Habe GU entfernt. Code:
# AdwCleaner v4.208 - Bericht erstellt 15/07/2015 um 12:42:58
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 8.1 Pro (x64)
# Benutzername : Lynx - BÜRO1
# Gestarted von : C:\Users\Lynx\Desktop\Neuer Ordner\AdwCleaner_4.208.exe
# Option : Löschen
**** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippenodjaoidmkkfdlmdhofiebnpjddb_0.localstorage
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_skateboardmsm.de_0.localstorage
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_skateboardmsm.de_0.localstorage-journal
***** [ Geplante Tasks ] *****
Task Gelöscht : BackgroundContainer Startup Task
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v
-\\ Google Chrome v43.0.2357.134
*************************
AdwCleaner[R0].txt - [4701 Bytes] - [19/12/2013 02:10:57]
AdwCleaner[R1].txt - [2172 Bytes] - [15/07/2015 12:38:59]
AdwCleaner[R2].txt - [2231 Bytes] - [15/07/2015 12:41:11]
AdwCleaner[S0].txt - [4552 Bytes] - [19/12/2013 02:11:59]
AdwCleaner[S1].txt - [2105 Bytes] - [15/07/2015 12:42:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2164 Bytes] ########## Wie kann ich GDATA vollständig deaktivieren? Hab den Virenwächter, Firewall und den Autopiloten deaktiviert. Dennoch wurde JMT prommt in die Quarantäne geschoben und möchte einen neustart .... :-( War total überrascht, normalerweise Frägt er mich bei sowas und lässt mir die wahl. xD Bekomme ich den ausgeschaltet ohne gleich zu deinstallieren? msconfig? oder sitzt der zu tief und ich muss ihn vollständig deinstalieren? Notfalls geht auch das, wobei es mir aufgrund der Trafic ein deaktivieren lieber wäre, falls möglich. Habe das Objekt zurückbewegt und im die rechte gegeben das es ausgefürt wird. Reicht das? Oder verfälscht das den Scann? Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.9 (07.14.2015:2)
OS: Windows 8.1 Pro x64
Ran by Lynx on 15.07.2015 at 12:55:19,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
~~~ Files
Successfully deleted: [File] C:\ProgramData\1396390413.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1428779286.bdinstall.bin
~~~ Folders
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
Successfully deleted: [Folder] C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
[C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
elicpjhcidhpjomhibiffojpinpmmpil
hcdjknjpbnhdoabbngpmfekaecnpajba
[C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
elicpjhcidhpjomhibiffojpinpmmpil,
hcdjknjpbnhdoabbngpmfekaecnpajba
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.07.2015 at 12:58:32,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 15.07.2015 13:01:56, SYSTEM, BÃ?RO1, Manual, Rootkit Database, 2015.2.25.1, 2015.7.14.1,
Update, 15.07.2015 13:01:56, SYSTEM, BÃ?RO1, Manual, Remediation Database, 2015.3.9.1, 2015.7.14.1,
Update, 15.07.2015 13:01:56, SYSTEM, BÃ?RO1, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 15.07.2015 13:01:56, SYSTEM, BÃ?RO1, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 15.07.2015 13:02:04, SYSTEM, BÃ?RO1, Manual, Malware Database, 2015.3.9.5, 2015.7.15.3,
Scan, 15.07.2015 13:13:13, SYSTEM, BÃ?RO1, Manual, Start: 15.07.2015 13:02:53, Dauer: 10 Minuten 20 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung,
(end) von dem habe ich noch einen alten log über, an dem tag wurde auch etwas in die quarantäne gesteckt. Bin mir aber nicht sicher ob es nur ein fehlalarm war. Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 10.05.2015 10:55:29, SYSTEM, BÃ?RO1, Protection, Malware Protection, Starting,
Protection, 10.05.2015 10:55:29, SYSTEM, BÃ?RO1, Protection, Malware Protection, Started,
Protection, 10.05.2015 10:55:29, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 10:55:29, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started,
Update, 10.05.2015 10:55:47, SYSTEM, BÃ?RO1, Manual, Rootkit Database, 2015.2.25.1, 2015.4.21.1,
Update, 10.05.2015 10:55:47, SYSTEM, BÃ?RO1, Manual, Remediation Database, 2015.3.9.1, 2015.5.9.1,
Update, 10.05.2015 10:55:57, SYSTEM, BÃ?RO1, Manual, Malware Database, 2015.3.9.5, 2015.5.10.2,
Protection, 10.05.2015 10:55:57, SYSTEM, BÃ?RO1, Protection, Refresh, Starting,
Protection, 10.05.2015 10:55:57, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 10:55:57, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 10:56:04, SYSTEM, BÃ?RO1, Protection, Refresh, Success,
Protection, 10.05.2015 10:56:04, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 10:56:04, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started,
Update, 10.05.2015 10:56:08, SYSTEM, BÃ?RO1, Manual, Remediation Database, 2015.3.9.1, 2015.5.9.1,
Protection, 10.05.2015 10:56:09, SYSTEM, BÃ?RO1, Protection, Refresh, Starting,
Protection, 10.05.2015 10:56:09, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 10:56:09, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 10:56:15, SYSTEM, BÃ?RO1, Protection, Refresh, Success,
Protection, 10.05.2015 10:56:15, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 10:56:19, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started,
Scan, 10.05.2015 11:17:35, SYSTEM, BÃ?RO1, Manual, Start: 10.05.2015 10:59:26, Dauer: 16 Minuten 20 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "1" nicht-Malwareerkennung,
Protection, 10.05.2015 12:58:17, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 12:58:17, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 12:58:17, SYSTEM, BÃ?RO1, Protection, Malware Protection, Stopping,
Protection, 10.05.2015 12:58:22, SYSTEM, BÃ?RO1, Protection, Malware Protection, Stopped,
Protection, 10.05.2015 13:02:31, SYSTEM, BÃ?RO1, Protection, Malware Protection, Starting,
Protection, 10.05.2015 13:02:31, SYSTEM, BÃ?RO1, Protection, Malware Protection, Started,
Protection, 10.05.2015 13:02:31, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 13:03:28, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started,
Update, 10.05.2015 13:59:37, SYSTEM, BÃ?RO1, Scheduler, Malware Database, 2015.5.10.2, 2015.5.10.3,
Protection, 10.05.2015 13:59:37, SYSTEM, BÃ?RO1, Protection, Refresh, Starting,
Protection, 10.05.2015 13:59:37, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 13:59:38, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 13:59:47, SYSTEM, BÃ?RO1, Protection, Refresh, Success,
Protection, 10.05.2015 13:59:47, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 13:59:47, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started,
Update, 10.05.2015 16:06:06, SYSTEM, BÃ?RO1, Scheduler, Malware Database, 2015.5.10.3, 2015.5.10.4,
Protection, 10.05.2015 16:06:07, SYSTEM, BÃ?RO1, Protection, Refresh, Starting,
Protection, 10.05.2015 16:06:07, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 16:06:07, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 16:06:15, SYSTEM, BÃ?RO1, Protection, Refresh, Success,
Protection, 10.05.2015 16:06:15, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 16:06:15, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started,
Update, 10.05.2015 16:43:11, SYSTEM, BÃ?RO1, Scheduler, Malware Database, 2015.5.10.4, 2015.5.10.5,
Protection, 10.05.2015 16:43:11, SYSTEM, BÃ?RO1, Protection, Refresh, Starting,
Protection, 10.05.2015 16:43:11, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 16:43:12, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 16:43:20, SYSTEM, BÃ?RO1, Protection, Refresh, Success,
Protection, 10.05.2015 16:43:20, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 16:43:21, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started,
(end) Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Lynx (administrator) on BÜRO1 on 15-07-2015 13:26:00
Running from C:\Users\Lynx\Desktop\Neuer Ordner
Loaded Profiles: Lynx (Available Profiles: Lynx & asdf & GameOne & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2012-09-28] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2012-09-28] ()
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6714472 2015-04-20] (SoftPerfect Research)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1864312 2015-06-16] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: G - "G:\StarCraft II Setup.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {020a0173-84af-11e4-8121-f3961ac82c14} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e691fc-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69238-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69306-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69add-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {0e809422-7b9e-11e4-8115-f77993d69a7e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e90a-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e936-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e961-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1c9b5243-81c9-11e4-811e-a171e9ee8aa0} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {2024620d-7c54-11e4-8117-8a2dc101f76e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {2bb89a14-8961-11e4-812a-82be54052a10} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {41642107-f681-11e4-81c6-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {42bb8f9b-0820-11e5-81ee-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {5425a063-d06f-11e2-be96-962745884476} - "G:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {5681dade-8754-11e4-8125-e4c02fffe7b6} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {602ed588-2080-11e5-821a-bc5ff49b57b2} - "G:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {61795401-b66d-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {71e31c43-89a4-11e4-812b-98c65f152381} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {760bc187-b8cb-11e4-816f-c4355dd57672} - "I:\autorun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {7f78bb87-7ea4-11e4-8119-bb79d2cffb58} - "I:\autorun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {7f78bbca-7ea4-11e4-8119-bb79d2cffb58} - "I:\autorun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {8a7c7d08-a273-11e4-8148-f5a56fa14f71} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {8a7c7d74-a273-11e4-8148-f5a56fa14f71} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {9244bd9c-fcb4-11e4-81de-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a1dc5abc-7e18-11e4-8118-aeb9a153bd8e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a21fd9b2-b48e-11e4-815d-9eafbcb2d3b9} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a21fd9da-b48e-11e4-815d-9eafbcb2d3b9} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a28a761e-10c5-11e5-8200-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {ae18e9a0-a357-11e4-8149-97076599412e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {ae18eafe-a357-11e4-8149-97076599412e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {aeecd083-88ee-11e4-8129-806c020fe1a9} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf765-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7a2-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7ce-07dc-11e5-81ed-bc5ff49b57b2} - "I:\autorun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7fe-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84604c1-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84604f6-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b8460559-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b8460946-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84609bd-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {bf3cdaa7-814f-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {c00238a7-27fd-11e5-822a-bc5ff49b57b2} - "G:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce05f25-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce067e0-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce0681a-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06850-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06881-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce068ba-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce068f0-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06936-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce069a2-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {d627b92c-1b09-11e5-8211-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {dcfa1ee0-1203-11e5-8203-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {dfd179af-0a91-11e5-81f2-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e1765eec-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e1765f1c-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e176669c-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e728a784-85c2-11e4-8123-cd986dcb0dac} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {f2ac2242-26cb-11e5-8229-bc5ff49b57b2} - "G:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {f6308941-b6c5-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {fabed4b4-829b-11e4-811f-8a75175685a0} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://expertzone.microsoft.com/Home.aspx
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/
https://googlemail.com/
https://meine.deutsche-bank.de/trxm/db/
https://easybill.de/
hxxp://promotionbasis.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4284259D-18DF-4D86-ACE1-40E748E2D1BD}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C7B339BB-30C0-448F-824F-F56A70FCDF7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602
FF SelectedSearchEngine:
FF Homepage: https://mail.google.com/mail/u/0/?shva=1#inbox
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3171061452-4263852144-1531571965-1001: SkypeForBusinessPlugin-15.8 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi.dll [2015-04-20] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3171061452-4263852144-1531571965-1001: SkypeForBusinessPlugin64-15.8 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi-x64.dll [2015-04-20] (Microsoft Corporation)
FF Extension: Ghostery - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\firefox@ghostery.com.xpi [2015-04-14]
FF Extension: Shoptimate - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\support@shoptimate.com.xpi [2015-01-25]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\toolbar-ff@payback.de.xpi [2015-03-29]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\vdpure@link64.xpi [2015-02-04]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2015-01-24]
FF Extension: Adblock Plus - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-25]
FF Extension: DownThemAll! - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-09]
CHR Extension: (SoundCloud Downloader) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjckonbgbnaihkahaolpfjpllplfifjo [2015-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-02]
CHR Extension: (Porsche) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2015-05-15]
CHR Extension: (FoxyDeal) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelbcgibfifpplacnbbflieigmcbpkec [2015-05-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-01-24]
CHR Extension: (Flashcontrol) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-05-14]
CHR Extension: (Ghostery) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-14]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [Lynx] - No Path Or update_url value
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2558072 2015-06-19] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [966776 2015-06-16] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3711712 2015-06-16] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3202368 2015-06-19] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789624 2015-06-16] (G Data Software AG)
S2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138272 2014-09-05] ()
S2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [219680 2014-09-05] ()
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-06] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-10] ()
S2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2733568 2012-09-28] (C-Media Inc)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [158720 2015-07-14] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-05-14] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-05-14] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230912 2015-07-14] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-07-14] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-07-14] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-05-17] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [125952 2015-07-14] (G Data Software AG)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) [File not signed]
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (cansoft@livewiredev.com) [File not signed]
S3 MEMSWEEP2; C:\WINDOWS\system32\3FF2.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [60736 2015-03-17] (NetFilterSDK.com)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-15 13:01 - 2015-07-15 13:02 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-15 13:01 - 2015-07-15 13:01 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-15 13:01 - 2015-07-15 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-15 13:01 - 2015-07-15 13:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-15 13:01 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-15 13:01 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-15 13:01 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-15 12:58 - 2015-07-15 12:58 - 00002185 _____ C:\Users\Lynx\Desktop\JRT.txt
2015-07-15 12:46 - 2015-07-15 12:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-bÜro1-windows-8.1-pro-(64-bit).dat
2015-07-15 12:46 - 2015-07-15 12:46 - 00000000 ____D C:\RegBackup
2015-07-15 12:37 - 2015-07-15 12:38 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lynx\Downloads\mbam-setup-2.1.6.1022 (2).exe
2015-07-14 23:10 - 2015-07-15 13:21 - 00000000 ____D C:\Users\Lynx\Desktop\Neuer Ordner
2015-07-14 22:22 - 2015-07-14 22:22 - 00380416 _____ C:\Users\Lynx\Downloads\Gmer-19357 (1).exe
2015-07-14 22:16 - 2015-07-15 13:26 - 00000000 ____D C:\FRST
2015-07-14 22:16 - 2015-07-14 22:16 - 00000000 _____ C:\Users\Lynx\defogger_reenable
2015-07-14 14:56 - 2015-07-14 14:56 - 00003840 _____ C:\WINDOWS\DPINST.LOG
2015-07-14 14:56 - 2015-07-14 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-07-14 14:55 - 2015-07-14 14:55 - 00000000 _____ C:\Users\Lynx\Desktop\Neues Textdokument (3).txt
2015-07-10 22:20 - 2015-07-10 22:22 - 133389698 _____ C:\Users\Lynx\Downloads\Latex-Orgie - GUTERPORNCOM.flv
2015-07-10 08:47 - 2015-07-10 08:48 - 08765440 _____ C:\Users\Lynx\Downloads\SkypeForBusinessPlugin (1).msi
2015-07-09 23:59 - 2015-07-10 00:11 - 102040672 _____ C:\Users\Lynx\Downloads\Katie Jordin Latex Sex - Fetisch sex video - Tube8com.mp4
2015-07-09 23:57 - 2015-07-10 00:03 - 55641385 _____ C:\Users\Lynx\Downloads\Fetish latex and boots fuck - Hardcore sex video - Tube8com.mp4
2015-07-09 23:55 - 2015-07-10 00:00 - 45240671 _____ C:\Users\Lynx\Downloads\Latex Maid Fucked - Hardcore sex video - Tube8com.mp4
2015-07-09 20:56 - 2015-07-09 20:56 - 00000000 _____ C:\Recovery.txt
2015-07-09 19:25 - 2015-06-09 22:57 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150709-192501.backup
2015-07-09 19:21 - 2015-07-09 19:21 - 15201344 _____ C:\Users\Lynx\Downloads\gu5setup (2).exe
2015-07-09 19:20 - 2015-07-09 19:21 - 15201344 _____ C:\Users\Lynx\Downloads\gu5setup (1).exe
2015-07-09 19:16 - 2015-05-09 22:44 - 00004299 _____ C:\Quarantine.lst
2015-07-09 18:35 - 2015-07-09 18:35 - 00000598 _____ C:\Users\Lynx\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-09 18:33 - 2015-07-09 00:14 - 00136456 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-07-09 18:25 - 2015-07-09 18:32 - 160550488 _____ C:\Users\Lynx\Downloads\EmsisoftEmergencyKit.exe
2015-07-08 15:53 - 2015-07-08 15:53 - 00131174 _____ C:\Users\Lynx\Downloads\Promoter_Personalbogen_Vorlage.pptx
2015-07-07 23:04 - 2011-05-31 18:11 - 00415744 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2015-07-07 23:04 - 2011-05-03 16:42 - 00222464 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2015-07-07 23:04 - 2011-02-25 19:02 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2015-07-07 23:04 - 2011-01-30 19:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2015-07-07 23:04 - 2010-10-08 17:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2015-07-07 23:04 - 2010-09-26 19:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2015-07-07 23:04 - 2010-08-06 08:43 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2015-07-07 23:04 - 2010-07-27 10:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2015-07-07 23:04 - 2010-03-20 13:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2015-07-03 09:33 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-03 09:33 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-03 09:32 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-03 09:32 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-07-03 09:32 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-03 09:32 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-03 09:32 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-03 09:32 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-03 09:32 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-03 09:32 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-03 09:32 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-03 09:32 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-03 09:32 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-03 09:32 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-03 09:32 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-03 09:32 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-03 09:32 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-03 09:32 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-03 09:32 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-03 09:32 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-03 09:32 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-03 09:32 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-03 09:32 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-03 09:32 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-03 09:32 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-03 09:32 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-03 09:32 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-03 01:15 - 2015-07-03 01:15 - 00000000 ____D C:\Users\Lynx\Documents\The Witcher
2015-07-03 01:15 - 2015-07-03 01:15 - 00000000 ____D C:\Users\Lynx\AppData\Local\The Witcher
2015-07-03 01:09 - 2015-07-03 01:09 - 00018435 _____ C:\WINDOWS\DirectX.log
2015-07-03 01:07 - 2015-07-03 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition
2015-07-03 00:56 - 2015-07-03 01:07 - 00000000 ____D C:\Program Files (x86)\The Witcher Enhanced Edition
2015-07-03 00:56 - 2015-07-03 01:06 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2015-07-02 17:25 - 2015-07-02 17:27 - 00000000 ____D C:\Users\Lynx\Downloads\Sound Cloud
2015-07-01 14:38 - 2015-07-01 14:43 - 45827960 _____ C:\Users\Lynx\Downloads\Rich Bitch Sucking Off The Poor Bell-boy movie (Danny D Rebecca Moore Cathy Heaven) MILF Fox.mp4
2015-07-01 14:36 - 2015-07-01 14:43 - 45180522 _____ C:\Users\Lynx\Downloads\Great Looking Nurse Likes Hard Dicks movie (Jayden Jaymes) MILF Fox.mp4
2015-06-27 22:50 - 2015-06-27 22:51 - 04343907 _____ C:\Users\Lynx\Downloads\TV-20150627-2107-0201.websm.h264.mp4
2015-06-27 22:45 - 2015-06-27 22:45 - 11207009 _____ C:\Users\Lynx\Downloads\TV-20150627-2142-2801.websm.h264.mp4
2015-06-24 13:10 - 2015-06-24 13:10 - 00009336 ____N (G*DATA Software AG) C:\WINDOWS\SysWOW64\GdScrSv.de.dll
2015-06-24 12:06 - 2015-06-24 12:06 - 02230392 ____N (G Data Software AG) C:\WINDOWS\SysWOW64\GdScrSv.scr
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-15 13:17 - 2015-01-06 18:51 - 00000000 __RDO C:\Users\Lynx\OneDrive
2015-07-15 13:16 - 2013-03-26 22:58 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3171061452-4263852144-1531571965-1001
2015-07-15 13:15 - 2015-05-17 20:47 - 01924865 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-15 13:15 - 2014-03-29 09:28 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-15 13:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-15 12:50 - 2014-09-24 08:16 - 01870968 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-15 12:50 - 2014-09-24 07:43 - 00799712 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-15 12:50 - 2014-09-24 07:43 - 00174252 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-15 12:43 - 2015-05-17 18:49 - 00091887 _____ C:\WINDOWS\setupact.log
2015-07-15 12:43 - 2013-12-19 02:10 - 00000000 ____D C:\AdwCleaner
2015-07-15 12:43 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-15 12:43 - 2013-08-22 15:25 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
2015-07-15 12:43 - 2013-05-01 03:13 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 12:41 - 2013-05-01 03:13 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-15 12:30 - 2015-05-10 12:38 - 00000000 ____D C:\ProgramData\GlarySoft
2015-07-15 12:30 - 2015-05-10 11:56 - 00000000 ____D C:\Users\Lynx\AppData\Roaming\GlarySoft
2015-07-15 12:30 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-14 22:27 - 2014-11-28 21:01 - 00000000 ____D C:\Users\Lynx
2015-07-14 19:15 - 2014-03-29 09:28 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 14:56 - 2015-05-14 23:31 - 00230912 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00158720 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00125952 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00091648 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00068608 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00001998 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-07-14 14:56 - 2015-05-14 23:31 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-07-14 14:56 - 2015-04-11 23:47 - 00000000 ____D C:\ProgramData\G Data
2015-07-14 14:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-12 13:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-12 13:22 - 2013-03-26 22:50 - 00000000 ____D C:\Users\Lynx\AppData\Local\Packages
2015-07-09 19:56 - 2015-05-18 09:18 - 00007782 _____ C:\WINDOWS\PFRO.log
2015-07-09 19:56 - 2013-12-19 02:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-09 19:27 - 2014-04-02 00:12 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-07-09 18:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-04 20:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-03 09:49 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-03 09:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-03 09:34 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-02 17:48 - 2015-04-15 13:21 - 00000000 ____D C:\Users\Lynx\AppData\Roaming\foobar2000
2015-06-28 13:52 - 2015-04-04 21:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-21 15:37 - 2015-02-14 22:15 - 00000000 ____D C:\Users\Lynx\AppData\Local\Battle.net
2015-06-20 05:02 - 2014-09-24 09:43 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2014-09-24 09:43 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-04-11 23:48 - 2015-04-11 23:48 - 0000000 _____ () C:\Users\Lynx\AppData\Roaming\gdfw.log
2015-04-11 23:48 - 2015-05-14 23:31 - 0001558 _____ () C:\Users\Lynx\AppData\Roaming\gdscan.log
2013-12-19 01:44 - 2013-12-19 11:58 - 0007605 _____ () C:\Users\Lynx\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\Lynx\AppData\Local\Temp\Quarantine.exe
C:\Users\Lynx\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-15 13:17
==================== End of log ============================ was genau macht frst? Bzw warum ein log am anfang und am ende? Kann man so eigenartige veränderungen entdecken, selbst wen die scanner nichts direkt finden?
lg
lynx |