ZePet

Honorary Members

View Profile See their activity

Posts
31
Joined
January 7, 2016
Last visited
October 30, 2017

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by ZePet

Web Protection turns itself off and cannot be restarted

ZePet replied to ZePet's topic in Malwarebytes for Windows Support Forum

I have cleaned up using your tool and reinstalled the programme again. The error persisted, oddly enough, with the same time frame of it turning off. I went ahead of myself and used the Geek Uninstaller to do a "forced uninstall", and once again installed MBAM after that removal and a reboot. GU had found two registry entries that had persisted, one in my Firewall's folder (Win10 Firewall Free), the other one in the security part of HKLM. Now everything runs smoothly again so far. Without my trusty MBAM, I felt pretty naked. Thank you for your help (next time I'll be less of a user and do my reinstall before pestering you people here)!
- October 30, 2017
- 8 replies
Web Protection turns itself off and cannot be restarted

ZePet replied to ZePet's topic in Malwarebytes for Windows Support Forum

Hello, dear Nikhils, and thank you for your quick reply. I have indeed relaunched MBAM repeatedly, but the Web Protection module stubbornly turns itself off again automatically. When I attempt to restart the web protection service, it flashes as "starting" briefly, but reverts to "off" after app. a second (see screenies 1 thgrough 3). Nevertheless I have repeated the switch off-switch on procedure with a relaunch delay of a minimum of two minutes, but sadly it doesn't help, either. Upon launch, the module shows as active, but a popup alerts me at the same that it is off. The main programme screen shows exactly that after about five seconds, too. A minute after that it notifies me that one or more real time protection are deactivated. Neither of the buttons on the popup does anything to fix the rtp. I'd apreciate more input on what to do next, if you'd be so kind.
- October 27, 2017
- 8 replies
Web Protection turns itself off and cannot be restarted

ZePet posted a topic in Malwarebytes for Windows Support Forum

Upon restarting my PC from regular hibernation more, I was notified that MBAM's web protection was off. I turned it on - cue endless "is being started" message, but it remained off. My first idea was "oh, right, it's Win 10, let's reboot in IT Crowd style", which I did. The issue persisted. I shut the POC down completely and rebooted. The issue persisted. Shutting down MBAM lets me turn web protection on again, but it deactivates itself after between 57 seconds and 3 minute 12 seconds. I had no system crashes. Included are the FRST scan and the MB-Check files in the suggested format.. mb-check-results.zip
- October 27, 2017
- 8 replies
License failed to activate

ZePet replied to ZePet's topic in Anti-Ransomware Beta

1. Done. 2. Done. 3. No manual corrections needed; everything was uninstalled properly. 4. Done under Admin privileges. 5. Done, saved to desktop. 6. Done, installed as admin. It activated instantly, no error message. 7. After a regular reboot, MBARW works just fine under both admin and regular account. Thank you very much, as always. The issue is resolved, I daresay.
- September 24, 2016
- 8 replies
License failed to activate

ZePet replied to ZePet's topic in Anti-Ransomware Beta

Hmm, very well, I will do that. Fourth time I have to since I began testing, sadly. But it's not much effort, so it's fine! After all, we'll end up with more stuff to keep us safe, right? ^^ I will update you as soon as I am done, which will be in the morning hours of CEST.
- September 24, 2016
- 8 replies
License failed to activate

ZePet replied to ZePet's topic in Anti-Ransomware Beta

Hello 1PW, I fear that it was a typical IT Crowd issue. I killed all running MBARW processes via Process Explorer and rebooted twice. Once as a normal reboot (without any changes, but *startsarcasm* at least Win 10 crashed promptly *endsarcasm*), the second time after shutting the PC down entirely (due to the crash). The latter reboot fixed MBARW. An annoying little issue, but yet... I include the current zip file nevertheless, in the hopes that you might find a reason why the update doesn't work on all PCs. Thank you for providing us with antivirus and antimalware solutions that work properly and don'T harbour BHOs, toolbars and other ad- or spyware. *cheers* Attachment: MalwarebytesARW.zip
- September 22, 2016
- 8 replies
License failed to activate

ZePet replied to ZePet's topic in Anti-Ransomware Beta

Please consider making your own topic. This one now looks as if somebody has replied to it and tends to it already. >_<
- September 21, 2016
- 8 replies
License failed to activate

ZePet posted a topic in Anti-Ransomware Beta

Hello MB! Well, to keep it short, the title says it all. Apparently the Anti-Ransomware programme doesn't activate due to some license issue. Uninstalling and reinstalling after emptying appdata has not helped, either. Would you kindly advise me what to do and what kind of data to provide in case you see a chance of fixing this with me? I'd rather not be online without it these days (see HDDCryptor etc.).
- September 21, 2016
- 8 replies
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Wupps. I forgot. Read through all the RAM and pagefile stuff, including the link the guy provided. Win7 has a different layout (and no context emnu), and my English fails me on translating the names of processes and subcategories on top of all the rest. I'm dimly aware that I'll need to test my RAM and pagefile usage to set sensible values, it seems... but I'm lost how to.
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Hello Kevin, and sorry for the delay in response. Family and work had conspired against me. I'm not intending to disable a Winsdows system file, no worries. My virtual RAM is set to silly values, I suppose... 1.5 times the physical RAM as minimum, 3 times as maximum. So its size might be the issue... HAH. I learn something new every time. Thre backup programme site hasn't been updated since before their New Year offer ran out, and only accepts credit cards, sadly. I'll search on. Kevin, you have been great help, and I thank you. I'll see upon the beginning of June wqhether I can at least tip you a little - it's not going to be much, more a symbolical thank you, mind you. The fate of single parents. ^^ -Pet
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Good morning! Welp, I have found the issue. Changing the startup programmes in the config hadn't changed much. Well, the bootup is a bit faster, the shutdown remained awfully long. Turns out that something had apparently decided it must be a good idea to delete the pagefile.sys upon every shutdown of Windows.. As soon as that was set to "nope", the issue was gone. I just wonder whether the safety advantages of deleting it are so large that it warrants the various minutes of shutdown. What is your opinion on that? My PC is always either fully in use or switched off, never on standby only. And one last thing: do the forums have a subsection where I can post a question about backup progs? I seem to find none that quite fits. -Pet
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Lovely, thanks!
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Uh-oh... I fear I may probably need a bit more help in that matter. Never dealt with the msconfig so far. Skype starts at bootup because I use a very old version that is locked down, and it bugs out when not loaded upon system start, i.e. refuses to let me log into it. I'll return with a report in the morning. Thank you very much, Kevin! -Pet
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Update: the PC still needs immense amounts of time to shut down. But that is about the only unnerving thing that is left. On the other hand, even if it takes four minutes, I don't have to stand beside it and wait for it to switch off. So.. I'd daresay it looks fine! Now if I only could get my old Acronis to work again. I feel naked without a backup programme. I entered a lot of random website addresses without prefixes today, and got no rereoutes. Hurray! I think that is it? -Pet
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Step 1: I downloaded both to my desktop. Admin-ran Delfix without issues, all was uninstalled and reset as intended, I think. Step 2: Ran Geek Uninstaller as admin. It removed Sophos and Zamana as it was supposed to. Looking at the time, I'll update during the morning hours on how the PC behaves now and try a few URLs. I hope it will power down faster now. Thank you again for your time and help so far! -Pet
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Spybot... hrrm. A lot of sites nevertheless. But that should not be an issue for the PC then... Odd is that suddenly, the PC needs well over four minutes to shut down, but boots up normally. As for issues: I think not. The DNS problem can't really be reproduced and happened at huge intervals of twice in a few months' time. Was there anything that got removed which might have caused it, even? I lost oversight at the beginning already and just followed your instructions. ^^ Should you deem everything fine as well, I'd like to get to wrapping up so I make room for people with more pressing problems than mine, of course. -Pet
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Allright, here come the new files: Step 1: Ran FRST with fixlist.txt in the folder the FRST.txt was. Fixlog.txt follows: Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:28-05-2016 durchgeführt von Ti'riqa (2016-05-28 19:20:50) Run:1 Gestartet von C:\Users\Ti'riqa\Desktop\PC tools Geladene Profile: Pet & Ti'riqa (Verfügbare Profile: Pet & Ti'riqa) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** Start CreateRestorePoint: CloseProcesses: BootExecute: autocheck autochk * xe ProxyServer: [S-1-5-21-548620592-360744849-4095091825-1000] => localhost:8080 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG S3 ALSysIO; \??\C:\Users\Pet\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] C:\Users\Pet\AppData\Local\Temp\FoxitUpdater.exe C:\Users\Ti'riqa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ix6pv.dll C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u65-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\SkypeSetup.exe CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CMD: ipconfig /flushdns EmptyTemp: end ***************** Fehler: (0) Erstellen eines Wiederherstellungspunktes gescheitert. Prozess erfolgreich geschlossen. hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => Fehler beim Setzen des Wertes HKU\S-1-5-21-548620592-360744849-4095091825-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wert nicht gefunden. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel konnte nicht entfernt werden. Zugriff verweigert. ALSysIO => Dienst konnte nicht entfernt werden catchme => Dienst konnte nicht entfernt werden "C:\Users\Pet\AppData\Local\Temp\FoxitUpdater.exe" => nicht gefunden. C:\Users\Ti'riqa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ix6pv.dll => erfolgreich verschoben C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u60-windows-au.exe => erfolgreich verschoben C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u65-windows-au.exe => erfolgreich verschoben C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u66-windows-au.exe => erfolgreich verschoben C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u71-windows-au.exe => erfolgreich verschoben C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u73-windows-au.exe => erfolgreich verschoben C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u77-windows-au.exe => erfolgreich verschoben C:\Users\Ti'riqa\AppData\Local\Temp\SkypeSetup.exe => erfolgreich verschoben HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert. HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert. HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert. HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert. HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert. HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert. HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert. HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert. ========= ipconfig /flushdns ========= Windows-IP-Konfiguration Der DNS-Auflsungscache wurde geleert. ========= Ende von CMD: ========= =================== Step 2: AdwCleaner ran without turning up anything; log follows. # AdwCleaner v5.118 - Logfile created 28/05/2016 at 19:24:54 # Updated 23/05/2016 by Xplode # Database : 2016-05-26.2 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : Pet - KAAJI # Running from : C:\Users\Ti'riqa\Desktop\AdwCleaner.exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* \AdwCleaner\AdwCleaner[S1].txt - [813 bytes] - [31/03/2016 18:09:14] \AdwCleaner\AdwCleaner[S2].txt - [892 bytes] - [27/05/2016 13:24:04] \AdwCleaner\AdwCleaner[S3].txt - [775 bytes] - [28/05/2016 19:24:54] ########## EOF - \AdwCleaner\AdwCleaner[S3].txt - [845 bytes] ########## =================== Step 3: Something odd has happened. My taskbar lost all icons of my security programmes - I just watched them vanish while I tried to click them... most odd. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.6 (04.25.2016) Operating System: Windows 7 Home Premium x64 Ran by Pet (Administrator) on 28.05.2016 at 19:39:15,90 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 25 Successfully deleted: C:\Windows\wininit.ini (File) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\187H7WR8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S6WNGC0 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SUFT6B5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52V9ZY42 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MAQ26MT (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEQCIDC8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1L215PU (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L4DS16MS (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGN1O8Y2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5DCKHIZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WOHOCAVL (Temporary Internet Files Folder) Successfully deleted: C:\Users\Pet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNLU9JSK (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\187H7WR8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S6WNGC0 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SUFT6B5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52V9ZY42 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MAQ26MT (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEQCIDC8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1L215PU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L4DS16MS (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGN1O8Y2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5DCKHIZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WOHOCAVL (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNLU9JSK (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28.05.2016 at 19:41:26,31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =================== Step 4: Admin-ran the tool, log follows here: --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.36, May 2016 (build 5.36.12600.0) Started On Sat May 28 19:45:35 2016 Engine: 1.1.12706.0 Signatures: 1.219.58.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sat May 28 19:56:03 2016 Return code: 0 (0x0) =================== These are hopefully all things you wanted. I wonder why my IE even has any entries, as I have never used it... I just kept it updated out of security concerns, but that is it. And... what's with those nearly 8,000 IE entries, from animal toys over coupons to porn? The whole IE business puzzles me a lot, to be honest. Maybe you can explain to me why it is full of... pardon my French... crap when I don't use it even? I can't reproduce that rerouting of my browser, as I initially mentioned, so sadly I can't say whether the problem is fixed. I see that some Registry keys were not deleted, however. Is that a problem? Also, I long since unistalled that foxit reader, but it pops up in the logs. Odd! Again, many thanks for all your time and work so far. I look forward to finding the next step of instructions. -Pet
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

I admit that I have no idea why there is a proxy setting. Can that be left over from a Youtube unblocker? In Germany, a lot of videos are blocked because of the copyright chaos with our beloved GEMA, and for a while, I used Proxtube... I think. Other than that, no I would not know why it is there. Please advise me what to do next, please.
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Good morning Kevin! Here is the long, long result of your instruction: I hope everything is correct now. Step 1: I elevated my user account into an admin one, started Farbar. Following are FRST.txt and Addition.txt Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01 durchgeführt von Pet (Administrator) auf KAAJI (28-05-2016 01:42:36) Gestartet von C:\Users\Ti'riqa\Desktop\PC tools Geladene Profile: Pet & Ti'riqa (Verfügbare Profile: Pet & Ti'riqa) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 8 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sphinx Software) C:\Program Files\Windows10FirewallControl\Windows10FirewallService.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Sphinx Software) C:\Program Files\Windows10FirewallControl\Windows10FirewallControl.exe (Dropbox, Inc.) C:\Users\Ti'riqa\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-21] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Windows10FirewallControl] => C:\Program Files\Windows10FirewallControl\Windows10FirewallControl.exe [1553600 2015-11-20] (Sphinx Software) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13672176 2016-05-24] (Zemana Ltd.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Run: [Dropbox Update] => C:\Users\Ti'riqa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-19] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-21] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-21] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-04-27] ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes) BootExecute: autocheck autochk * xe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) ProxyServer: [S-1-5-21-548620592-360744849-4095091825-1000] => localhost:8080 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C4579234-06CE-47D8-A8EE-89AFF1278360}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-548620592-360744849-4095091825-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-27] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-21] (LastPass) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-27] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-21] (LastPass) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-21] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-21] (LastPass) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-04-23] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-22] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-04-23] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-22] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\j4d06aqi.default-1410613454942 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-26] () FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-27] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-21] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-26] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei] FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-21] (LastPass) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-548620592-360744849-4095091825-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei] FF Extension: Blur - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\j4d06aqi.default-1410613454942\Extensions\donottrackplus@abine.com.xpi [2016-04-27] FF Extension: Ghostery - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\j4d06aqi.default-1410613454942\Extensions\firefox@ghostery.com.xpi [2016-04-27] FF Extension: NoScript - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\j4d06aqi.default-1410613454942\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-27] FF Extension: Adblock Plus - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\j4d06aqi.default-1410613454942\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-27] Chrome: ======= CHR Profile: C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [Datei ist nicht signiert] R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe [1478272 2012-01-13] (ASUSTeK Computer Inc.) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [Datei ist nicht signiert] R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 Windows10FirewallService; C:\Program Files\Windows10FirewallControl\Windows10FirewallService.exe [3954880 2015-11-20] (Sphinx Software) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13672176 2016-05-24] (Zemana Ltd.) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] () R3 farflt; C:\Windows\system32\drivers\farflt.sys [59776 2016-05-27] (Malwarebytes) S3 jvbrottv; C:\Windows\System32\Drivers\jvbrottv.sys [426848 2014-09-14] (AVAST Software) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-05-27] (Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-08-26] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-08-26] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-08-26] () S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-05-28] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-05-28] (Zemana Ltd.) S3 ALSysIO; \??\C:\Users\Pet\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-28 01:39 - 2016-05-28 01:39 - 151121960 _____ (Sophos Limited) C:\Users\Ti'riqa\Desktop\Sophos Virus Removal Tool.exe 2016-05-28 01:28 - 2016-05-28 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-05-28 01:27 - 2016-05-28 01:27 - 00000000 ____D C:\Users\Ti'riqa\AppData\Local\Zemana 2016-05-28 01:26 - 2016-05-28 01:42 - 00055011 _____ C:\Windows\ZAM.krnl.trace 2016-05-28 01:26 - 2016-05-28 01:29 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2016-05-28 01:25 - 2016-05-28 01:42 - 00007584 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-05-28 01:25 - 2016-05-28 01:29 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2016-05-28 01:25 - 2016-05-28 01:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-05-28 01:25 - 2016-05-28 01:28 - 00001076 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-05-28 01:24 - 2016-05-28 01:24 - 00000000 ____D C:\Users\Pet\AppData\Local\Zemana 2016-05-27 14:36 - 2016-05-27 14:37 - 00002120 _____ C:\Users\Pet\Desktop\Rkill.txt 2016-05-27 14:08 - 2016-05-28 01:42 - 00000000 ____D C:\FRST 2016-05-27 13:48 - 2016-05-27 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-05-27 13:48 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-27 13:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-27 13:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-27 13:35 - 2016-05-27 13:35 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-27 13:02 - 2016-05-27 13:02 - 00025530 _____ C:\Users\Ti'riqa\AppData\Local\recently-used.xbel 2016-05-02 18:38 - 2016-05-21 00:19 - 00000000 ____D C:\Users\Pet\AppData\Roaming\discord 2016-05-01 17:09 - 2016-05-06 17:36 - 00002167 _____ C:\Users\Ti'riqa\Desktop\Discord.lnk 2016-05-01 17:09 - 2016-05-06 17:36 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2016-05-01 17:09 - 2016-05-06 17:36 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\discord 2016-05-01 17:08 - 2016-05-06 17:35 - 00000000 ____D C:\Users\Ti'riqa\AppData\Local\SquirrelTemp 2016-05-01 17:08 - 2016-05-06 17:35 - 00000000 ____D C:\Users\Ti'riqa\AppData\Local\Discord ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-28 01:42 - 2016-03-22 16:54 - 00000000 ___RD C:\Users\Ti'riqa\Desktop\PC tools 2016-05-28 01:36 - 2014-09-09 15:37 - 00000000 ____D C:\Users\Ti'riqa 2016-05-28 01:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2016-05-28 01:11 - 2014-09-10 18:38 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\Skype 2016-05-27 14:50 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-27 14:50 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-27 13:56 - 2016-03-21 12:30 - 00000000 ____D C:\Users\Ti'riqa\AppData\LocalLow\LastPass 2016-05-27 13:48 - 2014-09-08 20:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-05-27 13:35 - 2016-02-07 21:18 - 00059776 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-05-27 13:34 - 2013-05-17 13:01 - 00000000 ____D C:\ProgramData\NVIDIA 2016-05-27 13:24 - 2016-03-31 18:08 - 00000000 ____D C:\AdwCleaner 2016-05-27 13:02 - 2014-09-24 20:57 - 00000000 ____D C:\Users\Ti'riqa\.gimp-2.8 2016-05-26 22:40 - 2012-07-22 18:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-26 22:40 - 2012-07-22 18:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-26 22:29 - 2014-09-10 18:45 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\Mumble 2016-05-18 03:10 - 2015-03-11 18:20 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-05-14 12:30 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2016-05-12 19:28 - 2014-10-14 23:10 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\vlc 2016-05-06 17:39 - 2012-07-22 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble 2016-05-06 17:39 - 2012-07-22 18:18 - 00000000 ____D C:\Program Files (x86)\Mumble 2016-05-06 17:36 - 2011-04-12 09:43 - 00699432 _____ C:\Windows\system32\perfh007.dat 2016-05-06 17:36 - 2011-04-12 09:43 - 00149572 _____ C:\Windows\system32\perfc007.dat 2016-05-06 17:36 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-06 17:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-06 00:27 - 2015-06-05 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-05-06 00:26 - 2015-06-05 16:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-05-04 19:55 - 2013-11-08 22:21 - 00000000 ___RD C:\Users\Pet\Desktop\WIIICHTIIIG 2016-05-04 15:13 - 2012-07-21 23:26 - 00000000 ____D C:\Users\Pet 2016-05-02 23:31 - 2016-04-24 16:41 - 00000000 ____D C:\Users\Ti'riqa\Desktop\Huawei 2016-04-24 2016-05-01 12:38 - 2009-07-14 06:45 - 00316600 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-28 16:07 - 2014-09-09 15:38 - 00074456 _____ C:\Users\Ti'riqa\AppData\Local\GDIPFONTCACHEV1.DAT ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-07-22 00:08 - 2012-05-15 12:48 - 0008204 _____ () C:\Program Files\EULA.txt 2012-07-22 00:08 - 2012-05-15 12:48 - 0021887 _____ () C:\Program Files\license.txt 2012-07-22 00:08 - 2012-05-15 12:48 - 0008112 _____ () C:\Program Files\Setup.cfg 2012-07-22 00:09 - 2012-05-15 12:48 - 0374080 _____ (NVIDIA Corporation) C:\Program Files\setup.exe 2016-03-21 12:31 - 2016-03-21 12:31 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2012-12-18 00:18 - 2012-12-18 00:18 - 0000546 _____ () C:\Users\Pet\AppData\Roaming\All CPU MeterV3_Settings.ini 2012-11-14 21:20 - 2012-11-14 21:20 - 0000285 _____ () C:\Users\Pet\AppData\Roaming\GPU MeterV2_Settings.ini 2012-10-01 20:50 - 2012-10-02 04:17 - 0000352 _____ () C:\Users\Pet\AppData\Roaming\Network Meter_Settings.ini 2014-06-11 08:02 - 2014-06-11 08:46 - 0000790 _____ () C:\Users\Pet\AppData\Local\cookies.ini 2013-08-01 13:51 - 2014-06-11 22:46 - 0006144 _____ () C:\Users\Pet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-09 14:54 - 2014-09-09 14:54 - 0012265 _____ () C:\Users\Pet\AppData\Local\recently-used.xbel 2013-01-19 03:46 - 2013-12-17 13:16 - 0007605 _____ () C:\Users\Pet\AppData\Local\resmon.resmoncfg Einige Dateien in TEMP: ==================== C:\Users\Pet\AppData\Local\Temp\FoxitUpdater.exe C:\Users\Ti'riqa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ix6pv.dll C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u65-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2012-07-21 23:53 ==================== Ende von FRST.txt ============================ Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01 durchgeführt von Pet (2016-05-28 01:43:40) Gestartet von C:\Users\Ti'riqa\Desktop\PC tools Windows 7 Home Premium Service Pack 1 (X64) (2012-07-21 21:26:03) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-548620592-360744849-4095091825-500 - Administrator - Disabled) Gast (S-1-5-21-548620592-360744849-4095091825-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-548620592-360744849-4095091825-1003 - Limited - Enabled) Pet (S-1-5-21-548620592-360744849-4095091825-1000 - Administrator - Enabled) => C:\Users\Pet Ti'riqa (S-1-5-21-548620592-360744849-4095091825-1005 - Administrator - Enabled) => C:\Users\Ti'riqa ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated) Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.28 - ASUSTeK Computer Inc.) ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.1.9 - ASUSTeK Computer Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform) Discord (HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.) Dropbox (HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.) FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) GOG.com Planescape Torment (HKLM\...\{8f376ce2-c213-4a6c-a329-0b2a7eb2bad8}.sdb) (Version: - ) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev) Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation) LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla) Mumble 1.2.16 (HKLM-x32\...\{E938AC6B-A1EB-40C7-8FFE-D4A325C1EA5D}) (Version: 1.2.16 - Thorvald Natvig) No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23) No23 Recorder (x32 Version: 2.1.0.3 - No23) Hidden NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation) OpenOffice 4.1.2 Language Pack (English (United Kingdom)) (HKLM-x32\...\{F07DA5BB-8A1E-4F3E-B6B0-A4CBFF33E9C7}) (Version: 4.12.9782 - Apache Software Foundation) OpenOffice 4.1.2 Language Pack (Swedish) (HKLM-x32\...\{05020D08-A575-465F-9E2A-FDDC2E2F475B}) (Version: 4.12.9782 - Apache Software Foundation) Paragon Backup and Recovery™ 14 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) Paragon Partition Manager™ 2014 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software) Planescape Torment (HKLM-x32\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung ML-2540 Series (HKLM-x32\...\Samsung ML-2540 Series) (Version: - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden VueScan (HKLM\...\VueScan) (Version: - ) Warframe (HKLM-x32\...\{855F04C9-6D2A-483A-A067-BD977CE97709}) (Version: 1.0.0 - Digital Extremes) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) Windows10FirewallControl Free 7.5.100.200 (HKLM\...\Windows10FirewallControl_is1) (Version: 7.5.100.200 - Sphinx Software) WinX DVD Ripper 5.5.9 (HKLM-x32\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.905 - Zemana Ltd.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0572C585-070E-4895-A0FD-0D76F17B3DC1} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {07213107-EBF7-4E5C-BD28-19C9E1221231} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {13B55829-DF65-4C84-8749-2ED606A198E8} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {2B1599FB-4AA0-435D-A2EE-76934A29D165} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {4B20C1F5-1745-45CC-BA41-32B971EDD63C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5188F070-CC34-4E76-B2BA-3D2FBB6732C6} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {5F51FCE9-EC37-47A7-A905-E3D50A897426} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5FB64E82-156D-49ED-B4F8-7796A86D481C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {6C6F3DAD-7D7F-43FD-80CD-4B68EDB5C977} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe Task: {79D2BA6C-9B91-4F74-88F8-B885644FAB5E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {8E1BC935-65D0-42BA-B69E-310497F0F57A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {91EAD51F-2590-4C5D-9E8C-7571D1F52FCC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {937482A6-7EAD-4DB8-92D3-4E1BADBCE2A7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {AC1F5CD6-72F3-4B7C-AFA4-442E77AC9551} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {C4C35DDF-4B41-4059-B61A-616F94B9165E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {C96ADD0F-C029-4DFC-8BBD-DE0AA9AECE32} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {CC7EB1ED-30B2-45D1-9667-0A7DB0E1E742} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {CD76D6FE-8422-49EF-BB84-B054E80FB109} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {CEE74E90-2ED5-406C-A446-38086B16412D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {EE7B9C7D-16FE-49A5-A537-AF61A8B18F14} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {FC31C657-362B-4406-AB6D-99FAE1A72CC3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-548620592-360744849-4095091825-1005Core.job => C:\Users\Ti'riqa\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03f83ef4a001c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0430018149591.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f211d877552.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfeb62b2ac21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e10fbf012abb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f243bb7a7045.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f8a85bc8225.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d80ebd7291d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2013-05-17 13:01 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-04-01 11:00 - 2011-04-01 11:00 - 00034304 _____ () C:\Windows\System32\ssp9mlm.dll 2013-05-16 19:47 - 2011-10-29 09:59 - 00918448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe 2016-04-27 20:09 - 2016-04-27 20:10 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll 2012-08-29 18:14 - 2011-02-28 08:39 - 00211456 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll 2016-05-28 01:26 - 2016-05-28 01:29 - 00121200 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2016-04-27 20:09 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll 2012-09-27 10:20 - 2012-09-27 10:20 - 01212928 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssp9mdu.dll 2013-05-16 19:47 - 2016-05-27 13:34 - 00019456 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll 2013-05-16 19:47 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll 2016-03-22 18:45 - 2016-03-22 18:45 - 01114136 _____ () C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll 2016-05-26 22:40 - 2016-05-26 22:40 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7865 mehr Seiten. IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\123simsen.com -> www.123simsen.com Da befinden sich 7863 mehr Seiten. IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\msn.com -> g.msn.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\skype.com -> apps.skype.com ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2015-01-31 11:36 - 00000065 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-548620592-360744849-4095091825-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-548620592-360744849-4095091825-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Ti'riqa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: OverwolfUpdaterService => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{5B016114-1BC0-41A3-87CB-8AE3C4141EC5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{B85F068E-D2A1-4CB4-9201-D9EAFABC3AB3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{D3F9C7A3-414C-49A6-B3B3-73BC9221761A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{9F54BC50-C498-4103-A48B-D21B69D570C7}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{C6572863-3104-4692-AA41-73D16084CA61}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{DD995092-6618-4489-AA2D-865924D7D098}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{8E134065-1B9E-4814-A5E6-D1AF0DED25AD}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe FirewallRules: [{2BFB5F10-CE44-4A34-9232-D83A5DA56469}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe FirewallRules: [{D518F34A-9EE5-45B5-80D6-74D15AE4CCC5}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe FirewallRules: [{CDD1BC40-25B9-493F-ACBC-1945E72EDE82}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe FirewallRules: [{5C3D3062-FCC8-4C28-BAA2-0F3DADC0BD92}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{482BB721-8237-4672-A1D5-C3151EE15551}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{E1D066ED-1AC5-40B3-95E5-2FB3BB3A032D}] => (Allow) C:\Users\Pet\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{2BAE9B11-E458-4070-86D9-2075FA43F4F9}] => (Allow) C:\Users\Pet\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{BD9C11A9-1D3B-4F33-9305-DD1702BF7C02}C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{C72E0477-8A61-468C-BB46-D4F8A34FF218}C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{98458226-DFFE-4340-A0AA-F1B659D0A048}] => (Allow) E:\o2CD.exe FirewallRules: [{AD4421B3-FBFE-49D8-AC5B-A1057220152B}] => (Allow) E:\o2CD.exe FirewallRules: [TCP Query User{7DE30ED0-6B4C-4B12-BEBA-A865E4E04B6F}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [UDP Query User{85A870CF-D54F-4120-B981-1A101D78A82B}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{23670B39-6F00-4697-8746-8D98020D8F28}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A59C1C10-37BC-4FF7-B0B0-1E646F1CD7EF}] => (Allow) C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{73E5EA30-4DE9-40B6-A67A-3EF597055C6D}] => (Allow) C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{8C9F237C-888E-439B-A086-034725239142}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{035B020F-AA19-40F9-924E-3D5CE943F008}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{71901445-E340-47B3-AEBA-892503543FA6}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe FirewallRules: [UDP Query User{68235C34-4218-408C-89DB-863236E8B32A}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe FirewallRules: [{1800A2DB-867D-42D0-AB44-ED2471B016D5}] => (Block) C:\program files (x86)\connectify\connectify.exe FirewallRules: [{A911DE57-204D-4627-8AC7-010C3B71E03F}] => (Block) C:\program files (x86)\connectify\connectify.exe FirewallRules: [TCP Query User{37134C15-ECBA-4DFE-8F06-F95BC4DBE863}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{3CA22560-4128-4950-AC7F-1FA10D23CF86}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{3E30F39F-A6C9-4FD1-A060-2FA0F1A25856}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A6CB5C4D-78D0-46FE-9CAB-90748D3E07E6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F7195A4F-34C6-4613-A9F0-F8B3F07696E8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F58447D3-F593-4FDF-BB80-C22CE74650DF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{3CA85D24-6B9E-492E-9A5B-A78CA67DBF72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{AE76DF48-B7EF-45EC-A967-731451ADD680}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{E431A24F-6A04-4F7C-98B9-0C7919835AE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{123197BE-5992-4409-837A-3E5C3A39EE62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{5A00E9D8-0B2C-4C56-AA06-61E60AB8E8A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{A4A57458-4C33-4E94-B7EB-9279BCFE614E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{B791ADBB-F385-4550-AE00-32C2D651627F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{44B7211A-61B2-475B-9BCF-2786EFB55484}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{4C528962-AAC2-4996-AF6B-6C9A833F4DA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{A43C1C3A-BD7A-4E14-94E7-5E7F69DFE771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{7C9B3EA0-F07F-4F0C-B46D-B32C30615346}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{9621764E-48EA-4F33-B5C7-EBF6B26E2921}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{0154471D-41E2-448C-B1EE-AA38C2BAB1F8}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{77F92E2F-DFAB-455D-BCBB-68E2C9FD56AC}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{8324E36B-50B2-4168-9EAD-ECF9E3DD19A2}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{D78F83B1-3932-4BFD-B20A-2DF7F811BD3B}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{E260F201-A7C6-4087-A0D3-95F3FF9E032A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A9F5DC6E-8C8C-4E2D-8091-7E400970F1E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{109619A5-3863-4404-B3E4-51BD170D9523}C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{99C1F4CD-F6E1-4388-9E0C-74C22A689C50}C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{AA652D21-BED0-4F1C-B87E-FA07B747A312}] => (Allow) D:\All Games\Steam\Steam.exe FirewallRules: [{27C14ACF-D516-43EC-B0A7-2ABA17D71F67}] => (Allow) D:\All Games\Steam\Steam.exe FirewallRules: [{46142A05-E036-4C91-AC82-B491F470E765}] => (Allow) D:\All Games\Steam\bin\steamwebhelper.exe FirewallRules: [{65735A2A-61AD-46B4-AA0B-79DB65B179DA}] => (Allow) D:\All Games\Steam\bin\steamwebhelper.exe FirewallRules: [{75E72D7B-54F5-44A3-9202-8D40A0E87727}] => (Allow) C:\Program Files\Windows10FirewallControl\Windows10FirewallService.exe FirewallRules: [{210D39D7-A18B-4F91-BC55-D44D88E3E63B}] => (Allow) C:\Program Files\Windows10FirewallControl\Windows10FirewallControl.exe ==================== Wiederherstellungspunkte ========================= 16-04-2016 18:14:35 Windows Update 19-04-2016 21:50:25 Windows Update 22-04-2016 21:56:57 Windows Update 26-04-2016 23:40:05 Windows Update 30-04-2016 15:37:16 Windows Update 03-05-2016 20:39:46 Windows Update 06-05-2016 17:38:15 Installed Mumble 1.2.16 07-05-2016 15:15:02 Windows Update 10-05-2016 17:28:11 Windows Update 14-05-2016 19:39:44 Windows Update 18-05-2016 15:40:32 Windows Update 22-05-2016 07:43:12 Windows Update 26-05-2016 13:15:23 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (05/27/2016 01:36:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2016 11:35:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2016 10:39:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/20/2016 04:03:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/16/2016 05:58:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/15/2016 10:40:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/14/2016 12:24:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/13/2016 12:14:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/07/2016 02:05:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/06/2016 05:47:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Systemfehler: ============= Error: (05/27/2016 01:34:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: MBAMSwissArmy Error: (05/16/2016 11:42:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.219.1805.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (05/16/2016 11:42:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.219.1805.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/27/2016 01:54:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MB3Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/17/2016 11:29:18 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C4579234-06CE-47D8-A8EE-89AFF1278360}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/13/2016 02:38:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error: (04/12/2016 01:26:41 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 115.44.0.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/12/2016 01:26:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.217.1145.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/12/2016 01:26:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.217.1145.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/09/2016 10:27:20 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C4579234-06CE-47D8-A8EE-89AFF1278360}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. CodeIntegrity: =================================== Date: 2014-09-08 01:31:16.866 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-09-08 01:31:16.826 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-2380P CPU @ 3.10GHz Prozentuale Nutzung des RAM: 30% Installierter physikalischer RAM: 8174.33 MB Verfügbarer physikalischer RAM: 5662.5 MB Summe virtueller Speicher: 32172.54 MB Verfügbarer virtueller Speicher: 29407.22 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:203.29 GB) (Free:113.28 GB) NTFS Drive d: () (Fixed) (Total:728.12 GB) (Free:605.19 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 08E10868) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=728.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=203.3 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ ============================= Step 2: MBAM set to check for Rootkits, PUPs and PUMs set to be treated as malware. The scan came up clean and required no reboot. The log.txt follows here: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 28.05.2016 Scan Time: 01:50 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.05.27.06 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Pet Scan Type: Threat Scan Result: Completed Objects Scanned: 351440 Time Elapsed: 15 min, 3 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ============================= Step 3: Installed Zemana, ran it as admin. My RT Protection panel looks slightly different from yours and contains a cloud sandbox feature instead of the RT analysis yours shows. I checked everything, and the scan came up clean as well, log follows. Zemana AntiMalware 2.20.1.905 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016.5.28 Operating System : Windows 7 64-bit Processor : 4X Intel(R) Core(TM) i5-2380P CPU @ 3.10GHz BIOS Mode : Legacy CUID : 002E74DDFECD70494DE6DA Scan Type : Smart Scan Duration : 1m 30s Scanned Objects : 11512 Detected Objects : 0 Excluded Objects : 0 Read Level : SCSI Auto Upload : ON Detect All Extensions : OFF Scan Documents : OFF Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- There are no detected objects ============================= Step 4: Sophos downloaded to desktop, installed, started, updated. The scan took most of the night. When I got up, it had finished with no threats found and no log to display - the "details" button was ghosted. ============================= Step 5: Fresh FRST scan with everything in the whitelist section checked and Addition.txt in optionals. Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01 durchgeführt von Pet (Administrator) auf KAAJI (28-05-2016 09:38:53) Gestartet von C:\Users\Ti'riqa\Desktop\PC tools Geladene Profile: Pet & Ti'riqa (Verfügbare Profile: Pet & Ti'riqa) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 8 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sphinx Software) C:\Program Files\Windows10FirewallControl\Windows10FirewallService.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Sphinx Software) C:\Program Files\Windows10FirewallControl\Windows10FirewallControl.exe (Dropbox, Inc.) C:\Users\Ti'riqa\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-21] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Windows10FirewallControl] => C:\Program Files\Windows10FirewallControl\Windows10FirewallControl.exe [1553600 2015-11-20] (Sphinx Software) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13672176 2016-05-24] (Zemana Ltd.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Run: [Dropbox Update] => C:\Users\Ti'riqa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-19] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pet\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-21] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-21] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-04-27] ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes) BootExecute: autocheck autochk * xe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) ProxyServer: [S-1-5-21-548620592-360744849-4095091825-1000] => localhost:8080 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C4579234-06CE-47D8-A8EE-89AFF1278360}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-548620592-360744849-4095091825-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-27] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-21] (LastPass) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-27] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-21] (LastPass) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-21] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-21] (LastPass) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-04-23] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-22] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-04-23] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-22] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\j4d06aqi.default-1410613454942 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-26] () FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-27] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-21] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-26] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei] FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-21] (LastPass) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-548620592-360744849-4095091825-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei] FF Extension: Blur - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\j4d06aqi.default-1410613454942\Extensions\donottrackplus@abine.com.xpi [2016-04-27] FF Extension: Ghostery - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\j4d06aqi.default-1410613454942\Extensions\firefox@ghostery.com.xpi [2016-04-27] FF Extension: NoScript - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\j4d06aqi.default-1410613454942\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-27] FF Extension: Adblock Plus - C:\Users\Pet\AppData\Roaming\Mozilla\Firefox\Profiles\j4d06aqi.default-1410613454942\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-27] Chrome: ======= CHR Profile: C:\Users\Pet\AppData\Local\Google\Chrome\User Data\default ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [Datei ist nicht signiert] R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe [1478272 2012-01-13] (ASUSTeK Computer Inc.) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [Datei ist nicht signiert] R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 Windows10FirewallService; C:\Program Files\Windows10FirewallControl\Windows10FirewallService.exe [3954880 2015-11-20] (Sphinx Software) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13672176 2016-05-24] (Zemana Ltd.) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] () R3 farflt; C:\Windows\system32\drivers\farflt.sys [59776 2016-05-27] (Malwarebytes) S3 jvbrottv; C:\Windows\System32\Drivers\jvbrottv.sys [426848 2014-09-14] (AVAST Software) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-05-27] (Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R1 MpKslb4fcd0f9; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C84948D-93EC-4F0B-B2CB-BF2757FFF06D}\MpKslb4fcd0f9.sys [44928 2016-05-28] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-08-26] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-08-26] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-08-26] () S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-05-28] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-05-28] (Zemana Ltd.) S3 ALSysIO; \??\C:\Users\Pet\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-28 02:15 - 2016-05-28 02:15 - 00000000 ____D C:\ProgramData\Sophos 2016-05-28 02:12 - 2016-05-28 02:12 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2016-05-28 02:12 - 2016-05-28 02:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-05-28 02:12 - 2016-05-28 02:12 - 00000000 ____D C:\Program Files (x86)\Sophos 2016-05-28 01:39 - 2016-05-28 01:39 - 151121960 _____ (Sophos Limited) C:\Users\Ti'riqa\Desktop\Sophos Virus Removal Tool.exe 2016-05-28 01:28 - 2016-05-28 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-05-28 01:27 - 2016-05-28 01:27 - 00000000 ____D C:\Users\Ti'riqa\AppData\Local\Zemana 2016-05-28 01:26 - 2016-05-28 09:39 - 00237939 _____ C:\Windows\ZAM.krnl.trace 2016-05-28 01:26 - 2016-05-28 01:29 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2016-05-28 01:25 - 2016-05-28 09:39 - 00039418 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-05-28 01:25 - 2016-05-28 01:29 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2016-05-28 01:25 - 2016-05-28 01:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-05-28 01:25 - 2016-05-28 01:28 - 00001076 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-05-28 01:24 - 2016-05-28 01:24 - 00000000 ____D C:\Users\Pet\AppData\Local\Zemana 2016-05-27 14:36 - 2016-05-27 14:37 - 00002120 _____ C:\Users\Pet\Desktop\Rkill.txt 2016-05-27 14:08 - 2016-05-28 09:38 - 00000000 ____D C:\FRST 2016-05-27 13:48 - 2016-05-27 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-05-27 13:48 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-27 13:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-27 13:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-27 13:35 - 2016-05-27 13:35 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-27 13:02 - 2016-05-27 13:02 - 00025530 _____ C:\Users\Ti'riqa\AppData\Local\recently-used.xbel 2016-05-02 18:38 - 2016-05-21 00:19 - 00000000 ____D C:\Users\Pet\AppData\Roaming\discord 2016-05-01 17:09 - 2016-05-06 17:36 - 00002167 _____ C:\Users\Ti'riqa\Desktop\Discord.lnk 2016-05-01 17:09 - 2016-05-06 17:36 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2016-05-01 17:09 - 2016-05-06 17:36 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\discord 2016-05-01 17:08 - 2016-05-06 17:35 - 00000000 ____D C:\Users\Ti'riqa\AppData\Local\SquirrelTemp 2016-05-01 17:08 - 2016-05-06 17:35 - 00000000 ____D C:\Users\Ti'riqa\AppData\Local\Discord ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-28 09:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2016-05-28 02:07 - 2014-09-09 15:37 - 00000000 ____D C:\Users\Ti'riqa 2016-05-28 01:43 - 2016-03-22 16:54 - 00000000 ___RD C:\Users\Ti'riqa\Desktop\PC tools 2016-05-28 01:11 - 2014-09-10 18:38 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\Skype 2016-05-27 14:50 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-27 14:50 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-27 13:56 - 2016-03-21 12:30 - 00000000 ____D C:\Users\Ti'riqa\AppData\LocalLow\LastPass 2016-05-27 13:48 - 2014-09-08 20:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-05-27 13:35 - 2016-02-07 21:18 - 00059776 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-05-27 13:34 - 2013-05-17 13:01 - 00000000 ____D C:\ProgramData\NVIDIA 2016-05-27 13:24 - 2016-03-31 18:08 - 00000000 ____D C:\AdwCleaner 2016-05-27 13:02 - 2014-09-24 20:57 - 00000000 ____D C:\Users\Ti'riqa\.gimp-2.8 2016-05-26 22:40 - 2012-07-22 18:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-26 22:40 - 2012-07-22 18:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-26 22:29 - 2014-09-10 18:45 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\Mumble 2016-05-18 03:10 - 2015-03-11 18:20 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-05-14 12:30 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2016-05-12 19:28 - 2014-10-14 23:10 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\vlc 2016-05-06 17:39 - 2012-07-22 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble 2016-05-06 17:39 - 2012-07-22 18:18 - 00000000 ____D C:\Program Files (x86)\Mumble 2016-05-06 17:36 - 2011-04-12 09:43 - 00699432 _____ C:\Windows\system32\perfh007.dat 2016-05-06 17:36 - 2011-04-12 09:43 - 00149572 _____ C:\Windows\system32\perfc007.dat 2016-05-06 17:36 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-06 17:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-06 00:27 - 2015-06-05 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-05-06 00:26 - 2015-06-05 16:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-05-04 19:55 - 2013-11-08 22:21 - 00000000 ___RD C:\Users\Pet\Desktop\WIIICHTIIIG 2016-05-04 15:13 - 2012-07-21 23:26 - 00000000 ____D C:\Users\Pet 2016-05-02 23:31 - 2016-04-24 16:41 - 00000000 ____D C:\Users\Ti'riqa\Desktop\Huawei 2016-04-24 2016-05-01 12:38 - 2009-07-14 06:45 - 00316600 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-28 16:07 - 2014-09-09 15:38 - 00074456 _____ C:\Users\Ti'riqa\AppData\Local\GDIPFONTCACHEV1.DAT ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-07-22 00:08 - 2012-05-15 12:48 - 0008204 _____ () C:\Program Files\EULA.txt 2012-07-22 00:08 - 2012-05-15 12:48 - 0021887 _____ () C:\Program Files\license.txt 2012-07-22 00:08 - 2012-05-15 12:48 - 0008112 _____ () C:\Program Files\Setup.cfg 2012-07-22 00:09 - 2012-05-15 12:48 - 0374080 _____ (NVIDIA Corporation) C:\Program Files\setup.exe 2016-03-21 12:31 - 2016-03-21 12:31 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2012-12-18 00:18 - 2012-12-18 00:18 - 0000546 _____ () C:\Users\Pet\AppData\Roaming\All CPU MeterV3_Settings.ini 2012-11-14 21:20 - 2012-11-14 21:20 - 0000285 _____ () C:\Users\Pet\AppData\Roaming\GPU MeterV2_Settings.ini 2012-10-01 20:50 - 2012-10-02 04:17 - 0000352 _____ () C:\Users\Pet\AppData\Roaming\Network Meter_Settings.ini 2014-06-11 08:02 - 2014-06-11 08:46 - 0000790 _____ () C:\Users\Pet\AppData\Local\cookies.ini 2013-08-01 13:51 - 2014-06-11 22:46 - 0006144 _____ () C:\Users\Pet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-09 14:54 - 2014-09-09 14:54 - 0012265 _____ () C:\Users\Pet\AppData\Local\recently-used.xbel 2013-01-19 03:46 - 2013-12-17 13:16 - 0007605 _____ () C:\Users\Pet\AppData\Local\resmon.resmoncfg Einige Dateien in TEMP: ==================== C:\Users\Pet\AppData\Local\Temp\FoxitUpdater.exe C:\Users\Ti'riqa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ix6pv.dll C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u65-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Ti'riqa\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2012-07-21 23:53 ==================== Ende von FRST.txt ============================ ============================= Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01 durchgeführt von Pet (2016-05-28 09:39:41) Gestartet von C:\Users\Ti'riqa\Desktop\PC tools Windows 7 Home Premium Service Pack 1 (X64) (2012-07-21 21:26:03) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-548620592-360744849-4095091825-500 - Administrator - Disabled) Gast (S-1-5-21-548620592-360744849-4095091825-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-548620592-360744849-4095091825-1003 - Limited - Enabled) Pet (S-1-5-21-548620592-360744849-4095091825-1000 - Administrator - Enabled) => C:\Users\Pet Ti'riqa (S-1-5-21-548620592-360744849-4095091825-1005 - Administrator - Enabled) => C:\Users\Ti'riqa ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated) Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.28 - ASUSTeK Computer Inc.) ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.1.9 - ASUSTeK Computer Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform) Discord (HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.) Dropbox (HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.) FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) GOG.com Planescape Torment (HKLM\...\{8f376ce2-c213-4a6c-a329-0b2a7eb2bad8}.sdb) (Version: - ) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev) Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation) LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla) Mumble 1.2.16 (HKLM-x32\...\{E938AC6B-A1EB-40C7-8FFE-D4A325C1EA5D}) (Version: 1.2.16 - Thorvald Natvig) No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23) No23 Recorder (x32 Version: 2.1.0.3 - No23) Hidden NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation) OpenOffice 4.1.2 Language Pack (English (United Kingdom)) (HKLM-x32\...\{F07DA5BB-8A1E-4F3E-B6B0-A4CBFF33E9C7}) (Version: 4.12.9782 - Apache Software Foundation) OpenOffice 4.1.2 Language Pack (Swedish) (HKLM-x32\...\{05020D08-A575-465F-9E2A-FDDC2E2F475B}) (Version: 4.12.9782 - Apache Software Foundation) Paragon Backup and Recovery™ 14 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) Paragon Partition Manager™ 2014 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software) Planescape Torment (HKLM-x32\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung ML-2540 Series (HKLM-x32\...\Samsung ML-2540 Series) (Version: - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden VueScan (HKLM\...\VueScan) (Version: - ) Warframe (HKLM-x32\...\{855F04C9-6D2A-483A-A067-BD977CE97709}) (Version: 1.0.0 - Digital Extremes) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) Windows10FirewallControl Free 7.5.100.200 (HKLM\...\Windows10FirewallControl_is1) (Version: 7.5.100.200 - Sphinx Software) WinX DVD Ripper 5.5.9 (HKLM-x32\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.905 - Zemana Ltd.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-548620592-360744849-4095091825-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0572C585-070E-4895-A0FD-0D76F17B3DC1} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {07213107-EBF7-4E5C-BD28-19C9E1221231} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {13B55829-DF65-4C84-8749-2ED606A198E8} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {2B1599FB-4AA0-435D-A2EE-76934A29D165} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {4B20C1F5-1745-45CC-BA41-32B971EDD63C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5188F070-CC34-4E76-B2BA-3D2FBB6732C6} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {5F51FCE9-EC37-47A7-A905-E3D50A897426} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5FB64E82-156D-49ED-B4F8-7796A86D481C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {6C6F3DAD-7D7F-43FD-80CD-4B68EDB5C977} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe Task: {79D2BA6C-9B91-4F74-88F8-B885644FAB5E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {8E1BC935-65D0-42BA-B69E-310497F0F57A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {91EAD51F-2590-4C5D-9E8C-7571D1F52FCC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {937482A6-7EAD-4DB8-92D3-4E1BADBCE2A7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {AC1F5CD6-72F3-4B7C-AFA4-442E77AC9551} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {C4C35DDF-4B41-4059-B61A-616F94B9165E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {C96ADD0F-C029-4DFC-8BBD-DE0AA9AECE32} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {CC7EB1ED-30B2-45D1-9667-0A7DB0E1E742} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {CD76D6FE-8422-49EF-BB84-B054E80FB109} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {CEE74E90-2ED5-406C-A446-38086B16412D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {EE7B9C7D-16FE-49A5-A537-AF61A8B18F14} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {FC31C657-362B-4406-AB6D-99FAE1A72CC3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-548620592-360744849-4095091825-1005Core.job => C:\Users\Ti'riqa\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03f83ef4a001c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0430018149591.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f211d877552.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfeb62b2ac21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e10fbf012abb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f243bb7a7045.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f8a85bc8225.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d80ebd7291d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2013-05-17 13:01 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-04-01 11:00 - 2011-04-01 11:00 - 00034304 _____ () C:\Windows\System32\ssp9mlm.dll 2013-05-16 19:47 - 2011-10-29 09:59 - 00918448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe 2016-04-27 20:09 - 2016-04-27 20:10 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll 2012-08-29 18:14 - 2011-02-28 08:39 - 00211456 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll 2016-05-28 01:26 - 2016-05-28 01:29 - 00121200 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2016-04-27 20:09 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll 2012-09-27 10:20 - 2012-09-27 10:20 - 01212928 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssp9mdu.dll 2013-05-16 19:47 - 2016-05-27 13:34 - 00019456 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll 2013-05-16 19:47 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll 2016-03-22 18:45 - 2016-03-22 18:45 - 01114136 _____ () C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll 2016-05-26 22:40 - 2016-05-26 22:40 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7865 mehr Seiten. IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\123simsen.com -> www.123simsen.com Da befinden sich 7863 mehr Seiten. IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\msn.com -> g.msn.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\skype.com -> apps.skype.com ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2015-01-31 11:36 - 00000065 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-548620592-360744849-4095091825-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-548620592-360744849-4095091825-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Ti'riqa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: OverwolfUpdaterService => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{5B016114-1BC0-41A3-87CB-8AE3C4141EC5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{B85F068E-D2A1-4CB4-9201-D9EAFABC3AB3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{D3F9C7A3-414C-49A6-B3B3-73BC9221761A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{9F54BC50-C498-4103-A48B-D21B69D570C7}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{C6572863-3104-4692-AA41-73D16084CA61}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{DD995092-6618-4489-AA2D-865924D7D098}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{8E134065-1B9E-4814-A5E6-D1AF0DED25AD}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe FirewallRules: [{2BFB5F10-CE44-4A34-9232-D83A5DA56469}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe FirewallRules: [{D518F34A-9EE5-45B5-80D6-74D15AE4CCC5}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe FirewallRules: [{CDD1BC40-25B9-493F-ACBC-1945E72EDE82}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe FirewallRules: [{5C3D3062-FCC8-4C28-BAA2-0F3DADC0BD92}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{482BB721-8237-4672-A1D5-C3151EE15551}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{E1D066ED-1AC5-40B3-95E5-2FB3BB3A032D}] => (Allow) C:\Users\Pet\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{2BAE9B11-E458-4070-86D9-2075FA43F4F9}] => (Allow) C:\Users\Pet\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{BD9C11A9-1D3B-4F33-9305-DD1702BF7C02}C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{C72E0477-8A61-468C-BB46-D4F8A34FF218}C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{98458226-DFFE-4340-A0AA-F1B659D0A048}] => (Allow) E:\o2CD.exe FirewallRules: [{AD4421B3-FBFE-49D8-AC5B-A1057220152B}] => (Allow) E:\o2CD.exe FirewallRules: [TCP Query User{7DE30ED0-6B4C-4B12-BEBA-A865E4E04B6F}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [UDP Query User{85A870CF-D54F-4120-B981-1A101D78A82B}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{23670B39-6F00-4697-8746-8D98020D8F28}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A59C1C10-37BC-4FF7-B0B0-1E646F1CD7EF}] => (Allow) C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{73E5EA30-4DE9-40B6-A67A-3EF597055C6D}] => (Allow) C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{8C9F237C-888E-439B-A086-034725239142}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{035B020F-AA19-40F9-924E-3D5CE943F008}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{71901445-E340-47B3-AEBA-892503543FA6}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe FirewallRules: [UDP Query User{68235C34-4218-408C-89DB-863236E8B32A}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe FirewallRules: [{1800A2DB-867D-42D0-AB44-ED2471B016D5}] => (Block) C:\program files (x86)\connectify\connectify.exe FirewallRules: [{A911DE57-204D-4627-8AC7-010C3B71E03F}] => (Block) C:\program files (x86)\connectify\connectify.exe FirewallRules: [TCP Query User{37134C15-ECBA-4DFE-8F06-F95BC4DBE863}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{3CA22560-4128-4950-AC7F-1FA10D23CF86}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{3E30F39F-A6C9-4FD1-A060-2FA0F1A25856}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A6CB5C4D-78D0-46FE-9CAB-90748D3E07E6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F7195A4F-34C6-4613-A9F0-F8B3F07696E8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F58447D3-F593-4FDF-BB80-C22CE74650DF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{3CA85D24-6B9E-492E-9A5B-A78CA67DBF72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{AE76DF48-B7EF-45EC-A967-731451ADD680}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{E431A24F-6A04-4F7C-98B9-0C7919835AE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{123197BE-5992-4409-837A-3E5C3A39EE62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{5A00E9D8-0B2C-4C56-AA06-61E60AB8E8A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{A4A57458-4C33-4E94-B7EB-9279BCFE614E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{B791ADBB-F385-4550-AE00-32C2D651627F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{44B7211A-61B2-475B-9BCF-2786EFB55484}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{4C528962-AAC2-4996-AF6B-6C9A833F4DA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{A43C1C3A-BD7A-4E14-94E7-5E7F69DFE771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{7C9B3EA0-F07F-4F0C-B46D-B32C30615346}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{9621764E-48EA-4F33-B5C7-EBF6B26E2921}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{0154471D-41E2-448C-B1EE-AA38C2BAB1F8}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{77F92E2F-DFAB-455D-BCBB-68E2C9FD56AC}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{8324E36B-50B2-4168-9EAD-ECF9E3DD19A2}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{D78F83B1-3932-4BFD-B20A-2DF7F811BD3B}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{E260F201-A7C6-4087-A0D3-95F3FF9E032A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A9F5DC6E-8C8C-4E2D-8091-7E400970F1E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{109619A5-3863-4404-B3E4-51BD170D9523}C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{99C1F4CD-F6E1-4388-9E0C-74C22A689C50}C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{AA652D21-BED0-4F1C-B87E-FA07B747A312}] => (Allow) D:\All Games\Steam\Steam.exe FirewallRules: [{27C14ACF-D516-43EC-B0A7-2ABA17D71F67}] => (Allow) D:\All Games\Steam\Steam.exe FirewallRules: [{46142A05-E036-4C91-AC82-B491F470E765}] => (Allow) D:\All Games\Steam\bin\steamwebhelper.exe FirewallRules: [{65735A2A-61AD-46B4-AA0B-79DB65B179DA}] => (Allow) D:\All Games\Steam\bin\steamwebhelper.exe FirewallRules: [{75E72D7B-54F5-44A3-9202-8D40A0E87727}] => (Allow) C:\Program Files\Windows10FirewallControl\Windows10FirewallService.exe FirewallRules: [{210D39D7-A18B-4F91-BC55-D44D88E3E63B}] => (Allow) C:\Program Files\Windows10FirewallControl\Windows10FirewallControl.exe ==================== Wiederherstellungspunkte ========================= 19-04-2016 21:50:25 Windows Update 22-04-2016 21:56:57 Windows Update 26-04-2016 23:40:05 Windows Update 30-04-2016 15:37:16 Windows Update 03-05-2016 20:39:46 Windows Update 06-05-2016 17:38:15 Installed Mumble 1.2.16 07-05-2016 15:15:02 Windows Update 10-05-2016 17:28:11 Windows Update 14-05-2016 19:39:44 Windows Update 18-05-2016 15:40:32 Windows Update 22-05-2016 07:43:12 Windows Update 26-05-2016 13:15:23 Windows Update 28-05-2016 02:11:50 Installed Sophos Virus Removal Tool. ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (05/27/2016 01:36:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2016 11:35:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2016 10:39:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/20/2016 04:03:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/16/2016 05:58:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/15/2016 10:40:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/14/2016 12:24:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/13/2016 12:14:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/07/2016 02:05:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/06/2016 05:47:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Systemfehler: ============= Error: (05/27/2016 01:34:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: MBAMSwissArmy Error: (05/16/2016 11:42:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.219.1805.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (05/16/2016 11:42:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.219.1805.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/27/2016 01:54:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MB3Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/17/2016 11:29:18 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C4579234-06CE-47D8-A8EE-89AFF1278360}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/13/2016 02:38:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error: (04/12/2016 01:26:41 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 115.44.0.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/12/2016 01:26:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.217.1145.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/12/2016 01:26:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.217.1145.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/09/2016 10:27:20 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C4579234-06CE-47D8-A8EE-89AFF1278360}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. CodeIntegrity: =================================== Date: 2014-09-08 01:31:16.866 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-09-08 01:31:16.826 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-2380P CPU @ 3.10GHz Prozentuale Nutzung des RAM: 34% Installierter physikalischer RAM: 8174.33 MB Verfügbarer physikalischer RAM: 5363.58 MB Summe virtueller Speicher: 32172.54 MB Verfügbarer virtueller Speicher: 29315.59 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:203.29 GB) (Free:117 GB) NTFS Drive d: () (Fixed) (Total:728.12 GB) (Free:600.98 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 08E10868) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=728.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=203.3 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ And yes, I do have a few concerns and worries indeed... First off I wonder where all the entries come from, as I never download anything from sites like Softonic etc. All in all, I have very few programmes installed when I compare my PC to that of others, and pay a lot of attention to where I go on the web. There are definitely no porn sites among my selection, and my kid is not yet able to use the PC herself. The entries in the first FRST confuse me a good deal. I mean, I have Ghostery installed and also Adblock Plus, with maximum block lists set up, and use an LSO cookie manager as well (yes, I'm a little paranoid). I have no Facebook, Twitter, WhatsApp, Youtube or Google Plus accounts, either and play no browser games. I don't sell or buy on Steam. Even my Skype is tweaked to not allow, show and place ads. Also, what are those %NT Authority mistakes? All the error messages look worrying to me. What have I been doing wrong, what can I do better, and which of all these programmes should I keep once we are finished? For now I have kept everything, of course. And the curious lay question: have you made me use all these different scanners because of their different recognition rates, or what is the reason? It is sheer curiosity; I always want to learn as much as possible from any- and everything to avoid mistakes in the future. -Pet
FF displays wrong website at random

ZePet replied to ZePet's topic in Resolved Malware Removal Logs

Thank you for replying so quickly. The remainder of Combofix are there bacause I had a rather unpleasant infection with various things a year back and got help from a German-speaking specialist. I keep my hands off professional programmes for fear of damaging my PC more by using them without knowing what I do. ^^ As it is quite late, I will get to following your advice first thing tomorrow morning and include all files needed as soon as everything is done. Thank you for tending to my issues!
FF displays wrong website at random

ZePet posted a topic in Resolved Malware Removal Logs

Dear MB angels, I have encouintered a most peculiar thing today: I opened my browser and manually entered the address of an image hosting site. It instead showed me a very long URL and a website that pretended to be Microsoft, and stated that I had "probably won a..." at that point I stopped reading and closed the browser. I had reported that issue a good long while back in another thread - and suddenly, there the accursed thing is again. First off I ran AdwCleaner: nothing. I then tried to run MBAM, but it suddenly complained that it lacked a DLL file - Chameleon protested as well and shut down. After reinstalling MBAM, the scan brought no results; my system seems to be clean. I would, however, very much like to find out why the heck I get this reroute at random intervals, and am worried that soemthing has nestled itself too deeply into my system and might compromise my safety online and offline. I'd appreciate a bit of help here. Following are the files requested in the instruction thread, scan run from User account. FRST.txt intoUntersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01 durchgeführt von Ti'riqa (ACHTUNG: der Benutzer ist kein Administrator) auf KAAJI (27-05-2016 14:10:15) Gestartet von C:\Users\Ti'riqa\Desktop Geladene Profile: Pet & Ti'riqa (Verfügbare Profile: Pet & Ti'riqa) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 8 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) konnte nicht auf den Prozess zugreifen -> smss.exe konnte nicht auf den Prozess zugreifen -> csrss.exe konnte nicht auf den Prozess zugreifen -> wininit.exe konnte nicht auf den Prozess zugreifen -> csrss.exe konnte nicht auf den Prozess zugreifen -> services.exe konnte nicht auf den Prozess zugreifen -> winlogon.exe konnte nicht auf den Prozess zugreifen -> lsass.exe konnte nicht auf den Prozess zugreifen -> lsm.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> nvvsvc.exe konnte nicht auf den Prozess zugreifen -> nvSCPAPISvr.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> MsMpEng.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> nvxdsync.exe konnte nicht auf den Prozess zugreifen -> nvvsvc.exe konnte nicht auf den Prozess zugreifen -> spoolsv.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> Windows10FirewallService.exe konnte nicht auf den Prozess zugreifen -> atkexComSvc.exe konnte nicht auf den Prozess zugreifen -> aaHMSvc.exe konnte nicht auf den Prozess zugreifen -> AsSysCtrlService.exe konnte nicht auf den Prozess zugreifen -> AsusFanControlService.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> MBAMService.exe konnte nicht auf den Prozess zugreifen -> mbae-svc.exe konnte nicht auf den Prozess zugreifen -> mbae64.exe konnte nicht auf den Prozess zugreifen -> conhost.exe konnte nicht auf den Prozess zugreifen -> NisSrv.exe konnte nicht auf den Prozess zugreifen -> alg.exe konnte nicht auf den Prozess zugreifen -> WUDFHost.exe konnte nicht auf den Prozess zugreifen -> LMS.exe konnte nicht auf den Prozess zugreifen -> GoogleUpdate.exe konnte nicht auf den Prozess zugreifen -> SearchIndexer.exe konnte nicht auf den Prozess zugreifen -> UNS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Sphinx Software) C:\Program Files\Windows10FirewallControl\Windows10FirewallControl.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Ti'riqa\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-21] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Windows10FirewallControl] => C:\Program Files\Windows10FirewallControl\Windows10FirewallControl.exe [1553600 2015-11-20] (Sphinx Software) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKU\S-1-5-21-548620592-360744849-4095091825-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Run: [Dropbox Update] => C:\Users\Ti'riqa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-19] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-21] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-21] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-04-27] ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes) BootExecute: autocheck autochk * xe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C4579234-06CE-47D8-A8EE-89AFF1278360}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome URLSearchHook: [S-1-5-21-548620592-360744849-4095091825-1000] ACHTUNG => Standard URLSearchHook fehlt BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-27] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-21] (LastPass) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-27] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-21] (LastPass) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-21] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-21] (LastPass) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-04-23] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-22] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-04-23] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-22] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086 FF DefaultSearchEngine: DuckDuckGo FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-26] () FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-27] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-21] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-26] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei] FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-21] (LastPass) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF user.js: detected! => C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\user.js [2016-03-06] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-11-13] FF Extension: BetterPrivacy - C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-28] FF Extension: LastPass - C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\extensions\support@lastpass.com [2016-03-22] FF Extension: HTTPS-Everywhere - C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\extensions\https-everywhere-eff@eff.org [2016-05-11] FF Extension: Ghostery - C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\Extensions\firefox@ghostery.com.xpi [2016-05-04] FF Extension: tab player - C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\Extensions\{1351cda3-3bc5-4178-aae0-706a1a40a962}.xpi [2016-02-25] [ist nicht signiert] FF Extension: NoScript - C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-06] FF Extension: Adblock Plus - C:\Users\Ti'riqa\AppData\Roaming\Mozilla\Firefox\Profiles\xlq0mlmt.default-1433514891086\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [Datei ist nicht signiert] R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe [1478272 2012-01-13] (ASUSTeK Computer Inc.) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [Datei ist nicht signiert] R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 Windows10FirewallService; C:\Program Files\Windows10FirewallControl\Windows10FirewallService.exe [3954880 2015-11-20] (Sphinx Software) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] () R3 farflt; C:\Windows\system32\drivers\farflt.sys [59776 2016-05-27] (Malwarebytes) S3 jvbrottv; C:\Windows\System32\Drivers\jvbrottv.sys [426848 2014-09-14] (AVAST Software) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-05-27] (Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-08-26] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-08-26] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-08-26] () S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB) S3 ALSysIO; \??\C:\Users\Pet\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-27 14:10 - 2016-05-27 14:10 - 00020600 _____ C:\Users\Ti'riqa\Desktop\FRST.txt 2016-05-27 14:08 - 2016-05-27 14:10 - 00000000 ____D C:\FRST 2016-05-27 14:05 - 2016-05-27 14:05 - 02383360 _____ (Farbar) C:\Users\Ti'riqa\Desktop\FRST64.exe 2016-05-27 13:48 - 2016-05-27 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-05-27 13:48 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-27 13:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-27 13:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-27 13:35 - 2016-05-27 13:35 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-27 13:02 - 2016-05-27 13:02 - 00025530 _____ C:\Users\Ti'riqa\AppData\Local\recently-used.xbel 2016-05-13 05:51 - 2016-05-13 05:51 - 04328300 _____ C:\Users\Ti'riqa\Desktop\u0-neu-d5-54f533dcdeec428edc1aea1f5428ff68^neu1.png 2016-05-02 18:38 - 2016-05-21 00:19 - 00000000 ____D C:\Users\Pet\AppData\Roaming\discord 2016-05-01 17:09 - 2016-05-06 17:36 - 00002167 _____ C:\Users\Ti'riqa\Desktop\Discord.lnk 2016-05-01 17:09 - 2016-05-06 17:36 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2016-05-01 17:09 - 2016-05-06 17:36 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\discord 2016-05-01 17:08 - 2016-05-06 17:35 - 00000000 ____D C:\Users\Ti'riqa\AppData\Local\SquirrelTemp 2016-05-01 17:08 - 2016-05-06 17:35 - 00000000 ____D C:\Users\Ti'riqa\AppData\Local\Discord 2016-04-27 20:09 - 2016-04-27 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-04-27 20:09 - 2016-04-27 20:09 - 00000000 ____D C:\Program Files\Malwarebytes 2016-04-27 20:03 - 2016-04-27 20:03 - 00000000 ____D C:\ProgramData\launcher ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-27 14:09 - 2014-09-10 18:38 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\Skype 2016-05-27 13:56 - 2016-03-21 12:30 - 00000000 ____D C:\Users\Ti'riqa\AppData\LocalLow\LastPass 2016-05-27 13:50 - 2016-03-22 16:54 - 00000000 ___RD C:\Users\Ti'riqa\Desktop\PC tools 2016-05-27 13:48 - 2014-09-08 20:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-05-27 13:42 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-27 13:42 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-27 13:35 - 2016-02-07 21:18 - 00059776 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-05-27 13:34 - 2013-05-17 13:01 - 00000000 ____D C:\ProgramData\NVIDIA 2016-05-27 13:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2016-05-27 13:24 - 2016-03-31 18:08 - 00000000 ____D C:\AdwCleaner 2016-05-27 13:02 - 2014-09-24 20:57 - 00000000 ____D C:\Users\Ti'riqa\.gimp-2.8 2016-05-26 22:40 - 2012-07-22 18:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-26 22:40 - 2012-07-22 18:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-26 22:29 - 2014-09-10 18:45 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\Mumble 2016-05-18 03:10 - 2015-03-11 18:20 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-05-14 12:30 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2016-05-12 19:28 - 2014-10-14 23:10 - 00000000 ____D C:\Users\Ti'riqa\AppData\Roaming\vlc 2016-05-06 17:39 - 2012-07-22 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble 2016-05-06 17:39 - 2012-07-22 18:18 - 00000000 ____D C:\Program Files (x86)\Mumble 2016-05-06 17:36 - 2011-04-12 09:43 - 00699432 _____ C:\Windows\system32\perfh007.dat 2016-05-06 17:36 - 2011-04-12 09:43 - 00149572 _____ C:\Windows\system32\perfc007.dat 2016-05-06 17:36 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-06 17:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-06 00:27 - 2015-06-05 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-05-06 00:26 - 2015-06-05 16:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-05-04 19:55 - 2013-11-08 22:21 - 00000000 ___RD C:\Users\Pet\Desktop\WIIICHTIIIG 2016-05-04 15:13 - 2012-07-21 23:26 - 00000000 ____D C:\Users\Pet 2016-05-02 23:31 - 2016-04-24 16:41 - 00000000 ____D C:\Users\Ti'riqa\Desktop\Huawei 2016-04-24 2016-05-01 12:38 - 2009-07-14 06:45 - 00316600 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-28 16:07 - 2014-09-09 15:38 - 00074456 _____ C:\Users\Ti'riqa\AppData\Local\GDIPFONTCACHEV1.DAT 2016-04-27 20:10 - 2014-09-07 00:43 - 00479492 _____ C:\Windows\ntbtlog.txt 2016-04-27 20:09 - 2014-09-08 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-07-22 00:08 - 2012-05-15 12:48 - 0008204 _____ () C:\Program Files\EULA.txt 2012-07-22 00:08 - 2012-05-15 12:48 - 0021887 _____ () C:\Program Files\license.txt 2012-07-22 00:08 - 2012-05-15 12:48 - 0008112 _____ () C:\Program Files\Setup.cfg 2012-07-22 00:09 - 2012-05-15 12:48 - 0374080 _____ (NVIDIA Corporation) C:\Program Files\setup.exe 2016-03-21 12:31 - 2016-03-21 12:31 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2016-05-27 13:02 - 2016-05-27 13:02 - 0025530 _____ () C:\Users\Ti'riqa\AppData\Local\recently-used.xbel Einige Dateien in TEMP: ==================== C:\Users\Ti'riqa\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ix6pv.dll C:\Users\Ti'riqa\AppData\Local\temp\jre-8u60-windows-au.exe C:\Users\Ti'riqa\AppData\Local\temp\jre-8u65-windows-au.exe C:\Users\Ti'riqa\AppData\Local\temp\jre-8u66-windows-au.exe C:\Users\Ti'riqa\AppData\Local\temp\jre-8u71-windows-au.exe C:\Users\Ti'riqa\AppData\Local\temp\jre-8u73-windows-au.exe C:\Users\Ti'riqa\AppData\Local\temp\jre-8u77-windows-au.exe C:\Users\Ti'riqa\AppData\Local\temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden. der Benutzer ist kein Administrator ==================== Ende von FRST.txt ============================ Next up, Addition.txt Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01 durchgeführt von Ti'riqa (2016-05-27 14:10:45) Gestartet von C:\Users\Ti'riqa\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-07-21 21:26:03) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-548620592-360744849-4095091825-500 - Administrator - Disabled) Gast (S-1-5-21-548620592-360744849-4095091825-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-548620592-360744849-4095091825-1003 - Limited - Enabled) Pet (S-1-5-21-548620592-360744849-4095091825-1000 - Administrator - Enabled) => C:\Users\Pet Ti'riqa (S-1-5-21-548620592-360744849-4095091825-1005 - Limited - Enabled) => C:\Users\Ti'riqa ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated) Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.28 - ASUSTeK Computer Inc.) ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.1.9 - ASUSTeK Computer Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform) Discord (HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.) Dropbox (HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.) FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) GOG.com Planescape Torment (HKLM\...\{8f376ce2-c213-4a6c-a329-0b2a7eb2bad8}.sdb) (Version: - ) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev) Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation) LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla) Mumble 1.2.16 (HKLM-x32\...\{E938AC6B-A1EB-40C7-8FFE-D4A325C1EA5D}) (Version: 1.2.16 - Thorvald Natvig) No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23) No23 Recorder (x32 Version: 2.1.0.3 - No23) Hidden NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation) OpenOffice 4.1.2 Language Pack (English (United Kingdom)) (HKLM-x32\...\{F07DA5BB-8A1E-4F3E-B6B0-A4CBFF33E9C7}) (Version: 4.12.9782 - Apache Software Foundation) OpenOffice 4.1.2 Language Pack (Swedish) (HKLM-x32\...\{05020D08-A575-465F-9E2A-FDDC2E2F475B}) (Version: 4.12.9782 - Apache Software Foundation) Paragon Backup and Recovery™ 14 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) Paragon Partition Manager™ 2014 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software) Planescape Torment (HKLM-x32\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung ML-2540 Series (HKLM-x32\...\Samsung ML-2540 Series) (Version: - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden VueScan (HKLM\...\VueScan) (Version: - ) Warframe (HKLM-x32\...\{855F04C9-6D2A-483A-A067-BD977CE97709}) (Version: 1.0.0 - Digital Extremes) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) Windows10FirewallControl Free 7.5.100.200 (HKLM\...\Windows10FirewallControl_is1) (Version: 7.5.100.200 - Sphinx Software) WinX DVD Ripper 5.5.9 (HKLM-x32\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-548620592-360744849-4095091825-1005Core.job => C:\Users\Ti'riqa\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03f83ef4a001c.job => <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0430018149591.job => <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f211d877552.job => <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfeb62b2ac21.job => <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e10fbf012abb.job => <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f243bb7a7045.job => <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f8a85bc8225.job => <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d80ebd7291d.job => <==== ACHTUNG Task: C:\Windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job => Task: C:\Windows\Tasks\RunOW.job => ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-04-27 20:09 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7865 mehr Seiten. IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\msn.com -> g.msn.com IE restricted site: HKU\S-1-5-21-548620592-360744849-4095091825-1005\...\skype.com -> apps.skype.com ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2015-01-31 11:36 - 00000065 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-548620592-360744849-4095091825-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Ti'riqa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: OverwolfUpdaterService => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{5B016114-1BC0-41A3-87CB-8AE3C4141EC5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{B85F068E-D2A1-4CB4-9201-D9EAFABC3AB3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{D3F9C7A3-414C-49A6-B3B3-73BC9221761A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{9F54BC50-C498-4103-A48B-D21B69D570C7}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{C6572863-3104-4692-AA41-73D16084CA61}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{DD995092-6618-4489-AA2D-865924D7D098}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{8E134065-1B9E-4814-A5E6-D1AF0DED25AD}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe FirewallRules: [{2BFB5F10-CE44-4A34-9232-D83A5DA56469}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe FirewallRules: [{D518F34A-9EE5-45B5-80D6-74D15AE4CCC5}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe FirewallRules: [{CDD1BC40-25B9-493F-ACBC-1945E72EDE82}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe FirewallRules: [{5C3D3062-FCC8-4C28-BAA2-0F3DADC0BD92}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{482BB721-8237-4672-A1D5-C3151EE15551}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{E1D066ED-1AC5-40B3-95E5-2FB3BB3A032D}] => (Allow) C:\Users\Pet\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{2BAE9B11-E458-4070-86D9-2075FA43F4F9}] => (Allow) C:\Users\Pet\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{BD9C11A9-1D3B-4F33-9305-DD1702BF7C02}C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{C72E0477-8A61-468C-BB46-D4F8A34FF218}C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pet\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{98458226-DFFE-4340-A0AA-F1B659D0A048}] => (Allow) E:\o2CD.exe FirewallRules: [{AD4421B3-FBFE-49D8-AC5B-A1057220152B}] => (Allow) E:\o2CD.exe FirewallRules: [TCP Query User{7DE30ED0-6B4C-4B12-BEBA-A865E4E04B6F}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [UDP Query User{85A870CF-D54F-4120-B981-1A101D78A82B}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{23670B39-6F00-4697-8746-8D98020D8F28}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A59C1C10-37BC-4FF7-B0B0-1E646F1CD7EF}] => (Allow) C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{73E5EA30-4DE9-40B6-A67A-3EF597055C6D}] => (Allow) C:\Users\Ti'riqa\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{8C9F237C-888E-439B-A086-034725239142}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{035B020F-AA19-40F9-924E-3D5CE943F008}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{71901445-E340-47B3-AEBA-892503543FA6}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe FirewallRules: [UDP Query User{68235C34-4218-408C-89DB-863236E8B32A}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe FirewallRules: [{1800A2DB-867D-42D0-AB44-ED2471B016D5}] => (Block) C:\program files (x86)\connectify\connectify.exe FirewallRules: [{A911DE57-204D-4627-8AC7-010C3B71E03F}] => (Block) C:\program files (x86)\connectify\connectify.exe FirewallRules: [TCP Query User{37134C15-ECBA-4DFE-8F06-F95BC4DBE863}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{3CA22560-4128-4950-AC7F-1FA10D23CF86}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{3E30F39F-A6C9-4FD1-A060-2FA0F1A25856}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A6CB5C4D-78D0-46FE-9CAB-90748D3E07E6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F7195A4F-34C6-4613-A9F0-F8B3F07696E8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F58447D3-F593-4FDF-BB80-C22CE74650DF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{3CA85D24-6B9E-492E-9A5B-A78CA67DBF72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{AE76DF48-B7EF-45EC-A967-731451ADD680}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{E431A24F-6A04-4F7C-98B9-0C7919835AE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{123197BE-5992-4409-837A-3E5C3A39EE62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{5A00E9D8-0B2C-4C56-AA06-61E60AB8E8A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{A4A57458-4C33-4E94-B7EB-9279BCFE614E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{B791ADBB-F385-4550-AE00-32C2D651627F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{44B7211A-61B2-475B-9BCF-2786EFB55484}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{4C528962-AAC2-4996-AF6B-6C9A833F4DA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{A43C1C3A-BD7A-4E14-94E7-5E7F69DFE771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{7C9B3EA0-F07F-4F0C-B46D-B32C30615346}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{9621764E-48EA-4F33-B5C7-EBF6B26E2921}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{0154471D-41E2-448C-B1EE-AA38C2BAB1F8}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{77F92E2F-DFAB-455D-BCBB-68E2C9FD56AC}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{8324E36B-50B2-4168-9EAD-ECF9E3DD19A2}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{D78F83B1-3932-4BFD-B20A-2DF7F811BD3B}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{E260F201-A7C6-4087-A0D3-95F3FF9E032A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A9F5DC6E-8C8C-4E2D-8091-7E400970F1E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{109619A5-3863-4404-B3E4-51BD170D9523}C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{99C1F4CD-F6E1-4388-9E0C-74C22A689C50}C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ti'riqa\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{AA652D21-BED0-4F1C-B87E-FA07B747A312}] => (Allow) D:\All Games\Steam\Steam.exe FirewallRules: [{27C14ACF-D516-43EC-B0A7-2ABA17D71F67}] => (Allow) D:\All Games\Steam\Steam.exe FirewallRules: [{46142A05-E036-4C91-AC82-B491F470E765}] => (Allow) D:\All Games\Steam\bin\steamwebhelper.exe FirewallRules: [{65735A2A-61AD-46B4-AA0B-79DB65B179DA}] => (Allow) D:\All Games\Steam\bin\steamwebhelper.exe FirewallRules: [{75E72D7B-54F5-44A3-9202-8D40A0E87727}] => (Allow) C:\Program Files\Windows10FirewallControl\Windows10FirewallService.exe FirewallRules: [{210D39D7-A18B-4F91-BC55-D44D88E3E63B}] => (Allow) C:\Program Files\Windows10FirewallControl\Windows10FirewallControl.exe ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI. ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (05/27/2016 01:36:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2016 11:35:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2016 10:39:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/20/2016 04:03:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/16/2016 05:58:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/15/2016 10:40:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/14/2016 12:24:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/13/2016 12:14:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/07/2016 02:05:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/06/2016 05:47:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Systemfehler: ============= Error: (05/27/2016 01:34:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: MBAMSwissArmy Error: (05/16/2016 11:42:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.219.1805.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (05/16/2016 11:42:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.219.1805.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/27/2016 01:54:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MB3Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/17/2016 11:29:18 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C4579234-06CE-47D8-A8EE-89AFF1278360}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/13/2016 02:38:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error: (04/12/2016 01:26:41 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 115.44.0.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/12/2016 01:26:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.217.1145.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/12/2016 01:26:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.217.1145.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.9.0218.00 Quellpfad: 4.9.0218.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/09/2016 10:27:20 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C4579234-06CE-47D8-A8EE-89AFF1278360}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. CodeIntegrity: =================================== Date: 2014-09-08 01:31:16.866 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-09-08 01:31:16.826 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-2380P CPU @ 3.10GHz Prozentuale Nutzung des RAM: 29% Installierter physikalischer RAM: 8174.33 MB Verfügbarer physikalischer RAM: 5798.99 MB Summe virtueller Speicher: 32172.54 MB Verfügbarer virtueller Speicher: 29496.89 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:203.29 GB) (Free:113.7 GB) NTFS Drive d: () (Fixed) (Total:728.12 GB) (Free:605.28 GB) NTFS ==================== MBR & Partitionstabelle ================== ==================== Ende von Addition.txt ============================ Errrrh, I already see an odd message under CodeIntegrity. Translated, it means "Windows couldn't check the integrity of file xxxx, because the file hash wasn't found in the system. Maybe a wrongly signed or damaged file, or a file that is actually harmful software from an unknown source, was installed through a recent change in hard- or software." The only recent change in my software was attempting to install a browser addon to block ads - and uninstalling it again since it didn't work, and the reinstall of MBAM. Both were done through the official websites and no bundlers or the like. Thank you in advance for looking into this for me. -Pet
Another "Your system is at risk"

ZePet replied to ZePet's topic in Anti-Ransomware Beta

Hmm. Well, I had other subfolders in C:\Program Files\Malwarebytes\ that were not Anti-Ransomware. And yes, thank you for pointing it out, but I indeed meant the Anti-Ransomware Beta and not Anti-Rootkit. In any case: as of today, here is my last update: the reinstall works flawlessly again. Thank you for your help!
- April 28, 2016
- 8 replies
- - disabled
  - unprotected
  - (and 1 more)
    Tagged with:
    
    disabled
    
    unprotected
    
    at risk
Another "Your system is at risk"

ZePet replied to ZePet's topic in Anti-Ransomware Beta

Update: I have all folders named in German, After uninstalling, I still had a full MBAR folder in C:\Programme\ and in the C:\ProgramData folder, deleting the Malwarebytes subfolder would have meant deleting the Malwarebytes Anti-Malware subfolder in that one as well. I am not certain I should do that and request further advice. Thank you.
- April 27, 2016
- 8 replies
- - disabled
  - unprotected
  - (and 1 more)
    Tagged with:
    
    disabled
    
    unprotected
    
    at risk
Another "Your system is at risk"

ZePet replied to ZePet's topic in Anti-Ransomware Beta

Much obliged. Thank you for clarifying! Now people just need to stop admin-righting every programme they install as a regular user.
- April 27, 2016
- 8 replies
- - disabled
  - unprotected
  - (and 1 more)
    Tagged with:
    
    disabled
    
    unprotected
    
    at risk
Another "Your system is at risk"

ZePet replied to ZePet's topic in Anti-Ransomware Beta

Thank you for the quick reply. I will un- and reinstall as explained by you. A question out of technical curiosity: Why do I have to use the admin account for th ereinstall? Is the issue I had caused by the limited rights of a normal user account?
- April 27, 2016
- 8 replies
- - disabled
  - unprotected
  - (and 1 more)
    Tagged with:
    
    disabled
    
    unprotected
    
    at risk

Events

Profiles

Forums

Everything posted by ZePet

Important Information