Avira hat HTML/Infected.WebPage.Gen2 gemeldet. |
||
---|---|---|
#0
| ||
01.03.2017, 21:35
Member
Beiträge: 35 |
||
|
||
02.03.2017, 10:11
Gesperrt
Beiträge: 8 |
#2
Hallo,
bitte lade dir Malwarebytes Anti-Malware herunter und lass es einmal über dein System Scannen. Poste dann das entsprechende Log hier, leider sind HijackThis Logs nicht wirklich brauchbar in der Hinsicht, da sie extrem Aufgebläht sind. Außerdem würde ich dir einen anderen AV Scanner als Avira empfehlen, da Avira aus mehreren Gründen sehr schlecht ist. Empfehlen kann ich hier ESET als Alternative. Oftmals kann der von dir beschriebene Fund ein False-Positive von Avira sein leider Grüße Fuzzy90 |
|
|
||
03.03.2017, 07:57
Member
Themenstarter Beiträge: 35 |
#3
Malwarebytes
www.malwarebytes.com -Protokolldetails- Scan-Datum: 03.03.17 Scan-Zeit: 01:42 Protokolldatei: Logfile.txt Administrator: Ja -Softwaredaten- Version: 3.0.6.1469 Komponentenversion: 1.0.75 Version des Aktualisierungspakets: 1.0.1409 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: TheRisingDoom\MP -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Ergebnis: Abgeschlossen Gescannte Objekte: 358066 Abgelaufene Zeit: 2 Min., 28 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 4 Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\833aba7126d40dde1c6c602b489cd056, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409 Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409 Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\Downloads, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409 Adware.ChinAd, C:\USERS\MP\APPDATA\LOCAL\TEMP\DMR, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409 Datei: 7 PUP.Optional.DownloadSponsor, C:\USERS\MP\APPDATA\LOCAL\TEMP\DMR\DMR_72.EXE, Keine Aktion durch Benutzer, [643], [373684],1.0.1409 Adware.ChinAd, C:\USERS\MP\APPDATA\LOCAL\TEMP\DMR\WYWEGPIBLBOGUNDG.DAT, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409 Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\833aba7126d40dde1c6c602b489cd056\SkypeSetup74Full.exe, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409 Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\ivlftkwokfzffemo.dat, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409 Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\lwfjtfuacmeqqknb.dat, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409 Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\wuiyrqmrznzmuncb.dat, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409 Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\ysibmbmuedafgbiv.dat, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409 Physischer Sektor: 0 (keine bösartigen Elemente erkannt) (end) |
|
|
||
03.03.2017, 09:04
Gesperrt
Beiträge: 8 |
#4
Guten Morgen,
also beim genaueren Durchsehen deines Hijack Logs und Malwarebytes Logs konnte ich jetzt nichts entdecken. Lediglich. Allerdings hast du Potentiell Unerwünschte Software wie z.B Toolbars anscheinend, schau mal in den Ordnern die unter "Ordner" bzw Datei am Ende gelistet sind nach Grüße |
|
|
||
03.03.2017, 19:27
Member
Themenstarter Beiträge: 35 |
#5
Guten Abend,
mhh das ulkige ist wenn ich den Pfad suche unter C existiert kein Ordner mit dem Namen AppData verwirrt mich ein wenig...??? Gruß |
|
|
||
05.03.2017, 17:59
Gesperrt
Beiträge: 8 |
#6
Hallo,
sie haben wahrscheinlich ihre Versteckten Dateien und Ordner ausgeblendet. Folgendermaßen schalten sie diese "an": -> Gehen sie in einen Beliebigen Ordner -> Drücken sie die Linke ALT Taste -> Oben sollten sie ein Menü sehen -> Dort auf "Extras" und dann auf "Ordneroptionen" -> Im neuen Fenster auf "Ansicht" -> Ganz nach unten Scrollen und den Blauen Kreis auf "Ausgeblendete Dateien, Ordner und Laufwerke anzeigen" stellen (einfach drauf klicken) -> Übernehmen Sie sollten nun den Appdata Ordner sehen Grüße |
|
|
||
06.03.2017, 22:39
Member
Themenstarter Beiträge: 35 |
#7
Guten Abend,
Danke schonmal dafür! Soweit so gut ich war im Temp Ordner drin, nun ist es aber sehr verwunderlich das ich den Ordner DMR nicht finden kann obwohl auch hier im Ordner die versteckten Ornder ja nun sichtbar sind da die Einstellung die wir grade vorgenommen haben da auch gelten. Meine Frage auch hier, braucht man eigentlich diesen Temp Ordner oder ist das eigentlich nur alles Müll?? Bei mir sind es fast 1 GB Daten... Greetz |
|
|
||
07.03.2017, 10:32
Gesperrt
Beiträge: 8 |
#8
Hallo,
teilweise braucht man die Daten darin ja. CC Cleaner kann hier helfen, "unnötige" Daten zu entfernen. Grüße |
|
|
||
seit zwei Tagen nun hab ich von Avira connect diese meldung bekommen
HTML/Infected.WebPage.Gen2 gefunden.
C:\Users\MP\AppData\Local\Mozilla\Firefox\Profiles\MMTKCuej.default\cache2\entries\F18F1562AB45C3A3D09377AB790B9CB5A1B0998C
Avira hat es in Quarantände verschoben und erneut einen Suchlauf ausgeführt. Soweit war das ok.
Ich habe dann versucht einfach die Temporären Dateien auf C zu bereinigen. Hat aber nichts genützt der trojaner war dennoch wieder da. Avira meldete sich nochmal mit dem gleichen.
Ich hoffe ihr könnt mir helfen?
Es ist schon lange her seitdem ich hier war.
Danke schonmal!!!
OTL logfile created on: 01.03.2017 20:53:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18537)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,98 Gb Total Physical Memory | 12,68 Gb Available Physical Memory | 79,34% Memory free
31,95 Gb Paging File | 28,41 Gb Available in Paging File | 88,90% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 238,96 Gb Free Space | 51,32% Space Free | Partition Type: NTFS
Drive D: | 931,29 Gb Total Space | 408,24 Gb Free Space | 43,84% Space Free | Partition Type: NTFS
Computer Name: THERISINGDOOM | User Name: MP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2017.03.01 20:50:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2017.01.20 19:39:19 | 000,425,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
PRC - [2017.01.20 19:39:13 | 000,425,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
PRC - [2017.01.20 19:39:10 | 015,547,328 | ---- | M] (Node.js) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
PRC - [2017.01.11 09:07:33 | 003,493,864 | ---- | M] () -- C:\Users\MP\AppData\Local\Amazon Music\Amazon Music Helper.exe
PRC - [2017.01.01 23:52:46 | 000,326,616 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
PRC - [2016.12.29 09:24:44 | 000,159,536 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
PRC - [2016.12.29 09:20:16 | 000,372,272 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
PRC - [2016.12.14 01:57:23 | 000,476,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2016.12.14 01:56:46 | 000,476,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2016.12.14 01:56:45 | 000,917,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2016.11.04 14:57:18 | 000,596,640 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2016.10.18 08:24:54 | 000,069,744 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
PRC - [2016.09.24 23:21:05 | 000,189,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
PRC - [2016.09.22 19:00:14 | 000,926,232 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2016.07.05 13:35:44 | 000,210,432 | ---- | M] (Geek Software GmbH) -- D:\Programme\PDF24\pdf24.exe
PRC - [2015.08.13 07:17:28 | 001,600,320 | ---- | M] (Razer Inc) -- C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe
PRC - [2015.02.04 17:51:05 | 000,076,152 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014.12.15 12:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) -- D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2014.09.28 18:06:44 | 004,838,816 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
PRC - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.08 12:15:50 | 001,581,056 | ---- | M] (Digital Data Communication Co., Ltd) -- C:\Program Files (x86)\LevelOne\Common\RaUI.exe
PRC - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\LevelOne\Common\RaRegistry.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2017.03.01 20:02:57 | 000,619,840 | ---- | M] () -- C:\Users\MP\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
MOD - [2017.01.20 19:39:13 | 003,774,400 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
MOD - [2017.01.20 19:39:12 | 000,900,032 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
MOD - [2017.01.20 19:39:11 | 000,018,880 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2017.01.20 14:36:22 | 002,808,888 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
MOD - [2017.01.20 14:36:22 | 000,537,656 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
MOD - [2017.01.20 14:36:21 | 001,066,552 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
MOD - [2017.01.20 14:36:21 | 001,014,840 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
MOD - [2017.01.20 14:36:21 | 000,518,200 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node
MOD - [2017.01.20 14:36:21 | 000,468,024 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
MOD - [2017.01.20 14:36:21 | 000,464,952 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node
MOD - [2017.01.20 14:36:21 | 000,384,568 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
MOD - [2017.01.20 14:36:21 | 000,366,136 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node
MOD - [2017.01.20 14:36:21 | 000,338,488 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
MOD - [2017.01.20 14:36:21 | 000,254,008 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
MOD - [2017.01.15 07:44:32 | 002,937,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c4402d4b4964c9abd161c185c85ba12a\System.IdentityModel.ni.dll
MOD - [2017.01.15 07:44:31 | 019,426,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c4175f38130bf0c2dac7b7837f82e00b\System.ServiceModel.ni.dll
MOD - [2017.01.15 07:44:21 | 000,390,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\a3c0852493c642a988e9840a24534619\System.Xml.Linq.ni.dll
MOD - [2017.01.15 07:44:05 | 000,183,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\1a50a8b002fc10cf93d63bea9cd7f83d\UIAutomationTypes.ni.dll
MOD - [2017.01.15 07:44:04 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\bfd90ce6cc9f7abe13deaa6ffb30d850\PresentationFramework-SystemXml.ni.dll
MOD - [2017.01.15 07:44:04 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\c97ee7f103537c8e918e10cb8afccd7b\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2017.01.15 00:17:49 | 019,076,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a38fec0cefab1f09ea34cdb8b1c0fcb0\PresentationFramework.ni.dll
MOD - [2017.01.15 00:17:42 | 011,559,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\c3c1053ed917afc9b7d4468a7291456c\PresentationCore.ni.dll
MOD - [2017.01.15 00:17:39 | 007,840,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4f33e4a12d701f157655f39825860335\System.Data.ni.dll
MOD - [2017.01.15 00:17:36 | 012,940,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0fab00859ac0f599e69bc12e0cc2c497\System.Windows.Forms.ni.dll
MOD - [2017.01.15 00:17:36 | 003,974,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\57ef31c77855c4fc6cb2f24942b0268c\WindowsBase.ni.dll
MOD - [2017.01.15 00:17:36 | 001,062,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\58c548e5e146aa6544f800cc8c96bcb7\System.ComponentModel.Composition.ni.dll
MOD - [2017.01.15 00:17:35 | 002,532,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\15a3e935f1f229a1b4a60f572db67e85\System.Data.Linq.ni.dll
MOD - [2017.01.15 00:17:35 | 000,974,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\e4b51f793514a0d7324ef02828145130\System.Configuration.ni.dll
MOD - [2017.01.15 00:17:34 | 007,500,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\6ad7bdc64040bfda8aa2c21b1e4394b0\System.Core.ni.dll
MOD - [2017.01.15 00:17:34 | 007,378,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\4d0104bb5509d906f129d54b070d1bd6\System.Xml.ni.dll
MOD - [2017.01.15 00:17:34 | 001,876,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\fa3dc2466256e6a142ad7475ca5a1890\System.Xaml.ni.dll
MOD - [2017.01.15 00:17:32 | 002,772,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\8d1828b7cc6780ad2eaca89d9b73af42\System.Runtime.Serialization.ni.dll
MOD - [2017.01.15 00:17:31 | 000,786,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\51bba9729fa33d00fb3f5498d07fbde0\System.ServiceModel.Internals.ni.dll
MOD - [2017.01.15 00:17:31 | 000,117,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\eb4c22a56dfee4cdbe62aae589add10a\SMDiagnostics.ni.dll
MOD - [2017.01.15 00:17:30 | 001,624,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c55a38896fef55fafafd1be9c8437243\System.Drawing.ni.dll
MOD - [2017.01.15 00:17:30 | 001,150,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\b20e452e941a29c33a7257c5681837aa\System.Management.ni.dll
MOD - [2017.01.15 00:17:30 | 000,521,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\0c93e4509cd540cef3d8bc4f53e16401\PresentationFramework.Aero.ni.dll
MOD - [2017.01.15 00:17:30 | 000,218,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\550a354017f012789f111e5f85dc6526\System.ServiceProcess.ni.dll
MOD - [2017.01.15 00:17:29 | 009,983,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e49af6abc3fb5dda64392cae6ca45db9\System.ni.dll
MOD - [2017.01.15 00:17:26 | 018,111,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\02795048c7ede81af33acdb56f905958\mscorlib.ni.dll
MOD - [2017.01.11 09:07:33 | 003,493,864 | ---- | M] () -- C:\Users\MP\AppData\Local\Amazon Music\Amazon Music Helper.exe
MOD - [2016.11.01 08:58:02 | 000,143,824 | ---- | M] () -- C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
MOD - [2016.10.13 17:46:31 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d6fe56971833ee905900c2d56bcfa5a3\IAStorUtil.ni.dll
MOD - [2016.10.12 20:23:02 | 003,352,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\01580d91c22f8e2cf9bc5f337b94025e\WindowsBase.ni.dll
MOD - [2016.05.11 10:29:09 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
MOD - [2016.05.11 10:28:55 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
MOD - [2016.05.11 10:28:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
MOD - [2016.05.11 10:28:49 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
MOD - [2016.05.11 10:28:47 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
MOD - [2016.05.11 10:28:39 | 007,996,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
MOD - [2015.01.12 03:26:34 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ac4c46817e44dd944492753e8c7be3e5\IAStorCommon.ni.dll
MOD - [2015.01.12 03:18:26 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014.09.28 17:59:56 | 000,019,872 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
MOD - [2013.07.08 13:49:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2013.07.08 13:49:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.08.20 21:59:58 | 000,860,160 | ---- | M] () -- C:\Program Files (x86)\LevelOne\Common\RaWLAPI.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe -- (NVIDIA Wireless Controller Service)
SRV:64bit: - [2016.11.12 20:08:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016.08.22 17:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015.01.13 23:15:22 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2014.09.16 14:29:34 | 000,028,848 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\RAPID\SamsungRapidSvc.exe -- (SamsungRapidSvc)
SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV - [2017.02.15 08:01:20 | 000,270,936 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017.02.10 00:13:21 | 000,462,784 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem)
SRV - [2017.01.29 13:47:57 | 002,183,696 | ---- | M] (Electronic Arts) [Auto | Stopped] -- C:\Program Files (x86)\Origin\OriginWebHelperService.exe -- (Origin Web Helper Service)
SRV - [2017.01.29 13:47:57 | 002,121,736 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2017.01.28 15:17:23 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017.01.20 19:39:19 | 000,425,408 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -- (NvTelemetryContainer)
SRV - [2017.01.20 19:39:14 | 000,462,784 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Programme\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerNetworkService)
SRV - [2017.01.20 19:39:14 | 000,462,784 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerLocalSystem)
SRV - [2017.01.19 02:30:28 | 001,464,096 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2017.01.16 08:22:44 | 000,317,400 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2016.12.29 09:20:16 | 000,372,272 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe -- (Avira.ServiceHost)
SRV - [2016.12.14 01:57:23 | 000,476,736 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2016.12.14 01:56:50 | 001,490,296 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2016.12.14 01:56:46 | 001,089,592 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe -- (AntiVirMailService)
SRV - [2016.12.14 01:56:46 | 000,476,736 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2016.11.29 22:34:16 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2016.10.18 08:24:54 | 000,069,744 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe -- (Razer Chroma SDK Service)
SRV - [2016.09.24 23:21:05 | 000,189,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
SRV - [2015.06.10 10:11:26 | 000,155,520 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2015.02.04 17:51:05 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014.12.15 12:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2009.07.14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\LevelOne\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\LevelOne\Common\RaRegistry.exe -- (RalinkRegistryWriter)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2017.01.24 00:04:54 | 000,217,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2017.01.20 19:39:20 | 000,057,792 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvhci.sys -- (nvvhci)
DRV:64bit: - [2017.01.06 02:10:32 | 000,047,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016.12.14 01:57:34 | 000,176,464 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2016.12.14 01:57:34 | 000,148,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2016.09.17 01:12:20 | 000,044,144 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
DRV:64bit: - [2016.05.11 00:31:55 | 000,079,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt)
DRV:64bit: - [2015.12.14 23:24:25 | 000,130,880 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
DRV:64bit: - [2015.09.16 23:27:47 | 000,030,424 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsomc.sys -- (ggsomc)
DRV:64bit: - [2015.09.16 23:27:47 | 000,016,088 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2014.11.24 10:23:23 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2014.09.16 14:31:02 | 000,111,280 | ---- | M] (Samsung Electronics Co., Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SamsungRapidFSFltr.sys -- (SamsungRapidFSFltr)
DRV:64bit: - [2014.09.16 14:30:16 | 000,268,976 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SamsungRapidDiskFltr.sys -- (SamsungRapidDiskFltr)
DRV:64bit: - [2014.08.15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.10.03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.04.26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.22 08:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010.08.10 10:29:16 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.09.11 13:25:00 | 000,737,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2017.01.20 19:38:53 | 000,027,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D 8C 31 96 F2 2D D0 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 90 7B 45 18 DF 9F D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.de,Bing,DuckDuckGo,eBay,LEO Eng-Deu,Wikipedia (de)"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "msn.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:51.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 51.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 51.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 51.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 51.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2015.01.12 00:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Extensions
[2016.11.21 21:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Firefox\Profiles\MMTKCuej.default\browser-extension-data
[2016.11.21 21:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Firefox\Profiles\MMTKCuej.default\browser-extension-data\abs@avira.com
[2017.02.09 10:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Firefox\Profiles\MMTKCuej.default\extensions
[2017.02.09 10:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Firefox\Profiles\MMTKCuej.default\extensions\trash
[2017.02.09 10:24:50 | 001,136,864 | ---- | M] () (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\MMTKCuej.default\extensions\abs@avira.com.xpi
[2016.11.21 21:30:25 | 001,167,023 | ---- | M] () (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\MMTKCuej.default\extensions\trash\abs@avira.com.xpi
[2017.02.26 13:00:54 | 000,005,527 | ---- | M] () (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\MMTKCuej.default\features\{4ab6bb16-9461-41cd-91fb-2a5851080f3c}\diagnostics@mozilla.org.xpi
[2017.02.26 13:00:55 | 000,008,857 | ---- | M] () (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\MMTKCuej.default\features\{4ab6bb16-9461-41cd-91fb-2a5851080f3c}\disableSHA1rollout@mozilla.org.xpi
[2017.02.26 13:00:54 | 000,005,336 | ---- | M] () (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\MMTKCuej.default\features\{4ab6bb16-9461-41cd-91fb-2a5851080f3c}\hsts-priming@mozilla.org.xpi
[2017.01.28 15:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SamsungRapidApp] C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kraken71ChromaHelper] C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe (Razer Inc)
O4 - HKLM..\Run: [PDFPrint] D:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKCU..\Run: [Amazon Music] C:\Users\MP\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81A34DA4-6688-4D08-9197-0AB9E56D2030}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE4519C9-2DC2-4313-B3E0-9F13CC8EF51F}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0db9b26d-4503-11e5-abaf-14dae944cfbd}\Shell - "" = AutoRun
O33 - MountPoints2\{0db9b26d-4503-11e5-abaf-14dae944cfbd}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{897ac2ff-99dc-11e4-bba3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{897ac2ff-99dc-11e4-bba3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{8efc1c05-6f36-11e5-81cd-14dae944cfbd}\Shell - "" = AutoRun
O33 - MountPoints2\{8efc1c05-6f36-11e5-81cd-14dae944cfbd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2017.03.01 20:03:01 | 000,000,000 | R--D | C] -- C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2017.02.25 12:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2017.03.01 20:11:16 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017.03.01 20:11:16 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017.03.01 20:09:21 | 001,619,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017.03.01 20:09:21 | 000,699,190 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2017.03.01 20:09:21 | 000,654,028 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017.03.01 20:09:21 | 000,149,330 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2017.03.01 20:09:21 | 000,121,900 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017.03.01 20:02:57 | 000,001,944 | ---- | M] () -- C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk
[2017.03.01 20:02:56 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2017.03.01 20:02:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017.03.01 20:02:46 | 4276,727,806 | -HS- | M] () -- C:\hiberfil.sys
[2017.03.01 09:10:31 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2017.02.24 23:48:44 | 000,000,219 | ---- | M] () -- C:\Users\MP\Desktop\Dota 2.url
[2017.02.24 10:02:44 | 926,315,819 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2017.02.12 19:22:58 | 000,017,454 | ---- | M] () -- C:\Users\MP\Desktop\Lebenslauf.odt
[2017.02.10 01:52:40 | 040,192,056 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2017.02.10 01:52:40 | 035,272,760 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2017.02.10 01:52:40 | 000,042,606 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2017.02.10 00:13:14 | 000,001,951 | ---- | M] () -- C:\Windows\NvContainerRecovery.bat
[2017.02.09 23:57:04 | 007,791,217 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2017.02.24 23:48:44 | 000,000,219 | ---- | C] () -- C:\Users\MP\Desktop\Dota 2.url
[2017.02.20 21:19:44 | 040,192,056 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2017.02.20 21:19:44 | 035,272,760 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2017.01.26 01:13:16 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-39-1.exe
[2017.01.26 01:12:46 | 000,326,656 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-39-1.dll
[2016.10.21 00:40:14 | 000,007,601 | ---- | C] () -- C:\Users\MP\AppData\Local\Resmon.ResmonCfg
[2016.05.17 22:36:55 | 000,051,920 | ---- | C] () -- C:\Windows\War3Unin.dat
[2016.03.10 21:43:54 | 000,326,656 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016.03.10 21:43:54 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016.02.14 02:47:02 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-0.dll
[2016.02.14 02:45:46 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
[2015.03.26 18:11:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.08.29 16:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.08.29 16:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2016.12.14 00:26:51 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Battle.net
[2015.01.27 22:04:54 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\OpenOffice
[2017.02.06 01:27:06 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Origin
[2015.01.25 12:59:10 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\TeamViewer
[2015.11.02 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\The Creative Assembly
[2016.11.07 23:29:33 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\TS3Client
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2015.01.11 23:12:27 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2015.09.05 19:37:11 | 000,000,000 | ---D | M] -- C:\Documents
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2015.01.11 23:12:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2015.01.11 23:27:16 | 000,000,000 | ---D | M] -- C:\Intel
[2015.01.12 00:25:37 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2016.09.14 06:47:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2016.11.19 23:15:23 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2016.10.18 19:10:59 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2015.01.11 23:12:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2015.01.11 23:45:41 | 000,000,000 | ---D | M] -- C:\RaidTool
[2015.01.11 23:12:17 | 000,000,000 | -HSD | M] -- C:\Recovery
[2017.03.01 20:55:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2015.01.11 23:12:22 | 000,000,000 | R--D | M] -- C:\Users
[2017.02.24 10:02:44 | 000,000,000 | ---D | M] -- C:\Windows
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2016.08.29 16:04:37 | 003,229,696 | ---- | M] (Microsoft Corporation) MD5=38AE1B3C38FAEF56FE4907922F0385BA -- C:\Windows\explorer.exe
[2016.08.29 16:04:37 | 003,229,696 | ---- | M] (Microsoft Corporation) MD5=38AE1B3C38FAEF56FE4907922F0385BA -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_b0517adca98752cc\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2016.08.29 15:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\SysWOW64\explorer.exe
[2016.08.29 15:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_baa6252edde814c7\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 16 bytes -> C:\Windows\Temp:$DATA
< End of report >