Windows 10 und die durch einem Virus verlorenen Adminrechte

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
durchgeführt von Ben (Administrator) auf DESKTOP-H55H5RK (26-02-2017 04:23:15)
Gestartet von C:\Users\Ben\Downloads
Geladene Profile: Ben (Verfügbare Profile: defaultuser0 & Ben)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9037832 2016-12-03] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => E:\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-25] (AVAST Software)
HKU\S-1-5-21-3604746800-1686383787-860700110-1001\...\Run: [Steam] => E:\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3604746800-1686383787-860700110-1001\...\Run: [EvolveClient] => E:\Echobit\Evolve\EvolveClient.exe [3334528 2017-01-27] (Echobit LLC)
HKU\S-1-5-21-3604746800-1686383787-860700110-1001\...\Run: [397f3b0d-937d-4b7e-87cd-d19ad4add4d8] => "C:\Users\Ben\AppData\Local\Temp\is-SJDKM.tmp\installer.exe" <===== ACHTUNG
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-25] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ear Trumpet.lnk [2017-02-25]
ShortcutTarget: Ear Trumpet.lnk -> E:\Ear Trumpet\EarTrumpet.exe (File-New-Project)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2017-02-25]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2017-02-25]
ShortcutTarget: Curse.lnk -> C:\Users\Ben\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{f9140731-afb1-46c7-8989-eabd4ba4550a}: [DhcpNameServer] 192.168.178.1
ManualProxies: 

Internet Explorer:
==================
HKU\S-1-5-21-3604746800-1686383787-860700110-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-18] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-18] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-25] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-26] <==== ACHTUNG
CHR Extension: (Google Präsentationen) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-25]
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-25]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-25]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-25]
CHR Extension: (Google Tabellen) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-25]
CHR Extension: (Super Find) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gjdmdcodhficmkobooigglnomaghbknh [2017-02-25]
CHR Extension: (Avast Online Security) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-25]
CHR Extension: (Google Mail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-25]
CHR Extension: (Chrome Media Router) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-25]
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default [2017-02-25]
CHR Extension: (Google Mail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-25]
CHR Extension: (Chrome Media Router) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-25] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-25] (AVAST Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [392480 2017-02-12] (EasyAntiCheat Ltd)
S3 EvoSvc; E:\Echobit\Evolve\EvoSvc.exe [1583488 2017-01-27] (Echobit LLC)
S2 Hamachi2Svc; E:\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Datei ist nicht signiert]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-13] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-13] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-11] (Wacom Technology, Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-25] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-25] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-25] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-25] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-25] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-25] (AVAST Software)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2017-01-27] (Echobit, LLC)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-12-13] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-26 04:23 - 2017-02-26 04:23 - 00018508 _____ C:\Users\Ben\Downloads\FRST.txt
2017-02-26 04:23 - 2017-02-26 04:23 - 00000000 ____D C:\FRST
2017-02-26 04:22 - 2017-02-26 04:22 - 02423296 _____ (Farbar) C:\Users\Ben\Downloads\FRST64.exe
2017-02-26 04:01 - 2017-02-26 04:01 - 00008468 _____ C:\Users\Ben\Desktop\eset.txt
2017-02-25 21:17 - 2017-02-25 21:17 - 00000000 ___HD C:\$SysReset
2017-02-25 19:58 - 2017-02-25 19:58 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-25 19:58 - 2017-02-25 19:58 - 00002324 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-25 19:17 - 2017-02-25 19:17 - 02870984 _____ (ESET) C:\Users\Ben\Downloads\esetsmartinstaller_deu.exe
2017-02-25 19:17 - 2017-02-25 19:17 - 00000000 ____D C:\Program Files (x86)\ESET
2017-02-25 19:14 - 2017-02-25 19:14 - 00000000 ____D C:\Users\Ben\AppData\Local\LogMeIn
2017-02-25 19:14 - 2017-02-25 19:14 - 00000000 ____D C:\ProgramData\LogMeIn
2017-02-25 19:13 - 2017-02-25 19:13 - 01663040 _____ (Malwarebytes) C:\Users\Ben\Downloads\JRT.exe
2017-02-25 19:12 - 2017-02-25 19:14 - 00000000 ____D C:\AdwCleaner
2017-02-25 19:12 - 2017-02-25 19:12 - 04015056 _____ C:\Users\Ben\Downloads\AdwCleaner_6.043.exe
2017-02-25 19:07 - 2017-02-25 19:07 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-25 18:48 - 2017-02-25 19:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-25 18:47 - 2017-02-25 19:02 - 00001165 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2017-02-25 18:47 - 2017-02-25 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2017-02-25 18:47 - 2017-02-25 18:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-25 18:47 - 2017-02-25 18:47 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2017-02-25 18:47 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-02-25 18:47 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-02-25 18:47 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-25 18:45 - 2017-02-25 18:45 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Downloads\mbam-setup-2.2.1.1043.exe
2017-02-25 18:38 - 2017-02-25 18:38 - 01129376 _____ (Google Inc.) C:\Users\Ben\Downloads\ChromeSetup (2).exe
2017-02-25 18:35 - 2017-02-25 18:35 - 00003628 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-25 18:35 - 2017-02-25 18:35 - 00003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-25 18:34 - 2017-02-25 18:36 - 01129376 _____ (Google Inc.) C:\Users\Ben\Downloads\ChromeSetup (1).exe
2017-02-25 18:31 - 2017-02-25 19:20 - 00004044 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1488043873
2017-02-25 18:31 - 2017-02-25 19:20 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-25 18:31 - 2017-02-25 19:02 - 00001204 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-25 18:30 - 2017-02-25 18:30 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-25 18:29 - 2017-02-25 19:02 - 00002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-02-25 18:29 - 2017-02-25 19:02 - 00002005 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-25 18:29 - 2017-02-25 18:29 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-25 18:29 - 2017-02-25 18:29 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-25 18:29 - 2017-02-25 18:29 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-25 18:29 - 2017-02-25 18:29 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-25 18:29 - 2017-02-25 18:29 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-25 18:29 - 2017-02-25 18:29 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-25 18:29 - 2017-02-25 18:29 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-25 18:29 - 2017-02-25 18:29 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-25 18:29 - 2017-02-25 18:29 - 00003994 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-25 18:29 - 2017-02-25 18:29 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-02-25 18:29 - 2017-02-25 18:29 - 00000000 ____D C:\Users\Ben\AppData\Roaming\AVAST Software
2017-02-25 18:29 - 2017-02-25 18:29 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Arwiiedusugh
2017-02-25 18:29 - 2017-02-25 18:29 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-25 18:29 - 2017-02-25 18:28 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-25 18:29 - 2017-02-25 18:28 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-25 18:29 - 2017-02-25 18:28 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-25 18:29 - 2017-02-25 18:28 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-25 18:29 - 2017-02-25 18:28 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-25 18:27 - 2017-02-25 21:18 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-25 18:27 - 2017-02-25 18:30 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-25 18:27 - 2017-02-25 18:27 - 06655184 _____ (AVAST Software) C:\Users\Ben\Downloads\avast_free_antivirus_setup_online_f0b.exe
2017-02-25 18:11 - 2017-02-25 18:11 - 00000608 __RSH C:\ProgramData\ntuser.pol
2017-02-25 18:11 - 2017-02-25 18:11 - 00000000 ____D C:\Windows\system32\SSL
2017-02-25 18:10 - 2017-02-25 18:10 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-25 18:10 - 2017-02-25 18:10 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-25 18:07 - 2017-02-25 19:04 - 00000000 ____D C:\Program Files (x86)\Gherhis
2017-02-25 18:07 - 2017-02-25 18:08 - 00000000 ____D C:\Users\Ben\AppData\Local\Pecaletefght
2017-02-25 18:07 - 2017-02-25 18:07 - 00006164 _____ C:\Windows\System32\Tasks\Ckbpycazery Launcher
2017-02-25 18:05 - 2017-02-25 18:05 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-02-20 03:09 - 2017-02-20 03:09 - 00000000 _____ C:\Users\Ben\Desktop\Neues Textdokument (2).txt
2017-02-18 16:53 - 2017-02-18 16:53 - 00000000 ____D C:\Users\Ben\AppData\Roaming\java
2017-02-18 16:47 - 2017-02-18 16:47 - 00000000 ____D C:\Users\Ben\Documents\Curse
2017-02-18 16:45 - 2017-02-26 02:21 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Curse Client
2017-02-18 16:45 - 2017-02-25 19:01 - 00001061 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2017-02-18 16:45 - 2017-02-25 19:00 - 00001075 _____ C:\Users\Ben\Desktop\Curse.lnk
2017-02-18 16:44 - 2017-02-18 16:44 - 84695968 _____ (Curse) C:\Users\Ben\Downloads\CurseClientSetup.exe
2017-02-18 16:44 - 2017-02-18 16:44 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Curse
2017-02-18 16:43 - 2017-02-18 16:44 - 110022150 _____ C:\Users\Ben\Downloads\Project Ozone 2-2.2.5.zip
2017-02-18 01:36 - 2017-02-18 01:36 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-02-18 01:35 - 2017-02-18 01:35 - 64153152 _____ (Oracle Corporation) C:\Users\Ben\Downloads\jre-8u121-windows-x64.exe
2017-02-18 01:35 - 2017-02-18 01:35 - 00000000 ____D C:\Program Files\Java
2017-02-18 01:18 - 2017-02-25 22:42 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C137FDED-BCA7-4BC6-A96A-073F89788BFC}
2017-02-18 01:17 - 2017-02-18 01:17 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-18 01:17 - 2017-02-18 01:17 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-18 01:16 - 2017-02-18 01:16 - 00739392 _____ (Oracle Corporation) C:\Users\Ben\Downloads\JavaSetup8u121.exe
2017-02-18 00:42 - 2017-02-18 00:42 - 00000000 ____D C:\Users\Ben\AppData\Roaming\.technic
2017-02-18 00:36 - 2017-02-18 00:36 - 00000000 ____D C:\Users\Ben\AppData\Roaming\.atlauncher
2017-02-18 00:35 - 2017-02-18 00:36 - 31239592 _____ (Oracle Corporation) C:\Users\Ben\Downloads\jre-7u80-windows-x64.exe
2017-02-17 16:43 - 2017-02-17 16:43 - 00000000 ____D C:\Windows\ShellNew
2017-02-17 16:43 - 2017-02-17 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2017-02-17 16:42 - 2017-02-17 16:42 - 00021461 _____ C:\Users\Ben\Downloads\Fishing Bot.rar
2017-02-17 16:40 - 2017-02-17 16:42 - 03111594 _____ C:\Users\Ben\Downloads\AutoHotkey_1.1.24.05_setup.exe
2017-02-16 00:05 - 2017-02-25 19:01 - 00000612 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Ear Trumpet.lnk
2017-02-16 00:04 - 2017-02-16 00:04 - 13406575 _____ ( ) C:\Users\Ben\Downloads\Ear.Trumpet.Setup.exe
2017-02-15 23:40 - 2017-02-15 23:40 - 00000000 _____ C:\Users\Ben\Desktop\das 7.30.txt
2017-02-14 05:02 - 2017-02-14 05:02 - 02764806 _____ C:\Users\Ben\Desktop\Neue Bitmap.bmp
2017-02-12 23:45 - 2017-02-18 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-12 23:45 - 2017-02-18 01:18 - 00000000 ____D C:\ProgramData\Oracle
2017-02-12 23:45 - 2017-02-12 23:45 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Sun
2017-02-12 23:45 - 2017-02-12 23:45 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\Sun
2017-02-12 23:43 - 2017-02-12 23:43 - 01496584 _____ C:\Users\Ben\Downloads\Java Runtime Environment 32 Bit - CHIP-Installer.exe
2017-02-12 23:32 - 2017-02-12 23:32 - 37923214 _____ C:\Users\Ben\Downloads\PureBDcraft 128x MC111.zip
2017-02-12 23:32 - 2017-02-12 23:32 - 02025801 _____ C:\Users\Ben\Downloads\OptiFine_1.11.2_HD_U_B7.jar
2017-02-12 23:22 - 2017-02-19 23:49 - 00000000 ____D C:\Users\Ben\AppData\Roaming\.minecraft
2017-02-12 18:57 - 2017-02-12 18:57 - 00541224 _____ C:\Windows\system32\Drivers\EasyAntiCheat.sys
2017-02-12 18:57 - 2017-02-12 18:53 - 00392480 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-02-11 18:59 - 2017-02-11 18:59 - 00000000 ____D C:\Users\Ben\Documents\Diablo III
2017-02-08 09:31 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-06 19:30 - 2017-02-06 19:31 - 00000022 _____ C:\Users\Ben\Downloads\Gold and Glory - The Road to El Dorado (Europe) (En,Fr,De,Es,It,Nl).zip
2017-02-05 07:46 - 2017-02-05 07:46 - 00008320 _____ C:\Users\Ben\Desktop\BESLES-03434DMR0.mcs
2017-02-05 07:34 - 2017-02-05 07:34 - 00372518 _____ C:\Users\Ben\Downloads\psxge160.zip
2017-02-05 07:15 - 2017-02-05 07:15 - 00189018 _____ C:\Users\Ben\Downloads\MemcardRex 1.7.zip
2017-02-03 07:26 - 2017-02-03 07:27 - 155413940 _____ C:\Users\Ben\Downloads\Digimon World (G) [SLES-03434].7z
2017-02-01 09:44 - 2017-02-01 09:44 - 00014908 _____ C:\Users\Ben\Downloads\cdrpeops104.zip
2017-02-01 09:35 - 2017-02-01 09:35 - 00034093 _____ C:\Users\Ben\Downloads\spupeopsdsound109.zip
2017-02-01 09:19 - 2017-02-01 09:19 - 00241658 _____ C:\Users\Ben\Downloads\SCPH1001.zip
2017-02-01 09:18 - 2017-02-01 09:18 - 00241675 _____ C:\Users\Ben\Downloads\SCPH7003 (1).zip
2017-02-01 09:14 - 2017-02-01 09:14 - 00175318 _____ C:\Users\Ben\Downloads\gpupeteogl209 (1).zip
2017-02-01 09:03 - 2017-02-01 09:03 - 01381554 _____ C:\Users\Ben\Downloads\ePSXe205.zip
2017-02-01 08:54 - 2017-02-01 08:54 - 00175318 _____ C:\Users\Ben\Downloads\gpupeteogl209.zip
2017-02-01 08:30 - 2017-02-01 08:30 - 00241675 _____ C:\Users\Ben\Downloads\SCPH7003.zip
2017-02-01 08:27 - 2017-02-01 08:27 - 01381582 _____ (Igor Pavlov) C:\Users\Ben\Downloads\7z1604-x64.exe
2017-02-01 08:27 - 2017-02-01 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-01-27 04:53 - 2017-02-25 19:02 - 00000801 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2017-01-27 04:53 - 2017-01-27 04:53 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2017-01-27 04:51 - 2017-01-27 04:51 - 00000000 ____D C:\Users\Ben\AppData\Local\Echobit
2017-01-27 04:51 - 2017-01-27 04:51 - 00000000 ____D C:\ProgramData\Echobit
2017-01-27 04:43 - 2017-02-25 19:14 - 00000000 ____D C:\Users\Ben\AppData\Local\LogMeIn Hamachi
2017-01-27 04:43 - 2017-01-27 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-26 04:19 - 2016-12-03 11:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-26 04:00 - 2016-12-03 11:44 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-26 02:16 - 2016-12-03 11:55 - 00000000 ____D C:\Users\Ben
2017-02-25 22:34 - 2016-12-03 12:49 - 00000000 ____D C:\Users\Ben\AppData\Local\Battle.net
2017-02-25 22:33 - 2016-12-03 12:54 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-25 19:59 - 2016-12-03 12:07 - 00000000 ____D C:\Users\Ben\AppData\Local\Google
2017-02-25 19:58 - 2016-12-03 12:05 - 01065376 _____ (Google Inc.) C:\Users\Ben\Downloads\ChromeSetup.exe
2017-02-25 19:14 - 2016-12-03 17:21 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-25 19:11 - 2016-12-03 11:57 - 01789566 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-25 19:11 - 2016-07-16 23:51 - 00669130 _____ C:\Windows\system32\perfh007.dat
2017-02-25 19:11 - 2016-07-16 23:51 - 00138222 _____ C:\Windows\system32\perfc007.dat
2017-02-25 19:06 - 2016-12-14 23:25 - 00002938 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-25 19:05 - 2016-12-03 11:44 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-25 19:04 - 2016-07-16 07:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-02-25 19:01 - 2017-01-14 21:19 - 00000563 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-02-25 19:01 - 2016-12-03 11:58 - 00002377 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-25 18:34 - 2016-12-03 12:07 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-25 18:28 - 2016-12-14 23:20 - 00000000 ____D C:\Users\Ben\AppData\Local\CrashDumps
2017-02-25 18:12 - 2016-12-26 01:22 - 00000000 ____D C:\Users\Ben\AppData\Roaming\uTorrent
2017-02-25 18:11 - 2016-07-16 12:47 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-25 18:11 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-02-25 17:45 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-25 16:18 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 22:21 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-24 03:23 - 2016-12-16 00:55 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 03:21 - 2016-12-03 16:57 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 22:12 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-21 06:35 - 2016-12-25 16:46 - 00000000 ____D C:\Users\Ben\AppData\Roaming\DVDVideoSoft
2017-02-16 00:05 - 2016-12-04 18:23 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-11 12:50 - 2016-12-26 13:42 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2017-02-08 09:32 - 2016-12-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 09:32 - 2016-12-03 12:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 09:31 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-05 12:24 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\NDF

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-12-03 23:05 - 2016-12-03 23:05 - 0000003 _____ () C:\Users\Ben\AppData\Local\updater.log
2016-12-03 23:05 - 2016-12-03 23:05 - 0000424 _____ () C:\Users\Ben\AppData\Local\UserProducts.xml
2016-12-03 13:16 - 2016-12-03 13:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-14 23:25 - 2017-02-25 19:14 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-14 23:25 - 2017-02-25 19:06 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Einige Dateien in TEMP:
====================
2017-02-25 18:10 - 2017-02-25 18:10 - 5280800 _____ () C:\Users\Ben\AppData\Local\Temp\component.exe
2017-02-25 18:06 - 2017-02-25 18:06 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\Ben\AppData\Local\Temp\fox.exe
2017-02-18 01:32 - 2017-02-18 01:32 - 0017408 _____ (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-32-3094539292876184306.dll
2017-02-18 01:19 - 2017-02-18 01:19 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-32-3857821385620296754.dll
2017-02-18 01:36 - 2017-02-18 01:36 - 0017408 _____ (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-32-6399956205700576396.dll
2017-02-18 01:13 - 2017-02-18 01:13 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-1195804232910456635.dll
2017-02-18 01:13 - 2017-02-18 01:13 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-2127595444366729296.dll
2017-02-18 01:13 - 2017-02-18 01:13 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-2550666613555251813.dll
2017-02-18 01:12 - 2017-02-18 01:12 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-2912678347493721862.dll
2017-02-18 01:12 - 2017-02-18 01:12 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-4319633741099094151.dll
2017-02-18 01:11 - 2017-02-18 01:11 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-4376344687154796370.dll
2017-02-18 01:07 - 2017-02-18 01:07 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-4843616498852125266.dll
2017-02-18 01:17 - 2017-02-18 01:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-4936017009223877102.dll
2017-02-18 01:14 - 2017-02-18 01:14 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-6296490134069706615.dll
2017-02-18 01:37 - 2017-02-18 01:37 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-6567435702100850618.dll
2017-02-18 01:11 - 2017-02-18 01:11 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-7102327419736961176.dll
2017-02-18 01:14 - 2017-02-18 01:14 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Ben\AppData\Local\Temp\jansi-64-951603561085615415.dll
2017-02-25 18:10 - 2017-02-25 18:10 - 0016384 _____ (DoxX) C:\Users\Ben\AppData\Local\Temp\kube.exe
2017-02-25 18:10 - 2017-02-25 18:10 - 0144044 _____ () C:\Users\Ben\AppData\Local\Temp\load.exe
2017-02-25 18:06 - 2017-02-25 18:06 - 7301074 _____ () C:\Users\Ben\AppData\Local\Temp\MyProg.exe
2016-12-03 16:48 - 2015-07-13 18:18 - 1367048 _____ (NVIDIA Corporation) C:\Users\Ben\AppData\Local\Temp\nvSCPAPI64.dll
2016-12-03 12:13 - 2015-07-13 18:17 - 0783504 _____ (NVIDIA Corporation) C:\Users\Ben\AppData\Local\Temp\nvStInst.exe
2017-02-25 18:10 - 2017-02-25 18:10 - 0282624 _____ () C:\Users\Ben\AppData\Local\Temp\offerpg3.exe
2017-02-25 18:10 - 2017-02-25 18:10 - 1017048 _____ (Super Find                                                  ) C:\Users\Ben\AppData\Local\Temp\SuperFindAddonInstaller-ch.exe
2016-12-30 01:21 - 2016-12-30 01:21 - 1979072 _____ (BitTorrent Inc.) C:\Users\Ben\AppData\Local\Temp\utt9012.tmp.exe
2016-12-26 01:24 - 2016-12-26 01:24 - 1979072 _____ (BitTorrent Inc.) C:\Users\Ben\AppData\Local\Temp\uttA0EF.tmp.exe
2017-01-10 17:12 - 2017-01-10 17:12 - 14773216 _____ (Microsoft Corporation) C:\Users\Ben\AppData\Local\Temp\vcredist_x64.exe
2017-02-25 18:10 - 2017-02-25 18:10 - 5272568 _____ () C:\Users\Ben\AppData\Local\Temp\windows.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-16 15:55

==================== Ende von FRST.txt ============================
         

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-02-2017
durchgeführt von Ben (26-02-2017 04:24:13)
Gestartet von C:\Users\Ben\Downloads
Windows 10 Pro Version 1607 (X64) (2016-12-03 10:53:40)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3604746800-1686383787-860700110-500 - Administrator - Disabled)
Ben (S-1-5-21-3604746800-1686383787-860700110-1001 - Administrator - Enabled) => C:\Users\Ben
DefaultAccount (S-1-5-21-3604746800-1686383787-860700110-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3604746800-1686383787-860700110-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-3604746800-1686383787-860700110-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-3604746800-1686383787-860700110-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
AutoHotkey 1.1.24.05 (HKLM\...\AutoHotkey) (Version: 1.1.24.05 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Back to Bed (HKLM\...\Steam App 308040) (Version:  - Bedtime Digital Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BiT Evolution (HKLM\...\Steam App 342020) (Version:  - Major Games)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crusaders of the Lost Idols (HKLM\...\Steam App 402840) (Version:  - Codename Entertainment Inc.)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Dinocide (HKLM\...\Steam App 423900) (Version:  - AtomicTorch Studio) <==== ACHTUNG
Ear Trumpet (HKLM-x32\...\BA8684A3-9834-4D78-A666-04E88FF0EC82_is1) (Version: 1.3.2.0 - )
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Faeria (HKLM\...\Steam App 397060) (Version:  - Abrakam SA)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Guild Quest (HKLM\...\Steam App 547680) (Version:  - Hyper Hippo Games)
Gunpoint (HKLM\...\Steam App 206190) (Version:  - Suspicious Developments)
Intel(R) Smart Connect Technology (HKLM\...\{8B4EA042-9E21-46FB-8286-225F4D51CC52}) (Version: 4.2.41.2710 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
King Arthur's Gold (HKLM\...\Steam App 219830) (Version:  - Transhuman Design)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3604746800-1686383787-860700110-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
osu! (HKLM-x32\...\{ca7f728e-cb7b-4d3a-aab7-6d660360d044}) (Version: latest - ppy Pty Ltd)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tabletop Simulator (HKLM\...\Steam App 286160) (Version:  - Berserk Games)
Two Digits (HKLM\...\Steam App 371330) (Version:  - Cleverweek)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {06409180-305F-4DDD-ABF6-9413C3FA93E0} - \Utecultstigasp -> Keine Datei <==== ACHTUNG
Task: {221AA3CF-E2FD-4169-855D-EC9878B9FF59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-25] (Google Inc.)
Task: {236E5E07-147D-4D68-A880-C972F1AF72F9} - System32\Tasks\Ckbpycazery Launcher => C:\Program Files (x86)\Gherhis\dckwely.exe [2017-02-25] (Glarysoft Ltd)
Task: {29F03EC6-449F-4FA3-B0F8-59CB60E6E493} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-25] (Google Inc.)
Task: {3AC073AE-F757-4876-9E67-430305D19AC6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-13] (NVIDIA Corporation)
Task: {450F063B-C65B-4233-8691-8CADC15733B3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
Task: {581E6605-35FA-48F6-89B8-1FF96A547399} - \fPV5Co9mfH -> Keine Datei <==== ACHTUNG
Task: {6D0FA805-59FA-48D5-BB61-9EBBB9555002} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-13] (NVIDIA Corporation)
Task: {833E0953-498A-43CA-BC46-FD12740D9F01} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-25] (AVAST Software)
Task: {8EC0D52C-8273-46B4-B21D-F24A668B70A6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
Task: {94BD745F-2DDC-49D7-8FE4-06CE89FCF997} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {9606A854-5D70-407C-BA2F-EEA09335CA92} - System32\Tasks\SafeZone scheduled Autoupdate 1488043873 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {DBCC42A8-4F33-4B5C-B0DB-11BBA2FA4DA1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-25] (AVAST Software)
Task: {E40A903E-2BDF-47F0-AA84-447CAB5B80E5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-12-04 08:44 - 2013-12-04 08:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 08:44 - 2013-12-04 08:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 08:44 - 2013-12-04 08:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2016-12-22 20:04 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-22 20:04 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-12-03 16:33 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:44 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-12-14 23:25 - 2016-12-13 00:30 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-14 23:25 - 2016-12-13 00:30 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-25 19:58 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-25 19:58 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-14 19:24 - 2017-02-14 19:24 - 31178840 _____ () C:\Users\Ben\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-03 12:49 - 2016-12-03 12:49 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-12-03 12:49 - 2016-12-03 12:49 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-12-03 12:49 - 2016-12-03 12:49 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-12-03 12:49 - 2016-12-03 12:49 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-12-03 12:49 - 2016-12-03 12:49 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-01-10 20:44 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:44 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:44 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:44 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 20:44 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:44 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-03 17:20 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-25 18:28 - 2017-02-25 18:28 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-25 18:29 - 2017-02-25 18:29 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-25 18:28 - 2017-02-25 18:28 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-25 18:28 - 2017-02-25 18:28 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-14 23:25 - 2016-12-13 00:30 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-14 23:25 - 2016-12-13 00:30 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-14 23:25 - 2016-12-13 00:30 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2016-07-16 12:47 - 2017-02-25 19:00 - 00000888 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 v1.ff.avast.com 
127.0.0.1 vlcproxy.ff.avast.com 

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3604746800-1686383787-860700110-1001\Control Panel\Desktop\\Wallpaper -> F:\Bilder\Swop\pokemon_xy_full_hd_wallpaper_by_pokeminer98-d93pdb0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-3604746800-1686383787-860700110-1001\...\StartupApproved\Run: => "397f3b0d-937d-4b7e-87cd-d19ad4add4d8"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{49F1E98F-DA15-4247-A354-8A412A5B2FA1}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{2F4B1435-836A-4DCD-9AB7-A3AD26BE2813}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [TCP Query User{96314F3F-5561-42F7-9787-DFF3B31B95B7}F:\hearthstone\hearthstone.exe] => (Allow) F:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8E47EDB1-F6D1-4C6D-898A-5248ADBE649D}F:\hearthstone\hearthstone.exe] => (Allow) F:\hearthstone\hearthstone.exe
FirewallRules: [{D0334DBC-3166-4263-B71B-2A3F9B1BFF25}] => (Allow) F:\Steam Games\SteamApps\common\Rust\Rust.exe
FirewallRules: [{98137BB4-740B-43F9-B388-49D5816F25E3}] => (Allow) F:\Steam Games\SteamApps\common\Rust\Rust.exe
FirewallRules: [{048C0DC1-C8E6-4236-87B2-5CFF70972A9E}] => (Allow) F:\Steam Games\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe
FirewallRules: [{6A928B1C-A339-41D3-B279-E72566201CBD}] => (Allow) F:\Steam Games\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe
FirewallRules: [{0C2C9C6D-2186-475D-86D5-6B2B2A4E2A7D}] => (Allow) F:\Steam Games\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{E06917EE-C791-43FA-AFFF-61E7B95FE6F6}] => (Allow) F:\Steam Games\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{E9BA116B-0B5E-431A-B421-B710A2617A58}] => (Allow) F:\Steam Games\SteamApps\common\BackToBed\BackToBed.exe
FirewallRules: [{D4689641-1A20-4271-B28C-982A0915E71D}] => (Allow) F:\Steam Games\SteamApps\common\BackToBed\BackToBed.exe
FirewallRules: [{3B459679-021F-46D6-A61C-B2A98E546BD0}] => (Allow) F:\Steam Games\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{0F77CE64-A5CA-4BFB-945E-3174F75219FC}] => (Allow) F:\Steam Games\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{81FBCFEA-64C6-4B31-B3A0-AA4008988EB0}] => (Allow) F:\Steam Games\SteamApps\common\The Dream Machine\the_dream_machine.exe
FirewallRules: [{87CD4899-C136-4225-9EA9-D0F3857F419D}] => (Allow) F:\Steam Games\SteamApps\common\The Dream Machine\the_dream_machine.exe
FirewallRules: [{2C6FC73D-D85F-43C8-9BDA-20CD6FDC2810}] => (Allow) F:\Steam Games\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{B7751E5E-6BED-485A-8B82-9B3B5A7BEE95}] => (Allow) F:\Steam Games\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{3BE6A7C7-5153-4E17-AE1C-3C9BBB45AEC5}F:\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6E446ED1-57F9-4DDF-9207-2489B765F1F8}F:\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{D1C96342-0A18-42C9-887D-B1CA511A838C}] => (Allow) E:\Steam\steamapps\common\Dinocide\Dinocide.exe
FirewallRules: [{F1CA5246-A508-4A60-9C59-656FF79F416D}] => (Allow) E:\Steam\steamapps\common\Dinocide\Dinocide.exe
FirewallRules: [{5FF988DF-A4A2-481F-8999-E1000C283F6C}] => (Allow) E:\Steam\steamapps\common\King Arthur's Gold\KAG.exe
FirewallRules: [{23610BA1-821A-484E-90BD-BF23648B20D0}] => (Allow) E:\Steam\steamapps\common\King Arthur's Gold\KAG.exe
FirewallRules: [{50CE9240-D125-4BFA-BFFE-4B534EC310D6}] => (Allow) E:\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{2E9D76DF-5AC3-4944-9408-5146038EBFA5}] => (Allow) E:\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{301A70FB-2341-48C9-A042-E415109C2FE1}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{36ED2374-C2AE-4E41-9CE6-1D324D8C6067}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{19CF2350-57B7-4172-9CE1-406E9E077B02}F:\overwatch\overwatch.exe] => (Allow) F:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{5FD741E9-8CA3-494B-BAF8-A509932ABA06}F:\overwatch\overwatch.exe] => (Allow) F:\overwatch\overwatch.exe
FirewallRules: [{C098542E-2316-4490-84B2-99295423F8DC}] => (Allow) F:\Steam Games\SteamApps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{F78DD327-91B2-4817-AF83-370D4B0A9E4C}] => (Allow) F:\Steam Games\SteamApps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{1BDA5EF8-6040-45E0-B90B-200FDFB4BD87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{41F4477C-E56A-4342-BEEC-57560A7175F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{B6B34287-0316-42AE-A7F0-0E372679DA03}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CCCA6270-97EB-4E51-B7A7-0E48F3D4F492}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3A10500B-FB3A-499B-98A1-94AE5097A27A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{08CCE96A-538B-4C87-8FA6-CDF26FBFA0FA}] => (Allow) E:\Steam\steamapps\common\BiT Evolution\BiTEvolution.exe
FirewallRules: [{3D33608F-3884-4BEC-BECB-21C08BF23538}] => (Allow) E:\Steam\steamapps\common\BiT Evolution\BiTEvolution.exe
FirewallRules: [{10417241-99D5-44CA-9168-19BD11114731}] => (Allow) F:\Steam Games\SteamApps\common\Big Pharma\Big Pharma.exe
FirewallRules: [{368A5847-AD7B-4E8B-892A-5589BC7DD53C}] => (Allow) F:\Steam Games\SteamApps\common\Big Pharma\Big Pharma.exe
FirewallRules: [{052DFB5D-6569-4A98-914E-0E0A9AFF7103}] => (Allow) E:\Steam\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{510B1AD8-64A1-424C-A5AD-CB384526AFDA}] => (Allow) E:\Steam\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{094813FF-9227-4997-A840-43D119FA9326}] => (Allow) F:\Steam Games\SteamApps\common\Dungeon of Elements\DungeonofElements.exe
FirewallRules: [{7F17F07F-296F-40EF-BA90-62AD29B4B99E}] => (Allow) F:\Steam Games\SteamApps\common\Dungeon of Elements\DungeonofElements.exe
FirewallRules: [{5237BAF5-1231-4FC6-85A4-4286DDBB4A97}] => (Allow) F:\Steam Games\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{F05ED4A8-40BB-4BAB-A0DB-247784347727}] => (Allow) F:\Steam Games\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{89EC2956-3BA0-4671-B3A7-C869B3C70E56}] => (Allow) E:\Steam\steamapps\common\Crusaders of the Lost Idols\Crusaders of the Lost Idols.exe
FirewallRules: [{7FA194A1-5F9D-41B8-B601-7F21EBDE4193}] => (Allow) E:\Steam\steamapps\common\Crusaders of the Lost Idols\Crusaders of the Lost Idols.exe
FirewallRules: [TCP Query User{3CB52E38-94CB-4AC0-9226-05F208ED0BBD}C:\users\ben\downloads\anydesk.exe] => (Allow) C:\users\ben\downloads\anydesk.exe
FirewallRules: [UDP Query User{090BED91-D23D-490C-8C55-16FEBD646E62}C:\users\ben\downloads\anydesk.exe] => (Allow) C:\users\ben\downloads\anydesk.exe
FirewallRules: [{7EE59833-05B2-4C39-96CB-A817710F7F83}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{C503251D-0475-47F3-BFB2-93C826128151}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{4FE95532-BF44-46E2-88C2-CBE761942326}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{BD7F1D4C-EBF6-4E9A-ACD4-1E0548C0677B}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{A6250F0A-53E9-4B07-9D38-1DDFC205263F}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{1F2774A2-38BC-411A-A45D-F3737AF91D8A}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{05716DAC-F405-47DE-9062-770CA8207038}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{74C7074B-681F-474A-990A-7AEF061612B4}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{0798FEE0-3113-42CC-A886-B1D2F341B6D2}] => (Allow) E:\uTorrent\uTorrent.exe
FirewallRules: [{8E34279A-B317-45C1-9136-55CC32F64552}] => (Allow) E:\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{508F63F2-CF97-4885-BF0C-5FA4B829F5B8}F:\utorrent\utorrent.exe] => (Allow) F:\utorrent\utorrent.exe
FirewallRules: [UDP Query User{10250434-C8BB-4E2D-9EA7-4E995606AD19}F:\utorrent\utorrent.exe] => (Allow) F:\utorrent\utorrent.exe
FirewallRules: [{D6463C95-4A4E-46C4-B6E5-52AE89F327CE}] => (Allow) F:\Steam Games\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{F5C1FDF4-3A73-4296-B1EB-9FC279CFE50F}] => (Allow) F:\Steam Games\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{285AC4CD-1EFB-4F45-952C-5228195ECDC2}] => (Allow) C:\Users\Ben\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BA912669-007C-493E-A286-B09F527B09F5}] => (Allow) C:\Users\Ben\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A913070-830C-47CB-AF7D-EF5A15C9E8D4}] => (Allow) C:\Users\Ben\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{470266D5-8472-4477-AF0E-591D387AF234}] => (Allow) C:\Users\Ben\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6032946-54D3-49D7-841A-2B3B4FFE188F}] => (Allow) C:\Users\Ben\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0FF59F64-3668-47C1-AB25-FAA763AB891E}] => (Allow) C:\Users\Ben\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3758CB69-B180-4D48-9F35-36DBBAE1638C}] => (Allow) F:\Steam Games\SteamApps\common\Reigns\Reigns.exe
FirewallRules: [{502A621A-1B81-4BC6-8BDD-4027578D02DB}] => (Allow) F:\Steam Games\SteamApps\common\Reigns\Reigns.exe
FirewallRules: [TCP Query User{E2A8C258-65B3-465E-8812-522F4F053F11}F:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Allow) F:\steam games\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{4CBC8CD8-36BD-46D9-A148-7B38CB610004}F:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Allow) F:\steam games\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{73D00FAD-18C9-405D-A1A1-C70923EE3D5C}] => (Allow) E:\Steam\steamapps\common\Two Digits\twodigits.exe
FirewallRules: [{A44F8E5A-4B0A-40B6-BFE1-9C65B7F481B0}] => (Allow) E:\Steam\steamapps\common\Two Digits\twodigits.exe
FirewallRules: [{49F4EBF2-F54A-4D82-8716-C7413FE078EC}] => (Allow) F:\Steam Games\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{A76F5A7C-EBDD-4B2E-85BA-B97596EA7FA2}] => (Allow) F:\Steam Games\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{EF94D48A-4841-4AF9-B9D0-DCA63C994D29}F:\utorrent\utorrent.exe] => (Allow) F:\utorrent\utorrent.exe
FirewallRules: [UDP Query User{18784847-9F60-4A78-A8D3-ADAC89347454}F:\utorrent\utorrent.exe] => (Allow) F:\utorrent\utorrent.exe
FirewallRules: [TCP Query User{E488F2C8-265D-451C-88A8-F981E7E31B46}F:\overwatch\overwatch.exe] => (Allow) F:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{310E794D-F2EC-4C1B-92BB-819E093BF32A}F:\overwatch\overwatch.exe] => (Allow) F:\overwatch\overwatch.exe
FirewallRules: [{9E060B9A-610E-401B-95D2-321B5AC51FB2}] => (Allow) F:\Steam Games\SteamApps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{4A659DC1-9895-4DCB-8B13-CEB2D2450ABD}] => (Allow) F:\Steam Games\SteamApps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{4335BA35-4EDC-4D3D-BA22-079EAD2C65D7}] => (Allow) E:\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{DF0FD8BD-C08B-4F22-BA28-C421D638BD85}] => (Allow) E:\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{05F7BA29-3113-48C5-B953-0D605E84E161}] => (Allow) F:\Steam Games\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{CD39B097-1B9F-459F-888E-ACE56EA4CFDD}] => (Allow) F:\Steam Games\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{80EC39AF-C707-4071-BAE0-733772504D00}] => (Allow) F:\Steam Games\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{A8923E0E-5533-4289-82D9-B36EC9FDC8BF}] => (Allow) F:\Steam Games\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{359F3198-16AC-4AAA-B1C6-4C832CD8022F}] => (Allow) E:\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{94720428-C5A1-4597-B112-A74854B209F4}] => (Allow) E:\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{64358927-DEDD-4D1D-B500-E0240A7AB07B}E:\ppsspp\ppsspp\ppssppwindows64.exe] => (Allow) E:\ppsspp\ppsspp\ppssppwindows64.exe
FirewallRules: [UDP Query User{D034C066-96F9-4483-9BD8-467B583B87BF}E:\ppsspp\ppsspp\ppssppwindows64.exe] => (Allow) E:\ppsspp\ppsspp\ppssppwindows64.exe
FirewallRules: [{58BBEEFB-8C7B-4A57-BCB8-AF0B2F2A38B7}] => (Allow) E:\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{F736D934-A4EC-414C-BC20-AA027765296F}] => (Allow) E:\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [TCP Query User{1C660FB5-F2CD-445B-AC87-F773C29474FA}C:\users\ben\downloads\anydesk.exe] => (Allow) C:\users\ben\downloads\anydesk.exe
FirewallRules: [UDP Query User{0487D504-B68D-412B-B264-50AF7062D015}C:\users\ben\downloads\anydesk.exe] => (Allow) C:\users\ben\downloads\anydesk.exe
FirewallRules: [{DE7F30D7-FF8B-4386-B5A4-46DE069A2A42}] => (Allow) F:\Steam Games\SteamApps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{BCE56AFA-7641-44E3-9A92-D0FD483AC06A}] => (Allow) F:\Steam Games\SteamApps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{0EACBC7C-C8DC-4B14-9590-F803754F10F7}] => (Allow) F:\Steam Games\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{6645A60A-96C7-4DB4-A67A-7983D6192DB5}] => (Allow) F:\Steam Games\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{2F69569C-D7B9-4D7D-8FB3-9CCD73EEB049}] => (Allow) F:\Steam Games\SteamApps\common\Roguelands\Roguelands.exe
FirewallRules: [{9166943A-DAE7-450D-AF07-14C1DD9285BF}] => (Allow) F:\Steam Games\SteamApps\common\Roguelands\Roguelands.exe
FirewallRules: [{4501C23C-56A9-4E11-BD51-DC4AC6EC2B57}] => (Allow) E:\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [{A267E02A-8B51-40AA-A669-782C446A3225}] => (Allow) E:\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [TCP Query User{9B8C2F4C-D4D1-40B7-8788-583DD4BEA02A}F:\diablo iii\x64\diablo iii64.exe] => (Allow) F:\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{EB589F6D-03DF-438E-A4D3-3C718F9EA5D5}F:\diablo iii\x64\diablo iii64.exe] => (Allow) F:\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{86A80A2F-8B76-4750-8A1E-A6521286D350}F:\minecraft mojang\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\minecraft mojang\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8E867D4D-B97B-4A0E-B2DA-28732413A5C0}F:\minecraft mojang\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\minecraft mojang\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{D0278C7F-4432-45E6-949B-98CE7B0D55D1}F:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{06BF3BD0-7FD8-49B5-98F2-F3A8B804F92B}F:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{BB7D4DC8-186F-456D-99B2-3916F0B3840A}] => (Allow) F:\Steam Games\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{8436C830-EAF0-444D-BA6B-2FB9C7794E84}] => (Allow) F:\Steam Games\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{4ADA8F75-1AD5-4BA4-9A09-50209D361AA9}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{AF49D580-19F1-462E-8096-F687DD7575FF}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{5D9ACC80-012F-40CE-8638-8AED70F47DE3}C:\users\ben\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ben\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8397BF65-95A7-4F16-8989-A131EE2B4020}C:\users\ben\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ben\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{CD73A02D-3B47-4401-BD79-FBCDC89F2933}F:\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FE5DEFAE-9FDE-4C1A-B689-28E1457D3A0B}F:\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [{A1B8CE6E-B0ED-45D5-A38A-0B62A6B5165F}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{7D90DA48-73D3-4A47-B336-8C7D9A71F646}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{F7DA278E-A5D8-4C0D-A596-E8BC17E87D3A}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{7D658088-2313-4212-A205-D18A2BF9D2EF}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{78F1913B-29AF-4815-909E-989395AA9180}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{A8D0C4C5-0F72-482E-A916-09BE1C9F2145}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{A1626909-D6EC-434A-A0EA-6C0D52DE0A1A}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{CBA9BCBE-D05D-4E3C-9BBA-C383C932A7CB}] => (Allow) F:\Steam Games\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{C38FC4CB-8056-4CD8-BCD7-481E757D2299}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{C3BB61C0-541F-4C61-89AC-6A8053D143B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

08-02-2017 09:28:55 Windows Update
17-02-2017 18:51:02 Geplanter Prüfpunkt
22-02-2017 22:11:42 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Evolve Virtual Ethernet Adapter
Description: Evolve Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Echobit LLC
Service: EvolveVirtualAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/25/2017 11:35:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\Windows\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/25/2017 11:35:06 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (02/25/2017 11:35:06 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/25/2017 11:35:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\Windows\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/25/2017 11:35:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "Lsa" in der DLL "C:\Windows\System32\Secur32.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/25/2017 11:35:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "ESENT" in der DLL "C:\Windows\system32\esentprf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/25/2017 11:35:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/25/2017 08:59:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dwm.exe, Version: 10.0.14393.0, Zeitstempel: 0x578999ab
Name des fehlerhaften Moduls: dwmcore.dll, Version: 10.0.14393.479, Zeitstempel: 0x5825897b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000144734
ID des fehlerhaften Prozesses: 0x2c0
Startzeit der fehlerhaften Anwendung: 0x01d28f91aee75954
Pfad der fehlerhaften Anwendung: C:\Windows\system32\dwm.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\dwmcore.dll
Berichtskennung: b10f3e9c-2119-4e0e-b470-a4366580cdae
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/25/2017 07:45:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ben\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/25/2017 07:18:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.


Systemfehler:
=============
Error: (02/25/2017 07:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/25/2017 07:20:14 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ben\AppData\Local\Temp\ehdrv.sys

Error: (02/25/2017 07:20:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/25/2017 07:20:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ben\AppData\Local\Temp\ehdrv.sys

Error: (02/25/2017 07:20:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/25/2017 07:20:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ben\AppData\Local\Temp\ehdrv.sys

Error: (02/25/2017 07:18:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/25/2017 07:18:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ben\AppData\Local\Temp\ehdrv.sys

Error: (02/25/2017 07:18:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/25/2017 07:18:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ben\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2017-02-25 19:10:21.243
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-25 19:10:10.787
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-25 18:22:45.807
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-25 18:22:43.761
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-03 19:17:53.699
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 16347.96 MB
Verfügbarer physikalischer RAM: 11353.13 MB
Summe virtueller Speicher: 21979.96 MB
Verfügbarer virtueller Speicher: 16334.61 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:148.59 GB) (Free:94.73 GB) NTFS
Drive d: () (Fixed) (Total:0.36 GB) (Free:0.34 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:831.83 GB) NTFS
Drive f: (MiniSakura 2.0) (Fixed) (Total:1397.26 GB) (Free:15.9 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B5A08E6E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 0F470F47)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=369 MB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: 48686A76)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================