2F5BF4)
Partition 1: (Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=649.7 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---


Vielen dank für deine Mühen ;)

schrauber 18.07.2015 13:33

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

ha00x7 18.07.2015 21:18
Hatte die ganze Woche über keine Probleme, da ich den PC nur für die ganzen Tools anhatte. Wenn du meinst, dass er wieder sicher ist, werde ich es wieder probieren und mich mit meinem Steam Account anmelden, dann werden wir ja sehen, ob wohl alles weg ist ;)
Schonmal vielen Dank für die geniale hilfe, alleine hätte ich dne PC wohl neu aufsetzen müssen!

Hier die heutigen Ergebnisse:

ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0d39b85334e6264799f43403a486ebf2
# end=init
# utc_time=2015-07-18 06:37:22
# local_time=2015-07-18 08:37:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24869
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0d39b85334e6264799f43403a486ebf2
# end=updated
# utc_time=2015-07-18 06:40:46
# local_time=2015-07-18 08:40:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0d39b85334e6264799f43403a486ebf2
# engine=24869
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-18 08:01:58
# local_time=2015-07-18 10:01:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 91115 188879568 0 0
# scanned=445265
# found=28
# cleaned=28
# scan_time=4872
sh=AFB95723B245EB95106EC407D2443BE30426C079 ft=1 fh=045fdc84af3b3525 vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\BHOEnabler.exe.vir"
sh=53F226B3D1D3828304E40C6C7A50667ADF23B42A ft=1 fh=e1ea10a5e9416a5c vn="Win32/Thinknice.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=0CB68F399D491465198E3E86F1D2923A211614E7 ft=1 fh=021f675753f993f2 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=A8E3A9E6972C6F8B253EA0E1837AEEBF0A07B187 ft=1 fh=e2a5b168a3934371 vn="Win32/Thinknice.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=30E2FB1C671B2808D2E80518D793575965AF2416 ft=1 fh=d06e6f3f3f60e357 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=AC11914CC02E023E2EF06A80DEE1701419A5473A ft=1 fh=4cb2d0bd10147652 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=D037F58CF4B36F3B437FAA0D9500720445B27D65 ft=1 fh=b07c7921935b766c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=79C9BD304C93AB8FD0544108656A899993DB14EF ft=1 fh=e6f80544d6e8089f vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=96B85214CD9E4FF85AC6144E7EF3DDF9E0F215E6 ft=1 fh=098a6735f96a550a vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=7B02B544B8026489A659F1663F44FD67303F37DC ft=1 fh=c71c0011afdef376 vn="Variante von Win32/SProtector.L evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Interenet Optimizer\InterenetOptimizer.dll.vir"
sh=51EE74E3744D0F209267D26B1B63582C55B9B88A ft=1 fh=c71c00112dbeccc9 vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Interenet Optimizer\InterenetOptimizer_x64.dll.vir"
sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Luca\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir"
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Luca\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=3F235430B5E95B9BEF7C207F38E4191DB5A8BDA6 ft=1 fh=a2ae6b4b8b3fe9cb vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Luca\AppData\Local\Temp\Security Systems\Setup.exe.vir"
sh=27768F42B38368A52071210BBD5FD785BC7554EE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\W9@x.org\content\bg.js.vir"
sh=C9DCD7B9BF42F6DCFAAC025875F42195C9F8C777 ft=1 fh=98fa98f561e1bd6f vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=A3306A3F055E79D7D4F9C1748338408195C5AC65 ft=1 fh=7dcb11e9f8640077 vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Downloads\as_shutdown_CB-DL-Manager.exe"
sh=C6159B42A5885076ADB4FC8CF417E8E64388E701 ft=1 fh=b7255413cf1f699a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Downloads\FRAPS - CHIP-Installer.exe"
sh=1832BFCB1171194CE749E59E55CE258CB74F2804 ft=1 fh=2cb33942f24bd646 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Downloads\GPU Z - CHIP-Installer.exe"
sh=DB8313E8D3164575CAA6030CB855C3D8CA3DCF36 ft=1 fh=2107fa2404409bcc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Nero Lite - CHIP-Installer.exe"
sh=F659145EC3AE2128DFD51FAE8128EC7932C0726F ft=1 fh=cce1d111b935f89a vn="NSIS/StartPage.CC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Downloads\vlc-2.1.5-win32.exe"
sh=408A2090E082150F194A4A962B3D6A59682C2454 ft=1 fh=10c37f600f74f85a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Family\Luca\Steam Skin Pack - CHIP-Installer.exe"
Security Check:
Code:
Results of screen317's Security Check version 1.004 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25 
 Java 8 Update 40 
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.209 
 Adobe Reader XI 
 Mozilla Firefox 33.1 Firefox out of Date! 
 Google Chrome (43.0.2357.132)
 Google Chrome (43.0.2357.134)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST (hat vor dem Scan ein Update gemacht, weiß nicht, ob das wichtig ist):

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Luca (administrator) on DESKTOP_PC on 18-07-2015 22:17:08
Running from C:\Users\Luca\Desktop
Loaded Profiles: Luca & UpdatusUser (Available Profiles: Luca & UpdatusUser & HomeGroupUser$)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Mad Catz Inc) C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Skillbrains) C:\Users\Luca\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [976672 2013-03-24] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [R.A.T.TE] => C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe [195072 2014-02-11] (Mad Catz Inc)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843992 2013-10-24] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [AgataSoft ShutDown Pro] => C:\Program Files (x86)\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe [2344960 2011-11-19] (AgataSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [Millionenklick Bot] => D:\Family\Luca\Bots\Millionenklick\Millionenklick Bot.exe [525312 2014-09-14] (lulu297)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [LightShot] => C:\Users\Luca\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-03] (Electronic Arts)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-05-18]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2014-06-16]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGITECH.lnk [2015-05-26]
ShortcutTarget: LOGITECH.lnk -> C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49594;https=127.0.0.1:49594;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-256598819-3792072900-69910656-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-256598819-3792072900-69910656-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-04] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-04] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{03620E07-CD8C-45CD-8CF0-8BF6BC1A97A3}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{55DC6518-081E-4FAF-A126-373F9D85F4D7}: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default
FF Homepage: web.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-18] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-256598819-3792072900-69910656-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-27] ()
FF Extension: deskCut - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\deskCutv2@gmail.com [2015-07-10]
FF Extension: iMacros for Firefox - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-06-01]
FF Extension: Adblock Plus - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]

Chrome:
=======
CHR Profile: C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-17]
CHR Extension: (Steam inventory helper) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2015-05-28]
CHR Extension: (Stylish) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-12-17]
CHR Extension: (LoungeDestroyer) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-03-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-05]
CHR Extension: (AllDebrid Chrome Extension) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjbgnpehbhpibonmjjjbjaoechnlcaf [2014-12-17]
CHR Extension: (Ghostery) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-06-03] (Futuremark)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-14] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                          )
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24040 2014-02-12] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [51560 2014-02-12] (Saitek)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-09-08] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-09-08] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-09-08] (Acronis International GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-18 22:17 - 2015-07-18 22:17 - 00019901 _____ C:\Users\Luca\Desktop\FRST.txt
2015-07-18 22:17 - 2015-07-18 22:17 - 00000000 ____D C:\Users\Luca\Desktop\FRST-OlderVersion
2015-07-18 20:36 - 2015-07-18 20:36 - 02870984 _____ (ESET) C:\Users\Luca\Desktop\esetsmartinstaller_deu.exe
2015-07-18 20:36 - 2015-07-18 20:36 - 00852662 _____ C:\Users\Luca\Desktop\SecurityCheck.exe
2015-07-17 20:40 - 2015-07-17 20:40 - 00001407 _____ C:\Users\Luca\Desktop\JRT.txt
2015-07-17 20:25 - 2015-07-17 20:25 - 00011696 _____ C:\Users\Luca\Desktop\mbam.txt
2015-07-17 20:09 - 2015-07-17 20:09 - 00001098 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-17 20:09 - 2015-07-17 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-17 20:09 - 2015-07-17 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-17 20:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-17 20:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-17 20:08 - 2015-07-17 20:08 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Luca\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-17 20:08 - 2015-07-17 20:08 - 02248704 _____ C:\Users\Luca\Desktop\AdwCleaner_4.208.exe
2015-07-17 20:08 - 2015-07-17 20:08 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Luca\Desktop\JRT.exe
2015-07-15 20:01 - 2015-07-15 20:01 - 00029476 _____ C:\ComboFix.txt
2015-07-15 19:24 - 2015-07-15 20:01 - 00000000 ____D C:\Qoobox
2015-07-15 19:24 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-15 19:24 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-15 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-15 19:23 - 2015-07-15 19:59 - 00000000 ____D C:\Windows\erdnt
2015-07-15 19:22 - 2015-07-15 19:23 - 05632449 ____R (Swearware) C:\Users\Luca\Desktop\ComboFix.exe
2015-07-15 19:16 - 2015-07-15 19:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Luca\Desktop\revosetup95.exe
2015-07-15 19:16 - 2015-07-15 19:16 - 00001260 _____ C:\Users\Luca\Desktop\Revo Uninstaller.lnk
2015-07-15 19:16 - 2015-07-15 19:16 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-14 20:11 - 2015-07-18 20:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 20:11 - 2015-07-17 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-14 20:11 - 2015-07-14 20:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-14 20:10 - 2015-07-14 20:49 - 00000000 ____D C:\Users\Luca\Desktop\mbar
2015-07-14 20:10 - 2015-07-14 20:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Luca\Desktop\mbar-1.09.1.1004.exe
2015-07-14 20:10 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-14 19:27 - 2015-07-18 22:17 - 02134528 _____ (Farbar) C:\Users\Luca\Desktop\FRST64.exe
2015-07-14 19:27 - 2015-07-18 22:17 - 00000000 ____D C:\FRST
2015-07-13 21:53 - 2015-07-13 22:08 - 364941040 _____ (Doctor Web, Ltd.) C:\Users\Luca\Desktop\Nicht bestätigt 474896.crdownload
2015-07-12 22:27 - 2015-07-15 19:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-12 22:26 - 2015-07-12 22:26 - 00000000 ____D C:\Users\Luca\AppData\Roaming\TuneUp Software
2015-07-12 22:25 - 2015-07-17 20:02 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-12 22:25 - 2015-07-15 19:54 - 00000000 ____D C:\$AVG
2015-07-12 22:22 - 2015-07-17 20:02 - 00000000 ____D C:\ProgramData\MFAData
2015-07-12 22:22 - 2015-07-12 22:22 - 00000000 ____D C:\Users\Luca\AppData\Local\MFAData
2015-07-04 00:23 - 2015-07-04 00:23 - 00000000 ____D C:\Users\Luca\AppData\Local\CEF
2015-06-28 14:44 - 2015-06-28 14:45 - 00000000 ____D C:\Users\Luca\AppData\Local\CyberGhost
2015-06-28 14:44 - 2015-06-28 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-06-28 14:44 - 2015-06-28 14:44 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-06-28 01:51 - 2015-06-28 22:47 - 00000000 ____D C:\Program Files (x86)\JDownloader
2015-06-28 01:51 - 2015-06-28 01:51 - 00001997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2015-06-28 01:51 - 2015-06-28 01:51 - 00001941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2015-06-28 01:51 - 2015-06-28 01:51 - 00001920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2015-06-27 23:33 - 2015-06-27 23:33 - 00003094 _____ C:\Windows\System32\Tasks\{60270AB4-FE1E-4A55-AEB1-453462D3B7B7}
2015-06-27 03:36 - 2015-07-04 00:28 - 00000022 _____ C:\Windows\GPU-Z.INI
2015-06-27 03:36 - 2015-06-27 03:36 - 00000000 ____D C:\Temp
2015-06-27 03:35 - 2015-06-27 03:35 - 00000000 ____D C:\Users\Luca\AppData\Local\Futuremark
2015-06-27 03:35 - 2015-06-27 03:35 - 00000000 ____D C:\Program Files (x86)\Futuremark

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-18 22:15 - 2014-12-17 23:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-18 21:25 - 2014-06-13 13:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-18 21:25 - 2014-06-13 13:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-18 21:24 - 2014-06-13 13:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-18 21:24 - 2014-06-13 13:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-18 21:00 - 2009-07-14 06:45 - 00032960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-18 21:00 - 2009-07-14 06:45 - 00032960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-18 20:45 - 2014-12-26 11:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-18 20:45 - 2014-06-25 17:25 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-18 20:35 - 2014-05-29 12:31 - 00000000 ____D C:\ProgramData\Origin
2015-07-18 20:34 - 2014-05-14 16:38 - 01196365 _____ C:\Windows\WindowsUpdate.log
2015-07-18 20:31 - 2014-12-17 23:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-18 20:29 - 2014-05-14 17:55 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-18 20:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-18 20:29 - 2009-07-14 06:51 - 00083921 _____ C:\Windows\setupact.log
2015-07-17 20:32 - 2010-11-21 05:47 - 00045020 _____ C:\Windows\PFRO.log
2015-07-17 20:31 - 2014-11-25 23:00 - 00000000 ____D C:\AdwCleaner
2015-07-17 20:10 - 2014-12-17 23:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 20:10 - 2014-12-17 23:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 20:01 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-15 19:59 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-14 21:43 - 2015-04-05 01:08 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-14 21:43 - 2015-04-05 01:08 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-14 20:34 - 2015-01-01 23:58 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2015-07-13 21:38 - 2014-05-15 02:28 - 00698964 _____ C:\Windows\system32\perfh007.dat
2015-07-13 21:38 - 2014-05-15 02:28 - 00149104 _____ C:\Windows\system32\perfc007.dat
2015-07-13 21:38 - 2009-07-14 07:13 - 01618760 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-13 21:25 - 2014-05-27 22:19 - 00000000 ____D C:\Program Files\CamStudio 2.7
2015-07-12 22:51 - 2015-01-28 19:56 - 00000000 ____D C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-12 22:46 - 2014-05-23 14:53 - 00000000 ____D C:\Windows\AutoKMS
2015-07-12 21:47 - 2014-05-14 18:56 - 00000000 ____D C:\Users\Luca\AppData\Roaming\TS3Client
2015-07-12 19:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-03 21:52 - 2014-09-08 23:27 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-29 20:31 - 2014-10-18 01:32 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-28 22:11 - 2014-06-19 23:09 - 00000000 ____D C:\Users\Luca\AppData\Local\CrashDumps
2015-06-28 02:44 - 2014-06-11 20:39 - 00000000 ____D C:\Users\Luca\AppData\Roaming\Skype
2015-06-27 23:33 - 2014-06-11 20:38 - 00000000 ____D C:\ProgramData\Skype
2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-05-27 22:21 - 2014-05-27 22:21 - 0000046 _____ () C:\Users\Luca\AppData\Roaming\Camdata.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0000408 _____ () C:\Users\Luca\AppData\Roaming\CamLayout.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0000408 _____ () C:\Users\Luca\AppData\Roaming\CamShapes.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0004535 _____ () C:\Users\Luca\AppData\Roaming\CamStudio.cfg
2014-05-27 22:19 - 2014-05-27 22:19 - 0000096 _____ () C:\Users\Luca\AppData\Roaming\version2.xml
2014-10-19 22:40 - 2014-10-19 22:40 - 0000003 _____ () C:\Users\Luca\AppData\Local\updater.log
2014-10-19 22:40 - 2014-11-21 23:46 - 0000435 _____ () C:\Users\Luca\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
C:\Users\Luca\AppData\Local\Temp\Quarantine.exe
C:\Users\Luca\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-14 21:20

==================== End of log ============================
--- --- ---


Additions:
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Luca at 2015-07-18 22:17:35
Running from C:\Users\Luca\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-256598819-3792072900-69910656-500 - Administrator - Disabled)
Gast (S-1-5-21-256598819-3792072900-69910656-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-256598819-3792072900-69910656-1009 - Limited - Enabled) => C:\Users\HomeGroupUser$
Luca (S-1-5-21-256598819-3792072900-69910656-1001 - Administrator - Enabled) => C:\Users\Luca
UpdatusUser (S-1-5-21-256598819-3792072900-69910656-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\Steam App 223850) (Version:  - Futuremark)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{D1CBB979-E0F5-464C-ACCB-4071078DA04A}Visible) (Version: 17.0.6614 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6614 - Acronis) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AgataSoft ShutDown Pro (HKLM-x32\...\AgataSoft ShutDown Pro_is1) (Version:  - AgataSoft)
Anno 1404 (HKLM-x32\...\Steam App 33250) (Version:  - Blue Byte)
Anno 2070 (HKLM-x32\...\Steam App 48240) (Version:  - BlueByte)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.1.22.01 (HKLM\...\AutoHotkey) (Version: 1.1.22.01 - Lexikos)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
CameraBag 2 (HKLM-x32\...\Steam App 100410) (Version:  - Nevercenter Ltd. Co.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version:  - Codemasters Racing Studio)
DisplayFusion (HKLM-x32\...\Steam App 227260) (Version:  - Binary Fortress Software)
DisplayFusion 7.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.1.0.0 - Binary Fortress Software)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
European Ship Simulator (HKLM-x32\...\Steam App 299250) (Version:  - Excalibur)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Farming Simulator 15 (HKLM-x32\...\Steam App 313160) (Version:  - Giants Software)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version:  - Bugbear Entertainment)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.53.128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.53.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.38.530 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{AFBB2F94-A43D-46AD-8F77-66ACB3C71EDF}) (Version: 4.39.552.0 - Futuremark)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.37.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.37.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version:  - Piranha – Bytes)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Halo: Spartan Assault (HKLM-x32\...\Steam App 277430) (Version:  - Vanguard Games)
Hatred (HKLM-x32\...\Steam App 341940) (Version:  - Destructive Creations)
iMacros for Chrome File Access 1.0.0.805 (HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\{97ABEAC7-C6E1-46F1-957B-F395EA4662B5}_is1) (Version: 1.0.0.805 - Ipswitch, Inc)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - OP Productions LLC)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Need for Speed: Hot Pursuit (HKLM-x32\...\Steam App 47870) (Version:  - Criterion Games)
Need for Speed: SHIFT (HKLM-x32\...\Steam App 24870) (Version:  - Slightly Mad Studios)
Need for Speed: Undercover (HKLM-x32\...\Steam App 17430) (Version:  - EA Black Box)
Nero 8 Lite (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.20.0 - UpdatePack.nl)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
POSTAL (HKLM-x32\...\Steam App 232770) (Version:  - Running With Scissors)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Proxy Searcher (HKLM-x32\...\{B71B6705-FBE8-4CC1-BAE4-89C8153F28C1}) (Version: 3.90.0000 - Proxy Searcher)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
R.A.T.TE (HKLM\...\{0BE3138E-CB5E-4C09-8E06-B09BA9FEF86B}) (Version: 7.0.31.77 - Mad Catz Inc)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RollerCoaster Tycoon: Deluxe (HKLM-x32\...\Steam App 285310) (Version:  - Chris Sawyer Productions)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version:  - Firaxis Games)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Startfenster (HKLM-x32\...\Startfenster) (Version:  - Startfenster)
Stronghold 2 (HKLM-x32\...\Steam App 40960) (Version:  - FireFly Studios)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - FireFly Studios)
Stronghold HD (HKLM-x32\...\Steam App 40950) (Version:  - FireFly Studios)
Stronghold Legends (HKLM-x32\...\Steam App 40980) (Version:  - FireFly Studios)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TransOcean - The Shipping Company (HKLM-x32\...\Steam App 289930) (Version:  - Deck 13 Hamburg)
Tropico (HKLM-x32\...\Steam App 33520) (Version:  - PopTop Software)
Tropico 2: Pirate Cove (HKLM-x32\...\Steam App 33530) (Version:  - PopTop Software)
Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version:  - Haemimont Games)
Tropico 3: Absolute Power (HKLM-x32\...\Steam App 57600) (Version:  - Haemimont Games)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-15 19:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EF28B42-CF8F-4D01-AD3F-8A207259E3C2} - System32\Tasks\{B0F4523B-924C-491E-A430-863010EF0DD7} => pcalua.exe -a E:\Software\setupstb.exe -d E:\Software
Task: {484F6719-5400-457F-AC26-301C0F3A92A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-18] (Adobe Systems Incorporated)
Task: {662FE758-E87C-4AAB-9B31-653A9F674EA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {C932AD86-4E13-42B3-8FE8-DDC10B3EFEF1} - System32\Tasks\{57501C99-93C1-43E0-B15B-786A5A40C275} => pcalua.exe -a D:\Downloads\RAT_TE_Mouse_7_0_31_77_x64_Drivers.exe -d D:\Downloads
Task: {E256F497-45F9-437E-80F2-EEBE1E310FC7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E4B31AE3-B617-40FC-A39D-8FC37CCFE4CD} - System32\Tasks\{A4D93269-E48D-4486-ACB5-535C1407A8BC} => pcalua.exe -a C:\Users\Luca\Downloads\jxpiinstall.exe -d C:\Users\Luca\Downloads
Task: {F1014AB2-B41E-4407-B85D-E7F30FB671B3} - System32\Tasks\{60270AB4-FE1E-4A55-AEB1-453462D3B7B7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.5.64.102/de/go/help.faq.installer?LastError=1603
Task: {F2FE4109-BC93-450D-8946-B6EA6EDBC4A4} - System32\Tasks\Opera scheduled Autoupdate 1412090103 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {FA298245-66F8-4219-B626-78B40F365DB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-14 17:55 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-05 20:30 - 2015-01-14 21:33 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-01 10:32 - 2013-10-01 10:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 20:23 - 2015-03-12 20:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 20:23 - 2015-03-12 20:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-04 22:53 - 2015-07-03 21:51 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-11-04 22:53 - 2015-07-03 21:51 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-10-24 17:06 - 2013-10-24 17:06 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2013-10-24 17:06 - 2013-10-24 17:06 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-10 12:02 - 2013-10-10 12:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-10-24 17:09 - 2013-10-24 17:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-07-07 22:09 - 2015-07-07 05:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-07 22:09 - 2015-07-07 05:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-256598819-3792072900-69910656-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Luca\AppData\Roaming\DisplayFusion\Wallpaper_1
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DBA68E34-7652-46DC-B5FA-0AE05B1DEDFC}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{33995451-1CF4-466B-B784-189DB6C00171}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{B0407B0B-75DA-48BF-90D8-78018C086525}D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{EE649718-12A4-4BEA-A2AC-D8EFFA2D43C2}D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{7CD5B520-2F4E-47D3-8F1E-0681896F7D7F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9B0944AE-8336-471A-9F8F-5170D9FC2B97}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{8A7E8A5D-3A1A-4CFA-B7F4-C3DCD6294C92}D:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{C2D8BE19-90C4-44DD-944A-5310381F0BD1}D:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3.exe
FirewallRules: [{417CDB09-0335-41CE-BDDC-D649BA3E84DB}] => (Allow) D:\SteamLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{096C0DFD-B2E0-48F3-815F-6F9E51DF7B34}] => (Allow) D:\SteamLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{222A88F6-BC7B-48B8-8787-1CF58E43A26B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D7BE6E42-71F3-4459-82AA-85D55AD80774}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{E218A742-4B37-48C0-A40E-4861D3C1A83B}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [UDP Query User{7BDAE82A-E891-4A05-B5CB-3CCB2FD87706}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{2311D28B-81AF-40CC-BE37-5A37D6B7A3D4}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{9D9EFA32-32DC-4195-8AD4-43EBB2F69490}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7C05F50C-6C44-4627-A39C-858AD6024B00}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{065554BF-D5AB-453C-90FB-730370445355}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C7EEEA6F-90CC-432A-A3FF-454757D4C34D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C5A98D47-BBBF-4D5A-8100-17AA776A9139}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E1BFD8B9-C39F-403F-9C69-93EFAA5FEDB8}] => (Allow) D:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{F6872B6E-2CF3-45AF-9B42-A002FB426DBB}] => (Allow) D:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{6E64B0FF-E056-4183-8CAF-F66C03CDE454}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AC9F7437-4DDE-46E1-8AD1-97502C896876}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{954EC990-343B-4145-92BB-A969FDD7D664}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{CB0564BE-46F8-4FE9-BEED-CB6283C56033}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{E8D9982B-8625-49DA-9B7E-90C9BBEF2487}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{863F9AB2-3EB6-47F9-BB04-67E8AEAE3095}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{642AF5C2-4829-4949-BFC3-2C6365893B7C}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{BE02A6C5-CD31-4441-9C53-C81EE8136120}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{F782ABE2-1B32-4A90-90AC-1723E1903CF8}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{C5BCCA98-13AA-437B-A71B-19717FA7FA09}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{3D33BF0F-79C1-44AF-9043-010A1CD25297}] => (Allow) LPort=1688
FirewallRules: [{5A5798EB-835F-4CEA-BF76-A02630F88D42}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B4B2BEFA-CE3D-4D4A-A148-AAF3E98FAE66}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{25D80223-715D-45EB-ADAE-30DCC724E8D6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{160FE598-2F2F-45BE-AC66-68C4C8253D1E}] => (Allow) D:\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{7C4C1A85-C02D-40D0-9A0A-AE241AD8F75E}] => (Allow) D:\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{B0A4A874-8EE4-498F-88CE-7D26E5DB6688}] => (Allow) D:\SteamLibrary\SteamApps\common\DisplayFusion\DisplayFusionLauncher.exe
FirewallRules: [{09C4F18C-A0C6-4E1F-BEC2-99E50B9BE211}] => (Allow) D:\SteamLibrary\SteamApps\common\DisplayFusion\DisplayFusionLauncher.exe
FirewallRules: [{E153F530-64AB-4732-899D-D1ADF46B6164}] => (Allow) D:\SteamLibrary\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{F8EA581A-20BD-4928-BF24-D932FDED7E87}] => (Allow) D:\SteamLibrary\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{A103FF8A-A648-4ADA-998C-09D79FA8DC12}] => (Allow) D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{12ED01DB-F751-4F66-9060-33CE83231349}] => (Allow) D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{BB021B85-96DC-49FB-BACB-4136DBC137A3}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{04993319-79C1-4C9C-B4AD-D17AFBCCF1F3}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{B54EB214-BA66-4A43-9538-9E3504D315DD}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{40B975DE-31FE-4D79-B940-33FF4088019C}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{F943CB23-6A63-4130-9D61-BD359D4D2FA8}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{178DA789-5C05-4D91-AE6F-C9242B5763B4}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{87C625A5-FB4D-44FF-952F-FC96F4D8BCDB}] => (Allow) D:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{31E718A6-685C-415B-B294-C21E60E122AD}] => (Allow) D:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{895E4065-F604-498B-99B5-0E4874E48BFC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{71AAC3E0-8C52-45B2-BAD6-8AA4C2446734}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{E886A371-66A0-4D80-AC53-A778660035F6}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{939FE3B9-19E4-4D66-9A07-ACB2DF7E08CC}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{59E8ACEC-7431-4807-8EAE-55A68C7C4AC2}] => (Allow) D:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{300C9DEF-C906-495F-99E5-BD1A0208DCA9}] => (Allow) D:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{0A4A415A-A57D-4FA0-9F3E-CC89F194C55D}] => (Allow) D:\SteamLibrary\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{5F7B0E24-9C14-4561-9758-91087AFE50AD}] => (Allow) D:\SteamLibrary\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{C5B87386-F6A1-47B7-AC68-04ABFEE8C954}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{4A56D74A-3A07-4094-B9D3-2F51B24DA4BC}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{26495F20-D5EB-4107-BE98-0FFABD242E62}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{80141C19-45AE-4839-BF6B-B2E302F93324}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{EEDE14A9-60FB-455E-8D2E-D4FBBCB2FBFF}] => (Allow) D:\SteamLibrary\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{35CB8B62-21E7-4B72-B061-E5F7172CA69E}] => (Allow) D:\SteamLibrary\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{8D61AF57-C619-46EB-B91C-9830EFD5DB70}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{39A0F014-F904-45D5-91B9-8BEDA50D9D43}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{D1FD72F5-A2E0-4C34-A228-B90AC0F56462}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{38FABA4C-34C1-4794-9988-577023411ADB}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{F7E167B0-3BCC-4C5F-8152-95577225B4F5}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{3CCA1424-3A65-481B-AD3B-08664A46BFDA}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{9CD5E8F8-BF9D-4405-A01F-0AC583F46FB4}] => (Allow) D:\SteamLibrary\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{1B2F6D21-C9A3-4161-ABF2-63990CB9F1E0}] => (Allow) D:\SteamLibrary\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{B8EA160B-99BE-47F0-873B-BF79ED6A5BD7}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{A1B411B9-80DC-4E59-BC54-9639028D1C73}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{1E6C2E43-599D-45A9-82AC-47441CA7C1D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{13208E56-8888-43EC-954D-0C918A22D667}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B43CAF1F-3B0D-4A31-956F-E36C289D46DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{8EC82C9C-073E-45EB-8D07-9B1E59109766}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0B2D8287-A6C9-4C84-A09F-558C0036DCBA}] => (Allow) D:\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{BC12B4B4-2F08-4E55-A0A6-7F10F4EECEC7}] => (Allow) D:\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{FA1E62F6-6721-4AAA-8F4B-69344A66D35C}] => (Allow) D:\SteamLibrary\SteamApps\common\DiRT Showdown\showdown.exe
FirewallRules: [{4E66C25E-44F4-4863-AB7A-1A53341753E1}] => (Allow) D:\SteamLibrary\SteamApps\common\DiRT Showdown\showdown.exe
FirewallRules: [{12D218C5-FAA3-4227-98F3-E3867AF5C2D9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5EA99E36-CBF4-4D21-9049-380316BC190F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0AD3AB2D-98F1-4CB8-9242-5EF706915D8C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B72DEFC1-E31D-403F-8AF3-D869036BD551}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FADF0E04-9759-44FF-9173-17F6C859D962}] => (Allow) D:\Origin Spiele\Battlefield 3\bf3.exe
FirewallRules: [{FC90CBA7-EA6A-4D45-9417-C30ED29A0BE6}] => (Allow) D:\Origin Spiele\Battlefield 3\bf3.exe
FirewallRules: [{F6B602A8-BA19-4C16-A58F-BDA0A2589FF8}] => (Allow) D:\Origin Spiele\FIFA 14\Game\fifa14.exe
FirewallRules: [{CA63EF2B-B481-4952-892F-4C1176C8995E}] => (Allow) D:\Origin Spiele\FIFA 14\Game\fifa14.exe
FirewallRules: [{86B3337A-5EB8-479A-AE8E-5537D43F3FB2}] => (Allow) D:\SteamLibrary\SteamApps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{98CD4535-4902-4F62-BA17-B251A0BBAEC0}] => (Allow) D:\SteamLibrary\SteamApps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{C1E8AED3-72FB-4450-82F8-E414724E8B8A}] => (Allow) D:\SteamLibrary\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{1B95A360-A8EC-4417-8E1E-3BFB30B66354}] => (Allow) D:\SteamLibrary\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{9A8F6B91-5002-4F5A-A20D-7A8BF2A6AE18}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{0BD26821-2079-4C99-81D7-A5DBB034419D}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{84495CAA-8390-4AED-A8D3-0C3DFC05331F}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{29DA9C9E-65B7-426F-9D27-16FA5DABB7E4}] => (Allow) D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{4D1BBD67-B986-4296-8C4C-3AE83D1B2686}] => (Allow) D:\SteamLibrary\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{0C875CE3-9CAF-48FF-8410-39041FFC27F1}] => (Allow) D:\SteamLibrary\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{D81037E1-1E2D-43E4-8169-F57C23B69786}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold 2\Stronghold2.exe
FirewallRules: [{6C13BABB-F670-4B04-B937-15FC4E81EE62}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold 2\Stronghold2.exe
FirewallRules: [{F0015D76-3253-4147-B74C-97493A9963AC}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{2B24C4E1-0F78-4D69-85FD-7D034CF0402D}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{2BA6F01B-896A-434A-8756-DE44DE601D36}] => (Allow) D:\SteamLibrary\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{5B3972E4-26EE-4494-8345-A06990EC14CB}] => (Allow) D:\SteamLibrary\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{8E359691-C717-4CA2-A18B-6F1C6756759D}] => (Allow) D:\Origin Spiele\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{CACBC071-9421-44DB-997E-DE6CB904BBA2}] => (Allow) D:\Origin Spiele\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{3BC8F499-A3A6-4E29-AD1A-06A7586A8923}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{034F4E92-D96B-4020-A96B-AE864B70520F}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{5C63D423-36AA-4232-BF68-01DADB93FAD9}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{F2C8EAA2-017E-4AD1-9338-F827F61421BD}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{3F02DF4E-408D-493E-BC92-613009A418B4}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold\Stronghold.exe
FirewallRules: [{AB8E531F-DE92-4105-9688-0A95BF6F855C}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold\Stronghold.exe
FirewallRules: [{E3EB59E8-B60E-4DD4-92F5-33C12EC64E05}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{65DD10F5-915E-4916-A882-B7A075706911}] => (Allow) D:\SteamLibrary\SteamApps\common\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{D8252270-D059-435B-A120-9C75CF817BFB}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{134ED40F-D8E2-4597-9598-825746BCDDD9}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{514FEE2A-7D43-467F-8C50-72124064A04E}] => (Allow) D:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BFA1182D-B7E7-4684-975C-3ADBD5B1516C}] => (Allow) D:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{2DA79AD3-D0A2-47B1-AE11-54864DC3CF78}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{47A53C92-5335-45E6-B5CB-5FEDB0EB37B4}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{39258988-2924-4FEA-8F16-CD58BD2BCE19}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2BE17B84-575E-4F24-8BE7-65A9EDBAA8D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1B521B97-7BEF-4540-8416-DD6319A58003}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{97CE4176-54CA-4F90-8A1D-E5451A870FA1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{59866E24-BAEA-4300-B995-19E3FB13912D}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{7BA3E386-4C85-435F-B946-8CF1AD6702C9}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{01E88105-0190-4806-AECD-C29562394257}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{1648BCFC-A825-4C1C-97DA-55153D377ADA}] => (Allow) D:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{3C48DC9A-2BBE-4CDB-B982-20555450C1F1}] => (Allow) C:\Program Files\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{F963731D-6AEE-458F-AFF1-500ABF5EBBAD}] => (Allow) C:\Program Files\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{FA0D97C8-4817-41AD-AF28-2F526837E8E5}] => (Allow) D:\SteamLibrary\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{8795885F-5F77-4040-8130-56ADE88308CC}] => (Allow) D:\SteamLibrary\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{B4E91F83-A62F-4647-98EF-56809D9C85D7}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{16FA07C2-6737-4761-BA12-00EBDF8FA285}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [TCP Query User{015D79BC-8B1C-45B4-AB6C-604E6CA109B3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{77D821D3-B2F9-4121-8A4E-1FED35B2BD8D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{89362707-DD56-4B89-9217-3CD61B0F9C97}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1C31087B-2371-48CE-B290-AE2309D303D2}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{7178D3FE-48E5-41FC-AA36-223C6BC25B15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89602D04-CABC-42AD-86A0-8C654E116B3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B67A905D-BD43-41A4-90BD-004B85A58217}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{201D1E32-7E29-450F-9126-157CDF0444B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25B1AE3F-A466-4B66-A475-850273CD2D60}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{529F1722-273E-4BA2-9313-9E9E82941D3A}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{9299EE86-6B8B-41E6-A48A-BA3E5F14ABF0}] => (Allow) D:\SteamLibrary\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{82D9BEEE-16B5-4E2E-8845-9A82ED4B635C}] => (Allow) D:\SteamLibrary\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{41004D45-19B3-4C8B-89C1-32DDB976C337}] => (Allow) D:\SteamLibrary\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{251D197B-7583-450F-AF8F-8D6781846A4E}] => (Allow) D:\SteamLibrary\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{2F319220-2D06-4D47-9353-03B03C840E03}] => (Allow) D:\SteamLibrary\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{9C2F284F-B9E9-4228-A721-802AFF19B4F1}] => (Allow) D:\SteamLibrary\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{06550E52-2AB9-4775-9019-A331AD924BAF}] => (Allow) D:\SteamLibrary\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{7AB86D3A-53F5-46CB-B4FA-AF429E0EE14E}] => (Allow) D:\SteamLibrary\SteamApps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{E70E4820-7363-46DA-8D12-E892E682D57F}] => (Allow) D:\SteamLibrary\SteamApps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{DC0B3649-B4EE-4B4F-9445-972667ECDAC6}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{4D4B2FED-A6EA-4CE3-BA69-E4EA9AB7CBF8}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{3D7EEBD2-C713-457F-9308-A8AEBAC68467}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x86\FarmingSimulator2015Game.exe
FirewallRules: [{B996786C-8455-413C-9786-6C8245B02DE1}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x86\FarmingSimulator2015Game.exe
FirewallRules: [{D3E19D10-3D1A-4E66-B2FA-06052414F886}] => (Allow) D:\SteamLibrary\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{BD2045AE-C6D3-4956-837E-72AB1F0FD9BF}] => (Allow) D:\SteamLibrary\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{CDF952B5-0F9E-47ED-8E1D-919B7E5845F3}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Undercover\nfs.exe
FirewallRules: [{E192A11E-F168-4D6D-8951-816B9A56EB41}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Undercover\nfs.exe
FirewallRules: [{17351489-A119-40BF-99C1-C48C7F0FC322}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{835E3114-2DC7-460B-AB0F-CC1660D4FCF2}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{23C32C48-6B5C-43ED-B616-6157A0ABC90E}] => (Allow) D:\SteamLibrary\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{61DA436D-D4DF-4132-BAA2-0AC73F15B828}] => (Allow) D:\SteamLibrary\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{700D7229-528D-4BD9-B114-A737AA001FBA}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0908B44A-E095-43ED-9F70-61775F2194A8}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{2E21512D-5D09-428F-8D4F-F81686127C57}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{1DBEC68D-779C-4A89-AACE-F54EA85A86D6}] => (Allow) D:\SteamLibrary\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{CEE2F5E9-97C1-4847-9E94-6A59DB3038C3}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\Rust.exe
FirewallRules: [{DC339F41-DBE9-4C25-A350-488B4EB0F82B}] => (Allow) D:\SteamLibrary\SteamApps\common\rust\Rust.exe
FirewallRules: [{7DA63770-737A-4CB6-9AAA-313F55FA69CD}] => (Allow) D:\SteamLibrary\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{05F10FE0-776E-4DED-9581-D6A2EADDE246}] => (Allow) D:\SteamLibrary\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{F7F89ACF-98AA-43C4-B6CA-1983950925C4}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{C5E94706-9DEE-4139-B039-2A6BB210DF54}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{5EAAF11D-D518-49CB-A158-6E1F144AD224}] => (Block) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{1B2B7C63-5B54-4539-9871-52B3AAC2B566}] => (Block) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{63806BB4-88D9-43D1-AA7D-D69A590FEEBB}] => (Allow) D:\SteamLibrary\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{951C634C-7865-495D-935F-572C4DFBE872}] => (Allow) D:\SteamLibrary\SteamApps\common\Gothic 3\Gothic3.exe
FirewallRules: [{BBFE0526-91A1-48F0-8CF0-2DBA0E5E767C}] => (Allow) D:\SteamLibrary\SteamApps\common\Halo Spartan Assault\HaloSpartanAssault.exe
FirewallRules: [{8408BB34-28CC-4C7A-A5E7-BE68AC2BAF3D}] => (Allow) D:\SteamLibrary\SteamApps\common\Halo Spartan Assault\HaloSpartanAssault.exe
FirewallRules: [{33710B19-13D1-4B3E-8992-1836961DA894}] => (Allow) D:\SteamLibrary\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{7D492F3C-FF99-4A09-986A-5DAB7F7F2FBC}] => (Allow) D:\SteamLibrary\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{207CF2D6-397B-4358-891B-75B2D7BDA304}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{129F3D47-13C4-4671-981C-FF5E5354DE97}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{3205B19C-D3C6-4782-913B-EE644AAE47BA}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{0F637E27-515E-4B56-B4DB-DE71DAADC755}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{9EB5343F-EE3E-445D-B6E9-C17998556D54}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{5292A280-F6A9-400E-A042-91CC7B849ED6}] => (Allow) D:\SteamLibrary\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{4B7BAB29-7F77-4B82-9CE3-0038CD212FE5}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico\Tropico.EXE
FirewallRules: [{7DDB0B81-B9F1-4A68-BC33-1645C3BB800E}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico\Tropico.EXE
FirewallRules: [{14426D95-D26F-4609-9BFD-634CE2E4A4F7}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 2\Tropico2.exe
FirewallRules: [{365BD242-16DB-4498-B832-FE5CDA753F25}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 2\Tropico2.exe
FirewallRules: [{470E5971-35F1-486D-9D27-ADA8B1E1CE88}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 3\Tropico3.exe
FirewallRules: [{3D075A38-DBC3-4019-A286-BA18F5126559}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 3\Tropico3.exe
FirewallRules: [{386A7C51-6C2E-4440-97B0-B53497183AEA}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{1C7DDA57-87F4-487A-B07F-64B6284A819F}] => (Allow) D:\SteamLibrary\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{FCDACEF6-95C3-469F-A839-84737006A343}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3A34913F-42F1-447F-A416-7FC10AFDD53B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6A76DF05-A941-43B6-91E0-D9A22BEEAEE9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{682B6B90-7C15-409F-AFDD-5FEB247D887D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8032D0D9-9F21-4D40-8F38-268CD5069DF4}] => (Allow) D:\SteamLibrary\SteamApps\common\CameraBag 2\CameraBag 2.exe
FirewallRules: [{E00C1395-8DDB-4251-97E3-AAE330BC9CA1}] => (Allow) D:\SteamLibrary\SteamApps\common\CameraBag 2\CameraBag 2.exe
FirewallRules: [{2986C909-63AB-453C-9B22-1DBF0ED75F74}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{2B71AC90-0142-471D-AF36-3643EC3242AF}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{A874B22E-0529-4BB3-B0EF-7EBCE72BBFB4}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{4843ADED-285C-40F5-BA4F-76CF08DF470C}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{B3081755-BC6D-4A66-9249-B3876A43F7F4}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{91A5A120-1321-499B-8129-A52AEDFC7989}] => (Allow) D:\SteamLibrary\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{4DBB8F6A-0040-4023-9A03-960DACF3B186}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{F6E7FE19-B3D9-4998-A300-787D5A6D1697}] => (Allow) D:\SteamLibrary\SteamApps\common\Anno 1404\Anno4.exe
FirewallRules: [{C8DE0954-F437-43A7-AC62-98FE15EB8995}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{9C42F770-B4AF-4C72-8A0F-AF705894CA5D}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{9460F9A0-444A-4322-A845-BD9965ED1199}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{56988FA4-A88D-432E-BEE9-0025D74C1B0F}] => (Allow) D:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{1C4CD1E8-2298-4626-A880-F8AF1EE77B58}] => (Allow) D:\SteamLibrary\SteamApps\common\European Ship Simulator\ess.exe
FirewallRules: [{2B436408-81B3-4781-AC5B-25CFA2D2D25B}] => (Allow) D:\SteamLibrary\SteamApps\common\European Ship Simulator\ess.exe
FirewallRules: [{0A2BEEE8-80DE-482D-8B6C-C970398EC695}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{38202C9F-5153-4718-89D6-593FD1D2339C}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3449539C-CBC8-4228-A34B-29559E85351B}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{29A15FF3-6F56-43D7-9D3D-2AB649A120C0}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{1ADB30BE-99FA-40E3-A8DC-DFD4E7C113A8}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [{6EBC367F-4007-4437-B968-73C68480BFAC}] => (Allow) D:\SteamLibrary\SteamApps\common\Farming Simulator 15\x64\FarmingSimulator2015Game.exe
FirewallRules: [TCP Query User{A1F47366-94D7-41FF-B1EC-7F58CA16F6EC}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{BA8BEF85-FB69-4191-92FC-A2882E0AD3A8}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{8725D830-A947-47A6-A8E7-A1A65702A0A7}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{9C6E5625-C45C-4CD5-8B30-68DB42584CB8}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{69193C28-D784-4206-9F53-8B5319630E01}] => (Allow) D:\SteamLibrary\SteamApps\common\Need For Speed Shift\SHIFT.exe
FirewallRules: [{65709C18-FC69-437F-A9C8-DB151ADC2470}] => (Allow) D:\SteamLibrary\SteamApps\common\Need For Speed Shift\SHIFT.exe
FirewallRules: [{B7CF1521-BFA3-46BD-A5B2-3B03312249EA}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe
FirewallRules: [{5CA59999-37DC-406C-9295-28829AF79772}] => (Allow) D:\SteamLibrary\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe
FirewallRules: [{2D4577C3-7115-473C-BB05-0C8403A03099}] => (Allow) D:\SteamLibrary\SteamApps\common\TransOcean - The Shipping Company\TransOcean.exe
FirewallRules: [{372742CC-A012-42C6-B348-41911AA70590}] => (Allow) D:\SteamLibrary\SteamApps\common\TransOcean - The Shipping Company\TransOcean.exe
FirewallRules: [{DE41DCBD-11E1-4F7B-A49C-73AC546917FC}] => (Allow) D:\SteamLibrary\SteamApps\common\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{E7DE18E9-CB6E-48E3-84EE-EF86A804C281}] => (Allow) D:\SteamLibrary\SteamApps\common\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{201AA12A-F513-476C-A76C-7B7DA6B97497}] => (Allow) C:\Program Files\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{047FB682-1F97-4B5B-A72A-CA34AD9A14A8}] => (Allow) C:\Program Files\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{77F81EA8-A8FA-441C-91F3-F49A80BCF634}] => (Allow) C:\Program Files\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{2767A58D-37B1-4C87-8204-92D88A9D2B24}] => (Allow) C:\Program Files\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{7EDADAC4-F517-4F5D-8E9F-AE2FEE34140A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2F52D7F2-55A0-4143-9942-54FA2AAD9336}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C3E27640-3E1D-4119-AF2F-4A8A401275BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2015 10:14:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/18/2015 08:55:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/18/2015 08:46:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/18/2015 08:45:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP_PC)
Description: Produkt: Adobe Reader XI (11.0.11) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011012}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/18/2015 08:37:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/18/2015 08:36:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/18/2015 08:36:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/18/2015 08:31:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 08:54:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x788
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3

Error: (07/17/2015 08:46:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP_PC)
Description: Produkt: Adobe Reader XI (11.0.11) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011012}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (07/18/2015 10:02:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (07/18/2015 10:02:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Luca\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/18/2015 10:02:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (07/18/2015 10:02:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Luca\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/18/2015 10:02:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (07/18/2015 10:02:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Luca\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/18/2015 10:02:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (07/18/2015 10:02:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Luca\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/18/2015 10:01:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (07/18/2015 10:01:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Luca\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office:
=========================
Error: (07/18/2015 10:14:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/18/2015 08:55:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\luca\desktop\esetsmartinstaller_deu.exe

Error: (07/18/2015 08:46:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Luca\Desktop\esetsmartinstaller_deu.exe

Error: (07/18/2015 08:45:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP_PC)
Description: Adobe Reader XI (11.0.11) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011012}1625(NULL)(NULL)(NULL)

Error: (07/18/2015 08:37:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Luca\Desktop\esetsmartinstaller_deu.exe

Error: (07/18/2015 08:36:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Luca\Desktop\esetsmartinstaller_deu.exe

Error: (07/18/2015 08:36:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Luca\Desktop\esetsmartinstaller_deu.exe

Error: (07/18/2015 08:31:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 08:54:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18869556366f2c000000d000000000006ec1278801d0c0bf03e06830C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll4bcc1bab-2cb5-11e5-9601-bcaec532781d

Error: (07/17/2015 08:46:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP_PC)
Description: Adobe Reader XI (11.0.11) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011012}1625(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2015-07-15 19:59:21.806
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-15 19:59:21.773
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-15 19:59:21.739
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-15 19:59:21.706
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-15 19:30:16.834
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-15 19:30:16.798
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 42%
Total physical RAM: 8183.05 MB
Available physical RAM: 4712.01 MB
Total Virtual: 16364.32 MB
Available Virtual: 12800.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:4.22 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:649.71 GB) (Free:188.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: BF2F5BF4)
Partition 1: (Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=649.7 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---

schrauber 19.07.2015 14:15
Java und Firefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
D:\Downloads\as_shutdown_CB-DL-Manager.exe

D:\Downloads\FRAPS - CHIP-Installer.exe

D:\Downloads\GPU Z - CHIP-Installer.exe

D:\Downloads\Nero Lite - CHIP-Installer.exe

D:\Downloads\vlc-2.1.5-win32.exe

D:\Family\Luca\Steam Skin Pack - CHIP-Installer.exe
RemoveProxy:
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen



und ein frisches FRST log bitte. Passwörter ändern und testen :)

ha00x7 19.07.2015 16:09
Danke für den Artikel über den Chip Installer - hab ich vorher nicht gewusst!

Fixlog.txt:
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Luca at 2015-07-19 16:50:27 Run:1
Running from C:\Users\Luca\Desktop
Loaded Profiles: Luca & UpdatusUser (Available Profiles: Luca & UpdatusUser & HomeGroupUser$)
Boot Mode: Normal
==============================================

fixlist content:
*****************
D:\Downloads\as_shutdown_CB-DL-Manager.exe

D:\Downloads\FRAPS - CHIP-Installer.exe

D:\Downloads\GPU Z - CHIP-Installer.exe

D:\Downloads\Nero Lite - CHIP-Installer.exe

D:\Downloads\vlc-2.1.5-win32.exe

D:\Family\Luca\Steam Skin Pack - CHIP-Installer.exe
RemoveProxy:
Emptytemp:
       
*****************

"D:\Downloads\as_shutdown_CB-DL-Manager.exe" => File/Folder not found.
"D:\Downloads\FRAPS - CHIP-Installer.exe" => File/Folder not found.
"D:\Downloads\GPU Z - CHIP-Installer.exe" => File/Folder not found.
"D:\Downloads\Nero Lite - CHIP-Installer.exe" => File/Folder not found.
"D:\Downloads\vlc-2.1.5-win32.exe" => File/Folder not found.
"D:\Family\Luca\Steam Skin Pack - CHIP-Installer.exe" => File/Folder not found.

========= RemoveProxy: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-256598819-3792072900-69910656-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-256598819-3792072900-69910656-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 903.3 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 16:51:20 ====
Java und Firefox wurden auf die neuste Version aktuallisiert

schrauber 20.07.2015 07:44
dann PW ändern, das frische FRST log bitte und den Rechner testen :)

ha00x7 20.07.2015 08:39
PWs wurden schon geändert.
Rechner hab ich gestern abend noch getestet, wollte ich eigentlich noch editieren, hat alles geklappt, danke für die Hilfe

Frst log kann ich frühestens am Sonntag liefern, bin leider schon unterwegs nach Italien

schrauber 20.07.2015 17:06
null problemo :)

ha00x7 26.07.2015 15:25
PC läuft wieder (sogar schneller als vorher, danke dafür ^^)

Nehme mal an, wir sind jetzt fertig? Dann würde ich mich abschließend ganz ganz herzlich bedanken, sehr große Hilfe! :)

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
durchgeführt von Luca (Administrator) auf DESKTOP_PC (26-07-2015 16:19:40)
Gestartet von C:\Users\Luca\Desktop
Geladene Profile: Luca & UpdatusUser (Verfügbare Profile: Luca & UpdatusUser & HomeGroupUser$)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{761EAC62-596B-A242-BBF4-233705AFBE31}\YSearchUtilSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Mad Catz Inc) C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(lulu297) D:\Family\Luca\Bots\Millionenklick\Millionenklick Bot.exe
(Skillbrains) C:\Users\Luca\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [976672 2013-03-24] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [R.A.T.TE] => C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe [195072 2014-02-11] (Mad Catz Inc)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843992 2013-10-24] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [AgataSoft ShutDown Pro] => C:\Program Files (x86)\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe [2344960 2011-11-19] (AgataSoft)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [Millionenklick Bot] => D:\Family\Luca\Bots\Millionenklick\Millionenklick Bot.exe [525312 2014-09-14] (lulu297)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [LightShot] => C:\Users\Luca\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-03] (Electronic Arts)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-256598819-3792072900-69910656-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-05-18]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2014-06-16]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGITECH.lnk [2015-05-26]
ShortcutTarget: LOGITECH.lnk -> C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ATTENTION

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-256598819-3792072900-69910656-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-256598819-3792072900-69910656-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-256598819-3792072900-69910656-1001 -> {11C65C2A-339B-45A5-B48F-0404C9AD0D36} URL = https://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-256598819-3792072900-69910656-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-19] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{03620E07-CD8C-45CD-8CF0-8BF6BC1A97A3}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{55DC6518-081E-4FAF-A126-373F9D85F4D7}: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Yahoo
FF Homepage: https://de.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-18] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-256598819-3792072900-69910656-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-27] ()
FF Extension: iMacros for Firefox - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-06-01]
FF Extension: Adblock Plus - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\stxqekyz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]

Chrome:
=======
CHR Profile: C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-17]
CHR Extension: (Steam inventory helper) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2015-05-28]
CHR Extension: (Stylish) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-12-17]
CHR Extension: (Avira Browser Safety) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-07-19]
CHR Extension: (LoungeDestroyer) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-03-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-05]
CHR Extension: (AllDebrid Chrome Extension) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjbgnpehbhpibonmjjjbjaoechnlcaf [2014-12-17]
CHR Extension: (Ghostery) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - https://clients2.google.com/service/update2/crx

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-06-03] (Futuremark)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-14] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{761EAC62-596B-A242-BBF4-233705AFBE31}\YSearchUtilSvc.exe [152344 2015-06-29] (Yahoo Inc.)

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                          )
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24040 2014-02-12] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [51560 2014-02-12] (Saitek)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-09-08] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-09-08] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-09-08] (Acronis International GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-26 16:19 - 2015-07-26 16:19 - 02146816 _____ (Farbar) C:\Users\Luca\Desktop\FRST64.exe
2015-07-26 16:19 - 2015-07-26 16:19 - 00021962 _____ C:\Users\Luca\Desktop\FRST.txt
2015-07-25 12:24 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-25 12:24 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-25 12:24 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-25 12:24 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-25 12:24 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-25 12:24 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-25 12:24 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-25 12:24 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-25 12:24 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-25 12:24 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-24 13:07 - 2015-07-24 13:08 - 00000000 ____D C:\Windows\rescache
2015-07-22 10:45 - 2015-07-22 11:52 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-07-19 22:50 - 2015-07-19 22:50 - 00000000 ____D C:\Users\Luca\AppData\Local\GWX
2015-07-19 17:32 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-19 17:32 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-19 17:32 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-19 17:32 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-19 17:32 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-19 17:32 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-19 17:32 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-19 17:32 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-19 17:32 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-19 17:32 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-19 17:32 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-19 17:32 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-19 17:32 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-19 17:32 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-19 17:32 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-19 17:32 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-19 17:32 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-19 17:32 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-19 17:32 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-19 17:32 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-19 17:32 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-19 17:32 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-19 17:32 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-19 17:32 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-19 17:32 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-19 17:32 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-19 17:32 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-19 17:32 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-19 17:32 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-19 17:32 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-19 17:32 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-19 17:32 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-19 17:32 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-19 17:32 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-19 17:32 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-19 17:32 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-19 17:32 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-19 17:32 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-19 17:32 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-19 17:32 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-19 17:32 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-19 17:32 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-19 17:32 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-19 17:32 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-19 17:30 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-19 17:30 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-19 17:30 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-19 17:30 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-19 17:30 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-19 17:30 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-19 17:30 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-19 17:30 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-19 17:30 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-19 17:30 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-19 17:30 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-19 17:30 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-19 17:30 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-19 17:30 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-19 17:30 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-19 17:30 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-19 17:30 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-19 17:30 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-19 17:30 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-19 17:30 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-19 17:30 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-19 17:30 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-19 17:30 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-19 17:30 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-19 17:30 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-19 17:30 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-19 17:30 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-19 17:30 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-19 17:30 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-19 17:30 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-19 17:30 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-19 17:30 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-19 17:28 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-19 17:28 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-19 17:28 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-19 17:28 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-19 17:28 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-19 17:28 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-19 17:28 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-19 17:28 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-19 17:28 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-19 17:28 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-19 17:28 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-19 17:27 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-19 17:27 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-19 17:27 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-19 17:27 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-19 17:27 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-19 17:27 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-19 17:27 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-19 17:27 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-19 17:27 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-19 17:27 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-19 17:27 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-19 17:27 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-19 17:27 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-19 17:27 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-19 17:27 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-19 17:27 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-19 17:27 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-19 17:27 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-19 17:27 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-19 17:27 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-19 17:27 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-19 17:27 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-19 17:27 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-19 17:27 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-19 17:27 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-19 17:27 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-19 17:27 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-19 17:27 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-19 17:27 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-19 17:27 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-19 17:27 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-19 17:27 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-19 17:27 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-19 17:27 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-19 17:27 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-19 17:27 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-19 17:27 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-19 17:27 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-19 17:27 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-19 17:27 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-19 17:27 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-19 17:27 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-19 17:27 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-19 17:27 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-19 17:27 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-19 17:27 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-19 17:27 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-19 17:27 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-19 17:27 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-19 17:12 - 2015-07-19 17:12 - 00000000 ____D C:\Users\Luca\AppData\Local\YSearchUtil
2015-07-19 17:12 - 2015-07-19 17:12 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-07-19 17:08 - 2015-07-19 17:08 - 00562784 _____ (Oracle Corporation) C:\Users\Luca\Downloads\jxpiinstall.exe
2015-07-19 17:06 - 2015-07-19 17:07 - 00000000 ____D C:\Users\Luca\Desktop\Neuer Ordner
2015-07-19 17:03 - 2015-07-26 16:08 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-19 17:03 - 2015-07-19 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-19 16:59 - 2015-07-19 16:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-19 16:55 - 2015-07-19 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-19 16:55 - 2015-07-19 16:55 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-17 20:09 - 2015-07-17 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-17 20:09 - 2015-07-17 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-17 20:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-17 20:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-15 20:01 - 2015-07-15 20:01 - 00029476 _____ C:\ComboFix.txt
2015-07-15 19:24 - 2015-07-15 20:01 - 00000000 ____D C:\Qoobox
2015-07-15 19:24 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-15 19:24 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-15 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-15 19:24 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-15 19:23 - 2015-07-15 19:59 - 00000000 ____D C:\Windows\erdnt
2015-07-15 19:16 - 2015-07-15 19:16 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-14 20:11 - 2015-07-26 16:00 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 20:11 - 2015-07-17 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-14 20:11 - 2015-07-14 20:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-14 20:10 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-14 19:27 - 2015-07-26 16:19 - 00000000 ____D C:\FRST
2015-07-12 22:27 - 2015-07-15 19:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-12 22:26 - 2015-07-12 22:26 - 00000000 ____D C:\Users\Luca\AppData\Roaming\TuneUp Software
2015-07-12 22:25 - 2015-07-17 20:02 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-12 22:25 - 2015-07-15 19:54 - 00000000 ____D C:\$AVG
2015-07-12 22:22 - 2015-07-17 20:02 - 00000000 ____D C:\ProgramData\MFAData
2015-07-12 22:22 - 2015-07-12 22:22 - 00000000 ____D C:\Users\Luca\AppData\Local\MFAData
2015-07-04 00:23 - 2015-07-04 00:23 - 00000000 ____D C:\Users\Luca\AppData\Local\CEF
2015-06-28 14:44 - 2015-06-28 14:45 - 00000000 ____D C:\Users\Luca\AppData\Local\CyberGhost
2015-06-28 14:44 - 2015-06-28 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-06-28 14:44 - 2015-06-28 14:44 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-06-28 01:51 - 2015-06-28 22:47 - 00000000 ____D C:\Program Files (x86)\JDownloader
2015-06-28 01:51 - 2015-06-28 01:51 - 00001997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2015-06-28 01:51 - 2015-06-28 01:51 - 00001941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2015-06-28 01:51 - 2015-06-28 01:51 - 00001920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2015-06-27 23:33 - 2015-06-27 23:33 - 00003094 _____ C:\Windows\System32\Tasks\{60270AB4-FE1E-4A55-AEB1-453462D3B7B7}
2015-06-27 03:36 - 2015-07-04 00:28 - 00000022 _____ C:\Windows\GPU-Z.INI
2015-06-27 03:36 - 2015-06-27 03:36 - 00000000 ____D C:\Temp
2015-06-27 03:35 - 2015-06-27 03:35 - 00000000 ____D C:\Users\Luca\AppData\Local\Futuremark
2015-06-27 03:35 - 2015-06-27 03:35 - 00000000 ____D C:\Program Files (x86)\Futuremark

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-26 16:19 - 2009-07-14 06:45 - 00032960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-26 16:19 - 2009-07-14 06:45 - 00032960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-26 16:17 - 2014-12-17 23:22 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-26 16:09 - 2014-09-30 17:15 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-26 16:09 - 2014-05-14 16:38 - 01627632 _____ C:\Windows\WindowsUpdate.log
2015-07-26 16:00 - 2014-12-17 23:22 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-26 15:59 - 2014-05-14 17:55 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-26 15:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 15:59 - 2009-07-14 06:51 - 00084425 _____ C:\Windows\setupact.log
2015-07-26 15:59 - 2009-07-14 06:45 - 00409208 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-25 12:51 - 2014-05-15 02:28 - 00698964 _____ C:\Windows\system32\perfh007.dat
2015-07-25 12:51 - 2014-05-15 02:28 - 00149104 _____ C:\Windows\system32\perfc007.dat
2015-07-25 12:51 - 2009-07-14 07:13 - 01618760 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-25 12:25 - 2015-04-05 01:08 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-25 12:24 - 2014-06-13 13:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 12:19 - 2015-01-01 23:58 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2015-07-24 13:37 - 2014-05-29 12:31 - 00000000 ____D C:\ProgramData\Origin
2015-07-19 22:07 - 2014-05-14 18:56 - 00000000 ____D C:\Users\Luca\AppData\Roaming\TS3Client
2015-07-19 20:07 - 2014-09-30 17:15 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412090103
2015-07-19 19:58 - 2014-12-12 18:52 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-19 19:58 - 2014-05-15 04:54 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-19 19:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-19 17:39 - 2014-05-23 14:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-19 17:35 - 2014-06-15 20:51 - 00000000 ____D C:\Windows\system32\MRT
2015-07-19 17:29 - 2014-06-16 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VR-NetWorld
2015-07-19 17:14 - 2014-11-25 22:47 - 00000000 __SHD C:\Users\Luca\AppData\Local\EmieBrowserModeList
2015-07-19 17:14 - 2014-05-27 19:16 - 00000000 __SHD C:\Users\Luca\AppData\Local\EmieUserList
2015-07-19 17:14 - 2014-05-27 19:16 - 00000000 __SHD C:\Users\Luca\AppData\Local\EmieSiteList
2015-07-19 17:13 - 2014-05-23 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-07-19 17:12 - 2014-05-14 19:02 - 00000000 ____D C:\ProgramData\Oracle
2015-07-19 17:11 - 2014-05-14 19:02 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-19 17:09 - 2014-05-14 19:02 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-19 17:01 - 2014-05-14 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-19 16:55 - 2014-10-18 01:32 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-19 16:52 - 2010-11-21 05:47 - 00046188 _____ C:\Windows\PFRO.log
2015-07-18 21:25 - 2014-06-13 13:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-18 21:24 - 2014-06-13 13:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-18 21:24 - 2014-06-13 13:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-18 20:45 - 2014-12-26 11:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-18 20:45 - 2014-06-25 17:25 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-17 20:31 - 2014-11-25 23:00 - 00000000 ____D C:\AdwCleaner
2015-07-17 20:10 - 2014-12-17 23:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 20:10 - 2014-12-17 23:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 20:01 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-15 19:59 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-14 21:43 - 2015-04-05 01:08 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-13 21:25 - 2014-05-27 22:19 - 00000000 ____D C:\Program Files\CamStudio 2.7
2015-07-12 22:51 - 2015-01-28 19:56 - 00000000 ____D C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-12 22:46 - 2014-05-23 14:53 - 00000000 ____D C:\Windows\AutoKMS
2015-07-12 19:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-03 21:52 - 2014-09-08 23:27 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-03 08:43 - 2014-06-15 20:51 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-28 22:11 - 2014-06-19 23:09 - 00000000 ____D C:\Users\Luca\AppData\Local\CrashDumps
2015-06-28 02:44 - 2014-06-11 20:39 - 00000000 ____D C:\Users\Luca\AppData\Roaming\Skype
2015-06-27 23:33 - 2014-06-11 20:38 - 00000000 ____D C:\ProgramData\Skype

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-05-27 22:21 - 2014-05-27 22:21 - 0000046 _____ () C:\Users\Luca\AppData\Roaming\Camdata.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0000408 _____ () C:\Users\Luca\AppData\Roaming\CamLayout.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0000408 _____ () C:\Users\Luca\AppData\Roaming\CamShapes.ini
2014-05-27 22:21 - 2014-05-27 22:21 - 0004535 _____ () C:\Users\Luca\AppData\Roaming\CamStudio.cfg
2014-05-27 22:19 - 2014-05-27 22:19 - 0000096 _____ () C:\Users\Luca\AppData\Roaming\version2.xml
2014-10-19 22:40 - 2014-10-19 22:40 - 0000003 _____ () C:\Users\Luca\AppData\Local\updater.log
2014-10-19 22:40 - 2014-11-21 23:46 - 0000435 _____ () C:\Users\Luca\AppData\Local\UserProducts.xml

Einige Dateien in TEMP:
====================
C:\Users\Luca\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-24 13:00

==================== Ende von log ============================


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:26 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20