GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen

M-K-D-B · 18.02.2017, 14:58

Servus,

wir beschränken uns jetzt auf den MSI Laptop, von dem du bereits die FRST Logdateien geschickt hast.

Wieso führst du AdwCleaner nochmal aus?

Zitat:

# AdwCleaner v6.043 - Bericht erstellt am 18/02/2017 um 07:57:40

Ich habe in meiner letzten Antwort nicht gesagt, dass du AdwCleaner jetzt/heute (18.02.) ausführen sollst, bitte genau lesen.

Du hast AdwCleaner bereits am 15.02. und MBAM am 13.02. selbst ausgeführt. Von diesen Suchläufen möchte ich gerne die Logdateien mit den Funden sehen... denn dort wurde bestimmt etwas gefunden (bei AdwCleaner wurde am 15.02. auf jeden Fall etwas gefunden, weil dein Rechner dabei neugestartet wurde).

Da du sowohl AdwCleaner als auch MBAM noch installiert hast, solltest du mir die Logdateien vom 15.02. (Adw) bzw. 13.02. (MBAM) ohne Probleme nachreichen können.

Außerdem bitte ich dich, MBAM und FRST nochmal auszuführen:

Schritt 1

Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die alten Logdateien von AdwCleaner (15.02.) und MBAM (13.02.),
die neue/aktuelle Logdatei von MBAM,
die beiden neuen Logdateien von FRST.

Tobias1972 · 18.02.2017, 23:22

Hallo,

vielen Dank fuer die schnelle Antwort. Hier ist das ADW-Cleaner File vom 15.02 ...

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v6.043 - Bericht erstellt am 15/02/2017 um 20:49:09
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-13.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Administrator - MSI
# Gestartet von : C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Ordner Gefunden: C:\Program Files\Reimage
Ordner Gefunden: C:\Program Files\reimage
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair


***** [ Dateien ] *****

Datei Gefunden: C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
Datei Gefunden: C:\Windows\Reimage.ini
Datei Gefunden: C:\Users\ADMINI~1\AppData\Local\Temp\reimage.log
Datei Gefunden: C:\Users\ADMINI~1\AppData\Local\Temp\ReimagePackage.exe


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Aufgabe Gefunden: Reimage Reminder
Aufgabe Gefunden: Reimage Reminder
Aufgabe Gefunden: reimage reminder


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gefunden: HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Reimage
Schlüssel Gefunden: HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Schlüssel Gefunden: HKCU\Software\Reimage
Schlüssel Gefunden: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Schlüssel Gefunden: [x64] HKCU\Software\Reimage
Schlüssel Gefunden: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

\AdwCleaner\AdwCleaner[S0].txt - [3152 Bytes] - [15/02/2017 20:49:09]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3223 Bytes] ##########

--- --- ---

[/CODE]

Hallo,

hier ist der Bericht von Malwarebytes vom 13.02.

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 13.02.17
Scan-Zeit: 20:04
Protokolldatei: 
Administrator: Nein

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1064
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: MSI\MarkStrong

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 444463
Abgelaufene Zeit: 1 Min., 7 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUP.Optional.DownloadSponsor, C:\USERS\MARKSTRONG\DOWNLOADS\STEAM - CHIP-INSTALLER.EXE, In Quarantäne, [643], [349501],1.0.1064

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

Hallo,

es war mir nicht moeglich die Malwarebytes-Datei als .txt auf dem Desktop zu Speichern. Ich erhalte beim Speichern zwar keine Fehlermeldung aber die Datei ist im Desktop nicht auffindbar. Ich kann das Protokoll nur als Zwischenablage hier einfuegen. Hier der aktuelle Malwarebytes Scan

Code:

ATTFilter

 

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 18.02.17
Scan-Zeit: 17:10
Protokolldatei: 
Administrator: Nein

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1295
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: MSI\MarkStrong

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 449123
Abgelaufene Zeit: 2 Min., 11 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

Hallo,

hier das aktuelle FRST File ...

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017 01
durchgeführt von Administrator (Administrator) auf MSI (18-02-2017 17:19:11)
Gestartet von C:\Users\MarkStrong\Desktop
Geladene Profile: MarkStrong & Administrator (Verfügbare Profile: defaultuser0 & MarkStrong & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [693432 2016-10-07] ()
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4811048 2016-09-09] (Portrait Displays, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2016-08-19] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\Administrator\AppData\Local\Temp\DeleteOnReboot.bat [480 2017-02-15] () <===== ACHTUNG
HKU\S-1-5-21-4218886898-41493801-728894-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-4218886898-41493801-728894-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2016-10-20]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-10-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{44c729b7-3a09-4761-bb9e-6fb3853c3b3d}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-4218886898-41493801-728894-1001 -> DefaultScope {FFD7DB1D-3F65-4AC8-A7C6-562077F48108} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [1951456 2016-09-29] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-08-19] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [180520 2016-09-09] (Portrait Displays, Inc.)
S2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [58296 2016-08-12] (Micro-Star INT'L CO., LTD.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2016-12-12] (NVIDIA Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266328 2016-12-04] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-17] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_85330ff976332cdb\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-12-12] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [35272 2016-10-20] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-12-12] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2403248 2016-09-06] (Qualcomm Atheros, Inc.)
R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCo10X64.sys [87904 2016-09-29] (Rivet Networks, LLC.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-10-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42088 2016-10-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-10-20] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-10-04] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33896 2016-06-14] (SteelSeries ApS)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-14] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()
R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\EX64.SYS [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-18 17:18 - 2017-02-18 17:18 - 00000000 ____D C:\Users\MarkStrong\Desktop\FRST-OlderVersion
2017-02-18 17:13 - 2017-02-18 17:13 - 00001234 _____ C:\Users\Administrator\Desktop\mbam.txt
2017-02-18 17:07 - 2017-02-18 17:07 - 00001339 _____ C:\Users\Administrator\Desktop\Malwarebytes 13.02.txt
2017-02-18 14:52 - 2017-02-18 14:52 - 00000000 ___HD C:\OneDriveTemp
2017-02-16 19:56 - 2017-02-16 20:18 - 00272742 _____ C:\TDSSKiller.3.1.0.12_16.02.2017_19.56.31_log.txt
2017-02-15 21:20 - 2017-02-15 21:21 - 00270548 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_21.20.37_log.txt
2017-02-15 20:56 - 2017-02-15 20:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\MarkStrong\Desktop\tdsskiller.exe
2017-02-15 20:55 - 2017-02-18 17:19 - 00018108 _____ C:\Users\MarkStrong\Desktop\FRST.txt
2017-02-15 20:55 - 2017-02-18 17:19 - 00000000 ____D C:\FRST
2017-02-15 20:55 - 2017-02-16 19:51 - 00059140 _____ C:\Users\MarkStrong\Desktop\Addition.txt
2017-02-15 20:54 - 2017-02-18 17:18 - 02422784 _____ (Farbar) C:\Users\MarkStrong\Desktop\FRST64.exe
2017-02-15 20:46 - 2017-02-18 07:57 - 00000000 ____D C:\AdwCleaner
2017-02-15 20:46 - 2017-02-15 20:46 - 04015056 _____ C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
2017-02-14 00:51 - 2017-02-14 00:52 - 00000000 ____D C:\ProgramData\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2015
2017-02-13 20:03 - 2017-02-17 09:38 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:03 - 2017-02-13 20:03 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:03 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-13 18:58 - 2017-02-13 18:52 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-13 18:00 - 2017-02-13 18:00 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\WinZip
2017-02-10 14:35 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 14:35 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-10 14:35 - 2016-12-15 19:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-10 14:35 - 2016-12-15 19:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-10 14:33 - 2017-01-23 19:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-10 09:21 - 2017-02-10 09:23 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-03 15:55 - 2017-02-03 15:55 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Microsoft Help
2017-01-25 08:59 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 08:59 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-18 16:53 - 2016-08-01 17:28 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-18 16:39 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Skype
2017-02-18 16:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-18 14:56 - 2016-12-14 12:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-18 14:56 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 14:54 - 2016-12-20 18:36 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5ECB8719-0C45-4D0B-9E23-341326ED26A6}
2017-02-18 14:52 - 2016-12-14 10:14 - 00000000 ___RD C:\Users\MarkStrong\OneDrive
2017-02-18 14:52 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-18 14:51 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong
2017-02-18 09:59 - 2016-08-01 18:06 - 00615274 _____ C:\Windows\system32\perfh019.dat
2017-02-18 09:59 - 2016-08-01 18:06 - 00220106 _____ C:\Windows\system32\perfc019.dat
2017-02-18 09:59 - 2016-08-01 18:02 - 00723478 _____ C:\Windows\system32\prfh0816.dat
2017-02-18 09:59 - 2016-08-01 18:02 - 00241444 _____ C:\Windows\system32\prfc0816.dat
2017-02-18 09:59 - 2016-08-01 17:58 - 00746338 _____ C:\Windows\system32\perfh013.dat
2017-02-18 09:59 - 2016-08-01 17:58 - 00248602 _____ C:\Windows\system32\perfc013.dat
2017-02-18 09:59 - 2016-08-01 17:50 - 00724734 _____ C:\Windows\system32\perfh010.dat
2017-02-18 09:59 - 2016-08-01 17:50 - 00236370 _____ C:\Windows\system32\perfc010.dat
2017-02-18 09:59 - 2016-08-01 17:47 - 00744582 _____ C:\Windows\system32\perfh00C.dat
2017-02-18 09:59 - 2016-08-01 17:47 - 00242524 _____ C:\Windows\system32\perfc00C.dat
2017-02-18 09:59 - 2016-08-01 17:42 - 00738786 _____ C:\Windows\system32\perfh00A.dat
2017-02-18 09:59 - 2016-08-01 17:42 - 00246576 _____ C:\Windows\system32\perfc00A.dat
2017-02-18 09:59 - 2016-08-01 17:40 - 00785098 _____ C:\Windows\system32\perfh008.dat
2017-02-18 09:59 - 2016-08-01 17:40 - 00251570 _____ C:\Windows\system32\perfc008.dat
2017-02-18 09:59 - 2016-08-01 17:37 - 01098038 _____ C:\Windows\system32\perfh007.dat
2017-02-18 09:59 - 2016-08-01 17:37 - 00257978 _____ C:\Windows\system32\perfc007.dat
2017-02-18 09:59 - 2016-08-01 17:33 - 09488810 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-17 14:46 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-02-17 09:38 - 2016-08-01 17:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 09:37 - 2016-12-23 04:07 - 00006776 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-17 09:37 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-02-15 20:52 - 2016-12-23 04:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-02-15 20:50 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\CrashDumps
2017-02-13 21:49 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 18:52 - 2016-12-14 10:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-02-13 18:52 - 2016-07-16 06:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-13 18:52 - 2016-07-16 01:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-02-13 18:00 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\WinZip
2017-02-13 00:15 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:13 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA
2017-02-10 14:02 - 2016-12-14 12:21 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-10 09:22 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-03 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-02 13:14 - 2016-12-14 22:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-02-02 13:13 - 2016-12-20 09:14 - 00000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2017-02-02 13:13 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-02-02 13:13 - 2016-08-01 17:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-01 21:25 - 2016-12-19 00:13 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 21:25 - 2016-12-19 00:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-25 09:17 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-24 19:02 - 2016-12-14 10:14 - 00002397 _____ C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 19:00 - 2016-10-20 18:52 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-01-23 19:00 - 2016-10-20 18:52 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-21 05:55 - 2017-01-17 05:54 - 00048696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2017-01-20 11:38 - 2017-01-17 05:53 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 04079032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 03597640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00043556 _____ C:\Windows\system32\nvinfo.pb
2017-01-20 11:25 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator
2017-01-20 10:17 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Packages
2017-01-20 10:13 - 2016-10-20 18:52 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-01-20 09:04 - 2016-12-23 04:07 - 00001951 _____ C:\Windows\NvContainerRecovery.bat

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-10-20 18:53 - 2016-10-20 18:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-23 04:07 - 2017-02-18 16:53 - 0008769 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 04:07 - 2017-02-17 09:37 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Administrator\AppData\Local\Temp\DeleteOnReboot.bat


Einige Dateien in TEMP:
====================
2017-02-10 09:22 - 2016-12-29 07:29 - 0860960 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-10 14:34 - 2016-12-29 07:28 - 0351680 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
2017-02-17 14:44 - 2017-02-17 16:39 - 44048864 _____ (Skype Technologies S.A.) C:\Users\MarkStrong\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-17 17:28

==================== Ende von FRST.txt ============================

--- --- ---

[/CODE]

Hallo,
hier ist das Addition File ..... VIELEN DANK

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
durchgeführt von Administrator (18-02-2017 17:19:30)
Gestartet von C:\Users\MarkStrong\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-14 15:08:43)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4218886898-41493801-728894-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4218886898-41493801-728894-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4218886898-41493801-728894-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-4218886898-41493801-728894-501 - Limited - Disabled)
MarkStrong (S-1-5-21-4218886898-41493801-728894-1001 - Limited - Enabled) => C:\Users\MarkStrong

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACPI Driver Installer (HKLM-x32\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
ApoDispatchConfigurator (Version: 2.3.701 - Nahimic) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.38.1 - Asmedia Technology)
AudioLaunchpadConfigurator (Version: 2.3.701 - Nahimic) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.)
Battery Calibration (x32 Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.) Hidden
Beyond Gravity (HKLM\...\Steam App 317510) (Version:  - Qwiboo Ltd)
Bridge Constructor Medieval (HKLM\...\Steam App 319850) (Version:  - ClockStone)
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1608.1201 - Application)
BurnRecovery (x32 Version: 5.0.1608.1201 - Application) Hidden
CheckDevicesConfigurator (Version: 2.3.701 - Nahimic) Hidden
Craft The World (HKLM\...\Steam App 248390) (Version:  - Dekovir Entertainment)
DEFCON (HKLM\...\Steam App 1520) (Version:  - Introversion Software)
Defend Your Life (HKLM\...\Steam App 357780) (Version:  - Alda Games)
Defenders of Ardania (HKLM\...\Steam App 73060) (Version:  - Most Wanted Entertainment)
Demon Hunter: Chronicles from Beyond (HKLM\...\Steam App 330990) (Version:  - Brave Giant LTD)
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1610.2701 - Micro-Star International Co., Ltd.)
Dragon Center (x32 Version: 1.2.1610.2701 - Micro-Star International Co., Ltd.) Hidden
Dwarfs!? (HKLM\...\Steam App 35480) (Version:  - Power of 2)
Evil Defenders (HKLM\...\Steam App 412520) (Version:  - CP Decision)
F.E.A.R. 3 (HKLM\...\Steam App 21100) (Version:  - Day 1 Studios)
F1 Race Stars (HKLM\...\Steam App 203680) (Version:  - Codemasters Birmingham)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Final Exam (HKLM\...\Steam App 233190) (Version:  - Mighty Rocket Studio)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FORCED (HKLM\...\Steam App 249990) (Version:  - BetaDwarf)
Foul Play (HKLM\...\Steam App 244810) (Version:  - Mediatonic)
Go Home Dinosaurs! (HKLM\...\Steam App 216090) (Version:  - Fire Hose Games)
God Mode (HKLM\...\Steam App 227480) (Version:  - Old School Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grim Legends 2: Song of the Dark Swan (HKLM\...\Steam App 279800) (Version:  - Artifex Mundi)
Guns'N'Zombies (HKLM\...\Steam App 264300) (Version:  - Krealit)
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.)
Help Desk (x32 Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.) Hidden
Hero Academy (HKLM\...\Steam App 209270) (Version:  - Robot Entertainment)
Hydrophobia: Prophecy (HKLM\...\Steam App 92000) (Version:  - Dark Energy Digital Ltd.)
iBomber Defense Pacific (HKLM\...\Steam App 206690) (Version:  - Cobra Mobile)
INSIDE (HKLM\...\Steam App 304430) (Version:  - Playdead)
Intel Extreme Tuning Utility (HKLM-x32\...\{e3931098-f44a-4c70-bf9c-f48d24bdd066}) (Version: 6.0.2.8 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.0.2.8 - Intel Corporation) Hidden
Intel XTU Library (HKLM-x32\...\{B48E71F0-769D-445D-9020-9E06FF1D51C8}) (Version: 10.015.08120 - Micro-Star INT'L CO., LTD.)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Killer Performance Suite (HKLM\...\{0B988985-38C9-4DD4-9835-5AC17EEC26F7}) (Version: 1.0.762 - Rivet Networks)
LauncherSetup (Version: 2.3.701 - Nahimic) Hidden
Leviathan: Warships (HKLM\...\Steam App 202270) (Version:  - Pieces Interactive)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM-x32\...\MX.{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 16 (HKLM-x32\...\MX.{B33D219F-2504-45A7-863B-999ED3E38B01}) (Version: 12.0.0.26 - MAGIX Software GmbH)
MAGIX Photo Manager 16 (Version: 12.0.0.26 - MAGIX Software GmbH) Hidden
Magnetis (HKLM\...\Steam App 37500) (Version:  - Yullaby)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Men of War: Assault Squad (HKLM\...\Steam App 64000) (Version:  - Digitalmindsoft)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218886898-41493801-728894-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218886898-41493801-728894-500\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Millie (HKLM\...\Steam App 294230) (Version:  - Forever Entertainment S. A.)
Mini Motor Racing EVO (HKLM\...\Steam App 209520) (Version:  - The Binary Mill)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.) Hidden
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.6.3.005 - Portrait Displays, Inc.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nahimic 2 (HKLM-x32\...\{51d850bf-aca6-4eac-b215-2792260adafd}) (Version: 2.3.7 - Nahimic)
Nahimic2UISetup (Version: 2.3.701 - Nahimic) Hidden
Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.2.7 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.6.0.12 - Symantec Corporation) Hidden
Not The Robots (HKLM\...\Steam App 257120) (Version:  - 2DArray)
NVIDIA 3D Vision Treiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Poly Bridge (HKLM\...\Steam App 367450) (Version:  - Dry Cactus)
Pool Nation (HKLM\...\Steam App 254440) (Version:  - Cherry Pop Games)
Port Royale 3 (HKLM\...\Steam App 205610) (Version:  - Gaming Minds)
ProductDaemonSetup (Version: 2.3.701 - Nahimic) Hidden
ProductNSConfigurator (Version: 2.3.701 - Nahimic) Hidden
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.279 - Qualcomm Atheros)
R.U.S.E (HKLM\...\Steam App 21970) (Version:  - Eugen Systems)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
Rise: Battle Lines (HKLM\...\Steam App 386350) (Version:  - The Secret Games Company)
Sanctum 2 (HKLM\...\Steam App 210770) (Version:  - Coffee Stain Studios)
SCM (HKLM\...\{4D36BF08-839B-47C5-BEDF-79D54ED8D14B}) (Version: 13.016.08191 - Application)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version:  - Microsoft)
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application)
Sizing Options (x32 Version: 3.0.1607.2201 - Application) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SonicMapperConfigurator (Version: 2.3.701 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.1 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.57 - Synaptics Incorporated)
Time Mysteries: Inheritance - Remastered (HKLM\...\Steam App 350010) (Version:  - Artifex Mundi)
TrackMania² Stadium (HKLM\...\Steam App 232910) (Version:  - Nadeo)
Tribloos 2 (HKLM\...\Steam App 271550) (Version:  - BumpkinBrothers)
UIInstallUpgrade (Version: 2.3.701 - Nahimic) Hidden
Unstoppable Gorg (HKLM\...\Steam App 18120) (Version:  - Futuremark)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
War in a Box: Paper Tanks (HKLM\...\Steam App 308460) (Version:  - DQ Team)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
WTFast 4.0 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.0.7.692 - Initex & AAA Internet Publishing)
XSplit Gamecaster (HKLM-x32\...\{9E8A3821-032E-4230-9C12-C14D3FC8685E}) (Version: 2.8.1605.2342 - SplitmediaLabs)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02564E8D-AB43-4419-AC00-79101D2756E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {064B5CAB-52A2-430F-A5B4-FF0E09673D4C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {1B8AC99F-030B-42C2-888C-B3F837BA66FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {257D9A76-B695-4959-AA17-319E71BB6F15} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation)
Task: {28C0F686-7B46-4FAF-B9A2-6DCBF9A5CA3C} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2016-09-05] (Micro-Star International Co., Ltd.)
Task: {31E593A3-4183-4FC8-8087-D1EE9A51F5E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-19] (Google Inc.)
Task: {35EFF172-9233-45BA-A2E7-E350289A2BF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-19] (Google Inc.)
Task: {3C5D7129-9885-4F33-BF1C-C04D91F6BBC8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {7E3D5826-1D24-49E4-9741-EF3C05B040E3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {89529DF8-9E20-4066-A0D4-2B9EB847F3FF} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-05-05] (Intel Corporation)
Task: {8A08E4AC-099F-42DC-BE7C-B06AB22253D4} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2016-10-27] (Micro-Star International Co., Ltd.)
Task: {8A97CC49-5245-4C9F-B8DB-46B621F734B2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {8CB5DDE8-AB4B-42CB-B90E-2FBC77043E55} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 
Task: {B6FCEBAE-82E1-4AEA-A479-399511227EC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B7B85536-A000-4D01-A206-B8A3780D7D35} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-12] (NVIDIA Corporation)
Task: {BBB71FBF-7E02-40FE-8B65-22AA4C39C066} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {BEA217F2-54BA-427B-83A4-59512D5FB5E6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {D1E97528-3DD9-413E-8EAB-7CF9309086DE} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2016-10-07] ()
Task: {D9AA3C2E-8022-4CE2-B49C-39DB1039825E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {DFDC6E38-8F85-4CAD-A646-1567A0F2FE91} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation)
Task: {F2C83940-15BC-41F3-9722-EEC6E17D6591} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2016-10-07] ()
Task: {F90F41F6-90C5-4AFF-A161-596051EEB978} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2016-10-07] ()
Task: {FE346F69-9C45-4426-A556-DB2838A4C62B} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-12-23 04:07 - 2016-12-12 18:39 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-13 20:03 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-09-29 13:55 - 2016-09-29 13:55 - 00560128 _____ () C:\Program Files\Killer Networking\Killer Control Center\SpeedTestDLL.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-10-20 18:52 - 2017-01-20 10:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-07 18:27 - 2016-10-07 18:27 - 00200888 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2016-10-07 18:27 - 2016-10-07 18:27 - 00272568 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-08-02 10:55 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-12-14 13:19 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 04:24 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 04:24 - 2016-12-21 02:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-11 04:23 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 04:23 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-07 18:24 - 2016-10-07 18:24 - 00693432 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
2016-10-07 18:25 - 2016-10-07 18:25 - 02024632 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2016-10-07 18:28 - 2016-10-07 18:28 - 00495288 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2016-10-27 12:58 - 2016-10-27 12:58 - 00018712 _____ () C:\Program Files (x86)\MSI\Dragon Center\GInf.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-18 14:54 - 2017-02-18 14:56 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 20:22 - 2017-02-06 20:23 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00132608 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-12-14 10:46 - 2016-12-14 10:47 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-07-16 09:34 - 2016-07-16 09:34 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-01-31 21:21 - 2017-01-31 21:23 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00181248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\Microsoft.Skype.ImageTool.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00040960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\TraceProvider.dll
2016-08-30 02:19 - 2016-08-30 02:19 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 18:23 - 2016-10-07 18:23 - 00175800 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll
2016-10-07 18:21 - 2016-10-07 18:21 - 00250552 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll
2016-12-14 12:10 - 2016-12-23 13:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-14 12:10 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-14 12:10 - 2017-01-18 20:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-14 12:10 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-14 12:10 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-14 12:10 - 2017-01-18 20:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-14 12:10 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-14 12:11 - 2017-01-04 22:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-14 12:10 - 2017-01-18 20:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-12-23 04:07 - 2016-12-12 18:38 - 64246840 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-23 04:07 - 2016-12-12 09:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-23 04:07 - 2016-12-12 09:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-12-14 12:10 - 2015-09-24 18:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2016-07-16 06:47 - 2016-07-16 06:45 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4218886898-41493801-728894-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-4218886898-41493801-728894-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{58A45F44-D5FA-487F-AD77-8EA4E487FD4E}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [{89F8FB89-D598-4E08-80D6-8469CF8BCCD4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F723A05F-477E-41ED-AD42-B0F5A57E7748}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3EF9FB57-32D8-4AA6-9025-B53BF06F2876}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{62EAAD63-655F-45CE-93E0-1740285AA331}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AA4F4879-FC87-41FB-97AD-C257327594CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{02E8F509-35F2-4D24-A941-B4D58A841B2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{E32A40F4-3B0A-4C25-99DA-452827ACF658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{D3AFBDE0-A702-4A4C-B126-D31DA5137213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{BC1867CA-8AC0-4981-969C-41ECCDE98505}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pool Nation\Pool.exe
FirewallRules: [{D0C7D77C-EE0C-4042-9E4A-29A3C7308CAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pool Nation\Pool.exe
FirewallRules: [{3B6E62BD-6040-419E-82BB-C4384057258B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DYL\dyl.exe
FirewallRules: [{DC55DD35-FC5B-4BF2-A950-505A1E8B7ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DYL\dyl.exe
FirewallRules: [{33E40C5E-3E3B-4D1B-AE50-7D58C259FE0A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7FF10783-2B91-44AE-A335-804A2030D4F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{321C6B0F-14D7-474F-941D-BEC9D3029F7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F574291E-919E-4223-B0FC-6D2F332C26EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9042FFBF-3DEC-4BB7-A6B9-0743DABB434E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{35859D71-FE2A-45FF-A627-917D8FB37C22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E479FDB1-F61B-4350-A3D7-821B937A6D17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{FB6557CF-C8F3-42EA-ADD4-928E6BE29B4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{F8769C68-A2D8-488D-BF65-4B7630F8D238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{0485327C-A46F-45E3-A71C-D3A7143D8804}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{FAF6EEEC-4F01-49A8-AAC1-A7DD0D87F076}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in a Box - Paper Tanks\War in a Box - Paper Tanks.exe
FirewallRules: [{E3AB1FCC-F2F4-454D-A55F-91EFC2A2EA38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in a Box - Paper Tanks\War in a Box - Paper Tanks.exe
FirewallRules: [{39B57716-1C4B-4ED8-B200-8F1345124CA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unstoppable Gorg\unstoppable_gorg.exe
FirewallRules: [{5397A5F7-862C-4E14-9C6C-809620D47DC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unstoppable Gorg\unstoppable_gorg.exe
FirewallRules: [{32F88ECD-D735-43F3-986E-8BB3B1ED04EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribloos 2\TheTribloos2.exe
FirewallRules: [{0FEE2CD4-9E9F-42B3-97C0-70742BBD675D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribloos 2\TheTribloos2.exe
FirewallRules: [{19DDBA06-A30A-4025-8E96-444F15FD83C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{766BA255-C003-4E04-815C-B61727EBB917}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BE6EAB90-FC6B-48A1-AC77-7A3DDFDA24F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Mysteries Inheritance Remastered\TimeMysteries_Inheritance.exe
FirewallRules: [{F4A8FA06-3540-47AB-ACD5-57F2B896079A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Mysteries Inheritance Remastered\TimeMysteries_Inheritance.exe
FirewallRules: [{265B1327-59CB-4805-B6F1-AB70002D0F42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise\Rise.exe
FirewallRules: [{62783129-1185-45E8-B211-32AF9CD331CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise\Rise.exe
FirewallRules: [{58CFAA9B-73E2-4533-B46D-2A55128329DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge\polybridge.exe
FirewallRules: [{55249A23-EB92-4FA3-8078-CFA74499739E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge\polybridge.exe
FirewallRules: [{C3979464-80AE-4644-9838-0AF3CCC78D31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Motor Racing\Mini Motor Evo.exe
FirewallRules: [{2AF9B9B9-EA8F-4678-B4AF-019A0CA74691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Motor Racing\Mini Motor Evo.exe
FirewallRules: [{1F8CDCA3-8A82-4F93-86FF-39C651A778FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{12D4118A-6FB9-4FC8-A4BB-0E00D51A0664}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{ECAD9605-7B7D-4218-BC47-1D2D77AD4197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bridge Constructor Medieval\Bridge_Constructor_Medieval.exe
FirewallRules: [{2E6A0096-95EB-4FF0-AA78-EB92975D0B94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bridge Constructor Medieval\Bridge_Constructor_Medieval.exe
FirewallRules: [{564CF656-D5EA-48B4-BB51-6388EED16405}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{909CB892-BA48-4149-A311-5465AB5DAEAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{380E392A-702D-4E2F-8C48-B5530C7721B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{4E91C6CF-9A99-4107-B725-39DF19646A01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{960A768A-0031-4F48-A622-D34D08A1172D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Port Royale 3\PortRoyale3.exe
FirewallRules: [{67CBF75F-AF81-4BC5-9E26-E8D37851C4EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Port Royale 3\PortRoyale3.exe
FirewallRules: [{93A75816-103A-4968-ABDD-352927A87174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millie\Millie.exe
FirewallRules: [{FFAD9C2B-5BBA-48EC-BB0C-13B7D3DB4470}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millie\Millie.exe
FirewallRules: [{A3FE6BD7-1F07-494C-A44B-27C318AD96A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Not The Robots\Not the Robots.exe
FirewallRules: [{E5F32BE5-B629-477F-8F03-A373CB7E65D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Not The Robots\Not the Robots.exe
FirewallRules: [{70A38E8E-11E3-4864-8AFD-B4490348E0DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{2008150F-53FB-4941-B8EB-89EAF7A11EBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{94E5C3EA-1282-45B8-A8A1-275164C35370}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{3EB97BC5-0180-4717-87A0-0C868E946377}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{3B42174B-3B07-47FF-B71D-FDBBC9F07690}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defenders of Ardania\DOA.exe
FirewallRules: [{A5FD5BFD-9BB3-4AD7-86AF-5F2991BB563C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defenders of Ardania\DOA.exe
FirewallRules: [{4F8AA047-AE30-478D-8CA0-532769A43861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{A144D421-CD6D-47E1-91FD-07748FC8EB7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{EA89CB5D-BF6B-4175-92EC-5CF8BB5A30AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Defenders\Evil Defenders.exe
FirewallRules: [{9E4631AF-86B3-41BF-AA91-ED4B709E45B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Defenders\Evil Defenders.exe
FirewallRules: [{6ABD3963-FCE1-4570-8448-08526E8326CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demon Hunter Chronicles from Beyond\DemonHunter.exe
FirewallRules: [{08A9F07E-B989-4A49-A8D0-F05DE03EE1D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demon Hunter Chronicles from Beyond\DemonHunter.exe
FirewallRules: [{622F3114-BA9B-46D0-AC13-264949088297}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{468D817F-46BE-4066-9BFB-E47C02692C0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{C0D20874-D515-45C7-9735-F204329D29CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Legends Song of the Dark Swan\GrimLegends_SongOfTheDarkSwan.exe
FirewallRules: [{5DA2F9A0-0A8C-4329-8287-8B455076E02E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Legends Song of the Dark Swan\GrimLegends_SongOfTheDarkSwan.exe
FirewallRules: [{ABE851FC-1EA5-4984-8D09-07D45753E171}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunsNZombies\GNZ.exe
FirewallRules: [{CEB2B999-5155-44CB-888C-1F2B16902B10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunsNZombies\GNZ.exe
FirewallRules: [{BD69AE83-356E-46D6-95E2-742A844856B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORCED\FORCED.exe
FirewallRules: [{D25B9354-2B67-43F6-B5CA-C10A54AF1D88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORCED\FORCED.exe
FirewallRules: [{20EB6D39-A038-4D20-AF2F-D963268BD999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
FirewallRules: [{6CEFEB45-4719-4981-9ECE-F976999C7486}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
FirewallRules: [{9A9C0EA1-6B87-4F3A-97CF-C683D686DFE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Exam\final_exam.exe
FirewallRules: [{2AA3EE71-3825-4A05-9863-825D14D27D6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Exam\final_exam.exe
FirewallRules: [{AF821B65-0B71-4382-94EC-4DBDD4861D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Go Home Dinosaurs\Eastgate.exe
FirewallRules: [{B2EEDCFA-D33D-47C9-B592-586769BF8BC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Go Home Dinosaurs\Eastgate.exe
FirewallRules: [{11B7E7BD-5DCF-4103-B25B-8EAC52BCF7DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero Academy\HeroAcademy.exe
FirewallRules: [{ECE33A69-8722-459B-BEC5-6611B65D4B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero Academy\HeroAcademy.exe
FirewallRules: [{8C5D3807-F3D5-483C-BB62-E6A267E5AFEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ibomber defense pacific\iBomberDefensePacific.exe
FirewallRules: [{FB0512F7-1457-4F1D-9EFC-D6B6660E0E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ibomber defense pacific\iBomberDefensePacific.exe
FirewallRules: [{6C398AAF-FE8B-4462-88B4-9E2DF1C00AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\f1 race stars\F1RaceStars.exe
FirewallRules: [{57D32252-4FDE-4554-8B8B-9776A775A016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\f1 race stars\F1RaceStars.exe
FirewallRules: [{165372EC-7B50-4658-9E78-342B476F2C19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hydrophobia\HydroPC.exe
FirewallRules: [{6F2C7093-AC74-4E0B-9273-1CC179BC0F63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hydrophobia\HydroPC.exe
FirewallRules: [{2FC48271-68C1-428A-9F7E-9200CEE11EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magnetis\Magnetis.exe
FirewallRules: [{4126F9AE-698D-4907-B2E2-381E2EAF21DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magnetis\Magnetis.exe
FirewallRules: [{DC8FF109-33E3-4A91-804E-97B5DDF019B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{BBE00BDA-5AC6-4643-9373-10B5AA8925D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{A61410B8-D910-4ED9-8BA2-7E406331D2E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{1CB85A98-9A1A-4265-974E-BB984079EC8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{508959C3-0A1F-4E29-8172-27C8F9B36D1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{5778B0E3-37DC-4572-8C74-47D65D124816}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{F66022D3-5320-45DC-9111-A3E373B824FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/18/2017 10:30:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0x2118
Startzeit der fehlerhaften Anwendung: 0x01d289fa819ec9fd
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 8a6c2577-62d8-41ab-ab94-808e21e8af13
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/18/2017 10:20:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0x29f8
Startzeit der fehlerhaften Anwendung: 0x01d2899c42dad826
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 42a9a945-39fa-4543-9997-11ff55464ed5
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/17/2017 11:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0x980
Startzeit der fehlerhaften Anwendung: 0x01d2892b77fe7daf
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 0128791a-1bf7-4e15-aa93-4ad7b9245d96
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/17/2017 09:38:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MSI_ActiveX_Service.exe, Version: 1.0.0.8, Zeitstempel: 0x57ad265a
Name des fehlerhaften Moduls: ActiveX_Resource_Monitor.dll, Version: 1.0.0.8, Zeitstempel: 0x57ad265d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002b10
ID des fehlerhaften Prozesses: 0x8b0
Startzeit der fehlerhaften Anwendung: 0x01d2892b77fb6d69
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\MSI\Dragon Center\ActiveX_Resource_Monitor.dll
Berichtskennung: 1106cdcb-0bd5-40bd-b189-8e206ef00621
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/17/2017 09:38:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MSI_ActiveX_Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 71162B10

Error: (02/17/2017 09:37:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Dragon Center.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
   bei System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
   bei MSI_Command_Center.App..ctor()
   bei MSI_Command_Center.App.Main()

Error: (02/17/2017 09:37:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0xa64
Startzeit der fehlerhaften Anwendung: 0x01d287f730d17a25
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 6014af8a-851a-4464-b25a-dc772aa52313
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DragonCenter_Updaer.exe, Version: 1.0.1608.1101, Zeitstempel: 0x57ac76fb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0x01d287f7492e0cdb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\DragonCenter_Updaer.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 8626502a-dbf7-455d-9271-94008fa30783
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:52:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DragonCenter_Updaer.exe, Version: 1.0.1608.1101, Zeitstempel: 0x57ac76fb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0x01d287f7492e0cdb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\DragonCenter_Updaer.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 08e39c26-98db-4602-9ec7-ea2374486f53
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:52:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (02/18/2017 04:44:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 02:51:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 02:51:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 02:51:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 10:50:18 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 10:30:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Killer Network Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (02/18/2017 10:20:15 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Killer Network Service" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (02/18/2017 10:20:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Killer Network Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/18/2017 10:05:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 08:35:23 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.


CodeIntegrity:
===================================
  Date: 2017-02-18 16:18:55.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:55.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:55.396
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:55.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:22.805
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:16.123
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:16.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:16.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:15.975
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:15.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 16338.75 MB
Verfügbarer physikalischer RAM: 12586.04 MB
Summe virtueller Speicher: 18770.75 MB
Verfügbarer virtueller Speicher: 14988.83 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:237.18 GB) (Free:32.9 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:933.57 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6DDB4527)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B · 19.02.2017, 14:17

Servus,

weiter auf dem MSI-Rechner:

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKU\S-1-5-21-4218886898-41493801-728894-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-18\...\Run: [] => [X]
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

Tobias1972 · 20.02.2017, 12:34

Hallo Matthias,

Ich hoffe Du hattest ein schoenes Wochenende.

Hier erstmal die Logdatei des FRST-Fix ....

Code:

ATTFilter

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von Administrator (20-02-2017 00:01:03) Run:1
Gestartet von C:\Users\MarkStrong\Desktop
Geladene Profile: MarkStrong & Administrator (Verfügbare Profile: defaultuser0 & MarkStrong & Administrator)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKU\S-1-5-21-4218886898-41493801-728894-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-18\...\Run: [] => [X]
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Prozesse erfolgreich geschlossen.
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => Wert erfolgreich entfernt
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Schlüssel nicht gefunden. 

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4218886898-41493801-728894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4218886898-41493801-728894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16920558 B
Java, Flash, Steam htmlcache => 10826891 B
Windows/system/drivers => 5244286 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 970883 B
systemprofile32 => 128 B
LocalService => 19562 B
NetworkService => 38180 B
defaultuser0 => 128 B
MarkStrong => 184631742 B
Administrator => 23976918 B

RecycleBin => 533328 B
EmptyTemp: => 231.9 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 00:01:07 ====

Hallo,

hier ist das ESET Logfile....

Code:

ATTFilter

 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46767fd742c1a74fa95a962bdef84b84
# end=init
# utc_time=2017-02-20 05:09:15
# local_time=2017-02-20 12:09:15 (-0500, Westl. Südamerika Normalzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 32462
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46767fd742c1a74fa95a962bdef84b84
# end=updated
# utc_time=2017-02-20 05:14:45
# local_time=2017-02-20 12:14:45 (-0500, Westl. Südamerika Normalzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=46767fd742c1a74fa95a962bdef84b84
# engine=32462
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-20 06:45:28
# local_time=2017-02-20 01:45:28 (-0500, Westl. Südamerika Normalzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 17982144 0 0
# scanned=673502
# found=1
# cleaned=0
# scan_time=5442
sh=95B785C6D5465575F2B951FC5E31890B84D1FAA9 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Windows\Installer\3cc43.msi"

Hallo lieber Matthias,

hier die Logdatei von Hitman ....

Code:

ATTFilter

HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : MSI
   Windows . . . . . . . : 10.0.0.14393.X64/8
   User name . . . . . . : MSI\Administrator
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-02-20 06:25:53
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 35s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 4

   Objects scanned . . . : 2.626.588
   Files scanned . . . . : 58.171
   Remnants scanned  . . : 718.322 files / 1.850.095 keys

Suspicious files ____________________________________________________________

   C:\Users\MarkStrong\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.422.784 bytes
      Age  . . . . . . . : 4.4 days (2017-02-15 20:54:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C2280BABEB08B58E46141BA6BE499ACA4779C2DE22910F8C56BCD041AD8E07D6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\MarkStrong\Desktop\FRST-OlderVersion\FRST64.exe
          0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\11\
          0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\11\773CD99B853A75E3.dat
          1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\187C4497D92DB351BA62D32158DDCA43
          1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\11\773CD99B853A75E3.dat
          1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BFD6A531-A36B-4314-92C0-2C5CFF9BDE51}
          3.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E89B9A08-D1DA-42DE-AC9C-27E185FE23BE}
         22.5s C:\FRST\Hives\
         22.5s C:\FRST\Logs\
         22.5s C:\FRST\
         22.5s C:\FRST\Quarantine\
         24.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\11\773CD99B853A75E3.dat
         24.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\11\

   C:\Users\MarkStrong\Desktop\FRST64.exe
      Size . . . . . . . : 2.422.784 bytes
      Age  . . . . . . . : 0.3 days (2017-02-20 00:00:43)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 49CE8654FAF2CE65F8A87A16D0C202D3679C5A9A1F971D670DF2C67827F77500
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\MarkStrong\Desktop\FRST64.exe
          0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\49\CF73E7CCC70590BD.dat
          5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\
          5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\48E370CB81F6F22B.dat
          7.6s C:\Windows\Prefetch\DLLHOST.EXE-4F1B3E7E.pf
         20.6s C:\FRST\Logs\ct
         20.6s C:\Users\MarkStrong\Desktop\Fixlog.txt
         21.3s C:\Windows\Prefetch\CMD.EXE-0BD30981.pf
         21.3s C:\Windows\Prefetch\BITSADMIN.EXE-61856B04.pf
         21.3s C:\Windows\Prefetch\IPCONFIG.EXE-BFEC2AD0.pf
         21.6s C:\Windows\Prefetch\NETSH.EXE-A596235F.pf
         21.6s C:\FRST\Temp\
         21.8s C:\ProgramData\NVIDIA\MessageBus_7100_0x2655EF6F860.log
         21.8s C:\ProgramData\NVIDIA\MessageBus_7100_0x2655EFB9160.log
         22.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\37\F2DEE2C272C01489.dat
         23.1s C:\ProgramData\NVIDIA\MessageBus_7164_0x3397920.log
         24.4s C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\
         24.4s C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
         30.7s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-F5CCE208.pf
         31.7s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-DAD47686.pf
         31.7s C:\Windows\Prefetch\NVCONTAINER.EXE-537D289C.pf
         31.7s C:\Windows\Prefetch\SEARCHINDEXER.EXE-1CF42BC6.pf
         38.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\1I613QQA\AAekQ8V[1].png
         38.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MK8RW816\AAel0yR[1].png
         39.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\E4B1BY4K\AAkqhIf[1].png
         39.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\AAend98[1].png
         39.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MK8RW816\BBter89[1].jpg
         39.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\E4B1BY4K\AA61AKN[1].png
         39.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\AA61Ofl[1].png
         39.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\E4B1BY4K\AA3e1pt[1].png
         39.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\BBxn2V1[1].jpg
         39.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\1I613QQA\BBuBLGu[1].jpg
         39.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\AA54rQj[1].png
         39.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\1I613QQA\BB3ffRJ[1].png
         39.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\AA3e1oO[1].png
         39.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\BBxs3eC[1].jpg
         39.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MK8RW816\AAn6Jdw[1].jpg
         39.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MK8RW816\https___console.brax-cdn.com_creatives_041ca465-399e-4bcf-9b7d-edb6b5c8d972_wall_dc4cf5f226b0fb017a4729a01283da98.600x500[1].jpg
         40.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\320BKECK.cookie
         41.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\E4B1BY4K\silentpassport[1].htm
         41.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\1I613QQA\config[2].json
         41.7s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\
         41.7s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCookies\DNTException\
         41.7s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\
         41.7s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
         46.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{9DFBED2D-F729-11E6-9E7E-9CB6D0619AF2}.dat
         47.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\birthday[1].gif
         47.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\icon5[1].gif
         48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\a368d5ac8d29c5_4d44c95a19487_RL_5DD4_dic.png
         48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\8d0046457c8e71_dc82c2c078a1cb_RL_5391_dic.png
         48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\45f21d6875ef5e_80967443d5c77_RL_EBB5_dic.png
         48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\679c82ca5e7594_c57f70601c1a11_RL_9F76_dic.png
         48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\d9907c02a49c93_7465a45af4f7_RL_7D05_dic.png
         48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\bf005424ee895b_737cdb43f89ce_RL_F554_dic.png
         48.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\7a409956e0770_1659c25ab536a8_RL_2FDF_dic.png
         48.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\d5a3547988ac40_13bb1b4095da1e_RL_A811_dic.png
         48.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\b529fc0e4315ae_8ecac4d197fe2b_RL_D700_dic.png
         54.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\ads[1].htm
         54.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\ads[2].htm
         55.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\fWNCK7BQ2.txt
         55.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\ads[1].htm
         55.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\html_expanding_rendering_lib_200_166[1].js
         56.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\17184585222554106578[1].png
         56.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\view[3].htm
         56.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\tetris[1].htm
         56.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\engagement[1].css
         56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\fNV7IGO3X.txt
         56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\tetris.min[1].css
         56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\tetris_layout.min[1].css
         56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\tetris_gdn_adapter.min[1].js
         56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\Enabler_01_141[1].js
         56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\CustomElements.min[1].js
         56.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\tetris.min[1].js
         56.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\tetris_layout.min[1].js
         56.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\prod_studio_01_141_configurablemodule[1].js
         56.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\prod_studio_01_141_gdnmodule[1].js
         56.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\css[1].css
         57.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\creativeproxy_min[1].js
         57.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\17440052342574856911[1].png
         57.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\18379215411212414696[1].jpg
         57.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\6342055195536911431[1].jpg
         57.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\webfont[1].js
         57.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\css[1].css
         57.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\13371508212048882986[1].jpg
         57.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\3799296385177509907[1].jpg
         57.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\17358386777799749214[1].jpg
         58.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\720648896412883996[1].jpg
         58.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\4765832188212105522[1].png
         58.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\7710217025774858707[1].png
         58.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\k3k702ZOKiLJc3WVjuplzOgdm0LZdjqr5-oayXSOefg[1].woff2
         67.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\UrlBlock\URL7717.tmp
         67.8s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\container.dat
         67.8s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCookies\container.dat
         68.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\R9VEIOKK\
         68.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\M0OHGI2E\
         68.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\C91XVSC1\
         68.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\R9Z73KJ8\
         68.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\R9Z73KJ8\edgecompatviewlist[1].xml
         68.3s C:\FRST\Logs\Fixlog_20-02-2017 00.01.51.txt
         68.5s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000005d.db
         69.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\74\124DD4E16561FC52.dat
         69.4s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters.dat
         79.3s C:\Windows\Logs\MeasuredBoot\0000000047-0000000000.log
         80.3s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
         80.4s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
         84.8s C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
         84.8s C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
         85.2s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl
         85.6s C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-02202017-000208-00000003-ffffffff.bin
         85.6s C:\ProgramData\NVIDIA Corporation\NvTelemetry\events.dat-wal
         85.6s C:\ProgramData\NVIDIA Corporation\NvTelemetry\events.dat-shm
         85.7s C:\ProgramData\NVIDIA\Resource.dat
         85.7s C:\Windows\Temp\MSI-20170220-0002.log
         85.7s C:\ProgramData\NVIDIA\MessageBus_2604_0x248025AC0E0.log
         85.8s C:\Windows\Temp\officeclicktorun.exe_streamserver(20170220000209900).log
         85.8s C:\ProgramData\NVIDIA\MessageBus_2604_0x248025EAD10.log
         85.8s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
         86.7s C:\ProgramData\Microsoft\Windows Defender\IMpService77BDAF73-B396-481F-9042-AD358843EC24.lock
         86.8s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl
         86.8s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl
         97.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\counters.dat
         97.4s C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\
         98.4s C:\ProgramData\NVIDIA\MessageBus_4772_0x46C0850.log
         98.6s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20170220.000221.913.1.etl
         98.9s C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log
         101.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\AC\INetCache\20VWPP6K\23_11.11.109[1].json
         101.8s C:\Windows\Temp\MpCmdRun.log
         102.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P01YU4XB\threshold[1].appcache
         103.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AC6E81B8-D6D2-4BA1-A5A2-B50B8F2F237E}
         103.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\
         103.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\container.dat
         103.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\appcache[1].man
         103.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\Init[1].htm
         103.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\7e89b3b0[1].js
         103.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\07bb2d93[1].css
         103.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\ab0a5c8c[1].css
         104.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\5b4e95fe[1].js
         104.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\db7c5415[1].js
         104.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\1acd62c3[1].js
         104.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\d64131c7[1].css
         104.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\fe0ad3cd[1].js
         104.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\f5c37f22[1].js
         104.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\37538a23[1].js
         104.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\c79829ec[1].js
         104.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\44dcef86[1].js
         104.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\5e0c9b86[1].js
         104.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\d4dfdfde[1].js
         104.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\88b9914f[1].css
         104.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\9ba403c2[1].css
         104.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\3f322849[1].js
         104.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\88fa3ae4[1].js
         105.3s C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9b9cdc69c1c24e2b.automaticDestinations-ms
         105.4s C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Recent\Fixlog.lnk
         105.4s C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
         105.4s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\History\desktop.ini
         109.5s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\
         109.5s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\
         109.5s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\540300436194852357e3dba01c1e3b55_fce8395c8fd8a99b_7d19a6ad605d6b14_0_0.toc
         109.5s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\540300436194852357e3dba01c1e3b55_fce8395c8fd8a99b_7d19a6ad605d6b14_0_0.bin
         109.7s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\83523e7512baa17632f5a1b0bba23f0f_fce8395c8fd8a99b_30407da85588c538_0_0.toc
         109.7s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\83523e7512baa17632f5a1b0bba23f0f_fce8395c8fd8a99b_30407da85588c538_0_0.bin
         112.3s C:\Windows\Temp\NVIDIA Corporation\NV_Cache\
         112.3s C:\Windows\Temp\NVIDIA Corporation\
         112.3s C:\Windows\Temp\NVIDIA Corporation\NV_Cache\540300436194852357e3dba01c1e3b55_fce8395c8fd8a99b_31b454d8dc6b907d_0_0.toc
         112.3s C:\Windows\Temp\NVIDIA Corporation\NV_Cache\540300436194852357e3dba01c1e3b55_fce8395c8fd8a99b_31b454d8dc6b907d_0_0.bin
         113.0s C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2017-2-20.52.7588.1.odl
         113.3s C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2017-02-20_000236_1da4-1da8.log
         113.8s C:\ProgramData\NVIDIA\MessageBus_7652_0xA625C0.log
         117.0s C:\ProgramData\NVIDIA\MessageBus_8052_0x44C0870.log
         117.2s C:\ProgramData\NVIDIA\MessageBus_8052_0x451CAB0.log
         117.3s C:\ProgramData\NVIDIA\MessageBus_8052_0x4520210.log
         117.3s C:\ProgramData\NVIDIA\MessageBus_8052_0x456FF38.log
         118.9s C:\Users\MarkStrong\OneDrive\.849C9593-D756-4E56-8D6E-42412F2A707B
         119.2s C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\counters.dat
         120.7s C:\Windows\Temp\FXSTIFFDebugLogFile.txt
         120.7s C:\Windows\Temp\FXSAPIDebugLogFile.txt
         121.5s C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2017-2-20.52.7588.2.odl
         122.5s C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2017-2-20.52.7588.3.odl
         125.6s C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-S-1-5-21-4218886898-41493801-728894-500.dat
         126.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\90\78A63C1618F19C06.dat
         126.8s C:\Windows\Prefetch\UNSECAPP.EXE-72B9DDB3.pf
         126.8s C:\Windows\Prefetch\ONEDRIVE.EXE-89D915F2.pf
         129.6s C:\Users\Administrator\AppData\Local\CrashDumps\DragonCenter_Updaer.exe.6672.dmp
         130.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DragonCenter_Upd_4978a656a8285257dcb8c34d1e1a5499b0b9cccb_04ae4f81_1ee8cc87\
         130.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DragonCenter_Upd_4978a656a8285257dcb8c34d1e1a5499b0b9cccb_04ae4f81_1ee8cc87\Report.wer
         131.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DragonCenter_Upd_04da4428ee4f362ec9e80203e69bd1e47155ff_04ae4f81_0cacd2e0\
         131.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DragonCenter_Upd_04da4428ee4f362ec9e80203e69bd1e47155ff_04ae4f81_0cacd2e0\Report.wer
         132.0s C:\Users\Administrator\AppData\Local\CrashDumps\DragonCenter_Updaer.exe(1).6672.dmp
         145.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{DE253FDA-F729-11E6-9E7F-9CB6D0619AF2}.dat
         145.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFCC63F99C52EF6218.TMP
         145.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF9EECC84C3243093D.TMP
         147.9s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\DDC12A16-A82B-4581-8952-439543E0312D
         148.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\10288062800276236800[1].jpg
         148.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\ads[2].htm
         149.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\ads[2].htm
         149.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\ads[1].htm
         155.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\ca7523e74ecd17_4d44c95a19487_RL_5DD4_dic.png
         155.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\a3698766c28f3e_dc82c2c078a1cb_RL_5391_dic.png
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\3e961f8bb53737_Icon.ico
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\f4d1cdd214364d_Icon.ico
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\a9a1c0771cdcfa_Icon.ico
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\87b2a97d136514_80967443d5c77_RL_EBB5_dic.png
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\5743ad19fc5fb6_c57f70601c1a11_RL_9F76_dic.png
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\ed7a2d9d3c6385_7465a45af4f7_RL_7D05_dic.png
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\b9de2bbf5c513f_Icon.ico
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\b8b8b2d2a5ae31_Icon.ico
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\99ad0074956f9d_737cdb43f89ce_RL_F554_dic.png
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\133a981fb4f79b_Icon.ico
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\398422b83ade6c_1659c25ab536a8_RL_2FDF_dic.png
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\f34b8092ede58a_13bb1b4095da1e_RL_A811_dic.png
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\8a430cfc8828ce_8ecac4d197fe2b_RL_D700_dic.png
         155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\a5a710adf69856_Icon.ico
         158.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\activeview[1].gif
         158.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D7QZT9GU\adview[2].htm
         160.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\activeview[1].gif
         160.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\vbulletin_editor[1].css
         160.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\navbits_finallink_ltr[1].gif
         170.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\login[1].htm
         173.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\newreply[1].htm
         173.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\select[1].js
         174.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\vbulletin_textedit[1].js
         174.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\removeformat[1].gif
         174.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\clear[1].gif
         174.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\separator[1].gif
         174.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\vbulletin_attachment[1].js
         174.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\menupop[1].gif
         174.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\color[1].gif
         174.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D7QZT9GU\smilie[1].gif
         174.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D7QZT9GU\attach[1].gif
         174.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\undo[1].gif
         174.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\redo[1].gif
         174.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\resize_0[1].gif
         174.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\bold[1].gif
         174.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\resize_1[1].gif
         174.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\italic[1].gif
         174.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\underline[1].gif
         174.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\justifyleft[1].gif
         174.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\justifycenter[1].gif
         174.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\justifyright[1].gif
         174.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\insertorderedlist[1].gif
         175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\insertunorderedlist[1].gif
         175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\outdent[1].gif
         175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\indent[1].gif
         175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\createlink[1].gif
         175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\unlink[1].gif
         175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\email[1].gif
         175.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\insertimage[1].gif
         175.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\quote[1].gif
         175.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\code[1].gif
         175.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\html[1].gif
         175.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\php[1].gif
         175.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\table[1].gif
         175.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\youtube[1].png
         175.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\eek[1].gif
         175.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\heilig[1].gif
         175.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\lmaa[1].gif
         175.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\stirn[1].gif
         175.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\taenzer[1].gif
         175.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\sleepy[1].gif
         175.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\rofl[1].gif
         175.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\heulen[1].gif
         175.9s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\W3VAO90O\
         175.9s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\G33VCT30\
         175.9s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\SMQE41EX\
         175.9s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\GPAEYA77\
         175.9s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\GPAEYA77\edgecompatviewlist[1].xml
         175.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\singsing[1].gif
         175.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\rolleyes[1].gif
         175.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\aplaus[1].gif
         176.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D7QZT9GU\zzwhip[1].gif
         176.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\pfeiff[1].gif
         176.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\balla[1].gif
         176.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\killpc[1].gif
         176.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\schrei[1].gif
         176.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\sword2[1].gif
         176.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HMPDYO6W\l1DOCKYI6L.dat
         176.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\nono[1].gif
         176.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\dankeschoen[1].gif
         176.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\lach[1].gif
         176.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\kaffee_reboot[1].gif
         176.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\glaskugel2[1].gif
         176.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\aufsmaul[1].gif
         176.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\glaskugel[1].gif
         176.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\icon17[1].gif
         176.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\bussi[1].gif
         176.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\icon19[1].gif
         176.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\icon21[1].gif
         176.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\icon23[1].gif
         176.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\icon24[1].gif
         176.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D7QZT9GU\icon27[1].gif
         176.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\icon26[1].gif
         176.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\icon30[1].gif
         176.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\icon32[1].gif
         177.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\icon34[1].gif
         177.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\icon16[1].gif
         177.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\icon14[1].gif
         177.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\icon2[1].gif
         177.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\icon3[1].gif
         177.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\icon6[1].gif
         177.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\icon7[1].gif
         177.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\icon8[1].gif
         177.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\icon10[1].gif
         177.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\icon11[1].gif
         177.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\icon12[1].gif
         177.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\icon13[1].gif
         177.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\icon35[1].gif


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}\ (ReimageRepair)
   HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}\ (ReimageRepair)

Hallo,
anbei die erste Logdatei von FRST ....

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
durchgeführt von Administrator (Administrator) auf MSI (20-02-2017 06:32:07)
Gestartet von C:\Users\MarkStrong\Desktop
Geladene Profile: defaultuser0 & MarkStrong & Administrator (Verfügbare Profile: defaultuser0 & MarkStrong & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [693432 2016-10-07] ()
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4811048 2016-09-09] (Portrait Displays, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2016-08-19] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\ADMINI~1\AppData\Local\Temp\DeleteOnReboot.bat <===== ACHTUNG
HKU\S-1-5-21-4218886898-41493801-728894-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2016-10-20]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-10-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{44c729b7-3a09-4761-bb9e-6fb3853c3b3d}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-4218886898-41493801-728894-1001 -> DefaultScope {FFD7DB1D-3F65-4AC8-A7C6-562077F48108} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [1951456 2016-09-29] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-08-19] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [180520 2016-09-09] (Portrait Displays, Inc.)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [58296 2016-08-12] (Micro-Star INT'L CO., LTD.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2016-12-12] (NVIDIA Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266328 2016-12-04] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-20] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\Dragon Center\NTIOLib_X64.sys [13776 2016-04-12] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_85330ff976332cdb\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-12-12] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [35272 2016-10-20] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-12-12] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2403248 2016-09-06] (Qualcomm Atheros, Inc.)
R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCo10X64.sys [87904 2016-09-29] (Rivet Networks, LLC.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-10-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42088 2016-10-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-10-20] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-10-04] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33896 2016-06-14] (SteelSeries ApS)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-14] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()
R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\EX64.SYS [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-20 06:24 - 2017-02-20 06:27 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-20 05:46 - 2017-02-20 06:23 - 11581544 _____ (SurfRight B.V.) C:\Users\MarkStrong\Desktop\HitmanPro_x64.exe
2017-02-20 00:08 - 2017-02-20 00:08 - 02870984 _____ (ESET) C:\Users\MarkStrong\Desktop\esetsmartinstaller_deu.exe
2017-02-20 00:01 - 2017-02-20 00:01 - 00003068 _____ C:\Users\MarkStrong\Desktop\Fixlog.txt
2017-02-19 18:35 - 2017-02-19 18:35 - 00000000 ___HD C:\OneDriveTemp
2017-02-18 17:18 - 2017-02-20 00:00 - 00000000 ____D C:\Users\MarkStrong\Desktop\FRST-OlderVersion
2017-02-18 17:13 - 2017-02-18 17:13 - 00001234 _____ C:\Users\Administrator\Desktop\mbam.txt
2017-02-18 17:07 - 2017-02-18 17:07 - 00001339 _____ C:\Users\Administrator\Desktop\Malwarebytes 13.02.txt
2017-02-16 19:56 - 2017-02-16 20:18 - 00272742 _____ C:\TDSSKiller.3.1.0.12_16.02.2017_19.56.31_log.txt
2017-02-15 21:20 - 2017-02-15 21:21 - 00270548 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_21.20.37_log.txt
2017-02-15 20:56 - 2017-02-15 20:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\MarkStrong\Desktop\tdsskiller.exe
2017-02-15 20:55 - 2017-02-20 06:32 - 00018006 _____ C:\Users\MarkStrong\Desktop\FRST.txt
2017-02-15 20:55 - 2017-02-20 06:32 - 00000000 ____D C:\FRST
2017-02-15 20:55 - 2017-02-18 17:19 - 00061888 _____ C:\Users\MarkStrong\Desktop\Addition.txt
2017-02-15 20:54 - 2017-02-20 00:00 - 02422784 _____ (Farbar) C:\Users\MarkStrong\Desktop\FRST64.exe
2017-02-15 20:46 - 2017-02-18 07:57 - 00000000 ____D C:\AdwCleaner
2017-02-15 20:46 - 2017-02-15 20:46 - 04015056 _____ C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
2017-02-14 00:51 - 2017-02-14 00:52 - 00000000 ____D C:\ProgramData\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2015
2017-02-13 20:03 - 2017-02-20 00:02 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:03 - 2017-02-13 20:03 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:03 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-13 18:58 - 2017-02-13 18:52 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-13 18:00 - 2017-02-13 18:00 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\WinZip
2017-02-10 14:35 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 14:35 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-10 14:35 - 2016-12-15 19:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-10 14:35 - 2016-12-15 19:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-10 14:33 - 2017-01-23 19:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-10 09:21 - 2017-02-10 09:23 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-03 15:55 - 2017-02-03 15:55 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Microsoft Help
2017-01-25 08:59 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 08:59 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-20 06:22 - 2016-08-01 17:28 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-20 06:04 - 2016-12-20 18:36 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5ECB8719-0C45-4D0B-9E23-341326ED26A6}
2017-02-20 00:09 - 2016-08-01 18:06 - 00619736 _____ C:\Windows\system32\perfh019.dat
2017-02-20 00:09 - 2016-08-01 18:06 - 00224376 _____ C:\Windows\system32\perfc019.dat
2017-02-20 00:09 - 2016-08-01 18:02 - 00727940 _____ C:\Windows\system32\prfh0816.dat
2017-02-20 00:09 - 2016-08-01 18:02 - 00245714 _____ C:\Windows\system32\prfc0816.dat
2017-02-20 00:09 - 2016-08-01 17:58 - 00750800 _____ C:\Windows\system32\perfh013.dat
2017-02-20 00:09 - 2016-08-01 17:58 - 00252872 _____ C:\Windows\system32\perfc013.dat
2017-02-20 00:09 - 2016-08-01 17:50 - 00729196 _____ C:\Windows\system32\perfh010.dat
2017-02-20 00:09 - 2016-08-01 17:50 - 00240640 _____ C:\Windows\system32\perfc010.dat
2017-02-20 00:09 - 2016-08-01 17:47 - 00749044 _____ C:\Windows\system32\perfh00C.dat
2017-02-20 00:09 - 2016-08-01 17:47 - 00246794 _____ C:\Windows\system32\perfc00C.dat
2017-02-20 00:09 - 2016-08-01 17:42 - 00743248 _____ C:\Windows\system32\perfh00A.dat
2017-02-20 00:09 - 2016-08-01 17:42 - 00250846 _____ C:\Windows\system32\perfc00A.dat
2017-02-20 00:09 - 2016-08-01 17:40 - 00789560 _____ C:\Windows\system32\perfh008.dat
2017-02-20 00:09 - 2016-08-01 17:40 - 00255840 _____ C:\Windows\system32\perfc008.dat
2017-02-20 00:09 - 2016-08-01 17:37 - 01114980 _____ C:\Windows\system32\perfh007.dat
2017-02-20 00:09 - 2016-08-01 17:37 - 00262714 _____ C:\Windows\system32\perfc007.dat
2017-02-20 00:09 - 2016-08-01 17:33 - 09583584 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-20 00:02 - 2016-12-23 04:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-02-20 00:02 - 2016-12-14 10:14 - 00000000 ___RD C:\Users\MarkStrong\OneDrive
2017-02-20 00:02 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-20 00:02 - 2016-08-01 17:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-20 00:01 - 2016-12-23 04:07 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-20 00:01 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-02-19 17:55 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong
2017-02-19 17:52 - 2016-12-14 12:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-19 16:37 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-19 16:23 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Skype
2017-02-19 00:01 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\CrashDumps
2017-02-18 14:56 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 14:46 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-02-13 21:49 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 18:52 - 2016-12-14 10:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-02-13 18:52 - 2016-07-16 06:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-13 18:52 - 2016-07-16 01:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-02-13 18:00 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\WinZip
2017-02-13 00:15 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:13 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA
2017-02-10 14:02 - 2016-12-14 12:21 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-10 09:22 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-03 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-02 13:14 - 2016-12-14 22:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-02-02 13:13 - 2016-12-20 09:14 - 00000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2017-02-02 13:13 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-02-02 13:13 - 2016-08-01 17:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-01 21:25 - 2016-12-19 00:13 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 21:25 - 2016-12-19 00:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-25 09:17 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-24 19:02 - 2016-12-14 10:14 - 00002397 _____ C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 19:00 - 2016-10-20 18:52 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-01-23 19:00 - 2016-10-20 18:52 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-21 05:55 - 2017-01-17 05:54 - 00048696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-10-20 18:53 - 2016-10-20 18:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-23 04:07 - 2017-02-20 00:02 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 04:07 - 2017-02-20 00:01 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-17 17:28

==================== Ende von FRST.txt ============================

--- --- ---

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen

Plagegeister aller Art und deren Bekämpfung: GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen