|
Plagegeister aller Art und deren Bekämpfung: Browser Hijacker nova.rumbler.ru gefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.01.2017, 13:24 | #1 |
| Browser Hijacker nova.rumbler.ru gefangen Hallo zusammen! Ich habe seit gestern Abend das Problem, das ich ständig auf nova.rambler.ru weitergeleitet werde, wenn ich etwas bei Google suche. Ich habe bereits mein Antivirenprogramm Sophos den Rechner durchscannen lassen, leider erfolglos. Zusätzlich habe ich es mit dem zurücksetzen von Chrome versucht, ebenfalls nur kurzzeitig von Erfolg gekrönt, wenn ich den Browser schließe und wieder öffne habe ich das gleiche Problem erneut. In der Registry finde ich manuell leider auch nichts, was auf nova.rambler.ru zu deuten scheint Kurz gesagt: HILFE ! /edit: Nutze Windows 10 64bit.... ^^" |
15.01.2017, 13:39 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser Hijacker nova.rumbler.ru gefangen+++ WICHTIGER HINWEIS +++ Während der Analyse und Bereinigung nimmst du KEINERLEI Änderungen auf eigene Faust vor, d.h. du installierst oder deinstallierst keine Software ohne Absprache. Auch veränderst du keine Systemeinstellungen, solange wir deinen Fall bearbeiten. Änderungen, Installationen oder Deinstallationen machst du AUSSCHLIESSLICH nur auf Anweisung! Es wird erforderlich sein, deinen Virenscanner zu deaktivieren und in bestimmten Fällen auch zu deinstallieren, damit vernünftig bereinigt werden kann. Dein System ist daher erst wenn wir hier fertig sind wieder für den alltäglichen Gebrauch wie surfen oder mailen von mir freigegeben. Gelesen und verstanden? Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
15.01.2017, 13:51 | #3 |
| Browser Hijacker nova.rumbler.ru gefangen Jawohl, gelesen und verstanden. Werde nichts machen, bis das Gerät wieder sauber ist und danach meine gesamten Passwörter ändern!
__________________FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-01-2017 durchgeführt von Sebastian (Administrator) auf MICASA (15-01-2017 13:15:44) Gestartet von C:\Users\Sebastian\Downloads Geladene Profile: Sebastian (Verfügbare Profile: Sebastian) Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited) C:\Program Files\Sophos\Sophos System Protection\ssp.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe (Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe (RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Pokki) C:\Users\Sebastian\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\System\3DG4me.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe (GOG.com) D:\GalaxyClient\GalaxyClient.exe (GOG.com) D:\GalaxyClient\GalaxyClient Helper.exe (GOG.com) D:\GalaxyClient\GalaxyClient Helper.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Users\Sebastian\AppData\Local\Temp\INS_713799e7.TMP (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (GOG.com) D:\GalaxyClient\GalaxyClient Helper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-15] (Realtek Semiconductor) HKLM\...\Run: [3DG4me] => C:\WINDOWS\System\3DG4me.exe [151552 2013-05-28] () HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1480176 2016-10-06] (Sophos Limited) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1207808 2016-12-09] (Cisco Systems, Inc.) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [Steam] => D:\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [GalaxyClient] => D:\GalaxyClient\GalaxyClient.exe [3971648 2017-01-15] (GOG.com) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [Spotify Web Helper] => C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-12] (Spotify Ltd) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [uTorrent] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2017-01-13] (BitTorrent Inc.) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [icq.desktop] => C:\Users\Sebastian\AppData\Roaming\ICQ\bin\icq.exe [30170328 2016-04-05] () HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [8608888 2016-12-13] (Sand Studio) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\sophos_detoured.dll [207864 2016-09-13] (Sophos Limited) ShellIconOverlayIdentifiers: [ MagentaOverlayIconCheck] -> {c80109bf-013d-343d-a627-d2a5213efafc} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ MagentaOverlayIconError] -> {bb6644a0-636d-3808-95f1-2e267c49e9c2} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ MagentaOverlayIconSync] -> {72dbcbb5-55c9-36cd-a56d-bb2491861618} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ MagentaOverlayIcon1] -> {8ec6dd7e-fece-30b6-a924-9f002415595d} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ MagentaOverlayIcon2] -> {b0211a8e-58b3-3932-9689-32d644a0828a} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ MagentaOverlayIcon3] -> {3465eba8-d186-3b9c-870b-0c418f7dd282} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ MagentaOverlayIcon4] -> {6f195ec8-0779-3aa2-85b3-a43e7f3ef055} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-06] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-06-22] () Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagentaCLOUD.lnk [2016-04-08] ShortcutTarget: MagentaCLOUD.lnk -> C:\Users\Sebastian\AppData\Roaming\Telekom\MagentaCloud\MagentaCloud.App.exe () CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4846ce9a-c26b-4d21-8f6a-68ce95eab118}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{afe46b60-ff9b-4cc6-bd16-17b4cc2fa14c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{cef7a83d-546a-42a1-9e7e-bf73509c81c0}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pesonal-spage.com/sall/ HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1585825436-704687126-3158100386-1001 -> {389BE386-6D17-4415-8E22-C27781DBF71C} URL = SearchScopes: HKU\S-1-5-21-1585825436-704687126-3158100386-1001 -> {4CADCACE-1FEB-11E5-825E-28C2DD30DC9C} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms} SearchScopes: HKU\S-1-5-21-1585825436-704687126-3158100386-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-11] (Microsoft Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-06] (LastPass) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-11] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-11] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-07] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-06] (LastPass) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-11] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-07] (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-06] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-06] (LastPass) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-11] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-11] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-11] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-11] (Microsoft Corporation) FireFox: ======== FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-06] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-07] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-06] (LastPass) FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-11] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-11] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1585825436-704687126-3158100386-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-01-09] () Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://google.de/", "hxxp://avg.nation.com/avgtbavg/search/home?cid={1E4F1280-4B18-46D1-9385-7068B2A90700}&mid=1f6a9e5389bc47d39c41d9a4ff3c6cf1-75473c4f0acddff29a510c8cda5f5cbfcb604a63&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2013-10-05 15:36:15&v=17.0.1.12&pid=nation&sg=&sap=hp&cmpid=0913b", "hxxp://homepage-web.com/?s=acer&m=start" CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default [2017-01-15] CHR Extension: (Google Präsentationen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-30] CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Adobe Acrobat) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-12] CHR Extension: (Google Tabellen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-30] CHR Extension: (Vysor) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-01-11] CHR Extension: (TinEye Reverse Image Search) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-08-27] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-09] CHR Extension: (Privacy Palette) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone [2015-06-30] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2016-01-03] CHR Extension: (Fast search) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-15] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30] CHR Extension: (Inbox by Gmail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-10-16] CHR Extension: (Chrome Media Router) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2016-01-03] ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [463112 2014-07-31] () S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-06-04] () S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-10-03] (BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation) S3 GalaxyClientService; D:\GalaxyClient\GalaxyClientService.exe [284224 2017-01-15] (GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-17] (GOG.com) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-06] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-06] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-01-06] (NVIDIA Corporation) S3 Origin Client Service; D:\Origin\OriginClientService.exe [2119688 2016-12-07] (Electronic Arts) S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [2180624 2016-12-07] (Electronic Arts) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-07-02] () R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [Datei ist nicht signiert] R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [229672 2016-09-13] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2016-09-13] (Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [780432 2016-10-06] (Sophos Limited) R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1379856 2016-09-04] (Sophos Limited) R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1805368 2016-09-04] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2016-09-13] (Sophos Limited) R2 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-09-12] (Sophos Limited) R2 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-09-12] (Sophos Limited) R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2016-09-13] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3644368 2016-09-13] (Sophos Limited) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2016-07-15] (ASRock Incorporation) R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.) S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-10-04] (BitRaider) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-06] (NVIDIA Corporation) R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [201168 2016-09-13] (Sophos Limited) S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2016-09-13] (Sophos Limited) S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [27904 2016-09-13] (Sophos Limited) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2016-09-13] (Sophos Limited) R3 USBADVAU; C:\WINDOWS\system32\drivers\cm11264.sys [4121088 2012-11-29] (C-Media Electronics Inc) S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [Datei ist nicht signiert] S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [Datei ist nicht signiert] S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-12-23] (Cisco Systems, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-01-15 13:15 - 2017-01-15 13:32 - 00029563 _____ C:\Users\Sebastian\Downloads\FRST.txt 2017-01-15 13:15 - 2017-01-15 13:15 - 00000000 ____D C:\FRST 2017-01-15 13:12 - 2017-01-15 13:14 - 02419200 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2017-01-15 10:57 - 2017-01-15 10:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-01-15 10:57 - 2016-12-11 19:23 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2017-01-15 10:57 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2017-01-15 10:57 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll 2017-01-15 10:57 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2017-01-15 10:57 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe 2017-01-15 10:54 - 2016-12-12 04:03 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00801560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00643928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00642392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00617696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00347072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2017-01-15 10:54 - 2016-12-12 04:03 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2017-01-15 10:44 - 2017-01-15 10:56 - 00000000 ____D C:\WINDOWS\LastGood 2017-01-15 10:44 - 2017-01-15 10:44 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-15 10:44 - 2017-01-06 02:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2017-01-15 10:44 - 2017-01-06 02:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2017-01-15 10:44 - 2017-01-06 02:10 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys 2017-01-15 10:44 - 2017-01-06 01:09 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat 2017-01-15 02:22 - 2016-11-09 16:52 - 08003880 _____ C:\Users\Sebastian\Desktop\tyranny_shortstories.pdf 2017-01-15 02:18 - 2017-01-15 03:53 - 117449122 _____ C:\Users\Sebastian\Downloads\tyranny_wallpapers.zip 2017-01-15 02:16 - 2017-01-15 02:21 - 06624854 _____ C:\Users\Sebastian\Downloads\tyranny_shortstories (2).zip 2017-01-15 02:08 - 2017-01-15 02:08 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\SPI 2017-01-15 02:08 - 2017-01-15 02:08 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Browsers 2017-01-14 22:21 - 2017-01-14 22:21 - 00000000 ____D C:\Users\Sebastian\.android 2017-01-14 22:15 - 2017-01-14 22:15 - 00000000 ____D C:\Users\Sebastian\Desktop\ADB 2017-01-14 01:11 - 2017-01-14 01:11 - 00000908 _____ C:\Users\Sebastian\Desktop\Tyranny.lnk 2017-01-13 20:46 - 2017-01-13 21:48 - 00000000 ____D C:\Users\Sebastian\Downloads\3DMGAME-Tyranny.Overlord.Edition.Cracked-3DM 2017-01-13 20:45 - 2017-01-13 21:03 - 00000000 ____D C:\Users\Sebastian\AppData\LocalLow\uTorrent 2017-01-13 19:12 - 2017-01-13 19:12 - 00000000 __SHD C:\Users\Sebastian\AppData\Roaming\wyUpdate AU 2017-01-12 22:37 - 2017-01-12 22:37 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2017-01-12 22:37 - 2017-01-12 22:37 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2017-01-12 13:11 - 2017-01-12 13:30 - 00019518 _____ C:\Users\Sebastian\Downloads\Kopie von 2017 BKT - Teilnehmerliste.xlsx 2017-01-11 17:12 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2017-01-11 17:12 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2017-01-11 17:12 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-01-11 17:12 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-01-11 17:12 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2017-01-11 17:12 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-01-11 17:12 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-01-11 17:12 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-01-11 17:12 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2017-01-11 17:12 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2017-01-11 17:12 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-01-11 17:12 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2017-01-11 17:12 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-01-11 17:12 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2017-01-11 17:12 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2017-01-11 17:12 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-01-11 17:12 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-01-11 17:12 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2017-01-11 17:12 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-01-11 17:12 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2017-01-11 17:12 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2017-01-11 17:12 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-01-11 17:12 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-01-11 17:12 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2017-01-11 17:12 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2017-01-11 17:12 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-01-11 17:12 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-01-11 17:12 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2017-01-11 17:12 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2017-01-11 17:12 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-01-11 17:12 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2017-01-11 17:12 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll 2017-01-11 17:12 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-01-11 17:12 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-01-11 17:12 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-01-11 17:12 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2017-01-11 17:12 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2017-01-11 17:12 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2017-01-11 17:12 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-01-11 17:12 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-01-11 17:12 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll 2017-01-11 17:12 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2017-01-11 17:12 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2017-01-11 17:12 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll 2017-01-11 17:12 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-01-11 17:12 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll 2017-01-11 17:12 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-01-11 17:12 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-01-11 17:12 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-01-11 17:12 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll 2017-01-11 17:12 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll 2017-01-11 17:12 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-01-11 17:12 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-01-11 17:12 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2017-01-11 17:12 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2017-01-11 17:12 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2017-01-11 17:12 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-01-11 17:12 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-01-11 17:12 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2017-01-11 17:12 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-01-11 17:11 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-01-11 17:11 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2017-01-11 17:11 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-01-11 17:11 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-01-11 17:11 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-01-11 17:11 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-01-11 17:11 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2017-01-11 17:11 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2017-01-11 17:11 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2017-01-11 17:11 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2017-01-11 17:11 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll 2017-01-11 17:11 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll 2017-01-11 17:11 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2017-01-11 17:11 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2017-01-11 17:11 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2017-01-11 17:11 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2017-01-11 17:11 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-01-11 17:11 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2017-01-11 17:11 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll 2017-01-11 17:11 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-01-11 17:11 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-01-11 17:11 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-01-11 17:11 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2017-01-11 17:11 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2017-01-11 17:11 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-01-11 17:11 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll 2017-01-11 17:11 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-01-11 17:11 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-01-11 17:11 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll 2017-01-11 17:11 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll 2017-01-11 17:11 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-01-11 17:11 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-01-11 17:11 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2017-01-11 17:11 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-01-11 17:11 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-01-11 17:11 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-01-11 17:11 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2017-01-11 17:11 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-01-11 17:11 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2017-01-11 17:11 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-01-11 17:11 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-01-11 17:11 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-01-11 17:11 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2017-01-11 17:11 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2017-01-11 17:11 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2017-01-11 17:11 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-01-11 17:11 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2017-01-11 17:11 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-01-11 17:11 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2017-01-11 17:11 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll 2017-01-11 17:11 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-01-11 17:11 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-01-11 17:11 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-01-11 17:11 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-01-11 17:11 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-01-11 17:11 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2017-01-11 17:11 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-01-11 17:11 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-01-11 17:11 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-01-11 17:11 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-01-11 17:11 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-01-11 17:11 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-01-11 17:11 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2017-01-11 17:11 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2017-01-11 17:11 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2017-01-11 17:11 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2017-01-11 17:11 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-01-11 17:11 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2017-01-11 17:11 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2017-01-11 17:11 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2017-01-11 17:11 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2017-01-11 17:11 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2017-01-11 17:11 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-01-11 17:11 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-01-11 17:11 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2017-01-11 17:11 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2017-01-11 17:11 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-01-11 17:11 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2017-01-11 17:11 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2017-01-11 17:11 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll 2017-01-11 17:11 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-01-11 17:11 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2017-01-11 17:11 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2017-01-11 17:11 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2017-01-11 17:11 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll 2017-01-11 17:11 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2017-01-11 17:11 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-01-11 17:11 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll 2017-01-11 17:11 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-01-11 17:11 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2017-01-11 17:11 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2017-01-11 17:11 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-01-11 17:11 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-01-11 17:11 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2017-01-11 17:11 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2017-01-11 17:11 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2017-01-11 17:11 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-01-11 17:11 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-01-11 17:11 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2017-01-11 17:11 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-01-11 17:11 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-01-11 17:11 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-01-11 17:11 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2017-01-11 17:11 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2017-01-11 17:11 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-01-11 17:11 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-01-11 10:41 - 2017-01-11 10:41 - 00002587 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2017-01-11 10:41 - 2017-01-11 10:41 - 00002583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2017-01-11 10:41 - 2017-01-11 10:41 - 00002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2017-01-11 10:41 - 2017-01-11 10:41 - 00002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2017-01-11 10:41 - 2017-01-11 10:41 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2017-01-11 10:41 - 2017-01-11 10:41 - 00002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk 2017-01-11 10:41 - 2017-01-11 10:41 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2017-01-11 10:41 - 2017-01-11 10:41 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2017-01-11 10:41 - 2017-01-11 10:41 - 00002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2017-01-11 10:41 - 2017-01-11 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools 2017-01-11 10:34 - 2017-01-11 10:34 - 00000000 ____D C:\Program Files\Microsoft Office 15 2017-01-10 16:10 - 2016-09-13 22:24 - 00047760 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys 2017-01-10 16:10 - 2016-09-13 22:24 - 00044304 _____ (Sophos Limited) C:\WINDOWS\system32\SophosBootTasks.exe 2017-01-10 10:47 - 2017-01-10 10:47 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Brice_Lambson 2017-01-10 10:45 - 2017-01-10 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows 2017-01-10 10:45 - 2017-01-10 10:45 - 00000000 ____D C:\Program Files\Image Resizer for Windows 2017-01-10 10:45 - 2017-01-10 10:45 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows 2017-01-10 10:44 - 2017-01-10 10:45 - 00887180 _____ (Brice Lambson) C:\Users\Sebastian\Downloads\ImageResizerSetup.exe 2017-01-10 09:55 - 2017-01-10 09:55 - 02558695 _____ C:\Users\Sebastian\Downloads\magentacloud-14.12 Knochenaugmentation .zip 2017-01-08 22:08 - 2017-01-08 22:08 - 00414657 _____ C:\Users\Sebastian\Desktop\10.1177_0022034514549378.pdf 2017-01-08 14:11 - 2017-01-08 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2017-01-08 14:07 - 2017-01-08 14:07 - 00000000 ____D C:\Users\Sebastian\.cisco 2017-01-08 14:05 - 2017-01-08 14:11 - 00000000 ____D C:\ProgramData\Cisco 2017-01-08 14:05 - 2017-01-08 14:11 - 00000000 ____D C:\Program Files (x86)\Cisco 2017-01-08 14:05 - 2017-01-08 14:05 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Cisco 2017-01-08 14:05 - 2016-12-09 16:43 - 00244032 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys 2017-01-02 23:44 - 2017-01-02 23:44 - 00226216 _____ C:\Users\Sebastian\Downloads\Parodontologische Epikrise cmd Sebastian Fox.pdf 2017-01-02 16:55 - 2017-01-02 16:55 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2016-12-28 13:29 - 2017-01-02 18:26 - 00000000 ____D C:\Users\Sebastian\Desktop\MUSIC 2016-12-20 13:10 - 2016-12-20 13:10 - 00053495 _____ C:\Users\Sebastian\Downloads\Begruessungsschreiben_Zusatzdienste-04.12.2014.pdf 2016-12-20 13:03 - 2016-12-20 13:03 - 00053048 _____ C:\Users\Sebastian\Downloads\Auftragsbestaetigung_Zusatzdienste-04.12.2014.pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-01-15 12:33 - 2016-10-17 12:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-01-15 12:25 - 2016-10-17 12:18 - 00000000 ____D C:\ProgramData\NVIDIA 2017-01-15 11:19 - 2016-05-29 11:44 - 00000000 ____D C:\Users\Sebastian\Documents\PCSX2 2017-01-15 10:58 - 2016-10-17 12:18 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-01-15 10:58 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-01-15 10:58 - 2016-07-15 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-01-15 10:50 - 2016-03-08 10:13 - 00000000 ____D C:\Users\Sebastian\Desktop\Seltene Proggis 2017-01-15 10:47 - 2016-07-17 11:48 - 01643192 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-01-15 10:47 - 2016-07-16 23:51 - 00590596 _____ C:\WINDOWS\system32\perfh007.dat 2017-01-15 10:47 - 2016-07-16 23:51 - 00115538 _____ C:\WINDOWS\system32\perfc007.dat 2017-01-15 10:45 - 2016-10-23 11:42 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-15 10:45 - 2016-07-15 18:29 - 00000000 ____D C:\Users\Sebastian\AppData\Local\NVIDIA 2017-01-15 10:44 - 2016-10-23 11:42 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-15 10:44 - 2016-10-23 11:42 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-15 10:44 - 2016-10-23 11:42 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-15 10:44 - 2016-10-23 11:42 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-15 10:44 - 2016-10-23 11:42 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-15 10:44 - 2016-10-17 12:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-01-15 10:44 - 2016-10-17 12:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-01-15 10:44 - 2016-07-15 18:29 - 00000000 ____D C:\Users\Sebastian\AppData\Local\NVIDIA Corporation 2017-01-15 02:25 - 2016-12-13 10:31 - 00000000 ____D C:\AirDroid 2017-01-15 02:25 - 2015-10-31 13:47 - 00000000 ____D C:\Users\Sebastian\Documents\AirDroid 2017-01-15 02:08 - 2016-07-11 10:54 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps 2017-01-15 02:08 - 2015-06-30 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2017-01-15 02:04 - 2015-07-01 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2017-01-15 01:17 - 2015-06-30 17:49 - 00000000 ____D C:\Users\Sebastian\AppData\Local\SweetLabs App Platform 2017-01-14 22:21 - 2016-10-17 12:21 - 00000000 ____D C:\Users\Sebastian 2017-01-14 20:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-01-14 13:16 - 2016-12-03 18:43 - 00003024 _____ C:\WINDOWS\System32\Tasks\AsrSP.exe 2017-01-14 13:13 - 2016-10-17 12:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-01-14 13:12 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-01-14 01:18 - 2016-01-28 00:24 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\uTorrent 2017-01-13 22:19 - 2015-07-04 19:32 - 00000000 ____D C:\Users\Sebastian\AppData\LocalLow\Obsidian Entertainment 2017-01-13 20:43 - 2016-03-08 10:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Usenet.nl 2017-01-13 20:42 - 2016-04-06 10:40 - 00000000 ____D C:\Users\Sebastian\Downloads\Usenet 2017-01-13 20:26 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-01-13 19:12 - 2015-07-01 04:56 - 00000000 ___RD C:\Users\Sebastian\MagentaCLOUD 2017-01-13 15:59 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache 2017-01-13 15:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-01-12 22:21 - 2015-09-03 11:47 - 00000000 ____D C:\Users\Sebastian\Desktop\Unikrams 2017-01-12 13:30 - 2015-06-30 17:51 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Packages 2017-01-12 13:18 - 2015-07-03 08:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-01-12 13:17 - 2016-02-07 10:33 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-12 13:16 - 2016-10-17 12:35 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-01-12 13:03 - 2016-04-27 06:56 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-01-11 20:14 - 2016-10-17 12:16 - 00353376 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-01-11 20:12 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-01-11 20:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-01-11 20:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-01-11 20:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-01-11 20:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-01-11 19:02 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-11 10:59 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-01-11 10:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-01-11 10:21 - 2015-06-30 17:59 - 00000000 __RDO C:\Users\Sebastian\OneDrive 2017-01-10 16:11 - 2015-08-12 22:07 - 00000000 ____D C:\ProgramData\Sophos 2017-01-10 15:58 - 2016-06-16 11:02 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\vlc 2017-01-10 10:45 - 2014-08-01 05:25 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-09 20:13 - 2015-06-30 18:48 - 00000000 ____D C:\Users\Sebastian\AppData\Local\CrashDumps 2017-01-09 15:17 - 2016-01-06 22:38 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Origin 2017-01-09 15:17 - 2016-01-06 22:37 - 00000000 ____D C:\ProgramData\Origin 2017-01-09 15:07 - 2015-09-28 05:19 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Ubisoft Game Launcher 2017-01-08 16:03 - 2016-08-01 21:01 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\dvdcss 2017-01-06 02:10 - 2016-10-23 11:42 - 01855544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2017-01-06 02:10 - 2016-10-23 11:42 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2017-01-06 02:10 - 2016-10-23 11:42 - 01454136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2017-01-06 02:10 - 2016-10-23 11:42 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2017-01-06 02:10 - 2016-10-23 11:42 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2017-01-06 02:10 - 2016-10-23 11:42 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2017-01-02 22:28 - 2015-07-04 19:44 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TS3Client 2017-01-02 18:04 - 2016-05-12 14:52 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\WhatsApp 2017-01-02 16:55 - 2016-07-17 12:09 - 00002435 _____ C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-23 00:13 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-12-23 00:13 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-21 06:04 - 2016-01-06 22:36 - 00000000 ____D C:\Users\Sebastian\AppData\Local\ElevatedDiagnostics 2016-12-20 13:19 - 2016-10-17 12:35 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-20 13:19 - 2016-10-17 12:35 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-20 13:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Tasks ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-03-06 19:27 - 2016-03-06 19:27 - 21405208 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-10-03 21:01 - 2015-10-04 10:00 - 0002067 _____ () C:\Users\Sebastian\AppData\Roaming\SpeedRunnersLog.txt 2016-07-15 18:40 - 2016-07-15 18:40 - 0000017 _____ () C:\Users\Sebastian\AppData\Local\resmon.resmoncfg 2015-08-26 10:03 - 2015-08-26 10:03 - 0005219 _____ () C:\Users\Sebastian\AppData\Local\transitiontransition_9237a2690e8a06e6e509f66bf7085492.ini 2015-07-03 08:34 - 2015-07-03 08:34 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-10-17 12:18 - 2016-10-17 12:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Sebastian\AppData\Local\Temp\Adblocker.exe C:\Users\Sebastian\AppData\Local\Temp\MMIns.exe C:\Users\Sebastian\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Sebastian\AppData\Local\Temp\nvStInst.exe C:\Users\Sebastian\AppData\Local\Temp\NvTelemetry.dll C:\Users\Sebastian\AppData\Local\Temp\NvTelemetryAPI32.dll C:\Users\Sebastian\AppData\Local\Temp\NvTelemetryAPI64.dll C:\Users\Sebastian\AppData\Local\Temp\octCEC7.tmp.exe C:\Users\Sebastian\AppData\Local\Temp\SetupScreenShared.exe C:\Users\Sebastian\AppData\Local\Temp\VideoBox.exe C:\Users\Sebastian\AppData\Local\Temp\wajam_install.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-01-06 18:17 ==================== Ende von FRST.txt ============================ |
15.01.2017, 13:52 | #4 |
| Browser Hijacker nova.rumbler.ru gefangen Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-01-2017 durchgeführt von Sebastian (15-01-2017 13:36:29) Gestartet von C:\Users\Sebastian\Downloads Windows 10 Home Version 1607 (X64) (2016-10-17 11:44:45) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1585825436-704687126-3158100386-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1585825436-704687126-3158100386-503 - Limited - Disabled) Gast (S-1-5-21-1585825436-704687126-3158100386-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1585825436-704687126-3158100386-1019 - Limited - Enabled) Sebastian (S-1-5-21-1585825436-704687126-3158100386-1001 - Administrator - Enabled) => C:\Users\Sebastian SophosSAUMICASA0 (S-1-5-21-1585825436-704687126-3158100386-1004 - Limited - Enabled) SophosSAUMICASA1 (S-1-5-21-1585825436-704687126-3158100386-1017 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Sophos Home (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Sophos Home (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) "Nero SoundTrax Help (x32 Version: 4.4.32.0 - Nero AG) Hidden µTorrent (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden AirDroid 3.2.0.0 (HKLM-x32\...\AirDroid) (Version: 3.2.0.0 - Sand Studio) Amazon Kindle (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon) AnimanicChat Version 4.2.365 (HKLM-x32\...\AnimanicChat_is1) (Version: 4.2.365 - ) Ansel (Version: 376.33 - NVIDIA Corporation) Hidden ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.) A-Tuning v2.0.271 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.271 - ASRock Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC) Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.) calibre 64bit (HKLM\...\{489E20EA-CCB7-4B03-A9A9-10BA7E460A21}) (Version: 2.66.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.05017 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.05017 - Cisco Systems, Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts) Core Temp 1.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.1 - Alcpu) Corel PaintShop Pro X7 (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation) Corel PaintShop Pro X7 (x32 Version: 17.0.0.199 - Corel Corporation) Hidden Curse Client (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse) Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version: - Eidos Montreal) Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts) Divinity: Original Sin Enhanced Edition (HKLM\...\Steam App 373420) (Version: - Larian Studios) DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment) EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version: - SEIKO EPSON Corporation) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Gwent (HKLM-x32\...\1971477531_is1) (Version: 2.0.0.0 - GOG.com) Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech) Heroes & Generals (HKLM\...\Steam App 227940) (Version: - Reto-Moto) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Host App Service (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\SweetLabs_AP) (Version: 0.269.8.114 - Pokki) Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Acer Incorporated) HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard) ICA (x32 Version: 17.0.0.199 - Corel Corporation) Hidden ICQ (Version 10.0.12027) (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\icq.desktop) (Version: 10.0.12027 - ICQ) Image Resizer for Windows (64 bit) (HKLM\...\{B6EFF29D-7CAB-4CE0-9FFC-3D55D27E948D}) (Version: 3.0.4442.6002 - Brice Lambson) Image Resizer for Windows (HKLM-x32\...\{14ebe571-096e-4cdd-8ee5-a2c0cc6b9b5e}) (Version: 3.0.4442.6002 - Brice Lambson) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Infix PDF Editor Version 7.0.5.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 7.0.5.0 - Iceni Technology) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden IPM_PSP_COM (x32 Version: 17.0.0.199 - Corel Corporation) Hidden IPM_PSP_COM64 (Version: 17.0.0.199 - Corel Corporation) Hidden Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Kingdom Come: Deliverance (Beta Access) (HKLM\...\Steam App 286860) (Version: - ) Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts) LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden MagentaCLOUD Software (HKLM-x32\...\{E9D2DFCA-ACCC-4D19-B0DA-9CD1DE76B2DA}) (Version: 5.2.0.0 - Deutsche Telekom AG) Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Mansions of Madness (HKLM\...\Steam App 478980) (Version: - Fantasy Flight Games) Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts) Master of Orion (HKLM-x32\...\Steam App 298050) (Version: - NGD Studios) Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden Nero 9 (HKLM-x32\...\{aa3bd892-e1e0-4873-a8b7-7c03975a475b}) (Version: - Nero AG) NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation) NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation) NVIDIA Grafiktreiber 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA Miracast Virtueller Ton 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 368.81 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (Version: 3.2.2.49 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.0.2.1 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.2 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.) PDF24 Creator 7.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version: - Obsidian Entertainment) Pokki Start Menu (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\SweetLabs_Start_Menu) (Version: 0.269.8.114 - Pokki) PSPPContent (x32 Version: 17.0.0.199 - Corel Corporation) Hidden PSPPHelp (x32 Version: 17.0.0.199 - Corel Corporation) Hidden PSPPro64 (Version: 17.0.0.199 - Corel Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.) Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse) Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version: - Square Enix) SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology) Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - ) Setup (x32 Version: 17.0.0.199 - Ihr Firmenname) Hidden Shadowrun: Hong Kong (HKLM-x32\...\Steam App 346940) (Version: - Harebrained Schemes) SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.2.2.49 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version: - Firaxis) Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version: - Firaxis Games) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Sophos Anti-Virus (HKLM-x32\...\{3B998572-90A5-4D61-9022-00B288DD755D}) (Version: 10.7.0.301 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.5.2.1 - Sophos Limited) Sophos Diagnostic Utility (HKLM-x32\...\{4627F5A1-E85A-4394-9DB3-875DF83AF6C2}) (Version: 1.13.0.4 - Sophos Limited) Sophos Home (HKLM-x32\...\{63F3BF88-DE8E-4B21-BB24-F64CE500308E}) (Version: 1.1.0.78 - Sophos Limited) Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.3.0.107 - Sophos Limited) Sophos System Protection (HKLM\...\{934BEF80-B9D1-4A86-8B42-D8A6716A8D27}) (Version: 2.6.0.71 - Sophos Limited) SoundTrax (x32 Version: 4.4.32.0 - Nero AG) Hidden Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version: - Bethesda Game Studios) The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom) Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft) Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version: - Creative Assembly) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft) Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - ) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) WhatsApp (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\WhatsApp) (Version: 0.2.2245 - WhatsApp) Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation) WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Wolcen: Lords of Mayhem (HKLM\...\Steam App 424370) (Version: - WOLCEN Studio) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {00F02F14-DE4B-4E6F-AA9B-1D2432DB25BC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-11] (Microsoft Corporation) Task: {0808349E-5446-43AA-9B70-87F3A995977F} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2014-03-03] (Acer Incorporated) Task: {10D838AC-36D5-48BD-8018-DEB637B03BF1} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-06] (NVIDIA Corporation) Task: {2038DE5D-86E9-4ADA-A81E-D85B2E4B77A3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-06] (NVIDIA Corporation) Task: {24E082F2-9ACD-4C4C-AFBE-105475BB95EF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {2865A78C-C913-4EF3-8895-D69C60316FDC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {2B85DB4A-A78E-4262-9BD1-CF0F8BA355B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.) Task: {320B7238-A78D-4BB8-A3D1-D6A4CD822057} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-06-08] (Acer Incorporated) Task: {32F981EB-6F99-4C70-ACD2-9E3408BBC372} - System32\Tasks\Update\SecUpdate => C:\Users\Sebastian\AppData\Roaming\svchost.exe <==== ACHTUNG Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {353D9464-75E2-4381-A08A-FB9A52667188} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {4354A565-40E2-4CE0-B0CE-FA61965DB292} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.) Task: {4CCA3664-5306-4441-A05B-FEE1B0944CA2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {50032F7A-5814-44FF-BC04-AD8B7E0E52D8} - System32\Tasks\{BE121B94-043A-49C6-B2BE-1333B2973479} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=prometheus --displayname="Overwatch" Task: {5597F99E-CAF5-4EFC-A3AE-65983DB37143} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {62967D05-79A7-4AA2-B25C-9D91D51D6393} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-06] (NVIDIA Corporation) Task: {689D66B7-07CC-43F4-8890-1C477FA735AC} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe Task: {79252ADA-73B4-4E07-8CDC-F7291F065563} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-06] (NVIDIA Corporation) Task: {799B1AFA-17B3-42AE-B5A9-301B858AF1D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd) Task: {7C59626F-CB46-48BD-84E8-00CBD1A7BEB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-11] (Microsoft Corporation) Task: {7D38A6E6-3915-4F47-B71E-F4FF052C2726} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {967F54D9-5DDF-4E34-B0D3-D4321D875F91} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-01-11] (Microsoft Corporation) Task: {A2AB4BD6-6239-464C-9EE5-36560B473C5D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {BE19FBD8-397A-4634-8B4C-CCAB2B64655B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {BEDB405D-600B-4EE6-AE3B-AB774DA16DE6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {C01A1739-AEC4-48E5-B0DB-28DEDFAEED6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {C757024D-8B2F-4F45-BC1B-76602C022477} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-06] (NVIDIA Corporation) Task: {C8F4BAFD-BDEF-4CDA-9E9F-6DFDAF2C7632} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation) Task: {C9E11438-0AE0-4686-8885-732FA9ADA86B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-06] (NVIDIA Corporation) Task: {CDBD533D-4B82-43F5-80E2-C90B6BD11C55} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-12-02] () Task: {D00FAF10-8977-4545-85D2-578B545DE28F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {D00FBD76-EE80-491D-B919-2819BF259886} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {D40E1AC1-72B2-45B0-A859-9DB3217D5F9B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {E5A832E2-20B3-405F-AD21-9425A5069C3C} - System32\Tasks\SweetLabs App Platform => C:\Users\Sebastian\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-11-16] (Pokki) Task: {E7B49752-54E9-4776-BE4F-69496A93EE5A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {EFAAE108-C311-470E-97E9-85E403679CF6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation) Task: {FFDDF89D-3299-44BD-BAF3-1E3CD4B792D1} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-06] (NVIDIA Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Vysоr.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.emorhc.bat () Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorеr.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.erolpxei.bat () Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Сhromе.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.emorhc.bat () Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internеt Ехрlоrer Вrowsеr.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.erolpxei.bat () Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\АirDroid.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.rehcnual.bat () Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Chromе.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.emorhc.bat () ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Vysor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gidgenkbbabolejbgbpnhbimgjbffefm ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 18:21 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-15 18:43 - 2014-07-31 15:17 - 00463112 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe 2016-11-05 21:05 - 2016-06-25 08:52 - 00018432 _____ () C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe 2016-12-14 18:21 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2017-01-02 16:54 - 2017-01-02 16:54 - 01678560 _____ () C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll 2016-10-17 13:11 - 2016-10-17 13:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 17:11 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-09-01 15:55 - 2013-05-28 17:56 - 00151552 _____ () C:\Windows\System\3DG4me.exe 2016-12-14 18:24 - 2016-12-14 18:24 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-12-14 18:24 - 2016-12-14 18:24 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-01-11 17:11 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-11 17:11 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-11 17:11 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-11 17:11 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-11 17:11 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-11 17:11 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-10-23 11:42 - 2017-01-06 02:10 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-10-23 11:42 - 2017-01-06 02:10 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-10-17 12:18 - 2016-12-11 19:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-12-14 18:24 - 2016-12-14 18:24 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2016-08-02 22:23 - 2016-09-13 22:24 - 00111400 _____ () C:\Program Files (x86)\Sophos\Sophos Anti-Virus\rkdisk.dll 2016-12-09 17:26 - 2016-12-09 17:26 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2016-11-05 21:05 - 2015-05-26 19:54 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll 2016-09-01 15:55 - 2012-06-06 10:56 - 00143360 _____ () C:\Windows\System\3DG4me.dll 2015-05-20 10:20 - 2013-09-16 05:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-10-26 23:18 - 2016-10-26 23:18 - 53018112 _____ () D:\GalaxyClient\libcef.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00507968 _____ () D:\GalaxyClient\PocoUtil.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 01076800 _____ () D:\GalaxyClient\PocoNet.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 01854528 _____ () D:\GalaxyClient\PocoData.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00393280 _____ () D:\GalaxyClient\PocoDataSQLite.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 01589312 _____ () D:\GalaxyClient\PocoFoundation.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00307776 _____ () D:\GalaxyClient\PocoNetSSL.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00330816 _____ () D:\GalaxyClient\PocoJSON.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00104000 _____ () D:\GalaxyClient\zlib.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00520768 _____ () D:\GalaxyClient\PocoXML.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00272448 _____ () D:\GalaxyClient\PocoZip.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00680000 _____ () D:\GalaxyClient\sqlite.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00157760 _____ () D:\GalaxyClient\PocoCrypto.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00425536 _____ () D:\GalaxyClient\pcre.dll 2017-01-15 01:58 - 2017-01-15 01:58 - 00152128 _____ () D:\GalaxyClient\expat.dll 2016-10-23 11:42 - 2017-01-06 02:10 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-10-23 11:42 - 2017-01-06 02:10 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2016-10-23 11:42 - 2017-01-06 02:10 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-10-23 11:42 - 2017-01-06 01:09 - 00527416 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-10-23 11:42 - 2017-01-06 01:09 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-10-23 11:42 - 2017-01-06 01:09 - 02807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-10-23 11:42 - 2017-01-06 01:09 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-10-23 11:42 - 2017-01-06 01:09 - 00449080 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-10-23 11:42 - 2017-01-06 01:09 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-10-23 11:42 - 2017-01-06 01:09 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2017-01-15 10:44 - 2017-01-06 01:09 - 00954816 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node 2016-10-26 23:18 - 2016-10-26 23:18 - 01738752 _____ () D:\GalaxyClient\libglesv2.dll 2016-10-26 23:18 - 2016-10-26 23:18 - 00078848 _____ () D:\GalaxyClient\libegl.dll 2016-10-23 11:42 - 2017-01-06 02:10 - 64246840 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2016-10-14 14:42 - 2016-10-14 14:42 - 40629032 _____ () C:\Program Files (x86)\Sophos\Sophos Home\libcef.dll 2016-10-14 14:42 - 2016-10-14 14:42 - 00956712 _____ () C:\Program Files (x86)\Sophos\Sophos Home\ffmpegsumo.dll 2016-12-15 15:32 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-15 15:32 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2016-12-13 19:13 - 2016-12-08 16:13 - 00656160 _____ () D:\Steam\SDL2.dll 2016-10-16 11:06 - 2016-09-01 02:02 - 04969248 _____ () D:\Steam\v8.dll 2017-01-02 17:42 - 2016-12-20 03:25 - 02322720 _____ () D:\Steam\video.dll 2016-10-16 11:06 - 2016-09-01 02:02 - 01563936 _____ () D:\Steam\icui18n.dll 2016-10-16 11:06 - 2016-09-01 02:02 - 01195296 _____ () D:\Steam\icuuc.dll 2016-10-16 11:05 - 2016-01-27 08:49 - 02549760 _____ () D:\Steam\libavcodec-56.dll 2016-10-16 11:05 - 2016-01-27 08:49 - 00491008 _____ () D:\Steam\libavformat-56.dll 2016-10-16 11:05 - 2016-01-27 08:49 - 00332800 _____ () D:\Steam\libavresample-2.dll 2016-10-16 11:05 - 2016-01-27 08:49 - 00442880 _____ () D:\Steam\libavutil-54.dll 2016-10-16 11:05 - 2016-01-27 08:49 - 00485888 _____ () D:\Steam\libswscale-3.dll 2017-01-02 17:42 - 2016-12-20 03:25 - 00838944 _____ () D:\Steam\bin\chromehtml.DLL 2016-10-16 11:05 - 2016-07-04 23:17 - 00266560 _____ () D:\Steam\openvr_api.dll 2016-12-13 19:13 - 2016-12-05 17:21 - 67304736 _____ () D:\Steam\bin\cef\cef.win7\libcef.dll 2016-10-16 11:05 - 2015-09-25 00:52 - 00119208 _____ () D:\Steam\winh264.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\Sebastian:Heroes & Generals [38] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2016-12-07 11:26 - 00003085 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 vortex.data.microsoft.com 0.0.0.0 vortex-win.data.microsoft.com 0.0.0.0 telecommand.telemetry.microsoft.com 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 0.0.0.0 oca.telemetry.microsoft.com 0.0.0.0 sqm.telemetry.microsoft.com 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 0.0.0.0 watson.telemetry.microsoft.com 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 0.0.0.0 redir.metaservices.microsoft.com 0.0.0.0 choice.microsoft.com 0.0.0.0 choice.microsoft.com.nsatc.net 0.0.0.0 wes.df.telemetry.microsoft.com 0.0.0.0 services.wes.df.telemetry.microsoft.com 0.0.0.0 sqm.df.telemetry.microsoft.com 0.0.0.0 telemetry.microsoft.com 0.0.0.0 watson.ppe.telemetry.microsoft.com 0.0.0.0 telemetry.appex.bing.net 0.0.0.0 telemetry.urs.microsoft.com 0.0.0.0 telemetry.appex.bing.net:443 0.0.0.0 settings-sandbox.data.microsoft.com 0.0.0.0 survey.watson.microsoft.com 0.0.0.0 watson.live.com 0.0.0.0 watson.microsoft.com 0.0.0.0 statsfe2.ws.microsoft.com 0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 0.0.0.0 compatexchange.cloudapp.net 0.0.0.0 a-0001.a-msedge.net 0.0.0.0 statsfe2.update.microsoft.com.akadns.net 0.0.0.0 sls.update.microsoft.com.akadns.net Da befinden sich 30 zusätzliche Einträge. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{bb17ab4f-846f-43cc-9156-6835177188f7}.png DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == HKLM\...\StartupApproved\StartupFolder: => "vpngui.exe.lnk" HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\StartupFolder: => "MagentaCLOUD.lnk" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "AcerPortal" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "GalaxyClient" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "HP Deskjet 3520 series (NET)" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "autoRunTest" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "icq.desktop" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "AirDroid 3" HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "OneDrive" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{1E2FCB30-188E-4064-B3E3-CDECF4A77BC9}] => D:\Steam\steamapps\common\How to Survive 2\Exe\Detect.exe FirewallRules: [{1D86337B-D945-4B6F-BDA5-4F02D5AFCD96}] => D:\Steam\steamapps\common\How to Survive 2\Exe\Detect.exe FirewallRules: [{96BC4FB7-7919-4C35-944D-350BF6720031}] => D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe FirewallRules: [{DA56D1F5-C267-417F-8091-658718E0A61A}] => D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe FirewallRules: [{6FA063BF-560B-41DB-A608-2BDE32B6BC80}] => D:\Steam\steamapps\common\How to Survive 2\Exe\Detect.exe FirewallRules: [{754C5186-84A8-4DFC-91C1-DB66C944E143}] => D:\Steam\steamapps\common\How to Survive 2\Exe\Detect.exe FirewallRules: [{D1593052-2167-44D5-AC6A-F214EFF3759B}] => D:\Steam\steamapps\common\How to Survive 2\Exe\HowToSurvive2.exe FirewallRules: [{DB2D85BD-0061-4E20-80DD-B7323F3C4D78}] => D:\Steam\steamapps\common\How to Survive 2\Exe\HowToSurvive2.exe FirewallRules: [{D9974259-2F1D-425A-A66F-A30329CF38F8}] => D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{447DE757-8F8D-4E82-8AFC-163A10B1C251}] => D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{FA8DE2EB-12FA-43F7-9C82-6A8734A4393F}] => D:\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe FirewallRules: [{7B6C33B0-FB82-43A2-A250-8A459736D7C3}] => D:\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe FirewallRules: [UDP Query User{CB20F2D2-A04C-4EBA-82F9-252C2F856F3D}D:\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe] => D:\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe FirewallRules: [TCP Query User{53701EF3-87E6-4AA4-87E3-ABFBD4E593DF}D:\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe] => D:\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe FirewallRules: [{50286E3B-8E36-414C-9BFC-B0458C58D174}] => D:\Steam\steamapps\common\Kingdom Come Deliverance\Bin\Win64\KingdomCome.exe FirewallRules: [{A415AEA0-AC37-4F94-9FEC-8541A03FFA7C}] => D:\Steam\steamapps\common\Kingdom Come Deliverance\Bin\Win64\KingdomCome.exe FirewallRules: [{0D04DD23-CACC-4A6D-BDA1-7826A0D0D395}] => D:\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe FirewallRules: [{3E257D4E-E632-48D7-A23A-71329A7E4E7C}] => D:\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe FirewallRules: [{E571D2BA-8496-4F5C-888B-4AABB2378B42}] => C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{E52CD804-4FF4-4CA7-A58E-CD8D417943ED}] => C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{F8146DE8-34D8-4D8A-AAA9-82783948D8B7}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{A9434915-3207-4FBA-A179-81C9054ECCEF}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{40FC94B5-E6D4-4003-834D-AFE6979337DE}] => D:\Steam\Steam.exe FirewallRules: [{64826A5F-81A8-4D33-9D4C-17EC5CE023E1}] => D:\Steam\Steam.exe FirewallRules: [{11ED5125-63F7-40AE-B49A-1FE6E421B7C4}] => D:\Steam\bin\steamwebhelper.exe FirewallRules: [{83B19263-5FB4-4055-B8E4-800472E5B7F7}] => D:\Steam\bin\steamwebhelper.exe FirewallRules: [{8CC69F9C-0FC7-45E6-84BC-CCDFD404E5FC}] => D:\Battle.net\Battle.net.exe FirewallRules: [{14634FAF-E8B2-427E-B3E5-31B0C31BD25A}] => D:\Battle.net\Battle.net.exe FirewallRules: [{F08CB014-20C2-4FD6-9190-DA7988FE6237}] => D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{4A1E334F-5EAE-47A1-804A-24C7D7076BFA}] => D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{97CA08B6-AD2D-44A5-A058-69AC3452B214}] => D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe FirewallRules: [{65B1B9B4-C260-4A07-A790-80C79AB4DB7B}] => D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe FirewallRules: [{7A3C1821-C450-4D82-AA03-6694B59C6438}] => D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe FirewallRules: [{5D7977EE-2587-4D92-8ED3-152C93D38D14}] => D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe FirewallRules: [{E71B900E-2431-46F6-BC22-E165851B19C1}] => C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{BDC4493D-DE85-4601-9092-432844F54343}] => C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{49536044-9D3C-4C9C-A432-F5F5E0A41FC3}] => C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{B4D87CB3-FB89-4579-8E42-8AE89A314666}] => C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{59C6A513-8B30-41D8-A569-C049BE95B31D}] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe FirewallRules: [{275E7FC1-9D7D-4701-B0EF-D6D8E83625FF}] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{A8B14BF4-FC01-47CC-AE2A-E2DFC50C8601}] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{83352639-0988-44A4-A0FA-E2D4C8807703}] => D:\The Secret World\ClientPatcher.exe FirewallRules: [{878F7B7B-7B63-44F1-82C5-5F0B59A86D37}] => D:\The Secret World\ClientPatcher.exe FirewallRules: [TCP Query User{F5C3513C-3A46-4A68-96DE-112FC9B7A9B3}C:\windows\syswow64\msiexec.exe] => C:\windows\syswow64\msiexec.exe FirewallRules: [UDP Query User{4C9C6C66-9995-4255-B2E9-27A622E8BB43}C:\windows\syswow64\msiexec.exe] => C:\windows\syswow64\msiexec.exe FirewallRules: [TCP Query User{752AA425-2EEB-4A30-AE58-ECB1093CEC9C}C:\users\sebastian\appdata\roaming\spotify\spotify.exe] => C:\users\sebastian\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{27A0D4E1-856D-42B8-80B4-4702FCC7AC57}C:\users\sebastian\appdata\roaming\spotify\spotify.exe] => C:\users\sebastian\appdata\roaming\spotify\spotify.exe FirewallRules: [{C8033AF6-FBA3-4902-9699-DB8F29C05F57}] => D:\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe FirewallRules: [{AE22A613-392C-4262-AC5E-FEB412153FF8}] => D:\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe FirewallRules: [TCP Query User{DD76B5B4-D07A-4B09-ABF0-CC2C1CC533E9}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe FirewallRules: [UDP Query User{F7F15F6F-13ED-41C4-8693-854350B77316}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe FirewallRules: [TCP Query User{3E354004-9268-458B-9A99-1FCED9BC2616}C:\users\sebastian\documents\octgn\octgn\octgn.exe] => C:\users\sebastian\documents\octgn\octgn\octgn.exe FirewallRules: [UDP Query User{400B5718-1B40-4855-90B4-30F9F513471C}C:\users\sebastian\documents\octgn\octgn\octgn.exe] => C:\users\sebastian\documents\octgn\octgn\octgn.exe FirewallRules: [TCP Query User{5FA96732-ABDF-495B-ACED-C315068CE662}C:\users\sebastian\documents\octgn\octgn\octgn.online.standaloneserver.exe] => C:\users\sebastian\documents\octgn\octgn\octgn.online.standaloneserver.exe FirewallRules: [UDP Query User{406450A6-8838-4830-80A5-6C0FC412D820}C:\users\sebastian\documents\octgn\octgn\octgn.online.standaloneserver.exe] => C:\users\sebastian\documents\octgn\octgn\octgn.online.standaloneserver.exe FirewallRules: [{ABC943DC-EDCD-4834-BB3D-87E96B7478D3}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{419D19DC-9CEC-47EC-B24F-9785AE2550EE}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [TCP Query User{5E898775-9F44-4C56-92B8-D1D5E3102A1E}C:\program files (x86)\airdroid\airdroid.exe] => C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [UDP Query User{83384FE7-0C39-4E68-B5A9-2265065AE523}C:\program files (x86)\airdroid\airdroid.exe] => C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [{E6757B03-4881-4C24-B433-B95D46973D5B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9BD03B36-BDE6-41F4-A2F6-A450558A9538}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{36B7A6DE-1A19-4556-8501-69D9386A7E31}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D4E2DC39-2B1F-4579-8D47-AD662567EC1B}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{6ADBBA35-D962-46A8-BFB8-DB9E3E4A65FC}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{8485B2A0-C9F8-4277-B724-5697659E6CCF}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{68A2A34D-BDEF-4901-B461-6909D53BF282}] => D:\Steam\steamapps\common\Magicka\Magicka.exe FirewallRules: [{683A8B75-1D2C-4AD3-BCF1-D95AE8F528F4}] => D:\Steam\steamapps\common\Magicka\Magicka.exe FirewallRules: [{5F00ADEC-8D64-4EE1-9BB8-66F0FC6AAA1C}] => D:\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe FirewallRules: [{CE697F2F-E8A6-4C14-9B80-3689B69FD7F6}] => D:\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe FirewallRules: [{F169CA40-D9C0-441C-8936-987B8D13E739}] => D:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe FirewallRules: [{9C49EC69-BA8C-49D4-8FA8-CAA9AB9A947E}] => D:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe FirewallRules: [{AB7388E9-13EA-49A5-9AF2-70D6A17DDF1F}] => D:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe FirewallRules: [{5270EEB3-B047-4917-A56F-2598C010E634}] => D:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe FirewallRules: [{24864E73-C3C3-4A9F-B444-BF5BEEA7EFF7}] => D:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe FirewallRules: [{AEF2FE6B-B6EA-4782-8388-168F5CF9489F}] => D:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe FirewallRules: [{360E5EE0-373F-4B5B-90C3-C606735B20C8}] => D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe FirewallRules: [{4EC1512D-7E5A-478E-AFF2-EED706A49E28}] => D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe FirewallRules: [TCP Query User{2C9C4554-1DB6-4774-B4E9-10A6C93E2AB7}D:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe] => D:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe FirewallRules: [UDP Query User{C5B58821-8763-4F7E-82D1-C7C8AD99A9DF}D:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe] => D:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe FirewallRules: [{ECD4C8F3-6821-492C-85FD-8F11DF298749}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{504ACAF4-9687-41A6-A705-1363B707C00F}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{150A4AEB-F4C3-4E92-B8B3-BEF67FCB2C65}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{652FBEF4-BF9C-4FAA-B4BB-BB75F5A7679E}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{85B39268-9006-4852-9253-ADC6B5FBCEB0}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F6CDDAA5-88A1-49AC-97CF-D4D3CC595BC7}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{B79D23D2-435B-4FA5-ADC7-00CF340B04E7}D:\steam\steamapps\common\dayz\dayz.exe] => D:\steam\steamapps\common\dayz\dayz.exe FirewallRules: [UDP Query User{BD223A38-745A-49A4-9E7B-4CEDBC60FBB5}D:\steam\steamapps\common\dayz\dayz.exe] => D:\steam\steamapps\common\dayz\dayz.exe FirewallRules: [TCP Query User{F9D09625-2A4C-432E-82F9-BC16604EB404}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{0B13E370-F5F8-4A7F-BD44-B8E02D769A86}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FC755AC1-4BE5-4D80-88A7-B5FE4B66A88C}] => D:\Steam\steamapps\common\Master of Orion\MasterOfOrion.exe FirewallRules: [{1D233D33-5AF8-499B-B5ED-53C7EBE86BDF}] => D:\Steam\steamapps\common\Master of Orion\MasterOfOrion.exe FirewallRules: [{F3E51548-9C74-4540-8556-68AD6805584E}] => D:\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [{91D19457-4724-447E-8657-82F862079FA1}] => D:\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [{1F1ABCED-8FED-4251-B186-BE2BD261A08D}] => D:\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [{CB1DF477-8C62-4653-932E-C9EAEA6835DB}] => D:\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [TCP Query User{5F045DA0-746C-45FE-B3A1-64AA872233B4}D:\steam\steamapps\common\total war warhammer\warhammer.exe] => D:\steam\steamapps\common\total war warhammer\warhammer.exe FirewallRules: [UDP Query User{0B9C5B8D-AF74-4E05-BD29-FC70AE576709}D:\steam\steamapps\common\total war warhammer\warhammer.exe] => D:\steam\steamapps\common\total war warhammer\warhammer.exe FirewallRules: [TCP Query User{6E995F57-FD6B-4103-B4B1-00ADFB7D3537}C:\program files (x86)\airdroid\airdroid.exe] => C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [UDP Query User{3A0457DE-F585-4B4C-AAFB-18454028B18C}C:\program files (x86)\airdroid\airdroid.exe] => C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [{CFE949C7-DEF8-4327-B83F-EBCCA68250EF}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{00C520C6-6352-47F0-ABAC-8EFC87226455}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{307DF031-DDE4-4BCE-97DF-B7419C15F55E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D5F685E7-B5C5-4EF7-A4DC-987F70CF6453}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BDCA39D0-25CD-4552-9297-6BD5708C6C20}] => D:\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe FirewallRules: [{B8950063-3A1F-4AFE-8158-5988296A97DC}] => D:\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe FirewallRules: [{E0379937-13F7-4682-A9FB-132CF0051966}] => D:\Steam\steamapps\common\How to Survive 2\Exe\HowToSurvive2.exe FirewallRules: [{82522F76-9015-432A-9678-B5ACC4A4D5C8}] => D:\Steam\steamapps\common\How to Survive 2\Exe\HowToSurvive2.exe FirewallRules: [{5B14A1AB-F510-4959-8A63-1E2A8DC1E1D4}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe FirewallRules: [{E2E03B96-686A-4E4A-AB08-7AFB08486890}] => D:\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe FirewallRules: [{27AF7F03-0254-4028-AE31-CBD6D3BA01E9}] => D:\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe FirewallRules: [{6CEC33C8-0BC4-4CF1-AA3F-3AC4896DE355}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe FirewallRules: [{AAD09435-7629-46A4-92C4-0BF4412D3E57}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe FirewallRules: [{85E83FF6-AB0D-43AA-B165-931E19250471}] => C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe FirewallRules: [{B12E5F70-9D93-4189-B27D-4BE89EFC8CF3}] => C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe FirewallRules: [TCP Query User{F4B46B22-43D3-4DF6-874C-D0F159BE2A62}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm.exe] => C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm.exe FirewallRules: [UDP Query User{698782D2-8C0D-4AF1-B3EB-80A824B89E25}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm.exe] => C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm.exe FirewallRules: [{C43E6989-9C85-4A70-B6D7-61ED93737D6D}] => D:\Steam\steamapps\common\Dishonored2\Dishonored2.exe FirewallRules: [{458AA6CC-4444-4158-85FB-CE84E47CE0DF}] => D:\Steam\steamapps\common\Dishonored2\Dishonored2.exe FirewallRules: [TCP Query User{013E6EC7-8959-4CE2-9B36-CCC02BE56538}C:\gog games\gwent\gwent.exe] => C:\gog games\gwent\gwent.exe FirewallRules: [UDP Query User{4A9B70CA-2449-4972-B9D1-793A6D2CD93C}C:\gog games\gwent\gwent.exe] => C:\gog games\gwent\gwent.exe FirewallRules: [TCP Query User{CC9B9F35-BC41-4777-A5B8-779DF526F3D1}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm.exe] => C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm.exe FirewallRules: [UDP Query User{BE5885CF-12CD-49DD-802E-60BC71F62B03}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm.exe] => C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm.exe FirewallRules: [{D924F747-86E8-4645-A559-58B710F021E2}] => D:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{3F37CB3F-D5B3-4EF5-B85B-A442B7A4A5E4}] => D:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{7011B0D9-8930-4B24-86BC-951C4C90E788}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{06569F85-BA34-46AA-84BE-C7152193AE5E}] => D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe FirewallRules: [{404E1F38-FD2F-479E-92C8-2BA1F73414D0}] => D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe FirewallRules: [{FD5A5B3F-4A66-4CD4-9E99-13D97711D4DF}] => D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe FirewallRules: [{91BD9679-40FE-4B72-8A69-73F4810D0E3A}] => D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe FirewallRules: [{FA75CE1F-835E-45F9-931E-3B86083C9F42}] => D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe FirewallRules: [{0BCEDA18-8A52-4A27-849B-5509A12519EA}] => D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe FirewallRules: [{E97D4C8C-F6EF-4404-B775-B94FA06FE8C4}] => D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe FirewallRules: [{6DD127F3-D9C4-47C0-8136-4E681535D2FC}] => D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe FirewallRules: [{28601C56-EBB8-4AA8-A69E-EF0676AE02B0}] => D:\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe FirewallRules: [{2F1B23F0-4F51-4300-8210-3D720633205B}] => D:\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe FirewallRules: [{D66D6626-C5E9-4649-95EE-74A638754DE8}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{6957B582-14D7-4264-8791-D8ADAEC5D1AB}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{679E17E2-6610-4666-8253-73381AFDBDB0}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{96B33869-E91C-4276-A2A3-B59FD1D3C24A}] => D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{B25458AF-5C54-4F72-95AD-469750094E46}] => D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{9C896262-4BE2-49D8-8BAB-2E9ED3626D79}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{F02C68A0-3A8A-4B5A-8AB7-AAF6E419E466}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{CB6A2BA9-4228-45EA-A75E-97C7C3BB3CC5}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{06667E90-F57E-413F-A88A-01CBDCEBE9F2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{92264551-342E-402E-81BD-252CE33441B0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe ==================== Wiederherstellungspunkte ========================= 21-12-2016 09:32:56 Windows Update 02-01-2017 16:55:59 Windows Update 05-01-2017 17:34:37 Windows Update 08-01-2017 14:04:39 Installed Cisco AnyConnect Secure Mobility Client 11-01-2017 17:12:57 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (01/15/2017 11:08:24 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\nero\nero 9\nero photosnap\PhotoSnap.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (01/15/2017 11:08:13 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (01/15/2017 11:08:13 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (01/15/2017 10:59:36 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\nero\nero 9\nero photosnap\PhotoSnap.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (01/15/2017 10:58:26 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (01/15/2017 10:58:20 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (01/15/2017 10:53:46 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\nero\nero 9\nero photosnap\PhotoSnap.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (01/15/2017 10:46:17 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (01/15/2017 10:46:09 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (01/14/2017 07:55:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvxdsync.exe, Version: 8.17.13.7619, Zeitstempel: 0x584051a5 Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x5825887f Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000f8283 ID des fehlerhaften Prozesses: 0xf1c Startzeit der fehlerhaften Anwendung: 0x01d26e5f9f79be9b Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: ddbc0567-bfc1-4089-bb19-6902af4fe57b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Systemfehler: ============= Error: (01/15/2017 01:00:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Nero BackItUp Scheduler 4.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/15/2017 12:45:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/15/2017 12:41:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} und der APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (01/15/2017 11:27:51 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} und der APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (01/14/2017 01:24:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (01/14/2017 01:21:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200b fehlgeschlagen: Hewlett-Packard - Imaging - Null Print - HP Deskjet 3520 series Error: (01/14/2017 01:17:20 PM) (Source: DCOM) (EventID: 10016) (User: MICASA) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Micasa\Sebastian" (SID: S-1-5-21-1585825436-704687126-3158100386-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (01/14/2017 01:17:20 PM) (Source: DCOM) (EventID: 10016) (User: MICASA) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Micasa\Sebastian" (SID: S-1-5-21-1585825436-704687126-3158100386-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (01/14/2017 01:17:20 PM) (Source: DCOM) (EventID: 10016) (User: MICASA) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Micasa\Sebastian" (SID: S-1-5-21-1585825436-704687126-3158100386-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (01/14/2017 01:17:19 PM) (Source: DCOM) (EventID: 10016) (User: MICASA) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Micasa\Sebastian" (SID: S-1-5-21-1585825436-704687126-3158100386-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. CodeIntegrity: =================================== Date: 2017-01-15 11:34:49.821 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-01-15 11:34:47.964 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-01-11 10:08:50.106 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-01-11 10:08:49.523 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz Prozentuale Nutzung des RAM: 49% Installierter physikalischer RAM: 8142.85 MB Verfügbarer physikalischer RAM: 4122.22 MB Summe virtueller Speicher: 9422.85 MB Verfügbarer virtueller Speicher: 4311 MB ==================== Laufwerke ================================ Drive c: (Acer) (Fixed) (Total:455.5 GB) (Free:221.51 GB) NTFS Drive d: (DATA) (Fixed) (Total:456.01 GB) (Free:188.13 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: DE6E102E) Partition: GPT. ==================== Ende von Addition.txt ============================ |
15.01.2017, 13:55 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser Hijacker nova.rumbler.ru gefangenZitat:
Lesestoff: Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2017, 14:05 | #6 |
| Browser Hijacker nova.rumbler.ru gefangen Entschuldige bitte, mea culpa, teste meistens darüber und hol es mir dann wenns gefällt. Ist entfernt, soll ich dir eine neue logfile posten? |
15.01.2017, 14:11 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser Hijacker nova.rumbler.ru gefangen Fürs testen gibt es Demoversionen. Ist das Programm auch deinstalliert worden?
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2017, 14:13 | #8 |
| Browser Hijacker nova.rumbler.ru gefangen Vollständig - dürftest es jetzt nur noch in meinen Steamapps finden. OT: Leider gibt es nicht mehr für alles eine Demoversion :-\ /edit: und die beiden anderen, die du finden dürftest, ebenso. |
15.01.2017, 14:18 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser Hijacker nova.rumbler.ru gefangen Gut ich hoffe du hast nix weiteres drauf was gecrackt ist... 1. Schritt: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers 2. Schritt: Kaspersky TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2017, 14:59 | #10 |
| Browser Hijacker nova.rumbler.ru gefangen Malwarebytes Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.01.15.03 rootkit: v2016.11.20.01 Windows 10 x64 NTFS Internet Explorer 11.576.14393.0 Sebastian :: MICASA [administrator] 15.01.2017 14:30:49 mbar-log-2017-01-15 (14-30-49).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 359519 Time elapsed: 22 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter 14:56:03.0689 0x32c0 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01 14:56:03.0689 0x32c0 UEFI system 14:56:07.0796 0x32c0 ============================================================ 14:56:07.0796 0x32c0 Current date / time: 2017/01/15 14:56:07.0796 14:56:07.0798 0x32c0 SystemInfo: 14:56:07.0798 0x32c0 14:56:07.0798 0x32c0 OS Version: 10.0.14393 ServicePack: 0.0 14:56:07.0798 0x32c0 Product type: Workstation 14:56:07.0798 0x32c0 ComputerName: MICASA 14:56:07.0799 0x32c0 UserName: Sebastian 14:56:07.0799 0x32c0 Windows directory: C:\WINDOWS 14:56:07.0799 0x32c0 System windows directory: C:\WINDOWS 14:56:07.0799 0x32c0 Running under WOW64 14:56:07.0799 0x32c0 Processor architecture: Intel x64 14:56:07.0799 0x32c0 Number of processors: 4 14:56:07.0799 0x32c0 Page size: 0x1000 14:56:07.0799 0x32c0 Boot type: Normal boot 14:56:07.0799 0x32c0 CodeIntegrityOptions = 0x00000001 14:56:07.0799 0x32c0 ============================================================ 14:56:08.0816 0x32c0 KLMD registered as C:\WINDOWS\system32\drivers\73121870.sys 14:56:08.0816 0x32c0 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19 14:56:09.0286 0x32c0 System UUID: {331859AA-1F7A-2436-C6F5-4682B1DA5DBB} 14:56:10.0080 0x32c0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:56:10.0088 0x32c0 ============================================================ 14:56:10.0088 0x32c0 \Device\Harddisk0\DR0: 14:56:10.0100 0x32c0 GPT partitions: 14:56:10.0130 0x32c0 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {810FC053-D3E1-4372-B567-5BBB3A6B8343}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x12C000 14:56:10.0130 0x32c0 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {EACFC1CF-161D-4FFC-96E6-6E3A267662E6}, Name: EFI system partition, StartLBA 0x12C800, BlocksNum 0x96000 14:56:10.0130 0x32c0 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {50677074-B3B7-4EF5-BF58-2A0B334B1279}, Name: Microsoft reserved partition, StartLBA 0x1C2800, BlocksNum 0x40000 14:56:10.0130 0x32c0 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {03B848BA-65FC-4BC2-B0BF-BC8D62CDB0EA}, Name: Basic data partition, StartLBA 0x202800, BlocksNum 0x38EFF000 14:56:10.0130 0x32c0 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {72AEAE8A-1F55-4F7F-B23B-28F3F667F176}, Name: Basic data partition, StartLBA 0x39101800, BlocksNum 0x39005000 14:56:10.0130 0x32c0 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {34A3AC33-CEA4-4964-A9BF-6A3AB06257D8}, Name: Basic data partition, StartLBA 0x72106800, BlocksNum 0x2600000 14:56:10.0130 0x32c0 MBR partitions: 14:56:10.0130 0x32c0 ============================================================ 14:56:10.0162 0x32c0 C: <-> \Device\Harddisk0\DR0\Partition4 14:56:10.0199 0x32c0 D: <-> \Device\Harddisk0\DR0\Partition5 14:56:10.0199 0x32c0 ============================================================ 14:56:10.0199 0x32c0 Initialize success 14:56:10.0199 0x32c0 ============================================================ 14:57:08.0099 0x2ab8 ============================================================ 14:57:08.0099 0x2ab8 Scan started 14:57:08.0099 0x2ab8 Mode: Manual; SigCheck; TDLFS; 14:57:08.0099 0x2ab8 ============================================================ 14:57:08.0099 0x2ab8 KSN ping started 14:57:08.0184 0x2ab8 KSN ping finished: true 14:57:11.0755 0x2ab8 ================ Scan system memory ======================== 14:57:11.0755 0x2ab8 System memory - ok 14:57:11.0755 0x2ab8 ================ Scan services ============================= 14:57:11.0863 0x2ab8 1394ohci - ok 14:57:11.0866 0x2ab8 3ware - ok 14:57:11.0874 0x2ab8 ACPI - ok 14:57:11.0877 0x2ab8 AcpiDev - ok 14:57:11.0889 0x2ab8 acpiex - ok 14:57:11.0892 0x2ab8 acpipagr - ok 14:57:11.0933 0x2ab8 AcpiPmi - ok 14:57:11.0935 0x2ab8 acpitime - ok 14:57:11.0979 0x2ab8 [ A4E1EA8C252B0974EE0810580E53047F, 3C9203F0276678001D1B7B0866D327F32A308B7123688A469FA69FBF4F48039A ] acsock C:\WINDOWS\system32\DRIVERS\acsock64.sys 14:57:12.0040 0x2ab8 acsock - ok 14:57:12.0120 0x2ab8 [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:57:12.0145 0x2ab8 AdobeARMservice - ok 14:57:12.0148 0x2ab8 ADP80XX - ok 14:57:12.0161 0x2ab8 AFD - ok 14:57:12.0168 0x2ab8 ahcache - ok 14:57:12.0184 0x2ab8 AJRouter - ok 14:57:12.0198 0x2ab8 ALG - ok 14:57:12.0200 0x2ab8 AmdK8 - ok 14:57:12.0202 0x2ab8 AmdPPM - ok 14:57:12.0204 0x2ab8 amdsata - ok 14:57:12.0206 0x2ab8 amdsbs - ok 14:57:12.0210 0x2ab8 amdxata - ok 14:57:12.0212 0x2ab8 AppID - ok 14:57:12.0214 0x2ab8 AppIDSvc - ok 14:57:12.0219 0x2ab8 Appinfo - ok 14:57:12.0223 0x2ab8 applockerfltr - ok 14:57:12.0238 0x2ab8 AppReadiness - ok 14:57:12.0265 0x2ab8 AppXSvc - ok 14:57:12.0267 0x2ab8 arcsas - ok 14:57:12.0318 0x2ab8 [ 1A234F4643F5658BAB07BFA611282267, F40435488389B4FB3B945CA21A8325A51E1B5F80F045AB019748D0EC66056A8B ] AsrDrv101 C:\Windows\SysWOW64\Drivers\AsrDrv101.sys 14:57:12.0328 0x2ab8 AsrDrv101 - ok 14:57:12.0362 0x2ab8 [ A16DACE95B82683C852CD18578162735, 6E3663B43FB18BFD3B47A63297FA251C467D7B3C7B70020FC87DEAD8F0882B37 ] ASRockIOMon C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe 14:57:12.0522 0x2ab8 ASRockIOMon - ok 14:57:12.0545 0x2ab8 [ A149C93231945A5118C63AEACA6D1E72, 60B28184585B389751FCF71651A139D74018DE04AEBF4A497835AF727B64BD53 ] AsrRamDisk C:\WINDOWS\system32\drivers\AsrRamDisk.sys 14:57:12.0555 0x2ab8 AsrRamDisk - ok 14:57:12.0557 0x2ab8 AsyncMac - ok 14:57:12.0561 0x2ab8 atapi - ok 14:57:12.0571 0x2ab8 AudioEndpointBuilder - ok 14:57:12.0592 0x2ab8 Audiosrv - ok 14:57:12.0594 0x2ab8 AxInstSV - ok 14:57:12.0597 0x2ab8 b06bdrv - ok 14:57:12.0599 0x2ab8 BasicDisplay - ok 14:57:12.0601 0x2ab8 BasicRender - ok 14:57:12.0604 0x2ab8 bcmfn - ok 14:57:12.0606 0x2ab8 bcmfn2 - ok 14:57:12.0624 0x2ab8 BDESVC - ok 14:57:12.0627 0x2ab8 Beep - ok 14:57:12.0695 0x2ab8 [ CE4DEB0464915A50371D1FCDD22BE6D0, 8CFDC981605DE5ED22DC07E892108445BDAE84FCACFAF2EB5E4417E0757B623D ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe 14:57:12.0861 0x2ab8 BEService - ok 14:57:12.0872 0x2ab8 BFE - ok 14:57:12.0874 0x2ab8 BITS - ok 14:57:12.0910 0x2ab8 [ 3F56903E124E820AEECE6D471583C6C1, B3C045AFACC8A8F5DC289ADE9ACFB2FE7F9CA24A900BBAED47E2A63837208CB3 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe 14:57:12.0974 0x2ab8 Bonjour Service - ok 14:57:12.0985 0x2ab8 bowser - ok 14:57:13.0051 0x2ab8 [ 7487B46E104303E247F68D485C12326F, BAC6A4FFD5B4009B4B673479630FAA2784618438925DFB6489F07BF163188114 ] BRDriver64_1_3_3_E02B25FC C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys 14:57:13.0063 0x2ab8 BRDriver64_1_3_3_E02B25FC - ok 14:57:13.0081 0x2ab8 BrokerInfrastructure - ok 14:57:13.0096 0x2ab8 Browser - ok 14:57:13.0124 0x2ab8 [ 448917845F097FCE9D4554C3D2001EF3, BDCBEC01579D7CF28963E4E13CDC5B26E4B69CA24FA2CC4D6E24CAE0DDBCB3FE ] BRSptStub C:\ProgramData\BitRaider\BRSptStub.exe 14:57:13.0170 0x2ab8 BRSptStub - ok 14:57:13.0182 0x2ab8 BthAvrcpTg - ok 14:57:13.0208 0x2ab8 BthEnum - ok 14:57:13.0211 0x2ab8 BthHFEnum - ok 14:57:13.0213 0x2ab8 bthhfhid - ok 14:57:13.0227 0x2ab8 BthHFSrv - ok 14:57:13.0230 0x2ab8 BTHMODEM - ok 14:57:13.0235 0x2ab8 BthPan - ok 14:57:13.0243 0x2ab8 BTHPORT - ok 14:57:13.0245 0x2ab8 bthserv - ok 14:57:13.0264 0x2ab8 BTHUSB - ok 14:57:13.0267 0x2ab8 buttonconverter - ok 14:57:13.0269 0x2ab8 CapImg - ok 14:57:13.0271 0x2ab8 cdfs - ok 14:57:13.0285 0x2ab8 CDPSvc - ok 14:57:13.0300 0x2ab8 CDPUserSvc - ok 14:57:13.0322 0x2ab8 cdrom - ok 14:57:13.0334 0x2ab8 CertPropSvc - ok 14:57:13.0337 0x2ab8 cht4iscsi - ok 14:57:13.0339 0x2ab8 cht4vbd - ok 14:57:13.0342 0x2ab8 circlass - ok 14:57:13.0359 0x2ab8 CLFS - ok 14:57:13.0483 0x2ab8 [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 14:57:13.0565 0x2ab8 ClickToRunSvc - ok 14:57:13.0575 0x2ab8 ClipSVC - ok 14:57:13.0592 0x2ab8 clreg - ok 14:57:13.0598 0x2ab8 CmBatt - ok 14:57:13.0600 0x2ab8 CNG - ok 14:57:13.0602 0x2ab8 cnghwassist - ok 14:57:13.0657 0x2ab8 CompositeBus - ok 14:57:13.0659 0x2ab8 COMSysApp - ok 14:57:13.0662 0x2ab8 condrv - ok 14:57:13.0677 0x2ab8 CoreMessagingRegistrar - ok 14:57:13.0681 0x2ab8 CryptSvc - ok 14:57:13.0683 0x2ab8 dam - ok 14:57:13.0693 0x2ab8 DcomLaunch - ok 14:57:13.0705 0x2ab8 DcpSvc - ok 14:57:13.0719 0x2ab8 defragsvc - ok 14:57:13.0732 0x2ab8 DeviceAssociationService - ok 14:57:13.0734 0x2ab8 DeviceInstall - ok 14:57:13.0742 0x2ab8 DevQueryBroker - ok 14:57:13.0745 0x2ab8 Dfsc - ok 14:57:13.0762 0x2ab8 [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys 14:57:13.0777 0x2ab8 dg_ssudbus - ok 14:57:13.0793 0x2ab8 Dhcp - ok 14:57:13.0830 0x2ab8 diagnosticshub.standardcollector.service - ok 14:57:13.0832 0x2ab8 disk - ok 14:57:13.0840 0x2ab8 DmEnrollmentSvc - ok 14:57:13.0844 0x2ab8 dmvsc - ok 14:57:13.0846 0x2ab8 dmwappushservice - ok 14:57:13.0859 0x2ab8 Dnscache - ok 14:57:13.0862 0x2ab8 dot3svc - ok 14:57:13.0864 0x2ab8 DPS - ok 14:57:13.0874 0x2ab8 drmkaud - ok 14:57:13.0877 0x2ab8 DsmSvc - ok 14:57:13.0878 0x2ab8 DsSvc - ok 14:57:13.0892 0x2ab8 DXGKrnl - ok 14:57:13.0895 0x2ab8 e1iexpress - ok 14:57:13.0897 0x2ab8 EapHost - ok 14:57:13.0899 0x2ab8 ebdrv - ok 14:57:13.0913 0x2ab8 EFS - ok 14:57:13.0915 0x2ab8 EhStorClass - ok 14:57:13.0923 0x2ab8 EhStorTcgDrv - ok 14:57:13.0933 0x2ab8 embeddedmode - ok 14:57:13.0943 0x2ab8 EntAppSvc - ok 14:57:13.0944 0x2ab8 ErrDev - ok 14:57:13.0948 0x2ab8 EventSystem - ok 14:57:13.0950 0x2ab8 exfat - ok 14:57:13.0953 0x2ab8 fastfat - ok 14:57:13.0965 0x2ab8 Fax - ok 14:57:13.0967 0x2ab8 fdc - ok 14:57:13.0969 0x2ab8 fdPHost - ok 14:57:13.0971 0x2ab8 FDResPub - ok 14:57:13.0985 0x2ab8 fhsvc - ok 14:57:13.0987 0x2ab8 FileCrypt - ok 14:57:13.0989 0x2ab8 FileInfo - ok 14:57:13.0991 0x2ab8 Filetrace - ok 14:57:13.0993 0x2ab8 flpydisk - ok 14:57:13.0996 0x2ab8 FltMgr - ok 14:57:14.0006 0x2ab8 FontCache - ok 14:57:14.0082 0x2ab8 FontCache3.0.0.0 - ok 14:57:14.0102 0x2ab8 FrameServer - ok 14:57:14.0104 0x2ab8 FsDepends - ok 14:57:14.0106 0x2ab8 Fs_Rec - ok 14:57:14.0109 0x2ab8 fvevol - ok 14:57:14.0157 0x2ab8 [ 11DD69E94F3B3F2614E88C5657011583, C87D588C3F6517F5ED42BB2512653E0D9860D98E043161686F3A4750F6ECBD40 ] GalaxyClientService D:\GalaxyClient\GalaxyClientService.exe 14:57:14.0207 0x2ab8 GalaxyClientService - ok 14:57:14.0394 0x2ab8 [ CB8157B535DA674CA6CBEBE7E3BD5268, 1028FDA5207E9CF412BB0B1F0B984FEFEE511EBF8BD353F392F7052B0021F531 ] GalaxyCommunication C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe 14:57:14.0709 0x2ab8 GalaxyCommunication - ok 14:57:14.0733 0x2ab8 gencounter - ok 14:57:14.0736 0x2ab8 genericusbfn - ok 14:57:14.0738 0x2ab8 GPIOClx0101 - ok 14:57:14.0744 0x2ab8 gpsvc - ok 14:57:14.0746 0x2ab8 GpuEnergyDrv - ok 14:57:14.0784 0x2ab8 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:57:14.0819 0x2ab8 gupdate - ok 14:57:14.0822 0x2ab8 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:57:14.0855 0x2ab8 gupdatem - ok 14:57:14.0858 0x2ab8 HDAudBus - ok 14:57:14.0860 0x2ab8 HidBatt - ok 14:57:14.0862 0x2ab8 HidBth - ok 14:57:14.0865 0x2ab8 hidi2c - ok 14:57:14.0867 0x2ab8 hidinterrupt - ok 14:57:14.0870 0x2ab8 HidIr - ok 14:57:14.0872 0x2ab8 hidserv - ok 14:57:14.0874 0x2ab8 HidUsb - ok 14:57:14.0884 0x2ab8 HomeGroupListener - ok 14:57:14.0889 0x2ab8 HomeGroupProvider - ok 14:57:14.0891 0x2ab8 HpSAMD - ok 14:57:14.0893 0x2ab8 HTTP - ok 14:57:14.0919 0x2ab8 HvHost - ok 14:57:14.0926 0x2ab8 hvservice - ok 14:57:14.0928 0x2ab8 hwpolicy - ok 14:57:14.0930 0x2ab8 hyperkbd - ok 14:57:14.0947 0x2ab8 i8042prt - ok 14:57:14.0949 0x2ab8 iagpio - ok 14:57:14.0951 0x2ab8 iai2c - ok 14:57:14.0953 0x2ab8 iaLPSS2i_GPIO2 - ok 14:57:14.0955 0x2ab8 iaLPSS2i_I2C - ok 14:57:14.0957 0x2ab8 iaLPSSi_GPIO - ok 14:57:14.0960 0x2ab8 iaLPSSi_I2C - ok 14:57:14.0962 0x2ab8 iaStorAV - ok 14:57:14.0964 0x2ab8 iaStorV - ok 14:57:14.0967 0x2ab8 ibbus - ok 14:57:15.0002 0x2ab8 [ E199288F016C354255C39A84378A48F6, 881B41D64D73F7A3A1680EDD68201E14AC5C60B848374EEAE44CCDDE46010E81 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe 14:57:15.0028 0x2ab8 ICCS - ok 14:57:15.0051 0x2ab8 icssvc - ok 14:57:15.0053 0x2ab8 IKEEXT - ok 14:57:15.0055 0x2ab8 IndirectKmd - ok 14:57:15.0157 0x2ab8 [ 7F08B78B1516626869FB44A61EFDF566, C585902D4F6E36A44097C192CCF19F1947F99C86A7BB77E83C0BE475F0151161 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys 14:57:15.0281 0x2ab8 IntcAzAudAddService - ok 14:57:15.0379 0x2ab8 [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 14:57:15.0453 0x2ab8 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 ) 14:57:16.0709 0x2ab8 Detect skipped due to KSN trusted 14:57:16.0709 0x2ab8 Intel(R) Capability Licensing Service Interface - ok 14:57:16.0732 0x2ab8 [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe 14:57:16.0764 0x2ab8 Intel(R) Capability Licensing Service TCP IP Interface - ok 14:57:16.0795 0x2ab8 [ DD73746062EAF2767EC84D995B50C977, FC06F843A400CDBC64ED2DC73A15DF4348D52D8D058A490E07363A8F4E9F6F7C ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe 14:57:16.0814 0x2ab8 Intel(R) PROSet Monitoring Service - ok 14:57:16.0826 0x2ab8 intelide - ok 14:57:16.0829 0x2ab8 intelpep - ok 14:57:16.0831 0x2ab8 intelppm - ok 14:57:16.0844 0x2ab8 iorate - ok 14:57:16.0846 0x2ab8 IpFilterDriver - ok 14:57:16.0864 0x2ab8 iphlpsvc - ok 14:57:16.0867 0x2ab8 IPMIDRV - ok 14:57:16.0869 0x2ab8 IPNAT - ok 14:57:16.0871 0x2ab8 irda - ok 14:57:16.0873 0x2ab8 IRENUM - ok 14:57:16.0892 0x2ab8 irmon - ok 14:57:16.0894 0x2ab8 isapnp - ok 14:57:16.0896 0x2ab8 iScsiPrt - ok 14:57:16.0923 0x2ab8 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 14:57:16.0955 0x2ab8 jhi_service - ok 14:57:16.0962 0x2ab8 kbdclass - ok 14:57:16.0964 0x2ab8 kbdhid - ok 14:57:16.0981 0x2ab8 kdnic - ok 14:57:16.0983 0x2ab8 KeyIso - ok 14:57:16.0985 0x2ab8 KSecDD - ok 14:57:16.0987 0x2ab8 KSecPkg - ok 14:57:16.0989 0x2ab8 ksthunk - ok 14:57:17.0006 0x2ab8 KtmRm - ok 14:57:17.0018 0x2ab8 LanmanServer - ok 14:57:17.0034 0x2ab8 LanmanWorkstation - ok 14:57:17.0037 0x2ab8 lfsvc - ok 14:57:17.0041 0x2ab8 LicenseManager - ok 14:57:17.0044 0x2ab8 lltdio - ok 14:57:17.0046 0x2ab8 lltdsvc - ok 14:57:17.0048 0x2ab8 lmhosts - ok 14:57:17.0089 0x2ab8 [ 3DE66F47365AA8CEB18B1EE272F4FEBA, 8DDD6AB4AEDE3B2FEA0D3B63DD24E3F3422D6ADE067756A3919FCED53C349167 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 14:57:17.0183 0x2ab8 LMS - ok 14:57:17.0186 0x2ab8 LSI_SAS - ok 14:57:17.0188 0x2ab8 LSI_SAS2i - ok 14:57:17.0191 0x2ab8 LSI_SAS3i - ok 14:57:17.0193 0x2ab8 LSI_SSS - ok 14:57:17.0208 0x2ab8 LSM - ok 14:57:17.0211 0x2ab8 luafv - ok 14:57:17.0214 0x2ab8 MapsBroker - ok 14:57:17.0216 0x2ab8 megasas - ok 14:57:17.0230 0x2ab8 megasas2i - ok 14:57:17.0232 0x2ab8 megasr - ok 14:57:17.0251 0x2ab8 [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys 14:57:17.0275 0x2ab8 MEIx64 - ok 14:57:17.0278 0x2ab8 MessagingService - ok 14:57:17.0298 0x2ab8 mlx4_bus - ok 14:57:17.0300 0x2ab8 MMCSS - ok 14:57:17.0302 0x2ab8 Modem - ok 14:57:17.0316 0x2ab8 monitor - ok 14:57:17.0318 0x2ab8 mouclass - ok 14:57:17.0320 0x2ab8 mouhid - ok 14:57:17.0322 0x2ab8 mountmgr - ok 14:57:17.0325 0x2ab8 mpsdrv - ok 14:57:17.0327 0x2ab8 MpsSvc - ok 14:57:17.0352 0x2ab8 MRxDAV - ok 14:57:17.0354 0x2ab8 mrxsmb - ok 14:57:17.0356 0x2ab8 mrxsmb10 - ok 14:57:17.0359 0x2ab8 mrxsmb20 - ok 14:57:17.0374 0x2ab8 MsBridge - ok 14:57:17.0384 0x2ab8 MSDTC - ok 14:57:17.0388 0x2ab8 Msfs - ok 14:57:17.0399 0x2ab8 msgpiowin32 - ok 14:57:17.0402 0x2ab8 mshidkmdf - ok 14:57:17.0404 0x2ab8 mshidumdf - ok 14:57:17.0406 0x2ab8 msisadrv - ok 14:57:17.0420 0x2ab8 MSiSCSI - ok 14:57:17.0422 0x2ab8 msiserver - ok 14:57:17.0424 0x2ab8 MSKSSRV - ok 14:57:17.0427 0x2ab8 MsLldp - ok 14:57:17.0429 0x2ab8 MSPCLOCK - ok 14:57:17.0431 0x2ab8 MSPQM - ok 14:57:17.0433 0x2ab8 MsRPC - ok 14:57:17.0436 0x2ab8 mssmbios - ok 14:57:17.0438 0x2ab8 MSTEE - ok 14:57:17.0440 0x2ab8 MTConfig - ok 14:57:17.0442 0x2ab8 Mup - ok 14:57:17.0445 0x2ab8 mvumis - ok 14:57:17.0457 0x2ab8 NativeWifiP - ok 14:57:17.0460 0x2ab8 NcaSvc - ok 14:57:17.0467 0x2ab8 NcbService - ok 14:57:17.0469 0x2ab8 NcdAutoSetup - ok 14:57:17.0472 0x2ab8 ndfltr - ok 14:57:17.0476 0x2ab8 NDIS - ok 14:57:17.0478 0x2ab8 NdisCap - ok 14:57:17.0496 0x2ab8 NdisImPlatform - ok 14:57:17.0498 0x2ab8 NdisTapi - ok 14:57:17.0500 0x2ab8 Ndisuio - ok 14:57:17.0502 0x2ab8 NdisVirtualBus - ok 14:57:17.0504 0x2ab8 NdisWan - ok 14:57:17.0507 0x2ab8 ndiswanlegacy - ok 14:57:17.0509 0x2ab8 ndproxy - ok 14:57:17.0511 0x2ab8 Ndu - ok 14:57:17.0588 0x2ab8 [ B90E093E7A7250906F1054418B5339C0, F9A0BAC5B4B29F14B5CACA1047F8928A495EFD56E485492BF71C856B296476D6 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 14:57:17.0636 0x2ab8 Nero BackItUp Scheduler 4.0 - ok 14:57:17.0639 0x2ab8 NetAdapterCx - ok 14:57:17.0641 0x2ab8 NetBIOS - ok 14:57:17.0645 0x2ab8 NetBT - ok 14:57:17.0647 0x2ab8 Netlogon - ok 14:57:17.0657 0x2ab8 Netman - ok 14:57:17.0660 0x2ab8 netprofm - ok 14:57:17.0667 0x2ab8 netr28ux - ok 14:57:17.0673 0x2ab8 NetSetupSvc - ok 14:57:17.0691 0x2ab8 NetTcpPortSharing - ok 14:57:17.0701 0x2ab8 NgcCtnrSvc - ok 14:57:17.0703 0x2ab8 NgcSvc - ok 14:57:17.0712 0x2ab8 NlaSvc - ok 14:57:17.0714 0x2ab8 Npfs - ok 14:57:17.0716 0x2ab8 npsvctrig - ok 14:57:17.0718 0x2ab8 nsi - ok 14:57:17.0720 0x2ab8 nsiproxy - ok 14:57:17.0732 0x2ab8 NTFS - ok 14:57:17.0734 0x2ab8 Null - ok 14:57:17.0768 0x2ab8 [ C93013BBB38330C73285547174F8FEE1, 2CCC8B1A868098EBEACF4D4E178002D382E9BB28CC0D57D76E0813C56DB1BC98 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe 14:57:17.0787 0x2ab8 NvContainerLocalSystem - ok 14:57:17.0818 0x2ab8 [ C93013BBB38330C73285547174F8FEE1, 2CCC8B1A868098EBEACF4D4E178002D382E9BB28CC0D57D76E0813C56DB1BC98 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe 14:57:17.0837 0x2ab8 NvContainerNetworkService - ok 14:57:17.0852 0x2ab8 [ 64DA1993B1973F049C1347DA1B05185E, 2A04E263DB13751D033E2F9B9518820CF4942EEAFA5A32488570EEB699EE2A96 ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys 14:57:17.0866 0x2ab8 NVHDA - ok 14:57:17.0891 0x2ab8 NVIDIA Wireless Controller Service - ok 14:57:18.0239 0x2ab8 [ 557A0393BDFED327968A9E695FB4CEBA, 76D39F74439205B5B614B0D99E9E10629738E00250A5E7FFEE50815F69EE70D0 ] nvlddmkm C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys 14:57:18.0674 0x2ab8 nvlddmkm - ok 14:57:18.0688 0x2ab8 nvraid - ok 14:57:18.0690 0x2ab8 nvstor - ok 14:57:18.0723 0x2ab8 [ 4F75E1292E95EBFAD3A0CABB0972F7B8, E4E3AC25AFA4949765F75777769310CB6200A5F537F56205960B40775282FEC0 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 14:57:18.0733 0x2ab8 NvStreamKms - ok 14:57:18.0795 0x2ab8 [ 4D205C0A3C0118D41361F945F337977E, DBEF90119B68EEC7FECBF73D64A0AD63401237048B104B4570E7CEC5D2F38E3A ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe 14:57:18.0899 0x2ab8 NvTelemetryContainer - ok 14:57:18.0921 0x2ab8 [ 54ABC4EA39DDE92977DCE644D325213A, D754E5D0418B3C48AD9988D1A2705975C78C8B87990E211651C388A76FB17E51 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys 14:57:18.0932 0x2ab8 nvvad_WaveExtensible - ok 14:57:18.0938 0x2ab8 [ B6704EE5A17116F0723014F0C3DA1954, 2319837173981DCC818E433AAE87A2BA7C90EAE43C6C218C18AD8353C4162114 ] nvvhci C:\WINDOWS\System32\drivers\nvvhci.sys 14:57:18.0949 0x2ab8 nvvhci - ok 14:57:18.0974 0x2ab8 OneSyncSvc - ok 14:57:19.0053 0x2ab8 [ AD851D818F399DD946A9C17AB2156F22, 4A541E7A3A3164581BFB9080DE0976E18F6DD00E39458EBBCBD3B2445708BEB5 ] Origin Client Service D:\Origin\OriginClientService.exe 14:57:19.0176 0x2ab8 Origin Client Service - ok 14:57:19.0227 0x2ab8 [ 788363C87EBD90AC1EAD2DC5A9A40759, B565663B459414C5C9F81451D9A127D62CDF605BC2A9E686F74A2E4FD44A9B43 ] Origin Web Helper Service D:\Origin\OriginWebHelperService.exe 14:57:19.0341 0x2ab8 Origin Web Helper Service - ok 14:57:19.0394 0x2ab8 [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:57:19.0445 0x2ab8 ose - ok 14:57:19.0461 0x2ab8 p2pimsvc - ok 14:57:19.0468 0x2ab8 p2psvc - ok 14:57:19.0470 0x2ab8 Parport - ok 14:57:19.0478 0x2ab8 partmgr - ok 14:57:19.0500 0x2ab8 PcaSvc - ok 14:57:19.0512 0x2ab8 pci - ok 14:57:19.0515 0x2ab8 pciide - ok 14:57:19.0517 0x2ab8 pcmcia - ok 14:57:19.0519 0x2ab8 pcw - ok 14:57:19.0524 0x2ab8 pdc - ok 14:57:19.0533 0x2ab8 PEAUTH - ok 14:57:19.0535 0x2ab8 percsas2i - ok 14:57:19.0537 0x2ab8 percsas3i - ok 14:57:19.0584 0x2ab8 PerfHost - ok 14:57:19.0629 0x2ab8 PhoneSvc - ok 14:57:19.0634 0x2ab8 PimIndexMaintenanceSvc - ok 14:57:19.0645 0x2ab8 pla - ok 14:57:19.0652 0x2ab8 PlugPlay - ok 14:57:19.0654 0x2ab8 PnkBstrA - ok 14:57:19.0657 0x2ab8 PNRPAutoReg - ok 14:57:19.0659 0x2ab8 PNRPsvc - ok 14:57:19.0665 0x2ab8 PolicyAgent - ok 14:57:19.0668 0x2ab8 Power - ok 14:57:19.0670 0x2ab8 PptpMiniport - ok 14:57:19.0771 0x2ab8 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll 14:57:19.0947 0x2ab8 PrintNotify - ok 14:57:19.0952 0x2ab8 Processor - ok 14:57:19.0964 0x2ab8 ProfSvc - ok 14:57:19.0966 0x2ab8 Psched - ok 14:57:19.0969 0x2ab8 QWAVE - ok 14:57:19.0971 0x2ab8 QWAVEdrv - ok 14:57:19.0973 0x2ab8 RasAcd - ok 14:57:20.0004 0x2ab8 RasAgileVpn - ok 14:57:20.0017 0x2ab8 RasAuto - ok 14:57:20.0019 0x2ab8 Rasl2tp - ok 14:57:20.0031 0x2ab8 RasMan - ok 14:57:20.0034 0x2ab8 RasPppoe - ok 14:57:20.0036 0x2ab8 RasSstp - ok 14:57:20.0038 0x2ab8 rdbss - ok 14:57:20.0056 0x2ab8 rdpbus - ok 14:57:20.0059 0x2ab8 RDPDR - ok 14:57:20.0082 0x2ab8 RdpVideoMiniport - ok 14:57:20.0085 0x2ab8 rdyboost - ok 14:57:20.0087 0x2ab8 ReFSv1 - ok 14:57:20.0089 0x2ab8 RemoteAccess - ok 14:57:20.0116 0x2ab8 [ 10E4D1F67A369A3F6E9CE00AC4A43BE0, D41D7DD9CBFB718AFE94883AE8E79832D4DA3321878BEAB81F4382DC1DFAB8A7 ] RemoteMouseService C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe 14:57:20.0166 0x2ab8 RemoteMouseService - detected UnsignedFile.Multi.Generic ( 1 ) 14:57:20.0429 0x2ab8 Detect skipped due to KSN trusted 14:57:20.0429 0x2ab8 RemoteMouseService - ok 14:57:20.0432 0x2ab8 RemoteRegistry - ok 14:57:20.0452 0x2ab8 RetailDemo - ok 14:57:20.0458 0x2ab8 RFCOMM - ok 14:57:20.0460 0x2ab8 RmSvc - ok 14:57:20.0463 0x2ab8 RpcEptMapper - ok 14:57:20.0474 0x2ab8 RpcLocator - ok 14:57:20.0477 0x2ab8 RpcSs - ok 14:57:20.0479 0x2ab8 rspndr - ok 14:57:20.0483 0x2ab8 s3cap - ok 14:57:20.0489 0x2ab8 SamSs - ok 14:57:20.0557 0x2ab8 [ D324EC7BE1510CE7171B06B8FA7FEDE1, 6C85F8F18C68ADA7C4A55E31F6FE66DF47B7E77B1D2AC7197938B8706FB914D2 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe 14:57:20.0595 0x2ab8 SAVAdminService - ok 14:57:20.0614 0x2ab8 [ 3B3437CBEADB5950665A037E9EE7AAF6, FFC568472B688EE6A3C40ED3EF40F100ECA76667D67A4E94D004888485CDFCE9 ] SAVOnAccess C:\WINDOWS\system32\DRIVERS\savonaccess.sys 14:57:20.0629 0x2ab8 SAVOnAccess - ok 14:57:20.0639 0x2ab8 [ CBD4FC747036459BA52C67BC0EFF92C2, C412999413AC096B7FE48C08FC3E1EE76CE00742B98AFB98EF7E1626889E560F ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe 14:57:20.0668 0x2ab8 SAVService - ok 14:57:20.0671 0x2ab8 sbp2port - ok 14:57:20.0678 0x2ab8 SCardSvr - ok 14:57:20.0698 0x2ab8 ScDeviceEnum - ok 14:57:20.0700 0x2ab8 scfilter - ok 14:57:20.0703 0x2ab8 Schedule - ok 14:57:20.0705 0x2ab8 scmbus - ok 14:57:20.0707 0x2ab8 scmdisk0101 - ok 14:57:20.0718 0x2ab8 SCPolicySvc - ok 14:57:20.0734 0x2ab8 sdbus - ok 14:57:20.0748 0x2ab8 [ 75B98959013B22F8F40C08095B8AB73C, EF608EFBF72AF48EFC9352FCEDF0523BDBA6055612FFD22654E3B241AA9C8033 ] sdcfilter C:\WINDOWS\system32\DRIVERS\sdcfilter.sys 14:57:20.0759 0x2ab8 sdcfilter - ok 14:57:20.0762 0x2ab8 SDRSVC - ok 14:57:20.0765 0x2ab8 sdstor - ok 14:57:20.0767 0x2ab8 seclogon - ok 14:57:20.0785 0x2ab8 SENS - ok 14:57:20.0788 0x2ab8 SensorDataService - ok 14:57:20.0791 0x2ab8 SensorService - ok 14:57:20.0794 0x2ab8 SensrSvc - ok 14:57:20.0796 0x2ab8 SerCx - ok 14:57:20.0798 0x2ab8 SerCx2 - ok 14:57:20.0801 0x2ab8 Serenum - ok 14:57:20.0804 0x2ab8 Serial - ok 14:57:20.0807 0x2ab8 sermouse - ok 14:57:20.0815 0x2ab8 SessionEnv - ok 14:57:20.0817 0x2ab8 sfloppy - ok 14:57:20.0834 0x2ab8 SharedAccess - ok 14:57:20.0844 0x2ab8 ShellHWDetection - ok 14:57:20.0866 0x2ab8 shpamsvc - ok 14:57:20.0869 0x2ab8 SiSRaid2 - ok 14:57:20.0871 0x2ab8 SiSRaid4 - ok 14:57:20.0895 0x2ab8 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 14:57:20.0931 0x2ab8 SkypeUpdate - ok 14:57:20.0934 0x2ab8 smphost - ok 14:57:20.0953 0x2ab8 SmsRouter - ok 14:57:20.0958 0x2ab8 SNMPTRAP - ok 14:57:20.0995 0x2ab8 [ C051B67548BBAFA9101B695C8C1F2F08, FFDE14BC6A7116A93CC2FACBC1BDE42CEE44CD0630BCB1AA856C22134DCBCB9F ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe 14:57:21.0063 0x2ab8 Sophos AutoUpdate Service - ok 14:57:21.0124 0x2ab8 [ 91C1C6631962C8D3A6CABFB901BFB607, C69053A07164C936C1FA30E17025AEE43F0CB0CC2ED0954CECB6E81C84F9669D ] Sophos MCS Agent C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe 14:57:21.0292 0x2ab8 Sophos MCS Agent - ok 14:57:21.0327 0x2ab8 [ 7A9AF7DE7A3C9A12B7A0129B9CD00523, 76863318F6D9BFBD8DD7E59F341F9D961C4715B83C325D8E6E098527767F337F ] Sophos MCS Client C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe 14:57:21.0527 0x2ab8 Sophos MCS Client - ok 14:57:21.0549 0x2ab8 [ 5861A2F04500F404AAC57CF323E3090C, 912FA7663573D044F57CDA29A122393E6E7BD6B90C8CBD2642DD6C6E105D34F9 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe 14:57:21.0602 0x2ab8 Sophos Web Control Service - ok 14:57:21.0615 0x2ab8 [ FFD056D55C46946ACA218F0A61DA2743, A9E3910EBEFC8674704F42C6D43A12A521C212B911D46FCD669D8AAFA8381C55 ] SophosBootDriver C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys 14:57:21.0626 0x2ab8 SophosBootDriver - ok 14:57:21.0682 0x2ab8 [ 410506D87F07AF40880BE50262C2D6C4, 7E8195A2028AD577C4E934AEDC1C296EAE06EDEB904EFA00A83B7E7D4D2F9361 ] SophosDataRecorderService C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe 14:57:21.0712 0x2ab8 SophosDataRecorderService - ok 14:57:21.0816 0x2ab8 [ C07BB5FFB85E64DF1AB67E17188DF22F, 322FD46C8694BA5DE88CCACFD8364F8A3397AA02C9FD5644333AE3D3BECA4ABB ] sophossps C:\Program Files\Sophos\Sophos System Protection\ssp.exe 14:57:21.0939 0x2ab8 sophossps - ok 14:57:21.0960 0x2ab8 spaceport - ok 14:57:21.0963 0x2ab8 SpbCx - ok 14:57:21.0965 0x2ab8 Spooler - ok 14:57:21.0967 0x2ab8 sppsvc - ok 14:57:21.0984 0x2ab8 srv - ok 14:57:21.0992 0x2ab8 srv2 - ok 14:57:21.0994 0x2ab8 srvnet - ok 14:57:22.0001 0x2ab8 SSDPSRV - ok 14:57:22.0003 0x2ab8 SstpSvc - ok 14:57:22.0035 0x2ab8 [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys 14:57:22.0049 0x2ab8 ssudmdm - ok 14:57:22.0058 0x2ab8 StateRepository - ok 14:57:22.0137 0x2ab8 [ 9867A86327E8AE3806305F1BCF01211A, CCDDB2560B30D27CE662F1B02710E1FAA9331E6A27D9A6629EEDED2CBA822062 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 14:57:22.0204 0x2ab8 Steam Client Service - ok 14:57:22.0208 0x2ab8 stexstor - ok 14:57:22.0230 0x2ab8 [ B11724BFE7DA1BA55903B4D849415F1A, ED09B6AD68C87FED34FC66CB6C7A74DFC3AF524E3BE89EDD18A5B6685F656ACA ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys 14:57:22.0320 0x2ab8 StillCam - ok 14:57:22.0336 0x2ab8 stisvc - ok 14:57:22.0345 0x2ab8 storahci - ok 14:57:22.0347 0x2ab8 storflt - ok 14:57:22.0351 0x2ab8 stornvme - ok 14:57:22.0353 0x2ab8 storqosflt - ok 14:57:22.0356 0x2ab8 StorSvc - ok 14:57:22.0359 0x2ab8 storufs - ok 14:57:22.0362 0x2ab8 storvsc - ok 14:57:22.0365 0x2ab8 svsvc - ok 14:57:22.0367 0x2ab8 swenum - ok 14:57:22.0396 0x2ab8 [ C60F83AC3A812324892B4E740F8C6E68, 5E54B92CE641458F649E8EB29752C38760CB2BAE7FBFBE921403CD31D81F9CDB ] swi_callout C:\WINDOWS\system32\DRIVERS\swi_callout.sys 14:57:22.0407 0x2ab8 swi_callout - ok 14:57:22.0423 0x2ab8 [ BE992FA01303BF02506D65511D308FC2, 5B37DEE85A6A4C1EFCC1CDBDFDE3366DDEF0D40B70105FCCBA816AE64377F73D ] swi_filter C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe 14:57:22.0585 0x2ab8 swi_filter - ok 14:57:22.0655 0x2ab8 [ DD8D59364AF34D7CDD562D5EA92DCF4D, 8C252E59D8ECF395807A9E801CF4393C70DE25BEF9CE80FDF4CE000C94852CFF ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe 14:57:22.0761 0x2ab8 swi_service - ok 14:57:22.0767 0x2ab8 swprv - ok 14:57:22.0791 0x2ab8 Synth3dVsc - ok 14:57:22.0793 0x2ab8 SysMain - ok 14:57:22.0811 0x2ab8 SystemEventsBroker - ok 14:57:22.0833 0x2ab8 TabletInputService - ok 14:57:22.0836 0x2ab8 TapiSrv - ok 14:57:22.0838 0x2ab8 Tcpip - ok 14:57:22.0841 0x2ab8 Tcpip6 - ok 14:57:22.0850 0x2ab8 tcpipreg - ok 14:57:22.0854 0x2ab8 tdx - ok 14:57:22.0979 0x2ab8 [ 2AA61246A5B813C1B12BCCFAA6F23DD8, 74EE3DB839A0F4BC781294803281DB2248D013B8808FF05F2EE9597C14C6FEED ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 14:57:23.0448 0x2ab8 TeamViewer - ok 14:57:23.0455 0x2ab8 terminpt - ok 14:57:23.0458 0x2ab8 TermService - ok 14:57:23.0476 0x2ab8 Themes - ok 14:57:23.0484 0x2ab8 TieringEngineService - ok 14:57:23.0486 0x2ab8 tiledatamodelsvc - ok 14:57:23.0489 0x2ab8 TimeBrokerSvc - ok 14:57:23.0492 0x2ab8 TPM - ok 14:57:23.0495 0x2ab8 TrkWks - ok 14:57:23.0522 0x2ab8 TrustedInstaller - ok 14:57:23.0526 0x2ab8 tsusbflt - ok 14:57:23.0530 0x2ab8 TsUsbGD - ok 14:57:23.0532 0x2ab8 tunnel - ok 14:57:23.0535 0x2ab8 tzautoupdate - ok 14:57:23.0538 0x2ab8 UASPStor - ok 14:57:23.0541 0x2ab8 UcmCx0101 - ok 14:57:23.0544 0x2ab8 UcmTcpciCx0101 - ok 14:57:23.0546 0x2ab8 UcmUcsi - ok 14:57:23.0549 0x2ab8 Ucx01000 - ok 14:57:23.0552 0x2ab8 UdeCx - ok 14:57:23.0554 0x2ab8 udfs - ok 14:57:23.0557 0x2ab8 UEFI - ok 14:57:23.0560 0x2ab8 Ufx01000 - ok 14:57:23.0562 0x2ab8 UfxChipidea - ok 14:57:23.0565 0x2ab8 ufxsynopsys - ok 14:57:23.0570 0x2ab8 UI0Detect - ok 14:57:23.0572 0x2ab8 umbus - ok 14:57:23.0575 0x2ab8 UmPass - ok 14:57:23.0578 0x2ab8 UmRdpService - ok 14:57:23.0581 0x2ab8 UnistoreSvc - ok 14:57:23.0591 0x2ab8 upnphost - ok 14:57:23.0593 0x2ab8 UrsChipidea - ok 14:57:23.0596 0x2ab8 UrsCx01000 - ok 14:57:23.0598 0x2ab8 UrsSynopsys - ok 14:57:23.0684 0x2ab8 [ 2F8AB74A6BB3040F4972F77F4B4EF623, 3EE892530419759B6A9A0A27B6EE9771820941B5B0C2A78A6E2606F6C8779ED4 ] USBADVAU C:\WINDOWS\system32\drivers\cm11264.sys 14:57:23.0877 0x2ab8 USBADVAU - ok 14:57:23.0883 0x2ab8 usbccgp - ok 14:57:23.0886 0x2ab8 usbcir - ok 14:57:23.0888 0x2ab8 usbehci - ok 14:57:23.0891 0x2ab8 usbhub - ok 14:57:23.0895 0x2ab8 USBHUB3 - ok 14:57:23.0897 0x2ab8 usbohci - ok 14:57:23.0900 0x2ab8 usbprint - ok 14:57:23.0902 0x2ab8 usbser - ok 14:57:23.0905 0x2ab8 USBSTOR - ok 14:57:23.0908 0x2ab8 usbuhci - ok 14:57:23.0911 0x2ab8 USBXHCI - ok 14:57:23.0914 0x2ab8 UserDataSvc - ok 14:57:23.0928 0x2ab8 UserManager - ok 14:57:23.0938 0x2ab8 UsoSvc - ok 14:57:23.0947 0x2ab8 VaultSvc - ok 14:57:23.0950 0x2ab8 vdrvroot - ok 14:57:23.0964 0x2ab8 vds - ok 14:57:23.0966 0x2ab8 VerifierExt - ok 14:57:23.0981 0x2ab8 [ E4DA1D85CCCB610DFF0C0E116900E17F, 874EB88B9E2743654094F04AB04C254BBDFBCDECBB200514E73F696098B847F3 ] vflt C:\WINDOWS\system32\DRIVERS\vfilter.sys 14:57:24.0022 0x2ab8 vflt - detected UnsignedFile.Multi.Generic ( 1 ) 14:57:24.0182 0x2ab8 Detect skipped due to KSN trusted 14:57:24.0182 0x2ab8 vflt - ok 14:57:24.0185 0x2ab8 vhdmp - ok 14:57:24.0187 0x2ab8 vhf - ok 14:57:24.0190 0x2ab8 vmbus - ok 14:57:24.0193 0x2ab8 VMBusHID - ok 14:57:24.0196 0x2ab8 vmgid - ok 14:57:24.0199 0x2ab8 vmicguestinterface - ok 14:57:24.0202 0x2ab8 vmicheartbeat - ok 14:57:24.0205 0x2ab8 vmickvpexchange - ok 14:57:24.0207 0x2ab8 vmicrdv - ok 14:57:24.0210 0x2ab8 vmicshutdown - ok 14:57:24.0213 0x2ab8 vmictimesync - ok 14:57:24.0215 0x2ab8 vmicvmsession - ok 14:57:24.0218 0x2ab8 vmicvss - ok 14:57:24.0235 0x2ab8 [ A99CA064AD11266FE7067A79BF78BBB5, B5AFFBA1A9A6E51639A89B9F6C0678E70F73D2BF37D5F88F4AD45DFC6798597D ] vnet C:\WINDOWS\System32\drivers\virtualnet.sys 14:57:24.0265 0x2ab8 vnet - detected UnsignedFile.Multi.Generic ( 1 ) 14:57:24.0796 0x2ab8 Detect skipped due to KSN trusted 14:57:24.0796 0x2ab8 vnet - ok 14:57:24.0799 0x2ab8 volmgr - ok 14:57:24.0801 0x2ab8 volmgrx - ok 14:57:24.0804 0x2ab8 volsnap - ok 14:57:24.0806 0x2ab8 volume - ok 14:57:24.0809 0x2ab8 vpci - ok 14:57:24.0849 0x2ab8 [ 0AC0A4E541EFB67A3D9FDEDEC54481E8, 959F42383AFCED701692AA47478EBF3ECF9E01C733D0442A4D6718FEC98E2E78 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 14:57:24.0886 0x2ab8 vpnagent - ok 14:57:24.0910 0x2ab8 [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva C:\WINDOWS\System32\drivers\vpnva64-6.sys 14:57:24.0930 0x2ab8 vpnva - ok 14:57:24.0932 0x2ab8 vsmraid - ok 14:57:24.0935 0x2ab8 VSS - ok 14:57:24.0938 0x2ab8 VSTXRAID - ok 14:57:24.0940 0x2ab8 vwifibus - ok 14:57:24.0943 0x2ab8 vwififlt - ok 14:57:24.0946 0x2ab8 vwifimp - ok 14:57:24.0962 0x2ab8 W32Time - ok 14:57:24.0964 0x2ab8 WacomPen - ok 14:57:24.0967 0x2ab8 WalletService - ok 14:57:24.0970 0x2ab8 wanarp - ok 14:57:24.0972 0x2ab8 wanarpv6 - ok 14:57:24.0975 0x2ab8 wbengine - ok 14:57:24.0990 0x2ab8 WbioSrvc - ok 14:57:24.0994 0x2ab8 wcifs - ok 14:57:24.0996 0x2ab8 Wcmsvc - ok 14:57:24.0999 0x2ab8 wcncsvc - ok 14:57:25.0001 0x2ab8 wcnfs - ok 14:57:25.0004 0x2ab8 WdBoot - ok 14:57:25.0007 0x2ab8 Wdf01000 - ok 14:57:25.0010 0x2ab8 WdFilter - ok 14:57:25.0013 0x2ab8 WdiServiceHost - ok 14:57:25.0016 0x2ab8 WdiSystemHost - ok 14:57:25.0019 0x2ab8 wdiwifi - ok 14:57:25.0021 0x2ab8 WdNisDrv - ok 14:57:25.0029 0x2ab8 WdNisSvc - ok 14:57:25.0032 0x2ab8 WebClient - ok 14:57:25.0035 0x2ab8 Wecsvc - ok 14:57:25.0053 0x2ab8 WEPHOSTSVC - ok 14:57:25.0056 0x2ab8 wercplsupport - ok 14:57:25.0059 0x2ab8 WerSvc - ok 14:57:25.0062 0x2ab8 WFPLWFS - ok 14:57:25.0065 0x2ab8 WiaRpc - ok 14:57:25.0068 0x2ab8 WIMMount - ok 14:57:25.0070 0x2ab8 WinDefend - ok 14:57:25.0077 0x2ab8 WindowsTrustedRT - ok 14:57:25.0080 0x2ab8 WindowsTrustedRTProxy - ok 14:57:25.0095 0x2ab8 WinHttpAutoProxySvc - ok 14:57:25.0098 0x2ab8 WinMad - ok 14:57:25.0128 0x2ab8 Winmgmt - ok 14:57:25.0157 0x2ab8 WinRM - ok 14:57:25.0163 0x2ab8 WINUSB - ok 14:57:25.0166 0x2ab8 WinVerbs - ok 14:57:25.0201 0x2ab8 wisvc - ok 14:57:25.0204 0x2ab8 WlanSvc - ok 14:57:25.0231 0x2ab8 wlidsvc - ok 14:57:25.0234 0x2ab8 WmiAcpi - ok 14:57:25.0239 0x2ab8 wmiApSrv - ok 14:57:25.0250 0x2ab8 WMPNetworkSvc - ok 14:57:25.0258 0x2ab8 Wof - ok 14:57:25.0283 0x2ab8 workfolderssvc - ok 14:57:25.0286 0x2ab8 WPDBusEnum - ok 14:57:25.0289 0x2ab8 WpdUpFltr - ok 14:57:25.0292 0x2ab8 WpnService - ok 14:57:25.0295 0x2ab8 WpnUserService - ok 14:57:25.0312 0x2ab8 ws2ifsl - ok 14:57:25.0327 0x2ab8 wscsvc - ok 14:57:25.0330 0x2ab8 WSDPrintDevice - ok 14:57:25.0334 0x2ab8 WSDScan - ok 14:57:25.0337 0x2ab8 WSearch - ok 14:57:25.0351 0x2ab8 wuauserv - ok 14:57:25.0353 0x2ab8 WudfPf - ok 14:57:25.0357 0x2ab8 WUDFRd - ok 14:57:25.0360 0x2ab8 wudfsvc - ok 14:57:25.0363 0x2ab8 WUDFWpdFs - ok 14:57:25.0366 0x2ab8 WUDFWpdMtp - ok 14:57:25.0384 0x2ab8 WwanSvc - ok 14:57:25.0387 0x2ab8 XblAuthManager - ok 14:57:25.0399 0x2ab8 XblGameSave - ok 14:57:25.0402 0x2ab8 xboxgip - ok 14:57:25.0406 0x2ab8 XboxNetApiSvc - ok 14:57:25.0423 0x2ab8 xinputhid - ok 14:57:25.0438 0x2ab8 xusb22 - ok 14:57:25.0439 0x2ab8 ================ Scan global =============================== 14:57:25.0478 0x2ab8 [ Global ] - ok 14:57:25.0478 0x2ab8 ================ Scan MBR ================================== 14:57:25.0511 0x2ab8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 14:57:25.0586 0x2ab8 \Device\Harddisk0\DR0 - ok 14:57:25.0586 0x2ab8 ================ Scan VBR ================================== 14:57:25.0588 0x2ab8 [ E53244C8EE35D6DDE71F4F149BE02A30 ] \Device\Harddisk0\DR0\Partition1 14:57:25.0589 0x2ab8 \Device\Harddisk0\DR0\Partition1 - ok 14:57:25.0614 0x2ab8 [ 487927010857CE87D8C677812E73775B ] \Device\Harddisk0\DR0\Partition2 14:57:25.0615 0x2ab8 \Device\Harddisk0\DR0\Partition2 - ok 14:57:25.0626 0x2ab8 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3 14:57:25.0626 0x2ab8 \Device\Harddisk0\DR0\Partition3 - ok 14:57:25.0637 0x2ab8 [ A2E1B881262A7E742A93F8B8C6EA524C ] \Device\Harddisk0\DR0\Partition4 14:57:25.0639 0x2ab8 \Device\Harddisk0\DR0\Partition4 - ok 14:57:25.0657 0x2ab8 [ DC90FFAE35040E47C043D2F2017C5BC7 ] \Device\Harddisk0\DR0\Partition5 14:57:25.0658 0x2ab8 \Device\Harddisk0\DR0\Partition5 - ok 14:57:25.0685 0x2ab8 [ 927FAED4DE249BB2F06C294F6C65477C ] \Device\Harddisk0\DR0\Partition6 14:57:25.0686 0x2ab8 \Device\Harddisk0\DR0\Partition6 - ok 14:57:25.0686 0x2ab8 ================ Scan generic autorun ====================== 14:57:25.0996 0x2ab8 [ 4878D4D36D683EBE2F1E5F83C6A3BDB3, 82DA7BFED5F61DF4B679B06339E4065CCE0DA0D6741287F93A2EF1BCC85AB1E1 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 14:57:26.0268 0x2ab8 RTHDVCPL - ok 14:57:26.0305 0x2ab8 [ F7ED64C9765A92B65F2E1868CFF7431A, 5EEFDB3B2C8CEF2C96BF39DE3E527D7D59845250B3861F6D42D7CC3CDA7C6769 ] C:\WINDOWS\System\3DG4me.exe 14:57:26.0473 0x2ab8 3DG4me - detected UnsignedFile.Multi.Generic ( 1 ) 14:57:26.0682 0x2ab8 3DG4me ( UnsignedFile.Multi.Generic ) - warning 14:57:26.0789 0x2ab8 ShadowPlay - ok 14:57:26.0847 0x2ab8 [ 793D7221E5EC69EA615349A13B702B8C, 1545C9634A6599FE4B35419B1B40932797FE2E7DF0B5F27D6698810CC075CF86 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 14:57:27.0049 0x2ab8 SunJavaUpdateSched - ok 14:57:27.0082 0x2ab8 [ CD0362AEE36CFE1EF5DF973230742E67, 9F1D8AD4E09D16C39CD6A35CB298456468C1808226FFA8AD65BF9562A6ECC07D ] C:\Program Files (x86)\PDF24\pdf24.exe 14:57:27.0124 0x2ab8 PDFPrint - ok 14:57:27.0201 0x2ab8 [ D1AC7398ACC4B9EEA26758124ABB1C43, 4CA3C434A985450C9D2628ECE033734323431996CA0C483955FE44B596A1FE0D ] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe 14:57:27.0249 0x2ab8 Sophos AutoUpdate Monitor - ok 14:57:27.0288 0x2ab8 [ 75A272C58A549AB33B5960B729C2BCF6, 089C5912B75747128E1C0D03AD91D2BC4A9E08745AFB0E5852F4792765D4C259 ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe 14:57:27.0326 0x2ab8 Cisco AnyConnect Secure Mobility Agent for Windows - ok 14:57:27.0381 0x2ab8 OneDriveSetup - ok 14:57:27.0382 0x2ab8 OneDriveSetup - ok 14:57:27.0431 0x2ab8 [ 92B29E6BE97F5B2C5894904D1447BBFE, C8BF1ABDC9EDE0264ED7A818F61BB84BA2D42F160FDEA45DE6ED6EF816A6425E ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 14:57:27.0480 0x2ab8 GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26 - ok 14:57:27.0574 0x2ab8 [ FF206944E3A8590FABE10FB2C321AA6D, 77C555667674C9E4473C64921C5F2A7D723FBE28A73EB5EBAA777CD04D11C06B ] D:\Steam\steam.exe 14:57:27.0707 0x2ab8 Steam - ok 14:57:27.0789 0x2ab8 [ C55C8610720CC75EE8358AF58BA520F1, 6B4A01AAB5C9340121A82A95AEAF92DA162C61013EE1684839A7AC22EAE435D0 ] D:\GalaxyClient\GalaxyClient.exe 14:57:27.0884 0x2ab8 GalaxyClient - ok 14:57:28.0000 0x2ab8 [ 67E3BD0F8FB0F39C241A2D60CC7D98EF, 09586F6A11AB10BBD38E8C44A88AFA9AD915981B908EEDA20B9AD2C34BFF7543 ] C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe 14:57:28.0139 0x2ab8 Spotify Web Helper - ok 14:57:28.0188 0x2ab8 [ 2287DAEA100837E40232FD9053F635D8, 8E905B8BC72F8DD6C7C71A7E04CD8D8EC1E9AD2B77EF5A48E089E439A75043D6 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE 14:57:28.0204 0x2ab8 EPLTarget\P0000000000000000 - ok 14:57:28.0273 0x2ab8 [ 309A0390822194B835DBBF1374718354, BE1021B9D5EA4C4180E752F21191BD21010298BB2545F3D725E71E913DB14808 ] C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe 14:57:29.0622 0x2ab8 uTorrent - ok 14:57:29.0663 0x2ab8 Skype - ok 14:57:29.0693 0x2ab8 icq.desktop - ok 14:57:29.0863 0x2ab8 [ ABD86DD5E75DC483D4A153B2CB506C4C, 6D20F343BBA0D0CD9D3B0B2BE2A2F18E4EA3E028E48B382B162BD0CDDD06E3AA ] C:\Program Files (x86)\AirDroid\AirDroid.exe 14:57:30.0170 0x2ab8 AirDroid 3 - ok 14:57:30.0361 0x2ab8 [ C4668A2D015BFC941394010662CC21CC, 971712B7C2B12C2931A26B39D7FEB8D1AE0FDF2CEE33A6DE28232DA669CADB16 ] C:\Program Files\CCleaner\CCleaner64.exe 14:57:30.0584 0x2ab8 CCleaner Monitoring - ok 14:57:30.0662 0x2ab8 [ 44348495F9D6ED21F4EFB3FF80677D99, 05B76248764B2BF7F9229626D7EFAFF96B724D38A82969EBE376CBE879E30450 ] C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\OneDrive.exe 14:57:30.0756 0x2ab8 OneDrive - ok 14:57:30.0838 0x2ab8 [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe 14:57:30.0929 0x2ab8 HP Deskjet 3520 series (NET) - ok 14:57:30.0931 0x2ab8 Waiting for KSN requests completion. In queue: 72 14:57:31.0999 0x2ab8 AV detected via SS2: Sophos Home, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe ( 10.7.0.0 ), 0x51000 ( enabled : updated ) 14:57:32.0017 0x2ab8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated ) 14:57:32.0032 0x2ab8 Win FW state via NFP2: enabled ( trusted ) 14:57:32.0132 0x2ab8 ============================================================ 14:57:32.0132 0x2ab8 Scan finished 14:57:32.0132 0x2ab8 ============================================================ 14:57:32.0137 0x2bdc Detected object count: 1 14:57:32.0137 0x2bdc Actual detected object count: 1 14:57:50.0261 0x2bdc 3DG4me ( UnsignedFile.Multi.Generic ) - skipped by user 14:57:50.0261 0x2bdc 3DG4me ( UnsignedFile.Multi.Generic ) - User select action: Skip |
15.01.2017, 15:01 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser Hijacker nova.rumbler.ru gefangen Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2017, 15:25 | #12 |
| Browser Hijacker nova.rumbler.ru gefangen AdwCleaner Code:
ATTFilter # AdwCleaner v6.042 - Bericht erstellt am 15/01/2017 um 15:15:58 # Aktualisiert am 06/01/2017 von Malwarebytes # Datenbank : 2017-01-15.1 [Server] # Betriebssystem : Windows 10 Home (X64) # Benutzername : Sebastian - MICASA # Gestartet von : C:\Users\Sebastian\Desktop\AdwCleaner_6.042.exe # Modus: Löschen # Unterstützung : https://www.malwarebytes.com/support ***** [ Dienste ] ***** ***** [ Ordner ] ***** [-] Ordner gelöscht: C:\Users\Sebastian\AppData\Local\SweetLabs App Platform [-] Ordner gelöscht: C:\ProgramData\pokki [#] Ordner mit Neustart gelöscht: C:\ProgramData\Pokki [-] Ordner gelöscht: C:\Users\Default User\AppData\Local\Pokki [#] Ordner mit Neustart gelöscht: C:\Users\Default\AppData\Local\Pokki [-] Ordner gelöscht: C:\Users\Sebastian\AppData\Roaming\browsers [-] Ordner gelöscht: C:\Users\Public\Pokki ***** [ Dateien ] ***** [-] Datei gelöscht: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk [-] Datei gelöscht: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** [-] Aufgabe gelöscht: SweetLabs App Platform [-] Aufgabe gelöscht: Software Update Application ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Classes\pokki [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Classes\pokki [#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\pokki [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474} [-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\SweetLabs App Platform [-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP [-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu [#] Schlüssel mit Neustart gelöscht: HKCU\Software\SweetLabs App Platform [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu [#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\SweetLabs App Platform [#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP [#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu [-] Daten wiederhergestellt: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Daten wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Daten wiederhergestellt: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4CADCACE-1FEB-11E5-825E-28C2DD30DC9C} [-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4CADCACE-1FEB-11E5-825E-28C2DD30DC9C} [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} [#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4CADCACE-1FEB-11E5-825E-28C2DD30DC9C} [#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} [-] Wert gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki] [-] Schlüssel gelöscht: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki [-] Schlüssel gelöscht: HKCU\Software\Classes\Directory\shell\pokki [-] Schlüssel gelöscht: HKCU\Software\Classes\Drive\shell\pokki [-] Schlüssel gelöscht: HKCU\Software\Classes\lnkfile\shell\pokki ***** [ Browser ] ***** [-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: hamachi.softonic.de [-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: anisearch.de [-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: sven-zw.softonic.de [-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Gelöscht: hxxp://homepage-web.com/?s=acer&m=start ************************* :: "Tracing" Schlüssel gelöscht :: Winsock Einstellungen zurückgesetzt :: Proxy Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [5437 Bytes] - [15/01/2017 15:15:57] C:\AdwCleaner\AdwCleaner[S0].txt - [5303 Bytes] - [15/01/2017 15:11:49] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5583 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 10 Home x64 Ran by Sebastian (Administrator) on 15.01.2017 at 15:20:42,75 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 5 Successfully deleted: C:\Users\Sebastian\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Sebastian\AppData\Roaming\speedrunnerslog.txt (File) Successfully deleted: C:\Users\Sebastian\AppData\Roaming\spi (Folder) Successfully deleted: C:\Users\Sebastian\AppData\Roaming\wyupdate au (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task) Registry: 2 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26 (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{389BE386-6D17-4415-8E22-C27781DBF71C} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15.01.2017 at 15:22:54,28 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
16.01.2017, 11:01 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser Hijacker nova.rumbler.ru gefangen einen neuen Lauf mit adwCleaner zur Kontrolle bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
16.01.2017, 12:28 | #14 |
| Browser Hijacker nova.rumbler.ru gefangen adwCleaner Code:
ATTFilter # AdwCleaner v6.042 - Bericht erstellt am 16/01/2017 um 12:23:29 # Aktualisiert am 06/01/2017 von Malwarebytes # Datenbank : 2017-01-15.1 [Lokal] # Betriebssystem : Windows 10 Home (X64) # Benutzername : Sebastian - MICASA # Gestartet von : C:\Users\Sebastian\Desktop\AdwCleaner_6.042.exe # Modus: Löschen # Unterstützung : https://www.malwarebytes.com/support ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** [-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Gelöscht: hxxp://homepage-web.com/?s=acer&m=start ************************* :: "Tracing" Schlüssel gelöscht :: Winsock Einstellungen zurückgesetzt :: Proxy Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [5694 Bytes] - [15/01/2017 15:15:57] C:\AdwCleaner\AdwCleaner[C2].txt - [1142 Bytes] - [16/01/2017 12:23:29] C:\AdwCleaner\AdwCleaner[S0].txt - [5303 Bytes] - [15/01/2017 15:11:49] C:\AdwCleaner\AdwCleaner[S1].txt - [1573 Bytes] - [16/01/2017 11:59:51] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1361 Bytes] ########## |
16.01.2017, 13:32 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser Hijacker nova.rumbler.ru gefangen Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Browser Hijacker nova.rumbler.ru gefangen |
antivirenprogramm, browser, browser hijacker, ebenfalls, gefangen, gen, gestern, google, hallo zusammen, hijacker, kurzzeitig, manuell, nichts, nova.rambler.ru, problem, programm, rechner, registry, schei, schließe, sophos, versucht, weitergeleitet, zurücksetzen, zusammen, zusätzlich |