| |
| |||||||
Log-Analyse und Auswertung: Adware Adw Cleaner hilft nicht Google Chrome infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.03.2017, 17:03
| #1 |
 |  Adware Adw Cleaner hilft nicht Google Chrome infiziert Hallo, hab schon länger ein Problem mit nerviger adware in google chrome, die meine Suchmaschine durch z.B "luckystarting.com" ersetzt und auch neue Programme auf meinen Pc installiert, so wird z.B firefox runtergeladen. Ich hab jetzt öfter versucht es mit adw cleaner zu bereinigen, was auch etwas ruhe gibt, aber ich hab das Gefühl dass es schlimmer wird, deswegen wäre es sehr nett wenn mir jemand helfen könnte  Hier der neuste log von adw cleaner: # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 16:29:46 # Aktualisiert am 28/02/2017 von Malwarebytes # Datenbank : 2017-03-07.1 [Lokal] # Betriebssystem : Windows 10 Pro (X64) # Benutzername : Princhi - EPONA # Gestartet von : C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe # Modus: Suchlauf # Unterstützung : https://www.malwarebytes.com/support ***** [ Dienste ] ***** Dienst Gefunden: iSafeKrnl Dienst Gefunden: FirefoxU Dienst Gefunden: WinSAPSvc Dienst Gefunden: ed2kidle Dienst Gefunden: WinSnare Dienst Gefunden: Apps_Cfg Dienst Gefunden: Kyubey ***** [ Ordner ] ***** Ordner Gefunden: C:\Program Files (x86)\WinSnare(4.2.6) Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Elex-tech Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSAPSvc Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\winsapsvc Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\aMule Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Kyubey Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ Ordner Gefunden: C:\Program Files (x86)\Elex-tech Ordner Gefunden: C:\Program Files (x86)\BikaQRss Ordner Gefunden: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent Ordner Gefunden: C:\Program Files (x86)\Firefox Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare Ordner Gefunden: C:\Program Files (x86)\MIO Ordner Gefunden: C:\Program Files (x86)\reports ***** [ Dateien ] ***** Datei Gefunden: C:\Program Files (x86)\settings.dat Datei Gefunden: C:\Users\Public\Documents\temp.dat Datei Gefunden: C:\Users\Public\Documents\report.dat ***** [ DLL ] ***** Keine infizierten DLLs gefunden. ***** [ WMI ] ***** Keine schädlichen Schlüssel gefunden. ***** [ Verknüpfungen ] ***** Verknüpfung infiziert: C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM Verknüpfung infiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001 Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5 Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=ch Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7 Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz ***** [ Aufgabenplanung ] ***** Aufgabe Gefunden: Milimili Aufgabe Gefunden: BikaQ_FetchAndUpgrade_CanBeDel ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare Schlüssel Gefunden: HKU\.DEFAULT\Software\jhtrsq Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare Schlüssel Gefunden: HKU\S-1-5-18\Software\jhtrsq Schlüssel Gefunden: HKCU\Software\WinSnare Schlüssel Gefunden: HKLM\SOFTWARE\Elex-tech Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot Schlüssel Gefunden: HKLM\SOFTWARE\amule-custom Schlüssel Gefunden: HKLM\SOFTWARE\jhtrsq Schlüssel Gefunden: HKLM\SOFTWARE\startpageing123Software Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70} Schlüssel Gefunden: [x64] HKCU\Software\WinSnare Schlüssel Gefunden: [x64] HKLM\SOFTWARE\jhtrsq Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307 Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zf Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7td Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1 Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1 Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000D Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001- Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST100 Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be Daten Gefunden: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3 Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc] Schlüssel Gefunden: HKCU\SOFTWARE\Classes\ChromeHTML ***** [ Internetbrowser ] ***** Keine schädlichen Elemente in Firefox basierten Browsern gefunden. Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&u Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences ] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812& ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39] C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02] C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04] C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01] C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28] C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42] C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19] C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49] C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32] C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03] C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43] C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46] C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17] C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42] C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27] C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22] C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38] C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48] C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29] C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27] C:\AdwCleaner\AdwCleaner[S16].txt - [12090 Bytes] - [08/03/2017 16:29:46] C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45] C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40] C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37] C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17] C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01] C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16] C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59] C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26] C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S16].txt - [12826 Bytes] ########## |
|
08.03.2017, 17:09
| #2 |
| /// TB-Ausbilder   | Adware Adw Cleaner hilft nicht Google Chrome infiziert Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Was passiert, wenn du die Funde mit AdwCleaner entfernen lässt? Mach das mal bitte und poste die Logdatei dazu. AdwCleaner ruhig mehrmals ausführen... d. h. Suchen und entfernen lassen > Neustart > nochmal suchen und entfernen lassen > Neustart ... Danach geht es so weiter: Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
08.03.2017, 18:01
| #3 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziert Hier AdwCleaner (Bei dem ersten ist er mir zuerst abgeschmiert, konnte daraufhin erst beim 2. Durchlauf neustarten) :
__________________Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 16:29:46
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-07.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Princhi - EPONA
# Gestartet von : C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Dienst Gefunden: iSafeKrnl
Dienst Gefunden: FirefoxU
Dienst Gefunden: WinSAPSvc
Dienst Gefunden: ed2kidle
Dienst Gefunden: WinSnare
Dienst Gefunden: Apps_Cfg
Dienst Gefunden: Kyubey
***** [ Ordner ] *****
Ordner Gefunden: C:\Program Files (x86)\WinSnare(4.2.6)
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Elex-tech
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSAPSvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\winsapsvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\aMule
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Kyubey
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
Ordner Gefunden: C:\Program Files (x86)\Elex-tech
Ordner Gefunden: C:\Program Files (x86)\BikaQRss
Ordner Gefunden: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
Ordner Gefunden: C:\Program Files (x86)\Firefox
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Program Files (x86)\MIO
Ordner Gefunden: C:\Program Files (x86)\reports
***** [ Dateien ] *****
Datei Gefunden: C:\Program Files (x86)\settings.dat
Datei Gefunden: C:\Users\Public\Documents\temp.dat
Datei Gefunden: C:\Users\Public\Documents\report.dat
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Verknüpfung infiziert: C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
Verknüpfung infiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=ch
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: Milimili
Aufgabe Gefunden: BikaQ_FetchAndUpgrade_CanBeDel
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: HKU\.DEFAULT\Software\jhtrsq
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare
Schlüssel Gefunden: HKU\S-1-5-18\Software\jhtrsq
Schlüssel Gefunden: HKCU\Software\WinSnare
Schlüssel Gefunden: HKLM\SOFTWARE\Elex-tech
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\amule-custom
Schlüssel Gefunden: HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: HKLM\SOFTWARE\startpageing123Software
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Schlüssel Gefunden: [x64] HKCU\Software\WinSnare
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zf
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7td
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000D
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST100
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be
Daten Gefunden: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Schlüssel Gefunden: HKCU\SOFTWARE\Classes\ChromeHTML
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&u
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences ] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39]
C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02]
C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04]
C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19]
C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49]
C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32]
C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03]
C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43]
C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42]
C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22]
C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29]
C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27]
C:\AdwCleaner\AdwCleaner[S16].txt - [12090 Bytes] - [08/03/2017 16:29:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26]
C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S16].txt - [12826 Bytes] ##########
Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 16:30:35
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-07.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Princhi - EPONA
# Gestartet von : C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Dienst Gefunden: Apps_Cfg
Dienst Gefunden: Kyubey
***** [ Ordner ] *****
Ordner Gefunden: C:\Program Files (x86)\WinSnare(4.2.6)
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Elex-tech
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSAPSvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\winsapsvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\aMule
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Kyubey
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
Ordner Gefunden: C:\Program Files (x86)\Elex-tech
Ordner Gefunden: C:\Program Files (x86)\BikaQRss
Ordner Gefunden: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
Ordner Gefunden: C:\Program Files (x86)\Firefox
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Program Files (x86)\MIO
Ordner Gefunden: C:\Program Files (x86)\reports
***** [ Dateien ] *****
Datei Gefunden: C:\Program Files (x86)\settings.dat
Datei Gefunden: C:\Users\Public\Documents\temp.dat
Datei Gefunden: C:\Users\Public\Documents\report.dat
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Verknüpfung infiziert: C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
Verknüpfung infiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=ch
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: Milimili
Aufgabe Gefunden: BikaQ_FetchAndUpgrade_CanBeDel
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: HKU\.DEFAULT\Software\jhtrsq
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare
Schlüssel Gefunden: HKU\S-1-5-18\Software\jhtrsq
Schlüssel Gefunden: HKCU\Software\WinSnare
Schlüssel Gefunden: HKLM\SOFTWARE\Elex-tech
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\amule-custom
Schlüssel Gefunden: HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: HKLM\SOFTWARE\startpageing123Software
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Schlüssel Gefunden: [x64] HKCU\Software\WinSnare
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zf
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7td
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000D
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST100
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be
Daten Gefunden: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Schlüssel Gefunden: HKCU\SOFTWARE\Classes\ChromeHTML
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&u
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences ] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39]
C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02]
C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04]
C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19]
C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49]
C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32]
C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03]
C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43]
C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42]
C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22]
C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29]
C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27]
C:\AdwCleaner\AdwCleaner[S16].txt - [12979 Bytes] - [08/03/2017 16:29:46]
C:\AdwCleaner\AdwCleaner[S17].txt - [12028 Bytes] - [08/03/2017 16:30:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26]
C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S17].txt - [12764 Bytes] ##########
Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 17:17:02
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-07.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Princhi - EPONA
# Gestartet von : C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Dienst Gefunden: WinSAPSvc
Dienst Gefunden: WinSnare
Dienst Gefunden: Kyubey
***** [ Ordner ] *****
Ordner Gefunden: C:\Program Files (x86)\WinSnare(4.2.6)
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSAPSvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\winsapsvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\aMule
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Kyubey
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
Ordner Gefunden: C:\Program Files (x86)\BikaQRss
Ordner Gefunden: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Program Files (x86)\MIO
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: Milimili
Aufgabe Gefunden: BikaQ_FetchAndUpgrade_CanBeDel
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: HKU\.DEFAULT\Software\jhtrsq
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare
Schlüssel Gefunden: HKU\S-1-5-18\Software\jhtrsq
Schlüssel Gefunden: HKCU\Software\WinSnare
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: HKLM\SOFTWARE\startpageing123Software
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Schlüssel Gefunden: [x64] HKCU\Software\WinSnare
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000D
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST100
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488987296&z=b0e3968b651
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488987296&z=b0e3
Daten Gefunden: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488987296&z=b0
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&u
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences ] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39]
C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02]
C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04]
C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01]
C:\AdwCleaner\AdwCleaner[C13].txt - [11139 Bytes] - [08/03/2017 16:31:51]
C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19]
C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49]
C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32]
C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03]
C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43]
C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42]
C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22]
C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29]
C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27]
C:\AdwCleaner\AdwCleaner[S16].txt - [12979 Bytes] - [08/03/2017 16:29:46]
C:\AdwCleaner\AdwCleaner[S17].txt - [12917 Bytes] - [08/03/2017 16:30:35]
C:\AdwCleaner\AdwCleaner[S18].txt - [10640 Bytes] - [08/03/2017 17:17:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26]
C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S18].txt - [11376 Bytes] ##########
Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 17:20:04
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-07.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Princhi - EPONA
# Gestartet von : C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Dienst Gefunden: WinSAPSvc
Dienst Gefunden: WinSnare
***** [ Ordner ] *****
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSAPSvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\winsapsvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
Ordner Gefunden: C:\Program Files (x86)\BikaQRss
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Program Files (x86)\MIO
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: Milimili
Aufgabe Gefunden: BikaQ_FetchAndUpgrade_CanBeDel
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: HKU\.DEFAULT\Software\jhtrsq
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare
Schlüssel Gefunden: HKU\S-1-5-18\Software\jhtrsq
Schlüssel Gefunden: HKCU\Software\WinSnare
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Schlüssel Gefunden: [x64] HKCU\Software\WinSnare
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39]
C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02]
C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04]
C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01]
C:\AdwCleaner\AdwCleaner[C13].txt - [11139 Bytes] - [08/03/2017 16:31:51]
C:\AdwCleaner\AdwCleaner[C14].txt - [10112 Bytes] - [08/03/2017 17:18:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19]
C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49]
C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32]
C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03]
C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43]
C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42]
C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22]
C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29]
C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27]
C:\AdwCleaner\AdwCleaner[S16].txt - [12979 Bytes] - [08/03/2017 16:29:46]
C:\AdwCleaner\AdwCleaner[S17].txt - [12917 Bytes] - [08/03/2017 16:30:35]
C:\AdwCleaner\AdwCleaner[S18].txt - [11529 Bytes] - [08/03/2017 17:17:02]
C:\AdwCleaner\AdwCleaner[S19].txt - [5178 Bytes] - [08/03/2017 17:20:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26]
C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S19].txt - [5913 Bytes] ##########
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
durchgeführt von Princhi (Administrator) auf EPONA (08-03-2017 17:31:46)
Gestartet von C:\Users\Princhi\Downloads
Geladene Profile: Princhi (Verfügbare Profile: Princhi)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\notepad2\notepad2.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Spotify Ltd) C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
(IEC) C:\Program Files (x86)\BikaQRss\BikaQ.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
() C:\Users\Princhi\AppData\Roaming\Kyubey\Kyubey.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [Blackcomb] => C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe [131072 2011-02-11] (Samsung Electronics.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1206784 2016-08-12] (Cisco Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-21] (Electronic Arts)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [Spotify Web Helper] => C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-24] (Spotify Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation)
IFEO\MRT.exe: [Debugger] C:\Program Files (x86)\Clerack\_ALLOWDEL_135ff\Gubed.exe -Yrrehs
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
Startup: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{11c06b9c-c7a3-42f0-b493-0dcb6de1d03f}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{1920ae60-1c7d-4c3e-8d02-ba2d7909bffb}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4aa061a8-dd76-4dde-ab8c-36f40625fc51}: [DhcpNameServer] 139.7.30.126 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Kein Name -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> hxxp://www.mylucky123.com/?type=hp&ts=1477502682&z=1424f2c43d7ec0075006d7bg2z0m2mbwce8o6qab8g&from=interhop1024&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
FireFox:
========
FF DefaultProfile: 3d6ithxa.default
FF ProfilePath: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default [2017-03-08]
FF Extension: (FF Adr) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-01-18] [ist nicht signiert]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2017-03-08] [ist nicht signiert]
FF Extension: (English (US) Language Pack) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-01-20] [ist nicht signiert]
FF SearchPlugin: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\searchplugins\startsearch.xml [2017-03-02]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @gametree.co.kr/GTL -> C:\ProgramData\Gametree\GTL\npGTL.dll [2013-06-13] (NtreevSoft)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
CHR StartupUrls: Profile 1 -> "hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> startpageing123
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-08]
CHR Extension: (Google Präsentationen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-18]
CHR Extension: (Google Docs) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Google Drive) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (YouTube) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (Adblock Plus) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-17]
CHR Extension: (Google Tabellen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Google Mail) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
CHR Extension: (pumpkin) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkigkiflejlmpibnlecfdgkhjijgkoao [2016-10-19]
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-10]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.startpageing123.com/?type=sc&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 HmaOpenVpnService; D:\Programme\HMA! Pro VPN\bin\openvpnserv.exe [46688 2016-09-23] (The OpenVPN Project)
R2 Kyubey; C:\Users\Princhi\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [Datei ist nicht signiert]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.)
R2 Ntp2NetSvc; C:\Program Files (x86)\notepad2\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 Ntp2UpSvc; C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-02-21] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-02-21] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Princhi\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-03-08] (Windows) [Datei ist nicht signiert]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)
R2 Zerzitain; C:\Program Files (x86)\Clerack\Grshlp.dll [274944 2016-10-18] () [Datei ist nicht signiert]
S2 Convxxxx; "C:\Users\Princhi\AppData\Roaming\gjdgj\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 C2XXCOM; C:\WINDOWS\system32\DRIVERS\C2XXCOM76.sys [49920 2010-08-09] (Samsung Electronics)
S3 C2xxUSB; C:\WINDOWS\system32\DRIVERS\C2xxUSB76.sys [46080 2010-11-04] (Samsung Electronics)
S3 C2xxUsbStorage; C:\WINDOWS\system32\DRIVERS\C2xSTR76.sys [9216 2010-06-10] (Samsung Electronics)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-11-19] (Disc Soft Ltd)
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [27136 2016-09-23] (The OpenVPN Project)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [20128 2017-02-28] () [Datei ist nicht signiert]
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-08-15] (Wellbia.com Co., Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 17:31 - 2017-03-08 17:32 - 00023668 _____ C:\Users\Princhi\Downloads\FRST.txt
2017-03-08 17:31 - 2017-03-08 17:31 - 00000000 ____D C:\FRST
2017-03-08 17:24 - 2017-03-08 17:24 - 02423808 _____ (Farbar) C:\Users\Princhi\Downloads\FRST64.exe
2017-03-08 17:22 - 2017-03-08 17:23 - 00003660 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-03-08 17:22 - 2017-03-08 17:22 - 00003322 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-08 17:22 - 2017-03-08 17:22 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\WinSnare
2017-03-08 17:22 - 2017-03-08 17:22 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\WinSAPSvc
2017-03-08 17:22 - 2017-03-08 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-03-08 17:22 - 2017-03-08 17:22 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-08 17:22 - 2017-03-08 17:22 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-08 17:21 - 2017-03-08 17:21 - 00000000 ____D C:\Program Files (x86)\g6z3smzu
2017-03-08 17:20 - 2017-03-08 17:20 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\aMule
2017-03-08 17:19 - 2017-03-08 17:21 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.6)
2017-03-08 17:19 - 2017-03-08 17:19 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Kyubey
2017-03-08 17:18 - 2017-03-08 17:18 - 00000000 ____D C:\Program Files (x86)\r7nsqjwp
2017-03-08 16:45 - 2017-03-08 16:46 - 22851472 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mbam-setup-2.2.1.1043.exe
2017-03-08 16:39 - 2017-03-08 16:40 - 02870984 _____ (ESET) C:\Users\Princhi\Downloads\esetsmartinstaller_deu.exe
2017-03-08 16:32 - 2017-03-08 16:32 - 00000000 ____D C:\Program Files (x86)\wiv1520h
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Users\Princhi\AppData\Local\Footper
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Program Files (x86)\Footper
2017-03-08 16:21 - 2017-03-08 16:21 - 00000000 ____D C:\Program Files (x86)\58C02182_cacayima
2017-03-08 16:18 - 2017-03-08 16:18 - 00000000 ____D C:\Program Files (x86)\cq7yrhql
2017-03-07 17:37 - 2017-03-07 17:38 - 00124970 _____ C:\Users\Princhi\Downloads\IMG_20170307_0001.pdf
2017-03-07 17:33 - 2017-03-07 17:33 - 00124970 _____ C:\Users\Princhi\Desktop\IMG_20170307_0001.pdf
2017-03-07 15:41 - 2017-03-08 16:31 - 00001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-07 15:41 - 2017-03-08 16:31 - 00001201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-07 15:41 - 2017-03-07 15:41 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup (1).exe
2017-03-07 14:24 - 2017-03-07 14:24 - 00000000 ____D C:\Program Files (x86)\58BEB4A1_cacayima
2017-03-06 18:05 - 2017-03-08 16:20 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-03 11:19 - 2017-03-03 11:19 - 00000000 ____D C:\Program Files (x86)\l2n8xmuh
2017-03-02 14:56 - 2017-03-06 18:05 - 00002760 _____ C:\Program Files (x86)\metadata
2017-03-01 17:31 - 2017-03-01 17:32 - 09036000 _____ (GOG.com ) C:\Users\Princhi\Downloads\setup_settlers3_2.0.0.17.exe
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\AppData\Local\TeamSpeak 3
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\.TeamSpeak 3
2017-03-01 14:42 - 2017-03-01 14:42 - 00000000 ____D C:\Program Files (x86)\5tu6g4x1
2017-03-01 14:32 - 2017-03-01 14:32 - 00000000 ____D C:\Program Files (x86)\ifrhagw1
2017-03-01 14:30 - 2017-03-01 14:30 - 00000000 ____D C:\Program Files (x86)\jqzsal0g
2017-03-01 14:27 - 2017-03-01 14:27 - 00000000 ____D C:\Program Files (x86)\8q8dwuet
2017-03-01 14:19 - 2017-03-08 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-01 14:19 - 2017-03-08 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-01 14:19 - 2017-03-02 15:15 - 00001180 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-01 14:19 - 2017-03-01 14:19 - 00000000 ____D C:\Program Files (x86)\Explorer
2017-02-28 22:11 - 2017-02-28 22:11 - 00004096 _____ C:\WINDOWS\d3dx.dat
2017-02-28 22:10 - 2017-02-28 22:10 - 00003186 _____ C:\WINDOWS\System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC}
2017-02-28 21:45 - 2017-02-28 23:30 - 00020128 _____ C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2017-02-28 21:44 - 2017-02-28 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lionhead Studios Ltd
2017-02-24 01:39 - 2017-02-24 01:39 - 00000000 ____D C:\Program Files (x86)\58AF80DE_jumpeasy
2017-02-22 14:38 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\oe387eqk
2017-02-22 14:34 - 2017-02-22 14:34 - 04015056 _____ C:\Users\Princhi\Downloads\Nicht bestätigt 889461.crdownload
2017-02-22 00:44 - 2017-02-22 00:44 - 00000000 ____D C:\Program Files (x86)\cvbsF
2017-02-21 20:43 - 2017-02-21 20:43 - 00000000 ____D C:\Program Files (x86)\cvbsE
2017-02-21 16:43 - 2017-02-21 16:43 - 00000000 ____D C:\Program Files (x86)\cvbsD
2017-02-21 12:42 - 2017-02-21 12:42 - 00000000 ____D C:\Program Files (x86)\cvbsC
2017-02-18 01:17 - 2017-02-18 01:17 - 00000000 ____D C:\Program Files (x86)\cvbsB
2017-02-17 17:33 - 2017-02-17 17:33 - 00000000 ____D C:\Program Files (x86)\cvbsA
2017-02-17 03:01 - 2017-02-17 03:01 - 00000000 ____D C:\Program Files (x86)\cvbs9
2017-02-16 23:00 - 2017-02-16 23:00 - 00000000 ____D C:\Program Files (x86)\cvbs8
2017-02-16 18:59 - 2017-02-16 18:59 - 00000000 ____D C:\Program Files (x86)\cvbs7
2017-02-16 15:21 - 2017-02-16 15:21 - 00000000 ____D C:\Program Files (x86)\notepad2
2017-02-16 14:58 - 2017-02-16 14:58 - 00000000 ____D C:\Program Files (x86)\cvbs6
2017-02-16 00:24 - 2017-02-16 00:24 - 00000000 ____D C:\Program Files (x86)\cvbs5
2017-02-15 20:22 - 2017-02-15 20:22 - 00000000 ____D C:\Program Files (x86)\cvbs4
2017-02-15 16:22 - 2017-02-15 16:22 - 00000000 ____D C:\Program Files (x86)\cvbs3
2017-02-14 21:54 - 2017-02-14 21:54 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (5).pdf
2017-02-14 19:03 - 2017-02-14 19:03 - 00000000 ____D C:\Program Files (x86)\cvbs2
2017-02-14 15:02 - 2017-02-14 15:02 - 00000000 ____D C:\Program Files (x86)\cvbs1
2017-02-14 14:06 - 2017-02-14 14:06 - 00000000 ____D C:\ProgramData\Apple Computer
2017-02-14 01:00 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{388E5277-3212-4966-9C80-AA74FB48806D}
2017-02-13 20:56 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{68006CA9-71D5-44F1-B31F-3BC092A0D854}
2017-02-13 17:39 - 2017-02-13 17:39 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (4).pdf
2017-02-13 16:54 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{C72739C5-5A2D-4BA4-8BED-EFFD0A0043BC}
2017-02-13 13:30 - 2017-02-13 13:30 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre (2).pdf
2017-02-13 13:29 - 2017-02-13 13:29 - 00460744 _____ C:\Users\Princhi\Downloads\1.04 Grundlagen des Rechts - Methodenlehre (1).pdf
2017-02-13 13:23 - 2017-02-13 13:23 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (3).pdf
2017-02-12 19:35 - 2017-02-12 19:35 - 00019905 _____ C:\Users\Princhi\Downloads\Hausarbeit_Vorlage_Iurratio_de (1).odt
2017-02-11 23:28 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{419A7AE4-8D58-40B0-A342-2955F81059AC}
2017-02-11 19:27 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{E0F5E27E-FECB-4E85-9291-9CA5DB05466E}
2017-02-11 01:46 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{99AA99DF-7123-4883-A3D8-DC13575804E1}
2017-02-10 21:45 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{3DC2C87B-4341-402E-997F-882F25652619}
2017-02-10 17:42 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{195A643B-3F0D-4A26-8AF4-00ECBBDBD436}
2017-02-10 13:43 - 2017-02-10 13:43 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup.exe
2017-02-10 13:40 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\7270h8dx
2017-02-10 13:33 - 2017-02-10 13:33 - 04015056 _____ C:\Users\Princhi\Downloads\adwcleaner_6.043.exe
2017-02-09 23:08 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{0E0D032C-C265-49D3-9E0D-3A192A88609F}
2017-02-09 19:06 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{EEA3300D-2F66-45DF-8733-453BE124C449}
2017-02-08 21:13 - 2017-02-08 21:13 - 00000000 ____D C:\Program Files (x86)\1y27en8m
2017-02-08 20:06 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\36p1ub5x
2017-02-08 19:35 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\{07586952-E21B-4637-8D80-3B78C9E59C23}
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 16:57 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 16:57 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-08 16:57 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-08 16:56 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 16:56 - 2016-12-29 14:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 15:42 - 2017-02-08 15:42 - 00000000 ____D C:\Program Files (x86)\cvbs0
2017-02-08 15:32 - 2017-02-08 15:32 - 00000000 ____D C:\Program Files (x86)\veedo5sl
2017-02-07 19:53 - 2017-02-07 19:53 - 00015226 _____ C:\Users\Princhi\Downloads\Hausarbeit.odt
2017-02-07 17:12 - 2017-02-08 20:06 - 00000000 ____D C:\Users\Princhi\AppData\Local\3
2017-02-07 17:12 - 2017-02-08 20:06 - 00000000 ____D C:\Users\Princhi\AppData\Local\2
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 17:27 - 2016-07-16 23:51 - 01061330 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 17:27 - 2016-07-16 23:51 - 00251172 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 17:27 - 2015-08-04 22:14 - 02519268 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 17:24 - 2016-04-23 01:04 - 00000000 ____D C:\Users\Princhi\AppData\Local\CrashDumps
2017-03-08 17:22 - 2016-10-18 14:22 - 00000000 ____D C:\Program Files (x86)\Clerack
2017-03-08 17:21 - 2016-09-05 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 17:21 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-08 17:21 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-08 17:21 - 2015-02-08 19:49 - 00000000 ____D C:\AdwCleaner
2017-03-08 16:32 - 2016-09-05 16:41 - 00000000 ____D C:\Users\Princhi
2017-03-08 16:27 - 2014-12-26 16:00 - 00000000 ____D C:\ProgramData\Apple
2017-03-08 16:27 - 2014-11-02 14:54 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Origin
2017-03-08 16:24 - 2017-01-18 17:56 - 00001793 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-08 16:24 - 2017-01-18 17:56 - 00000000 ____D C:\Users\Princhi\AppData\LocalLow\Mozilla
2017-03-08 16:10 - 2016-09-05 16:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 16:06 - 2014-11-01 23:48 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Spotify
2017-03-08 15:33 - 2014-11-02 13:20 - 00000000 ____D C:\Users\Princhi\AppData\Local\Spotify
2017-03-08 14:32 - 2014-11-02 14:45 - 00000000 ____D C:\ProgramData\Origin
2017-03-08 14:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-08 13:19 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-08 13:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-08 00:22 - 2015-01-25 19:13 - 00000000 ____D C:\Users\Princhi\AppData\Local\Battle.net
2017-03-07 17:02 - 2015-01-25 19:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-07 15:38 - 2016-10-26 18:28 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-07 15:34 - 2016-08-08 20:40 - 00000000 ____D C:\Users\Princhi\Desktop\Programme
2017-03-07 13:40 - 2014-11-24 12:36 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-07 02:04 - 2016-11-02 18:07 - 00000000 ____D C:\Program Files (x86)\f09er35s
2017-03-07 01:47 - 2016-08-08 19:33 - 00000000 ____D C:\Users\Princhi\Desktop\Games
2017-03-07 01:46 - 2016-08-08 20:42 - 00000000 ____D C:\Users\Princhi\Desktop\Daten
2017-03-04 20:17 - 2015-05-23 11:51 - 00000000 ____D C:\Users\Princhi\Documents\The Witcher 3
2017-03-03 18:32 - 2016-08-01 19:35 - 00000000 ____D C:\Users\Princhi\AppData\Local\BewerbungsMaster
2017-03-02 15:15 - 2016-06-18 17:14 - 00001042 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-03-01 19:37 - 2014-11-07 17:25 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\TS3Client
2017-03-01 15:30 - 2014-11-07 17:25 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-03-01 02:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-28 21:44 - 2015-01-25 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 00:24 - 2016-12-13 16:57 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-28 00:24 - 2015-08-04 22:26 - 00002420 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-28 00:24 - 2015-08-04 22:26 - 00000000 ___RD C:\Users\Princhi\OneDrive
2017-02-24 00:34 - 2014-10-31 14:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 15:41 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 13:55 - 2014-10-31 13:26 - 00000000 ____D C:\Users\Princhi\AppData\Local\Packages
2017-02-16 14:18 - 2017-01-19 19:06 - 00001415 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2017-02-16 13:59 - 2014-10-31 16:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-12 19:26 - 2016-04-14 12:50 - 00000000 ____D C:\Users\Princhi\AppData\Local\BlackDesertOnline
2017-02-08 16:57 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 16:57 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 22:11 - 2016-12-14 21:29 - 00000000 ____D C:\Users\Princhi\Desktop\UNI
2017-02-07 16:55 - 2016-08-24 10:17 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Skype
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 13:41 - 2016-10-28 18:07 - 00000000 ____D C:\ProgramData\ttff
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-03-02 14:56 - 2017-03-06 18:05 - 0002760 _____ () C:\Program Files (x86)\metadata
2014-10-31 14:52 - 2014-11-22 00:55 - 0000153 _____ () C:\Users\Princhi\AppData\Roaming\WB.CFG
2014-11-02 03:52 - 2014-11-02 03:52 - 0022528 _____ () C:\Users\Princhi\AppData\Local\53168421dsisetup531868282.exe
2014-11-02 03:52 - 2014-11-22 00:55 - 0000001 _____ () C:\Users\Princhi\AppData\Local\DSI.DAT
2014-11-22 00:55 - 2014-11-22 00:55 - 0022528 _____ () C:\Users\Princhi\AppData\Local\dsisetup1207321562.exe
2014-11-02 12:37 - 2014-11-02 12:37 - 0469974 _____ () C:\ProgramData\1414928027.bdinstall.bin
2016-09-05 16:36 - 2016-09-05 16:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-12 21:21 - 2015-04-12 21:21 - 0004966 _____ () C:\ProgramData\wmzddnmb.cix
Einige Dateien in TEMP:
====================
2017-01-26 18:55 - 2017-01-26 18:55 - 3017720 _____ (Google) C:\Users\Princhi\AppData\Local\Temp\BAE2.exe
2017-01-12 15:23 - 2017-01-12 15:23 - 7049962 _____ () C:\Users\Princhi\AppData\Local\Temp\insEB60.tmp.exe
2017-01-13 13:22 - 2017-02-15 16:48 - 26964688 _____ () C:\Users\Princhi\AppData\Local\Temp\inst12.exe
2016-10-07 01:33 - 2016-10-07 01:33 - 2458672 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Princhi\AppData\Local\Temp\libeay32.dll
2016-10-07 01:33 - 2016-10-07 01:33 - 0970912 _____ (Microsoft Corporation) C:\Users\Princhi\AppData\Local\Temp\msvcr120.dll
2016-10-07 01:33 - 2016-10-07 01:33 - 0772672 _____ () C:\Users\Princhi\AppData\Local\Temp\sqlite3.dll
2016-12-28 13:43 - 2016-12-28 13:43 - 0792064 _____ (Fun Dw) C:\Users\Princhi\AppData\Local\Temp\~ct13B3.tmp.dll
2016-12-26 16:49 - 2016-12-26 16:49 - 0788480 _____ () C:\Users\Princhi\AppData\Local\Temp\~ct2775.tmp.dll
2017-01-05 14:39 - 2017-01-05 14:39 - 0361472 _____ (update) C:\Users\Princhi\AppData\Local\Temp\~ct803C.tmp.dll
2017-01-03 16:26 - 2017-01-03 16:26 - 0471552 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctB41B.tmp.dll
2017-01-03 16:28 - 2017-01-03 16:28 - 0471552 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctBFDE.tmp.dll
2016-12-26 12:49 - 2016-12-26 12:49 - 0788480 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctD52C.tmp.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-07 17:06
==================== Ende von FRST.txt ============================
|
|
08.03.2017, 18:01
| #4 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziertCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-03-2017
durchgeführt von Princhi (08-03-2017 17:32:27)
Gestartet von C:\Users\Princhi\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-05 15:59:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-88799701-2343346839-193955109-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-88799701-2343346839-193955109-503 - Limited - Disabled)
Gast (S-1-5-21-88799701-2343346839-193955109-501 - Limited - Disabled)
Princhi (S-1-5-21-88799701-2343346839-193955109-1001 - Administrator - Enabled) => C:\Users\Princhi
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
amulesw (HKLM-x32\...\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8}) (Version: 1.0.5 - amules)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BikaQ Rss (HKLM-x32\...\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}) (Version: 2.0.16 - BikaQ) <==== ACHTUNG
Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version: - )
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.5 - Daum Games EU)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series Benutzerregistrierung (HKLM-x32\...\Canon MG6600 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CASIO FA-124 (HKLM-x32\...\{FB47E710-6249-4EFA-BE36-E922B0612AF4}) (Version: 2.04.0000 - CASIO COMPUTER CO., LTD.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.27.80.1020 - Electronic Arts Inc.)
Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dropbox (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Duke Nukem Forever (HKLM\...\Steam App 57900) (Version: - Gearbox Software)
Euro Truck Simulator 2 Demo (HKLM\...\Steam App 231120) (Version: - SCS Software)
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version: - Lionhead Studios)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version: - )
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version: - SQUARE ENIX)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
fx-Manager PLUS (90-Day Trial) (HKLM-x32\...\{80447814-A99C-415D-B019-7A825CEE064B}) (Version: 02.04.4100.0291 - CASIO COMPUTER CO., LTD.)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1242.41000 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\GameMaker-Studio14) (Version: - YoYo Games Ltd.)
Gametree Launcher (HKLM-x32\...\GTL) (Version: 3.0.26.0 - NtreevSoft)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GRID (HKLM\...\Steam App 12750) (Version: - Codemasters Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HMA! Pro VPN 3.2.13.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 3.2.13.0 - Privax Ltd)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{180b9d5a-5197-4326-bcb0-fe448086015b}) (Version: latest - ppy Pty Ltd)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PC Wizard 2015.2.14 (HKLM-x32\...\PC Wizard 2015_is1) (Version: - CPUID)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SABnzbd 0.7.19 (HKLM-x32\...\SABnzbd) (Version: 0.7.19 - The SABnzbd Team)
Samsung Connection Manager (HKLM-x32\...\{F3F95061-0427-4386-AB03-1556CBE52927}) (Version: 112.6 - Samsung Electronics)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{6C8C4577-8E15-4C63-96ED-D40F2072FF74}) (Version: 6.0.19.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{9C926493-16C0-438E-8E51-BC3638E29ABB}) (Version: 6.1.4.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Trillian (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Trillian) (Version: - Cerulean Studios, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{B5761811-28F3-4257-B537-815C5EEF472C}) (Version: 3.1.2.104 - Vodafone)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
WinSnare (HKLM-x32\...\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88}) (Version: 4.2.6 - WinSnare) <==== ACHTUNG
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {004C7BCF-DF05-463F-AE87-A9037EB33295} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {091E4F5D-850A-4359-A8B8-1EBF544D3458} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {0E524B03-1D26-41B6-ABD2-F29FB4F8B41D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-24] (Microsoft Corporation)
Task: {234468EA-8B43-4B63-B02F-48719C50B1D6} - System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {2A144903-ADD3-4EDD-A7BC-CC01CE57DF84} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {339DDE55-629F-4266-B263-9F312E284E09} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {36FA50E1-D56E-483F-AEE3-3F296E349404} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {38261DF8-27F9-49FC-B90E-0716D33F9E03} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {3CA17CED-0C4E-40A1-910C-F2ECB81E40A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {4B9C0926-CF32-484A-A741-A6E2C89BC329} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {518C3D3C-C292-42AB-98EE-A7C53919E7BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {59D17917-85E1-4E2E-959F-2F02B05AA878} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Princhi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {6400C925-1181-4AF3-92E4-BBCDB19DE50E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {8B7D9CE6-6BF7-46D2-B30B-19120BEF004F} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG
Task: {9343FC7C-B573-4742-BDF9-B58789B4F31C} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2016-12-28] ()
Task: {AE88677F-1C9A-4A68-918B-E1DBDB57FBEB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {B5BB4BD1-F18C-40B3-8925-0E98012E2F12} - System32\Tasks\{BAAF7A63-576A-4E4E-96F8-72A8EBB68660} => pcalua.exe -a "D:\Games\The Witcher 3 Wild Hunt\Uninstall.exe"
Task: {BC244B71-84EB-45F8-AC6A-6B2969879183} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {CCE2E5E1-F1F1-4AF8-A21C-2B15C00FCB0D} - System32\Tasks\{D07A19C7-CDC4-4BD3-B00B-C2829140E6CD} => pcalua.exe -a "C:\Users\Princhi\Downloads\skse_1_07_01_installer (1).exe" -d C:\Users\Princhi\Downloads
Task: {D533BD21-EC84-4A14-AEE8-FB6F0D3FAD3B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {DDE677D5-0F3E-48FB-B0D1-BC1F907283F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E914FF3E-2FD3-4044-B9F0-21AB025188C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {ED3BEF71-C902-4E64-B950-6C7472286B52} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ACHTUNG
Task: {EDBB1ADE-5473-442F-805C-7DD1BECAAFB9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {EECBA783-C0A0-4E58-8DB0-58F0C1052B7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f1b9b70e37832c09\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\83d1d964df0d5fea\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
ShortcutWithArgument: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
ShortcutWithArgument: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-05 16:36 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-01-18 19:06 - 2015-08-21 19:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-09-13 19:42 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-01-11 21:54 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 13:36 - 2017-02-22 13:41 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 13:36 - 2017-02-22 13:41 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 13:36 - 2017-02-22 13:47 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 12:47 - 2017-02-06 12:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-04-01 22:05 - 2013-10-29 13:49 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2015-04-01 22:05 - 2013-06-26 16:01 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-03-02 15:14 - 2017-03-02 15:14 - 04031440 _____ () C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
2017-03-08 17:19 - 2017-03-08 03:02 - 00111104 _____ () C:\Users\Princhi\AppData\Roaming\Kyubey\Kyubey.exe
2016-08-12 13:20 - 2016-08-12 13:20 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-09-15 12:55 - 2017-02-14 01:06 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-10-18 14:22 - 2016-10-18 14:22 - 00274944 _____ () c:\program files (x86)\clerack\grshlp.dll
2015-04-14 16:46 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-01 22:05 - 2013-01-15 16:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2015-04-01 22:05 - 2013-06-26 16:01 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2017-03-08 16:27 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Footper\Application\libglesv2.dll
2017-03-08 16:27 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Footper\Application\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [430]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7866 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-07-26 00:22 - 00450771 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15463 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "FlashUpdate"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AA3E9767-E958-417A-A42D-726122390FAD}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Grid\grid.exe
FirewallRules: [{9DBC18C7-BCBE-46C4-A427-BDA250B867F2}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Grid\grid.exe
FirewallRules: [{6DEBB90C-CDBD-4A91-8502-C7F80A6430B1}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Euro Truck Simulator 2 Demo\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C57876C6-1638-4EB6-AC10-66E7B954C768}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Euro Truck Simulator 2 Demo\bin\win_x86\eurotrucks2.exe
FirewallRules: [{79056620-9A6A-4615-87CA-1952B5F0300C}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Duke Nukem Forever\System\DukeForever.exe
FirewallRules: [{2E97D87D-468E-45A0-BCF8-A5292BF6DB27}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Duke Nukem Forever\System\DukeForever.exe
FirewallRules: [UDP Query User{433BC981-68D1-42AF-9A4B-EE5EAD217F90}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DDD05808-227C-4EFB-9750-1CFF75C1B087}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{44B50A7B-D0BB-4589-934B-0A50786FD329}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{2E6858C8-C78D-4430-85A0-4CC367187DFE}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [UDP Query User{93B9A7BD-CD95-47AB-A845-A0DC9D227B5C}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{45ACAA61-9C29-4458-AEED-8AD523C8BE0D}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [{D1075E74-50D5-4948-B9BA-0CD61CCD3112}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe
FirewallRules: [{D5722340-8B36-44C8-BA33-6B46C9C8D418}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe
FirewallRules: [{B87CFB00-E90F-4BA4-9A69-DF124CBCCF81}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{75F2513F-C16A-47CF-ABE8-44BEC6439C81}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [UDP Query User{EBE94ED2-5388-485A-88D5-5AEC2B99BA45}D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{9D2F75BC-24E5-415E-B648-D2E9C180C121}D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{3723B19A-C31B-4A64-9CA2-35178CC85FB1}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{BD15B16E-4434-4885-B5F4-6F8689E33025}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{084A9FE6-758E-4E14-B85B-D06BBB0F0F61}] => (Allow) C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{45415225-36B7-487B-94D7-57CC6F2F0258}] => (Allow) C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C51ECC81-6245-4C53-BA05-7540AE344077}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{AC491E28-6FF0-41BF-958B-8233FE86210F}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [UDP Query User{602C1D83-C965-433E-85C6-D6C80C7F0637}D:\games\dying light\dyinglightgame.exe] => (Allow) D:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{920FB982-DFC7-4EF7-A3E8-976475666FCD}D:\games\dying light\dyinglightgame.exe] => (Allow) D:\games\dying light\dyinglightgame.exe
FirewallRules: [{6B29DA1F-AFE4-494C-A452-C86FE3D3E47F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{20D9EE97-5F76-470F-B27E-B8F316BB4346}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{773BE211-A15B-4BB6-8FD9-3BB26A28F827}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E8A2781B-27E2-4881-A1A7-6C43DE4B7486}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BF61E21F-F3A3-4C03-A833-DB22A0A36107}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{10919623-CA13-458D-848C-CD3B577B6D94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0EF2103A-976E-4E84-BD25-93C433853B91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9F09AF6-CB52-4918-899F-52B0E6EF0DDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{29502284-E5F5-4CE1-B81B-BF88C4798916}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{42A467C8-4C2A-4F98-86C7-C10B56BABD67}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{F62BE5C8-A121-4BC2-85BF-B48E186D43A7}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2B11D43B-DE96-4337-9728-BD43F4CE5D33}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{FE56EA36-F948-4AC7-A957-E70694626A65}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7898A2A6-1A96-4797-8F93-30A5E35847BC}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{87F70AAF-D857-482F-829A-335EE28F8FA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4BE15A0E-F5C0-40DA-B916-7BD325ACC83F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6D60CCE8-D415-4436-91E9-40CE158E7294}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9F2B6253-1903-4759-81DF-37B642BA4C6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{65C95321-80CC-41A5-B393-63BA514E8FCA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9377D7C5-5AED-41CC-A314-64FD930B695C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{85433D13-0C2F-4D9F-B62A-A03491046340}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{CEBEC4F5-0951-465D-8402-0003646DF432}D:\games\fallout 4\fallout4.exe] => (Allow) D:\games\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{59AFF884-B69B-4477-AAEB-B0298E8858C1}D:\games\fallout 4\fallout4.exe] => (Allow) D:\games\fallout 4\fallout4.exe
FirewallRules: [{CD901227-D724-4713-9106-EDF3FFF2D430}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{AA7E3856-7441-4365-B47F-1A567321B6E8}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [TCP Query User{52F347C0-C575-4240-8B60-E734F85FF1DB}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A2BCDE7F-A756-4DE7-A8EE-3F3F8D9B869A}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [{CAD7759B-35EE-4687-8B58-B7221A00B5F9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9EBA7F21-544A-4C04-8ABD-98AFFF92315D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DCB5CD2F-2853-429E-9D64-8931E1E4DAF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F87FA9EB-2E3E-4C02-8C12-2E27949DB16F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{88F9AD83-5CB0-48CA-8A4E-43E5E549CC7C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{D728C369-1A3E-4F26-90A2-B5B81B9E284F}D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{C2E7C391-58C9-4215-BDB9-C0052C89A2C6}D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{8E09CCD3-0A4A-4033-912F-571DDA7CD421}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{E60A3479-5B49-46A1-A0AB-9126C405B360}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [TCP Query User{16975BF0-EDDD-4E69-960D-2CE8FEE274D0}C:\program files (x86)\amulec\amule.exe] => (Block) C:\program files (x86)\amulec\amule.exe
FirewallRules: [UDP Query User{A555A009-B6B6-40C2-992E-8B739880ECA6}C:\program files (x86)\amulec\amule.exe] => (Block) C:\program files (x86)\amulec\amule.exe
FirewallRules: [TCP Query User{561856D7-33AF-4F8E-8423-161786F6E12C}D:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AF2989E4-8158-4A75-9318-5592B5390B4D}D:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D559BD0F-157B-4B1D-897B-101FF24C9FAF}D:\games\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AAD4688C-EC79-4F47-A93B-DB47D97E8F2C}D:\games\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [{8DA6395A-3C91-4FDF-9B40-671517F4B04A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D08F5069-B898-4AC7-B529-0E32F7084B8F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{21BFE8C9-800E-4279-89C6-680D499CBD0F}D:\games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3BD88588-EDAF-4801-B8A0-0B3DB1EF528D}D:\games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{739F3F8E-58BF-44BE-9397-00F9D58535D8}D:\games\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3D5B546D-3B14-4270-8A71-2D68187C4B6B}D:\games\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{ADC29A1A-E376-4D25-B2CC-0449D1C70396}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [UDP Query User{CD82B265-F91F-4F19-9AD3-AAB58697D21C}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [TCP Query User{10E4BF73-2B71-46A1-AF90-4D369746BBC1}C:\program files (x86)\battle.net\battle.net.8288\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8288\battle.net.exe
FirewallRules: [UDP Query User{725A9649-915C-499A-B583-F2C27323A02B}C:\program files (x86)\battle.net\battle.net.8288\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8288\battle.net.exe
FirewallRules: [TCP Query User{EA94FF22-B8DA-49C3-BBB2-722A193F6783}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [UDP Query User{34717146-5DBD-4DD6-AD10-269D82BC0269}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [TCP Query User{DECB5554-F262-4730-B569-8EBF6C40D6E4}C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [UDP Query User{5E89A617-F504-44CD-A8CF-240EB1BDEF38}C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [{809B46EC-D486-4F7B-9F0E-163B668FB2F9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{D9EA1209-B43B-4A64-9705-B70D5C5DF3D6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{08EE23F8-6E9A-4AAA-9AF1-43F3AE7C498D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{62F83E86-3CF3-4ABF-98C6-9EABDDD15136}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [TCP Query User{1CABAAA3-3DE8-46AC-A353-23987FE5ABD6}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [UDP Query User{E778CA01-19B1-4097-8750-ECD5605ADAA6}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [TCP Query User{4EA71E1E-324F-4D2D-A1C5-258E93A6D41C}D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F91FF794-A7C4-4A6E-919D-91A17BDACA86}D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [{A86AE849-1D33-4C98-A14D-26AD51DEE466}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8E21FD9F-69D4-4436-8FE1-CB9B7D7C0FBE}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{E010336C-5C39-42AD-96B9-3F3A0DA25795}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{A68F9182-4AE3-4C44-8A93-1F0CB776EC93}] => (Allow) C:\Program Files (x86)\Footper\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
16-02-2017 14:18:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
22-02-2017 15:40:58 Windows Update
01-03-2017 18:18:03 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/08/2017 05:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x71b5d473
ID des fehlerhaften Prozesses: 0x2524
Startzeit der fehlerhaften Anwendung: 0x01d298286de3e0f2
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: ea0e9d83-4a79-4b89-9395-04afee92afe5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 04:35:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x6b18d473
ID des fehlerhaften Prozesses: 0x27f8
Startzeit der fehlerhaften Anwendung: 0x01d29821aa11ba98
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 343e9e7b-e84b-468b-b081-7d589bc94618
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 04:30:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x57d8d473
ID des fehlerhaften Prozesses: 0x17ac
Startzeit der fehlerhaften Anwendung: 0x01d29820f7d26211
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 727a4a2f-a316-4c02-bab7-c6a35bf5d385
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 04:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_6.044.exe, Version: 6.0.4.4, Zeitstempel: 0x58b5dbcb
Name des fehlerhaften Moduls: adwcleaner_6.044.exe, Version: 6.0.4.4, Zeitstempel: 0x58b5dbcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00022d82
ID des fehlerhaften Prozesses: 0x4fc
Startzeit der fehlerhaften Anwendung: 0x01d29820b442ed74
Pfad der fehlerhaften Anwendung: C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
Pfad des fehlerhaften Moduls: C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
Berichtskennung: 78ab6fc2-c0c0-477e-b4f2-9ccfde3eb5f7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 04:29:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.14393.0, Zeitstempel: 0x57899148
Name des fehlerhaften Moduls: InputService.dll, Version: 10.0.14393.576, Zeitstempel: 0x584a76ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00057f66
ID des fehlerhaften Prozesses: 0x299c
Startzeit der fehlerhaften Anwendung: 0x01d298202054f832
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\InputService.dll
Berichtskennung: 47c5e0d9-2a3c-43f0-9675-168a0546cd7c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/07/2017 03:34:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_6.044.exe, Version: 6.0.4.4, Zeitstempel: 0x58b5dbcb
Name des fehlerhaften Moduls: adwcleaner_6.044.exe, Version: 6.0.4.4, Zeitstempel: 0x58b5dbcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00022d82
ID des fehlerhaften Prozesses: 0x1c70
Startzeit der fehlerhaften Anwendung: 0x01d2974fcca9a7d9
Pfad der fehlerhaften Anwendung: C:\Users\Princhi\Downloads\adwcleaner_6.044.exe
Pfad des fehlerhaften Moduls: C:\Users\Princhi\Downloads\adwcleaner_6.044.exe
Berichtskennung: 46806284-5481-4e45-816c-d001346fcd0f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/07/2017 03:34:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.14393.0, Zeitstempel: 0x57899148
Name des fehlerhaften Moduls: InputService.dll, Version: 10.0.14393.576, Zeitstempel: 0x584a76ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00057f66
ID des fehlerhaften Prozesses: 0x1e78
Startzeit der fehlerhaften Anwendung: 0x01d29746cd37eff9
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\InputService.dll
Berichtskennung: d8681e43-359f-46b4-91f2-0a1278495b3f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/07/2017 01:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x693cd473
ID des fehlerhaften Prozesses: 0x2be8
Startzeit der fehlerhaften Anwendung: 0x01d2973a8451a751
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Stancine\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: a26a94c4-b5fc-4c9b-a93b-e3b4490dad7c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/07/2017 02:00:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x693cd473
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0x01d296de3bda30b8
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Stancine\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: e8e0a402-3d5d-4656-a614-fa9a323e8b6e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/07/2017 12:54:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x693cd473
ID des fehlerhaften Prozesses: 0x31a0
Startzeit der fehlerhaften Anwendung: 0x01d296d50a6abfe5
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Stancine\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 77a84877-3de3-4fd8-b55c-3547793e7948
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (03/08/2017 05:25:02 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (03/08/2017 05:21:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Convxxxx" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/08/2017 05:21:11 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2017 05:21:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Kyubey" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 05:21:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/08/2017 05:21:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/08/2017 05:21:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 05:21:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 05:21:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 05:21:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Ntp2NetSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-03-07 15:34:35.588
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-03-07 15:08:10.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-02-03 17:00:27.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-02-03 16:56:56.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-21 01:08:28.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-21 00:12:20.064
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 23:15:15.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 22:03:49.090
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 21:52:52.863
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 21:12:20.027
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 8093.39 MB
Verfügbarer physikalischer RAM: 5906.85 MB
Summe virtueller Speicher: 9373.39 MB
Verfügbarer virtueller Speicher: 7099.04 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:390.16 GB) (Free:136.58 GB) NTFS
Drive d: (Volume) (Fixed) (Total:540.4 GB) (Free:152.65 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter 17:41:13.0849 0x1830 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
17:41:13.0849 0x1830 UEFI system
17:48:26.0468 0x1830 ============================================================
17:48:26.0468 0x1830 Current date / time: 2017/03/08 17:48:26.0467
17:48:26.0468 0x1830 SystemInfo:
17:48:26.0468 0x1830
17:48:26.0468 0x1830 OS Version: 10.0.14393 ServicePack: 0.0
17:48:26.0468 0x1830 Product type: Workstation
17:48:26.0468 0x1830 ComputerName: EPONA
17:48:26.0468 0x1830 UserName: Princhi
17:48:26.0468 0x1830 Windows directory: C:\WINDOWS
17:48:26.0468 0x1830 System windows directory: C:\WINDOWS
17:48:26.0468 0x1830 Running under WOW64
17:48:26.0468 0x1830 Processor architecture: Intel x64
17:48:26.0468 0x1830 Number of processors: 8
17:48:26.0468 0x1830 Page size: 0x1000
17:48:26.0468 0x1830 Boot type: Normal boot
17:48:26.0468 0x1830 CodeIntegrityOptions = 0x00000001
17:48:26.0468 0x1830 ============================================================
17:48:26.0510 0x1830 KLMD registered as C:\WINDOWS\system32\drivers\55301967.sys
17:48:26.0511 0x1830 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
17:48:26.0626 0x1830 System UUID: {C94E5BFC-A34E-F76E-4230-0C2AA1032B50}
17:48:26.0853 0x1830 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:48:26.0859 0x1830 ============================================================
17:48:26.0859 0x1830 \Device\Harddisk0\DR0:
17:48:26.0859 0x1830 GPT partitions:
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {2E07B7E2-BA6B-436F-89A9-52134F6D736A}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {17569911-260F-48B6-AD50-40327C3D91F8}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x31800
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {1E27707F-CED8-4213-9BE7-966A097D482D}, Name: Microsoft reserved partition, StartLBA 0xC8000, BlocksNum 0x40000
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {15700A44-E6E1-486E-96D3-30E273E518B8}, Name: Basic data partition, StartLBA 0x108000, BlocksNum 0x30C51000
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {D4AE4C6B-00C2-4F38-8296-53C8864D766B}, Name: , StartLBA 0x30D59000, BlocksNum 0xE1000
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1B71F301-972F-456B-9B19-2B4FD61B702D}, Name: Basic data partition, StartLBA 0x30E3A000, BlocksNum 0x438CC000
17:48:26.0867 0x1830 MBR partitions:
17:48:26.0867 0x1830 ============================================================
17:48:26.0872 0x1830 C: <-> \Device\Harddisk0\DR0\Partition4
17:48:26.0902 0x1830 D: <-> \Device\Harddisk0\DR0\Partition6
17:48:26.0902 0x1830 ============================================================
17:48:26.0902 0x1830 Initialize success
17:48:26.0902 0x1830 ============================================================
17:49:03.0792 0x0478 ============================================================
17:49:03.0792 0x0478 Scan started
17:49:03.0792 0x0478 Mode: Manual; SigCheck; TDLFS;
17:49:03.0792 0x0478 ============================================================
17:49:03.0792 0x0478 KSN ping started
17:49:03.0918 0x0478 KSN ping finished: true
17:49:04.0741 0x0478 ================ Scan system memory ========================
17:49:04.0741 0x0478 System memory - ok
17:49:04.0742 0x0478 ================ Scan services =============================
17:49:04.0950 0x0478 1394ohci - ok
17:49:04.0957 0x0478 3ware - ok
17:49:04.0963 0x0478 ACPI - ok
17:49:04.0969 0x0478 AcpiDev - ok
17:49:04.0974 0x0478 acpiex - ok
17:49:04.0979 0x0478 acpipagr - ok
17:49:05.0001 0x0478 AcpiPmi - ok
17:49:05.0003 0x0478 acpitime - ok
17:49:05.0011 0x0478 [ B598E1D166E92198948BA07888E196F6, DF8764F444020C271D00BCC36D7530CDDF1394035CABE7444625B75FBEF4D624 ] acsock C:\WINDOWS\system32\DRIVERS\acsock64.sys
17:49:05.0057 0x0478 acsock - ok
17:49:05.0064 0x0478 ADP80XX - ok
17:49:05.0071 0x0478 AFD - ok
17:49:05.0076 0x0478 ahcache - ok
17:49:05.0078 0x0478 AJRouter - ok
17:49:05.0080 0x0478 ALG - ok
17:49:05.0084 0x0478 AmdK8 - ok
17:49:05.0086 0x0478 AmdPPM - ok
17:49:05.0088 0x0478 amdsata - ok
17:49:05.0092 0x0478 amdsbs - ok
17:49:05.0094 0x0478 amdxata - ok
17:49:05.0096 0x0478 AppID - ok
17:49:05.0099 0x0478 AppIDSvc - ok
17:49:05.0101 0x0478 Appinfo - ok
17:49:05.0103 0x0478 applockerfltr - ok
17:49:05.0105 0x0478 AppMgmt - ok
17:49:05.0111 0x0478 AppReadiness - ok
17:49:05.0114 0x0478 AppVClient - ok
17:49:05.0116 0x0478 AppvStrm - ok
17:49:05.0133 0x0478 AppvVemgr - ok
17:49:05.0135 0x0478 AppvVfs - ok
17:49:05.0137 0x0478 AppXSvc - ok
17:49:05.0139 0x0478 arcsas - ok
17:49:05.0142 0x0478 AsyncMac - ok
17:49:05.0145 0x0478 atapi - ok
17:49:05.0147 0x0478 AudioEndpointBuilder - ok
17:49:05.0149 0x0478 Audiosrv - ok
17:49:05.0151 0x0478 AxInstSV - ok
17:49:05.0153 0x0478 b06bdrv - ok
17:49:05.0155 0x0478 BasicDisplay - ok
17:49:05.0157 0x0478 BasicRender - ok
17:49:05.0160 0x0478 bcmfn - ok
17:49:05.0162 0x0478 bcmfn2 - ok
17:49:05.0164 0x0478 BDESVC - ok
17:49:05.0166 0x0478 Beep - ok
17:49:05.0168 0x0478 BFE - ok
17:49:05.0170 0x0478 BITS - ok
17:49:05.0217 0x0478 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:49:05.0227 0x0478 Bonjour Service - ok
17:49:05.0230 0x0478 bowser - ok
17:49:05.0232 0x0478 BrokerInfrastructure - ok
17:49:05.0234 0x0478 Browser - ok
17:49:05.0236 0x0478 BthAvrcpTg - ok
17:49:05.0239 0x0478 BthHFEnum - ok
17:49:05.0241 0x0478 bthhfhid - ok
17:49:05.0243 0x0478 BthHFSrv - ok
17:49:05.0245 0x0478 BTHMODEM - ok
17:49:05.0251 0x0478 bthserv - ok
17:49:05.0253 0x0478 buttonconverter - ok
17:49:05.0266 0x0478 [ 6A50EAB6C21EF0886A0366E11AF10762, 39231BC53B2C61783F6C1BA8D21B51E1942E0F5CE63D651692530AD003AA4539 ] C2XXCOM C:\WINDOWS\system32\DRIVERS\C2XXCOM76.sys
17:49:05.0273 0x0478 C2XXCOM - ok
17:49:05.0296 0x0478 [ DA5363A532BA554483F5B1EC6ADE73BC, 6CBFA5FC862FE4E4B9317B423C21EBC3F2AF22C990A3982FA426F51D317A7A41 ] C2xxUSB C:\WINDOWS\system32\DRIVERS\C2xxUSB76.sys
17:49:05.0317 0x0478 C2xxUSB - ok
17:49:05.0323 0x0478 [ B8E6BE77C47F1FE2C9F696BCEAEAC6F1, 6B6F1211F4C8594D41AB0D137389B243C1DC7441180507CF4DED03A6968E7ACC ] C2xxUsbStorage C:\WINDOWS\system32\DRIVERS\C2xSTR76.sys
17:49:05.0334 0x0478 C2xxUsbStorage - ok
17:49:05.0338 0x0478 CapImg - ok
17:49:05.0343 0x0478 cdfs - ok
17:49:05.0345 0x0478 CDPSvc - ok
17:49:05.0348 0x0478 CDPUserSvc - ok
17:49:05.0364 0x0478 cdrom - ok
17:49:05.0367 0x0478 CertPropSvc - ok
17:49:05.0370 0x0478 cht4iscsi - ok
17:49:05.0372 0x0478 cht4vbd - ok
17:49:05.0376 0x0478 circlass - ok
17:49:05.0379 0x0478 CLFS - ok
17:49:05.0381 0x0478 ClipSVC - ok
17:49:05.0383 0x0478 clreg - ok
17:49:05.0390 0x0478 CmBatt - ok
17:49:05.0392 0x0478 CNG - ok
17:49:05.0395 0x0478 cnghwassist - ok
17:49:05.0431 0x0478 CompositeBus - ok
17:49:05.0433 0x0478 COMSysApp - ok
17:49:05.0435 0x0478 condrv - ok
17:49:05.0468 0x0478 Convxxxx - ok
17:49:05.0483 0x0478 CoreMessagingRegistrar - ok
17:49:05.0515 0x0478 [ 5212E0957468D3F94D90FA7A0F06B58F, 955DAC77A0148E9F9ED744F5D341CB9C9118261E52FE622AC6213965F2BC4CAD ] cpuz137 C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys
17:49:05.0518 0x0478 cpuz137 - ok
17:49:05.0522 0x0478 CryptSvc - ok
17:49:05.0524 0x0478 CSC - ok
17:49:05.0526 0x0478 CscService - ok
17:49:05.0528 0x0478 dam - ok
17:49:05.0531 0x0478 DcomLaunch - ok
17:49:05.0533 0x0478 DcpSvc - ok
17:49:05.0536 0x0478 defragsvc - ok
17:49:05.0538 0x0478 DeviceAssociationService - ok
17:49:05.0540 0x0478 DeviceInstall - ok
17:49:05.0542 0x0478 DevQueryBroker - ok
17:49:05.0544 0x0478 Dfsc - ok
17:49:05.0559 0x0478 Dhcp - ok
17:49:05.0562 0x0478 diagnosticshub.standardcollector.service - ok
17:49:05.0565 0x0478 DiagTrack - ok
17:49:05.0567 0x0478 disk - ok
17:49:05.0569 0x0478 DmEnrollmentSvc - ok
17:49:05.0571 0x0478 dmvsc - ok
17:49:05.0574 0x0478 dmwappushservice - ok
17:49:05.0576 0x0478 Dnscache - ok
17:49:05.0579 0x0478 dot3svc - ok
17:49:05.0581 0x0478 DPS - ok
17:49:05.0583 0x0478 drmkaud - ok
17:49:05.0585 0x0478 DsmSvc - ok
17:49:05.0587 0x0478 DsSvc - ok
17:49:05.0601 0x0478 [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys
17:49:05.0609 0x0478 dtsoftbus01 - ok
17:49:05.0630 0x0478 DXGKrnl - ok
17:49:05.0633 0x0478 EapHost - ok
17:49:05.0634 0x0478 ebdrv - ok
17:49:05.0637 0x0478 EFS - ok
17:49:05.0639 0x0478 EhStorClass - ok
17:49:05.0644 0x0478 EhStorTcgDrv - ok
17:49:05.0649 0x0478 embeddedmode - ok
17:49:05.0653 0x0478 EntAppSvc - ok
17:49:05.0657 0x0478 ErrDev - ok
17:49:05.0675 0x0478 EventSystem - ok
17:49:05.0677 0x0478 exfat - ok
17:49:05.0689 0x0478 fastfat - ok
17:49:05.0693 0x0478 Fax - ok
17:49:05.0695 0x0478 fdc - ok
17:49:05.0698 0x0478 fdPHost - ok
17:49:05.0700 0x0478 FDResPub - ok
17:49:05.0703 0x0478 fhsvc - ok
17:49:05.0705 0x0478 FileCrypt - ok
17:49:05.0707 0x0478 FileInfo - ok
17:49:05.0710 0x0478 Filetrace - ok
17:49:05.0712 0x0478 flpydisk - ok
17:49:05.0715 0x0478 FltMgr - ok
17:49:05.0718 0x0478 FontCache - ok
17:49:05.0729 0x0478 FontCache3.0.0.0 - ok
17:49:05.0731 0x0478 FrameServer - ok
17:49:05.0733 0x0478 FsDepends - ok
17:49:05.0737 0x0478 Fs_Rec - ok
17:49:05.0739 0x0478 fvevol - ok
17:49:05.0742 0x0478 gencounter - ok
17:49:05.0743 0x0478 genericusbfn - ok
17:49:05.0745 0x0478 GPIOClx0101 - ok
17:49:05.0747 0x0478 gpsvc - ok
17:49:05.0749 0x0478 GpuEnergyDrv - ok
17:49:05.0764 0x0478 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:49:05.0769 0x0478 gupdate - ok
17:49:05.0772 0x0478 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:49:05.0778 0x0478 gupdatem - ok
17:49:05.0780 0x0478 HDAudBus - ok
17:49:05.0782 0x0478 HidBatt - ok
17:49:05.0784 0x0478 HidBth - ok
17:49:05.0786 0x0478 hidi2c - ok
17:49:05.0788 0x0478 hidinterrupt - ok
17:49:05.0792 0x0478 HidIr - ok
17:49:05.0799 0x0478 [ C6AB0711E75F90B501F30260463CB026, B5CF27552A000D2BCE0C9B557F0FA2CE60FACAB596B262F07BED57D00422C388 ] hidkmdf C:\WINDOWS\System32\drivers\hidkmdf.sys
17:49:05.0802 0x0478 hidkmdf - ok
17:49:05.0806 0x0478 hidserv - ok
17:49:05.0818 0x0478 HidUsb - ok
17:49:05.0826 0x0478 [ E627AD9A64052C659704FAA979C225F1, 7630ADA53A43581A314386D43BF5582604AB4651E5E229C8D5C5551F09740542 ] HmaOpenVpnService D:\Programme\HMA! Pro VPN\bin\openvpnserv.exe
17:49:05.0831 0x0478 HmaOpenVpnService - ok
17:49:05.0849 0x0478 [ D7670FC8D023073F3A40CCBD93976F2F, 22054DC2DD524DC4CAECA23EDBCF7552A90C1082939FFBEC35708D1D02C81673 ] hmatap C:\WINDOWS\System32\drivers\hmatap.sys
17:49:05.0854 0x0478 hmatap - ok
17:49:05.0857 0x0478 HomeGroupListener - ok
17:49:05.0859 0x0478 HomeGroupProvider - ok
17:49:05.0863 0x0478 HpSAMD - ok
17:49:05.0865 0x0478 HTTP - ok
17:49:05.0878 0x0478 HvHost - ok
17:49:05.0880 0x0478 hvservice - ok
17:49:05.0882 0x0478 hwpolicy - ok
17:49:05.0884 0x0478 hyperkbd - ok
17:49:05.0887 0x0478 i8042prt - ok
17:49:05.0889 0x0478 iagpio - ok
17:49:05.0893 0x0478 iai2c - ok
17:49:05.0895 0x0478 iaLPSS2i_GPIO2 - ok
17:49:05.0897 0x0478 iaLPSS2i_I2C - ok
17:49:05.0899 0x0478 iaLPSSi_GPIO - ok
17:49:05.0900 0x0478 iaLPSSi_I2C - ok
17:49:05.0902 0x0478 iaStorAV - ok
17:49:05.0904 0x0478 iaStorV - ok
17:49:05.0906 0x0478 ibbus - ok
17:49:05.0909 0x0478 icssvc - ok
17:49:05.0911 0x0478 IKEEXT - ok
17:49:05.0918 0x0478 IndirectKmd - ok
17:49:06.0042 0x0478 [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
17:49:06.0108 0x0478 IntcAzAudAddService - ok
17:49:06.0127 0x0478 intelide - ok
17:49:06.0129 0x0478 intelpep - ok
17:49:06.0131 0x0478 intelppm - ok
17:49:06.0132 0x0478 iorate - ok
17:49:06.0134 0x0478 IpFilterDriver - ok
17:49:06.0137 0x0478 iphlpsvc - ok
17:49:06.0139 0x0478 IPMIDRV - ok
17:49:06.0142 0x0478 IPNAT - ok
17:49:06.0143 0x0478 irda - ok
17:49:06.0145 0x0478 IRENUM - ok
17:49:06.0147 0x0478 irmon - ok
17:49:06.0149 0x0478 isapnp - ok
17:49:06.0151 0x0478 iScsiPrt - ok
17:49:06.0153 0x0478 kbdclass - ok
17:49:06.0156 0x0478 kbdhid - ok
17:49:06.0158 0x0478 kdnic - ok
17:49:06.0160 0x0478 KeyIso - ok
17:49:06.0162 0x0478 KSecDD - ok
17:49:06.0164 0x0478 KSecPkg - ok
17:49:06.0166 0x0478 ksthunk - ok
17:49:06.0169 0x0478 KtmRm - ok
17:49:06.0186 0x0478 Kyubey - ok
17:49:06.0190 0x0478 LanmanServer - ok
17:49:06.0213 0x0478 LanmanWorkstation - ok
17:49:06.0227 0x0478 lfsvc - ok
17:49:06.0238 0x0478 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys
17:49:06.0242 0x0478 LGBusEnum - ok
17:49:06.0251 0x0478 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys
17:49:06.0259 0x0478 LGVirHid - ok
17:49:06.0264 0x0478 LicenseManager - ok
17:49:06.0269 0x0478 lltdio - ok
17:49:06.0274 0x0478 lltdsvc - ok
17:49:06.0278 0x0478 lmhosts - ok
17:49:06.0284 0x0478 LSI_SAS - ok
17:49:06.0288 0x0478 LSI_SAS2i - ok
17:49:06.0293 0x0478 LSI_SAS3i - ok
17:49:06.0298 0x0478 LSI_SSS - ok
17:49:06.0303 0x0478 LSM - ok
17:49:06.0306 0x0478 luafv - ok
17:49:06.0309 0x0478 MapsBroker - ok
17:49:06.0312 0x0478 megasas - ok
17:49:06.0315 0x0478 megasas2i - ok
17:49:06.0318 0x0478 megasr - ok
17:49:06.0329 0x0478 [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
17:49:06.0340 0x0478 MEIx64 - ok
17:49:06.0367 0x0478 MessagingService - ok
17:49:06.0370 0x0478 mlx4_bus - ok
17:49:06.0372 0x0478 MMCSS - ok
17:49:06.0374 0x0478 Modem - ok
17:49:06.0377 0x0478 monitor - ok
17:49:06.0379 0x0478 mouclass - ok
17:49:06.0381 0x0478 mouhid - ok
17:49:06.0382 0x0478 mountmgr - ok
17:49:06.0384 0x0478 mpsdrv - ok
17:49:06.0386 0x0478 MpsSvc - ok
17:49:06.0389 0x0478 MRxDAV - ok
17:49:06.0399 0x0478 mrxsmb - ok
17:49:06.0401 0x0478 mrxsmb10 - ok
17:49:06.0404 0x0478 mrxsmb20 - ok
17:49:06.0406 0x0478 MsBridge - ok
17:49:06.0409 0x0478 MSDTC - ok
17:49:06.0412 0x0478 Msfs - ok
17:49:06.0418 0x0478 msgpiowin32 - ok
17:49:06.0420 0x0478 mshidkmdf - ok
17:49:06.0422 0x0478 mshidumdf - ok
17:49:06.0424 0x0478 msisadrv - ok
17:49:06.0436 0x0478 MSiSCSI - ok
17:49:06.0438 0x0478 msiserver - ok
17:49:06.0440 0x0478 MSKSSRV - ok
17:49:06.0442 0x0478 MsLldp - ok
17:49:06.0444 0x0478 MSPCLOCK - ok
17:49:06.0445 0x0478 MSPQM - ok
17:49:06.0447 0x0478 MsRPC - ok
17:49:06.0450 0x0478 MsSecFlt - ok
17:49:06.0452 0x0478 mssmbios - ok
17:49:06.0454 0x0478 MSTEE - ok
17:49:06.0456 0x0478 MTConfig - ok
17:49:06.0458 0x0478 Mup - ok
17:49:06.0460 0x0478 mvumis - ok
17:49:06.0463 0x0478 NativeWifiP - ok
17:49:06.0465 0x0478 NcaSvc - ok
17:49:06.0467 0x0478 NcbService - ok
17:49:06.0469 0x0478 NcdAutoSetup - ok
17:49:06.0471 0x0478 ndfltr - ok
17:49:06.0474 0x0478 NDIS - ok
17:49:06.0478 0x0478 NdisCap - ok
17:49:06.0490 0x0478 NdisImPlatform - ok
17:49:06.0492 0x0478 NdisTapi - ok
17:49:06.0493 0x0478 Ndisuio - ok
17:49:06.0495 0x0478 NdisVirtualBus - ok
17:49:06.0497 0x0478 NdisWan - ok
17:49:06.0499 0x0478 ndiswanlegacy - ok
17:49:06.0501 0x0478 ndproxy - ok
17:49:06.0502 0x0478 Ndu - ok
17:49:06.0504 0x0478 NetAdapterCx - ok
17:49:06.0506 0x0478 NetBIOS - ok
17:49:06.0509 0x0478 NetBT - ok
17:49:06.0511 0x0478 Netlogon - ok
17:49:06.0513 0x0478 Netman - ok
17:49:06.0516 0x0478 netprofm - ok
17:49:06.0518 0x0478 NetSetupSvc - ok
17:49:06.0530 0x0478 NetTcpPortSharing - ok
17:49:06.0533 0x0478 NgcCtnrSvc - ok
17:49:06.0535 0x0478 NgcSvc - ok
17:49:06.0537 0x0478 NlaSvc - ok
17:49:06.0539 0x0478 Npfs - ok
17:49:06.0541 0x0478 npggsvc - ok
17:49:06.0551 0x0478 npsvctrig - ok
17:49:06.0553 0x0478 nsi - ok
17:49:06.0555 0x0478 nsiproxy - ok
17:49:06.0558 0x0478 NTFS - ok
17:49:06.0574 0x0478 Ntp2NetSvc - ok
17:49:06.0581 0x0478 Ntp2UpSvc - ok
17:49:06.0584 0x0478 Null - ok
17:49:06.0597 0x0478 [ 302A57479E9A2A95CE723521A7ED1BD0, CEF8E26DBCA2E840ED32378193127FDC321828D28941AE42C5AA800613A85E91 ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys
17:49:06.0604 0x0478 NVHDA - ok
17:49:06.0929 0x0478 [ E0854DA823FBC14F750BFD46E690F60F, BAACD13006B7EA377BC57CA502D342097E327486957F905DD720C870C1B4C67C ] nvlddmkm C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys
17:49:07.0130 0x0478 nvlddmkm - ok
17:49:07.0142 0x0478 nvraid - ok
17:49:07.0144 0x0478 nvstor - ok
17:49:07.0208 0x0478 [ 99D42078C9596A20A7B3419159265A25, E9F5380E6597C79B26B2CBAAC534F31C5027F32AAA0FD5876CF7E9BB6658F30C ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
17:49:07.0212 0x0478 NvStreamKms - ok
17:49:07.0300 0x0478 [ E6A64322EB213AEACBB61584AA6FB032, FA91C89B81DD7F3EC22DF71FFC3A506AD40AE76EC91F1115CCAB6ED39431369D ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
17:49:07.0355 0x0478 NvStreamNetworkSvc - ok
17:49:07.0412 0x0478 [ A8213BF32D2E75ADD362E118AD164749, 6F35210ED11088FE64F13DD63053FFDA4628A5F6397DA33A345970962AB83499 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
17:49:07.0452 0x0478 NvStreamSvc - ok
17:49:07.0468 0x0478 [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
17:49:07.0473 0x0478 nvvad_WaveExtensible - ok
17:49:07.0476 0x0478 OneSyncSvc - ok
17:49:07.0527 0x0478 [ 241B7F92346973C10195AD7861596709, E0972047D202F539A8367E50DE278AF6103FA72C8E61F6D5B0DC1EA8FD338355 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
17:49:07.0560 0x0478 Origin Client Service - ok
17:49:07.0613 0x0478 [ 685176200A9246175FB8EF95F6FF9EAF, 93A5F307B1DF545CA5334BBB81E5E388A3E7911A9FF6ECBC066A3A5E11300AE4 ] Origin Web Helper Service C:\Program Files (x86)\Origin\OriginWebHelperService.exe
17:49:07.0646 0x0478 Origin Web Helper Service - ok
17:49:07.0650 0x0478 p2pimsvc - ok
17:49:07.0652 0x0478 p2psvc - ok
17:49:07.0653 0x0478 Parport - ok
17:49:07.0664 0x0478 partmgr - ok
17:49:07.0666 0x0478 PcaSvc - ok
17:49:07.0668 0x0478 pci - ok
17:49:07.0671 0x0478 pciide - ok
17:49:07.0674 0x0478 pcmcia - ok
17:49:07.0676 0x0478 pcw - ok
17:49:07.0678 0x0478 pdc - ok
17:49:07.0680 0x0478 PEAUTH - ok
17:49:07.0682 0x0478 PeerDistSvc - ok
17:49:07.0683 0x0478 percsas2i - ok
17:49:07.0685 0x0478 percsas3i - ok
17:49:07.0718 0x0478 PerfHost - ok
17:49:07.0729 0x0478 PhoneSvc - ok
17:49:07.0733 0x0478 PimIndexMaintenanceSvc - ok
17:49:07.0741 0x0478 pla - ok
17:49:07.0745 0x0478 PlugPlay - ok
17:49:07.0748 0x0478 PNRPAutoReg - ok
17:49:07.0750 0x0478 PNRPsvc - ok
17:49:07.0754 0x0478 PolicyAgent - ok
17:49:07.0758 0x0478 Power - ok
17:49:07.0761 0x0478 PptpMiniport - ok
17:49:07.0859 0x0478 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:49:07.0968 0x0478 PrintNotify - ok
17:49:07.0973 0x0478 Processor - ok
17:49:07.0975 0x0478 ProfSvc - ok
17:49:07.0987 0x0478 Psched - ok
17:49:07.0989 0x0478 QWAVE - ok
17:49:07.0992 0x0478 QWAVEdrv - ok
17:49:07.0994 0x0478 RasAcd - ok
17:49:08.0004 0x0478 RasAgileVpn - ok
17:49:08.0006 0x0478 RasAuto - ok
17:49:08.0008 0x0478 Rasl2tp - ok
17:49:08.0010 0x0478 RasMan - ok
17:49:08.0012 0x0478 RasPppoe - ok
17:49:08.0014 0x0478 RasSstp - ok
17:49:08.0016 0x0478 rdbss - ok
17:49:08.0021 0x0478 rdpbus - ok
17:49:08.0024 0x0478 RDPDR - ok
17:49:08.0028 0x0478 RdpVideoMiniport - ok
17:49:08.0030 0x0478 rdyboost - ok
17:49:08.0032 0x0478 ReFSv1 - ok
17:49:08.0052 0x0478 RemoteAccess - ok
17:49:08.0055 0x0478 RemoteRegistry - ok
17:49:08.0058 0x0478 RetailDemo - ok
17:49:08.0060 0x0478 RmSvc - ok
17:49:08.0062 0x0478 RpcEptMapper - ok
17:49:08.0064 0x0478 RpcLocator - ok
17:49:08.0066 0x0478 RpcSs - ok
17:49:08.0068 0x0478 rspndr - ok
17:49:08.0071 0x0478 rt640x64 - ok
17:49:08.0075 0x0478 s3cap - ok
17:49:08.0078 0x0478 SamSs - ok
17:49:08.0081 0x0478 sbp2port - ok
17:49:08.0083 0x0478 SCardSvr - ok
17:49:08.0098 0x0478 ScDeviceEnum - ok
17:49:08.0101 0x0478 scfilter - ok
17:49:08.0103 0x0478 Schedule - ok
17:49:08.0105 0x0478 scmbus - ok
17:49:08.0107 0x0478 scmdisk0101 - ok
17:49:08.0110 0x0478 SCPolicySvc - ok
17:49:08.0112 0x0478 sdbus - ok
17:49:08.0133 0x0478 SDRSVC - ok
17:49:08.0135 0x0478 sdstor - ok
17:49:08.0137 0x0478 Secdrv - ok
17:49:08.0142 0x0478 seclogon - ok
17:49:08.0144 0x0478 SENS - ok
17:49:08.0161 0x0478 Sense - ok
17:49:08.0175 0x0478 SensorDataService - ok
17:49:08.0179 0x0478 SensorService - ok
17:49:08.0181 0x0478 SensrSvc - ok
17:49:08.0183 0x0478 SerCx - ok
17:49:08.0185 0x0478 SerCx2 - ok
17:49:08.0188 0x0478 Serenum - ok
17:49:08.0191 0x0478 Serial - ok
17:49:08.0193 0x0478 sermouse - ok
17:49:08.0198 0x0478 SessionEnv - ok
17:49:08.0201 0x0478 sfloppy - ok
17:49:08.0228 0x0478 SharedAccess - ok
17:49:08.0245 0x0478 ShellHWDetection - ok
17:49:08.0248 0x0478 shpamsvc - ok
17:49:08.0249 0x0478 SiSRaid2 - ok
17:49:08.0252 0x0478 SiSRaid4 - ok
17:49:08.0284 0x0478 [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:49:08.0295 0x0478 SkypeUpdate - ok
17:49:08.0304 0x0478 smphost - ok
17:49:08.0312 0x0478 SmsRouter - ok
17:49:08.0315 0x0478 SNMPTRAP - ok
17:49:08.0331 0x0478 spaceport - ok
17:49:08.0333 0x0478 SpbCx - ok
17:49:08.0335 0x0478 Spooler - ok
17:49:08.0338 0x0478 sppsvc - ok
17:49:08.0346 0x0478 srv - ok
17:49:08.0348 0x0478 srv2 - ok
17:49:08.0359 0x0478 srvnet - ok
17:49:08.0361 0x0478 SSDPSRV - ok
17:49:08.0363 0x0478 SstpSvc - ok
17:49:08.0365 0x0478 StateRepository - ok
17:49:08.0409 0x0478 [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:49:08.0434 0x0478 Steam Client Service - ok
17:49:08.0438 0x0478 stexstor - ok
17:49:08.0450 0x0478 stisvc - ok
17:49:08.0457 0x0478 storahci - ok
17:49:08.0461 0x0478 storflt - ok
17:49:08.0463 0x0478 stornvme - ok
17:49:08.0466 0x0478 storqosflt - ok
17:49:08.0468 0x0478 StorSvc - ok
17:49:08.0470 0x0478 storufs - ok
17:49:08.0471 0x0478 storvsc - ok
17:49:08.0474 0x0478 svsvc - ok
17:49:08.0476 0x0478 swenum - ok
17:49:08.0478 0x0478 swprv - ok
17:49:08.0481 0x0478 Synth3dVsc - ok
17:49:08.0483 0x0478 SysMain - ok
17:49:08.0486 0x0478 SystemEventsBroker - ok
17:49:08.0488 0x0478 TabletInputService - ok
17:49:08.0492 0x0478 TapiSrv - ok
17:49:08.0494 0x0478 Tcpip - ok
17:49:08.0496 0x0478 Tcpip6 - ok
17:49:08.0499 0x0478 tcpipreg - ok
17:49:08.0502 0x0478 tdx - ok
17:49:08.0677 0x0478 [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
17:49:08.0786 0x0478 TeamViewer - ok
17:49:08.0793 0x0478 terminpt - ok
17:49:08.0795 0x0478 TermService - ok
17:49:08.0797 0x0478 Themes - ok
17:49:08.0800 0x0478 TieringEngineService - ok
17:49:08.0803 0x0478 tiledatamodelsvc - ok
17:49:08.0806 0x0478 TimeBrokerSvc - ok
17:49:08.0818 0x0478 TPM - ok
17:49:08.0821 0x0478 TrkWks - ok
17:49:08.0826 0x0478 TrustedInstaller - ok
17:49:08.0828 0x0478 tsusbflt - ok
17:49:08.0831 0x0478 TsUsbGD - ok
17:49:08.0833 0x0478 tsusbhub - ok
17:49:08.0835 0x0478 tunnel - ok
17:49:08.0842 0x0478 tzautoupdate - ok
17:49:08.0845 0x0478 UASPStor - ok
17:49:08.0847 0x0478 UcmCx0101 - ok
17:49:08.0849 0x0478 UcmTcpciCx0101 - ok
17:49:08.0851 0x0478 UcmUcsi - ok
17:49:08.0853 0x0478 Ucx01000 - ok
17:49:08.0855 0x0478 UdeCx - ok
17:49:08.0859 0x0478 udfs - ok
17:49:08.0862 0x0478 UEFI - ok
17:49:08.0864 0x0478 UevAgentDriver - ok
17:49:08.0866 0x0478 UevAgentService - ok
17:49:08.0867 0x0478 Ufx01000 - ok
17:49:08.0870 0x0478 UfxChipidea - ok
17:49:08.0872 0x0478 ufxsynopsys - ok
17:49:08.0877 0x0478 UI0Detect - ok
17:49:08.0879 0x0478 umbus - ok
17:49:08.0881 0x0478 UmPass - ok
17:49:08.0883 0x0478 UmRdpService - ok
17:49:08.0886 0x0478 UnistoreSvc - ok
17:49:08.0890 0x0478 upnphost - ok
17:49:08.0892 0x0478 UrsChipidea - ok
17:49:08.0895 0x0478 UrsCx01000 - ok
17:49:08.0897 0x0478 UrsSynopsys - ok
17:49:08.0909 0x0478 usbaudio - ok
17:49:08.0912 0x0478 usbccgp - ok
17:49:08.0915 0x0478 usbcir - ok
17:49:08.0917 0x0478 usbehci - ok
17:49:08.0920 0x0478 usbhub - ok
17:49:08.0922 0x0478 USBHUB3 - ok
17:49:08.0925 0x0478 usbohci - ok
17:49:08.0927 0x0478 usbprint - ok
17:49:08.0929 0x0478 usbser - ok
17:49:08.0931 0x0478 USBSTOR - ok
17:49:08.0933 0x0478 usbuhci - ok
17:49:08.0944 0x0478 usbvideo - ok
17:49:08.0946 0x0478 USBXHCI - ok
17:49:08.0949 0x0478 UserDataSvc - ok
17:49:08.0965 0x0478 UserManager - ok
17:49:08.0967 0x0478 UsoSvc - ok
17:49:08.0969 0x0478 VaultSvc - ok
17:49:08.0971 0x0478 vdrvroot - ok
17:49:08.0973 0x0478 vds - ok
17:49:08.0975 0x0478 VerifierExt - ok
17:49:08.0977 0x0478 vhdmp - ok
17:49:08.0979 0x0478 vhf - ok
17:49:08.0982 0x0478 vmbus - ok
17:49:08.0984 0x0478 VMBusHID - ok
17:49:08.0986 0x0478 vmgid - ok
17:49:08.0988 0x0478 vmicguestinterface - ok
17:49:08.0992 0x0478 vmicheartbeat - ok
17:49:08.0993 0x0478 vmickvpexchange - ok
17:49:08.0996 0x0478 vmicrdv - ok
17:49:08.0998 0x0478 vmicshutdown - ok
17:49:09.0000 0x0478 vmictimesync - ok
17:49:09.0002 0x0478 vmicvmsession - ok
17:49:09.0004 0x0478 vmicvss - ok
17:49:09.0006 0x0478 volmgr - ok
17:49:09.0008 0x0478 volmgrx - ok
17:49:09.0010 0x0478 volsnap - ok
17:49:09.0013 0x0478 volume - ok
17:49:09.0015 0x0478 vpci - ok
17:49:09.0061 0x0478 [ 4C768463461D2C78E671EFB43AD3A267, 30FF18AD8C781A13091AA1D7413428C9FBA3525E44A359E90A16C3AD06F15D7D ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
17:49:09.0095 0x0478 vpnagent - ok
17:49:09.0104 0x0478 [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva C:\WINDOWS\System32\drivers\vpnva64-6.sys
17:49:09.0109 0x0478 vpnva - ok
17:49:09.0112 0x0478 vsmraid - ok
17:49:09.0114 0x0478 VSS - ok
17:49:09.0117 0x0478 VSTXRAID - ok
17:49:09.0119 0x0478 vwifibus - ok
17:49:09.0121 0x0478 vwififlt - ok
17:49:09.0124 0x0478 W32Time - ok
17:49:09.0141 0x0478 [ 90A7D70E48A69F6E4FFB49440674B3B8, 6C31BE40D9FF3C91B420AB2CFF17FA0D463BD97DF94B9CFCB8735A9EBC8FDFB0 ] WacHidRouter C:\WINDOWS\System32\drivers\wachidrouter.sys
17:49:09.0145 0x0478 WacHidRouter - ok
17:49:09.0148 0x0478 WacomPen - ok
17:49:09.0160 0x0478 [ A46EA18DFA3CB657732909570F021578, 36A87A8A3402BBD79367B6F0D9C59C3BAF18AAE154A273DA067D7F08A7B94CC8 ] wacomrouterfilter C:\WINDOWS\System32\drivers\wacomrouterfilter.sys
17:49:09.0164 0x0478 wacomrouterfilter - ok
17:49:09.0167 0x0478 WalletService - ok
17:49:09.0169 0x0478 wanarp - ok
17:49:09.0171 0x0478 wanarpv6 - ok
17:49:09.0174 0x0478 wbengine - ok
17:49:09.0177 0x0478 WbioSrvc - ok
17:49:09.0179 0x0478 wcifs - ok
17:49:09.0182 0x0478 Wcmsvc - ok
17:49:09.0184 0x0478 wcncsvc - ok
17:49:09.0186 0x0478 wcnfs - ok
17:49:09.0188 0x0478 WdBoot - ok
17:49:09.0191 0x0478 Wdf01000 - ok
17:49:09.0194 0x0478 WdFilter - ok
17:49:09.0196 0x0478 WdiServiceHost - ok
17:49:09.0198 0x0478 WdiSystemHost - ok
17:49:09.0200 0x0478 wdiwifi - ok
17:49:09.0202 0x0478 WdNisDrv - ok
17:49:09.0204 0x0478 WdNisSvc - ok
17:49:09.0207 0x0478 WebClient - ok
17:49:09.0209 0x0478 Wecsvc - ok
17:49:09.0212 0x0478 WEPHOSTSVC - ok
17:49:09.0215 0x0478 wercplsupport - ok
17:49:09.0217 0x0478 WerSvc - ok
17:49:09.0219 0x0478 WFPLWFS - ok
17:49:09.0222 0x0478 WiaRpc - ok
17:49:09.0224 0x0478 WIMMount - ok
17:49:09.0225 0x0478 WinDefend - ok
17:49:09.0231 0x0478 WindowsTrustedRT - ok
17:49:09.0233 0x0478 WindowsTrustedRTProxy - ok
17:49:09.0235 0x0478 WinHttpAutoProxySvc - ok
17:49:09.0238 0x0478 WinMad - ok
17:49:09.0256 0x0478 Winmgmt - ok
17:49:09.0262 0x0478 WinRM - ok
17:49:09.0334 0x0478 [ F18C9057490CC4082BDB86D64537F4EA, 4B72FCDE3E3A010573A6C147E36643B373A04F33526EE85269BF9A87D2E7FD27 ] WinSAPSvc C:\Users\Princhi\AppData\Roaming\WinSAPSvc\WinSAP.dll
17:49:09.0350 0x0478 WinSAPSvc - detected UnsignedFile.Multi.Generic ( 1 )
17:49:09.0498 0x0478 Detect turned to UDS exact due to KSN untrusted
17:49:09.0563 0x0478 WinSAPSvc ( UDS:DangerousObject.Multi.Generic ) - infected
17:49:09.0563 0x0478 Force sending object to P2P due to detect: WinSAPSvc
17:49:09.0761 0x0478 Object send P2P result: true
17:49:09.0913 0x0478 WINUSB - ok
17:49:09.0923 0x0478 WinVerbs - ok
17:49:09.0932 0x0478 wisvc - ok
17:49:09.0948 0x0478 WlanSvc - ok
17:49:09.0954 0x0478 wlidsvc - ok
17:49:09.0966 0x0478 [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
17:49:09.0976 0x0478 WmBEnum - ok
17:49:09.0983 0x0478 [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
17:49:09.0992 0x0478 WmFilter - ok
17:49:09.0996 0x0478 [ AC4331AF118A720F13C9C5CABBFE27BD, 2C5F453996B00078F3E8E731F6B3DD4529831BDA2146EAFC66727C9460E85112 ] WmHidLo C:\WINDOWS\system32\drivers\WmHidLo.sys
17:49:10.0000 0x0478 WmHidLo - ok
17:49:10.0003 0x0478 WmiAcpi - ok
17:49:10.0008 0x0478 wmiApSrv - ok
17:49:10.0010 0x0478 WMPNetworkSvc - ok
17:49:10.0021 0x0478 [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
17:49:10.0026 0x0478 WmVirHid - ok
17:49:10.0032 0x0478 [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
17:49:10.0037 0x0478 WmXlCore - ok
17:49:10.0041 0x0478 Wof - ok
17:49:10.0045 0x0478 workfolderssvc - ok
17:49:10.0048 0x0478 WPDBusEnum - ok
17:49:10.0051 0x0478 WpdUpFltr - ok
17:49:10.0055 0x0478 WpnService - ok
17:49:10.0057 0x0478 WpnUserService - ok
17:49:10.0066 0x0478 ws2ifsl - ok
17:49:10.0068 0x0478 wscsvc - ok
17:49:10.0070 0x0478 WSDPrintDevice - ok
17:49:10.0073 0x0478 WSDScan - ok
17:49:10.0074 0x0478 WSearch - ok
17:49:10.0105 0x0478 [ F746E515661B69953030C6C7F2672821, AB454BE1EA00F7FB2655EEB429D0B1795E435E91D88E7C3F1288AE243D270989 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
17:49:10.0124 0x0478 WTabletServicePro - ok
17:49:10.0130 0x0478 wuauserv - ok
17:49:10.0133 0x0478 WudfPf - ok
17:49:10.0138 0x0478 WUDFRd - ok
17:49:10.0142 0x0478 wudfsvc - ok
17:49:10.0145 0x0478 WUDFWpdFs - ok
17:49:10.0146 0x0478 WUDFWpdMtp - ok
17:49:10.0149 0x0478 WwanSvc - ok
17:49:10.0151 0x0478 XblAuthManager - ok
17:49:10.0155 0x0478 XblGameSave - ok
17:49:10.0157 0x0478 xboxgip - ok
17:49:10.0160 0x0478 XboxNetApiSvc - ok
17:49:10.0172 0x0478 [ 7439DCAF71314B1D85E452B3F2E1138A, DAAF67C90C35DC1839CEC6962AD001961EFDE00DDFCDC702882AFA234D71248B ] xhunter1 C:\WINDOWS\xhunter1.sys
17:49:10.0176 0x0478 xhunter1 - ok
17:49:10.0188 0x0478 xinputhid - ok
17:49:10.0205 0x0478 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
17:49:10.0212 0x0478 xusb21 - ok
17:49:10.0215 0x0478 xusb22 - ok
17:49:10.0250 0x0478 [ 7B918284E375EC625973F193078EAA6A, DB8254AD2F25522BEDA3972B96B3874D122572F746AD0D6DAC1AA84198E32F0A ] Zerzitain C:\Program Files (x86)\Clerack\Grshlp.dll
17:49:10.0265 0x0478 Zerzitain - detected UnsignedFile.Multi.Generic ( 1 )
17:49:10.0407 0x0478 Detect turned to UDS exact due to KSN untrusted
17:49:10.0407 0x0478 Zerzitain ( UDS:DangerousObject.Multi.Generic ) - infected
17:49:10.0407 0x0478 Force sending object to P2P due to detect: Zerzitain
17:49:10.0569 0x0478 Object send P2P result: true
17:49:11.0391 0x0478 ================ Scan global ===============================
17:49:11.0428 0x0478 [ Global ] - ok
17:49:11.0429 0x0478 ================ Scan MBR ==================================
17:49:11.0440 0x0478 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:49:11.0529 0x0478 \Device\Harddisk0\DR0 - ok
17:49:11.0530 0x0478 ================ Scan VBR ==================================
17:49:11.0531 0x0478 [ 25E6C44901467F1AD46EB9F883CD0161 ] \Device\Harddisk0\DR0\Partition1
17:49:11.0534 0x0478 \Device\Harddisk0\DR0\Partition1 - ok
17:49:11.0535 0x0478 [ 1B7A554F4080B09FC0CECF2885F78B48 ] \Device\Harddisk0\DR0\Partition2
17:49:11.0536 0x0478 \Device\Harddisk0\DR0\Partition2 - ok
17:49:11.0538 0x0478 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
17:49:11.0538 0x0478 \Device\Harddisk0\DR0\Partition3 - ok
17:49:11.0540 0x0478 [ FB51C1F912C14BCC7FAAA8C26A1988F7 ] \Device\Harddisk0\DR0\Partition4
17:49:11.0542 0x0478 \Device\Harddisk0\DR0\Partition4 - ok
17:49:11.0543 0x0478 [ D67C0F154AA0CC2C803674166AAB840E ] \Device\Harddisk0\DR0\Partition5
17:49:11.0545 0x0478 \Device\Harddisk0\DR0\Partition5 - ok
17:49:11.0546 0x0478 [ 22E7F164060B7EB85A000F003BE40834 ] \Device\Harddisk0\DR0\Partition6
17:49:11.0548 0x0478 \Device\Harddisk0\DR0\Partition6 - ok
17:49:11.0548 0x0478 ================ Scan generic autorun ======================
17:49:11.0742 0x0478 [ 22EBD5AE3B3220D713E544D1D3AB3FEE, 9EF058B096DAA5C6242FBEB3DF509108180B1EB1EA252E63C437CF6C1B743BE0 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
17:49:11.0933 0x0478 RTHDVCPL - ok
17:49:12.0005 0x0478 [ BE586B5D1D73E1F07ED5AADDEFBCAA47, 68D957EBE01DD369BF4E2D5D07A7EDF9408066E61056A1C4968DBF8CE5841BBE ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
17:49:12.0056 0x0478 NvBackend - ok
17:49:12.0302 0x0478 [ 19ECAAEA3CC248489FE987C10B688C0D, 967CB23A8176B3181EE2A55DFBB04A69988AB22105D4C450C5B5E729B91FAD5A ] C:\Program Files\Logitech Gaming Software\LCore.exe
17:49:12.0595 0x0478 Launch LCore - ok
17:49:12.0619 0x0478 [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
17:49:12.0631 0x0478 AdobeAAMUpdater-1.0 - ok
17:49:12.0641 0x0478 [ 0104F4CA73154C23FFB449501F6D2D53, 0610AC01C06CC15D67F11C0EE00097A4D0A56B9EED16489FD3306EC2E1E6F301 ] C:\Program Files\Logitech\Gaming Software\LWEMon.exe
17:49:12.0654 0x0478 Start WingMan Profiler - ok
17:49:12.0678 0x0478 [ 5E7601CCBC2A98A4457E50612E0AEE73, 3F5FDCF1BEC5B134433F62ADD5C2931F700F2B7CBEDB0A98EF1362BF6E9FAC03 ] C:\Program Files (x86)\Drakonia Configurator\hid.exe
17:49:12.0698 0x0478 GamingMouse - detected UnsignedFile.Multi.Generic ( 1 )
17:49:12.0919 0x0478 GamingMouse ( UnsignedFile.Multi.Generic ) - warning
17:49:13.0096 0x0478 [ F8A8125BF28F03D79CDEA5B0B69FF60B, 13E5DE36EB61384B0726447442F0CE4838C20E4F3F730B9B9BB84A2020A68A82 ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
17:49:13.0123 0x0478 IJNetworkScannerSelectorEX - ok
17:49:13.0146 0x0478 [ 33BEA9023A6F47492889269E2C541D34, 7478C3F2653C0B07C981BA8B47A56595BE5910FDA63775AA91247B3DF947B89B ] C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe
17:49:13.0162 0x0478 Blackcomb - detected UnsignedFile.Multi.Generic ( 1 )
17:49:13.0307 0x0478 Blackcomb ( UnsignedFile.Multi.Generic ) - warning
17:49:13.0422 0x0478 OneDriveSetup - ok
17:49:13.0427 0x0478 OneDriveSetup - ok
17:49:13.0546 0x0478 [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
17:49:13.0624 0x0478 DAEMON Tools Lite - ok
17:49:13.0694 0x0478 [ DE664BEED7C0AFD37E78A8B44AE08112, ED1469112F43D0B91524281CB4DC19974D99515EEFFA095E9B9599739916C8B3 ] C:\Program Files (x86)\Origin\Origin.exe
17:49:13.0750 0x0478 EADM - ok
17:49:13.0789 0x0478 [ 131410FC40F1AC25ECA8EF7C321C5DEE, 77BF2476C38A059E93A53A0EADC3163AA545915B7D37039EAA43E33E17D64673 ] C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
17:49:13.0813 0x0478 Spotify Web Helper - ok
17:49:13.0878 0x0478 [ AAE92457F50F4DD74E2D502ADB9549EE, 70C8FBE410FE388D6B85334215EBE3393C16E8F8B19F5A8BA50DB6DF23196D50 ] C:\Users\Princhi\AppData\Local\Microsoft\OneDrive\OneDrive.exe
17:49:13.0911 0x0478 OneDrive - ok
17:49:13.0938 0x0478 [ 1AF1360E070BD8EA402F793EF6FBAAEB, B20EDEFCFDEA5721A615E88F6B0448BEFEC79B76986A0065F20CEC1576D3C354 ] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
17:49:13.0945 0x0478 ISUSPM - ok
17:49:14.0139 0x0478 [ F81F345586F08409752FC89EE3C02B17, 64D6F5D290C53DA2867205B659C4EFFF245194E2ACA764CC88D32594A9EA5D56 ] C:\Program Files\CCleaner\CCleaner64.exe
17:49:14.0345 0x0478 CCleaner Monitoring - ok
17:49:14.0351 0x0478 Waiting for KSN requests completion. In queue: 24
17:49:15.0381 0x0478 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
17:49:15.0388 0x0478 Win FW state via NFP2: enabled ( trusted )
17:49:15.0496 0x0478 ============================================================
17:49:15.0496 0x0478 Scan finished
17:49:15.0496 0x0478 ============================================================
17:49:15.0512 0x1094 Detected object count: 4
17:49:15.0512 0x1094 Actual detected object count: 4
17:50:22.0749 0x1094 WinSAPSvc ( UDS:DangerousObject.Multi.Generic ) - skipped by user
17:50:22.0749 0x1094 WinSAPSvc ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
17:50:22.0749 0x1094 Zerzitain ( UDS:DangerousObject.Multi.Generic ) - skipped by user
17:50:22.0749 0x1094 Zerzitain ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
17:50:22.0750 0x1094 GamingMouse ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0750 0x1094 GamingMouse ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:50:22.0750 0x1094 Blackcomb ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0750 0x1094 Blackcomb ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
08.03.2017, 18:07
| #5 | |
| /// TB-Ausbilder | Adware Adw Cleaner hilft nicht Google Chrome infiziert Servus, wie lange hast du schon Probleme mit Adware? wieso postest du mir nie die Logdateien, in denen steht, was AdwCleaner entfernt hat? Stattdessen postest du nur die Logdateien mit den Suchläufen... wir beginnen jetzt erst mit MABM. bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Schritt 1 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
08.03.2017, 19:19
| #6 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziert Probleme dürfte ich schon so ein halbes Jahr haben. Oh das tut mir Leid dachte es wäre das gleiche, da ich ja den adwCleaner mehrmals gestartet habe. Die Log datei von MBAM ist zu groß, wie soll ich die aufteilen? Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 18:55:56
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-07.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Princhi - EPONA
# Gestartet von : C:\Users\Princhi\Desktop\adwcleaner_6.044.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
[-] Dienst gelöscht: Kyubey
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Users\Princhi\AppData\Roaming\aMule
[-] Ordner gelöscht: C:\Users\Princhi\AppData\Roaming\Kyubey
[-] Ordner gelöscht: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\WinSnare
[-] Schlüssel gelöscht: HKLM\SOFTWARE\ScreenShot
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\WinSnare
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Browser ] *****
[-] [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1] [startup_urls] Gelöscht: hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
[-] [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1] [favicon_url] Gelöscht: hxxp://www.startpageing123.com/searchfavicon.ico
[-] [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1] [homepage] Gelöscht: hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Image File Execution Options" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Firewall Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39]
C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02]
C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04]
C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01]
C:\AdwCleaner\AdwCleaner[C13].txt - [11139 Bytes] - [08/03/2017 16:31:51]
C:\AdwCleaner\AdwCleaner[C14].txt - [10112 Bytes] - [08/03/2017 17:18:06]
C:\AdwCleaner\AdwCleaner[C15].txt - [6236 Bytes] - [08/03/2017 17:21:07]
C:\AdwCleaner\AdwCleaner[C16].txt - [3845 Bytes] - [08/03/2017 18:55:56]
C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19]
C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49]
C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32]
C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03]
C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43]
C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42]
C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22]
C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29]
C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27]
C:\AdwCleaner\AdwCleaner[S16].txt - [12979 Bytes] - [08/03/2017 16:29:46]
C:\AdwCleaner\AdwCleaner[S17].txt - [12917 Bytes] - [08/03/2017 16:30:35]
C:\AdwCleaner\AdwCleaner[S18].txt - [11529 Bytes] - [08/03/2017 17:17:02]
C:\AdwCleaner\AdwCleaner[S19].txt - [6029 Bytes] - [08/03/2017 17:20:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45]
C:\AdwCleaner\AdwCleaner[S20].txt - [5889 Bytes] - [08/03/2017 18:55:13]
C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26]
C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38]
########## EOF - C:\AdwCleaner\AdwCleaner[C16].txt - [6132 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Pro x64
Ran by Princhi (Administrator) on 08.03.2017 at 19:00:30,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Successfully deleted: C:\ProgramData\1414928027.bdinstall.bin (File)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.03.2017 at 19:01:43,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
durchgeführt von Princhi (Administrator) auf EPONA (08-03-2017 19:03:42)
Gestartet von C:\Users\Princhi\Desktop
Geladene Profile: Princhi (Verfügbare Profile: Princhi)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [Blackcomb] => C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe [131072 2011-02-11] (Samsung Electronics.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1206784 2016-08-12] (Cisco Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-21] (Electronic Arts)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [Spotify Web Helper] => C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-24] (Spotify Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
Startup: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{11c06b9c-c7a3-42f0-b493-0dcb6de1d03f}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{1920ae60-1c7d-4c3e-8d02-ba2d7909bffb}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4aa061a8-dd76-4dde-ab8c-36f40625fc51}: [DhcpNameServer] 139.7.30.126 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> hxxp://www.google.com
FireFox:
========
FF DefaultProfile: 3d6ithxa.default
FF ProfilePath: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default [2017-03-08]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2017-03-08] [ist nicht signiert]
FF Extension: (English (US) Language Pack) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-01-20] [ist nicht signiert]
FF SearchPlugin: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\searchplugins\startsearch.xml [2017-03-02]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @gametree.co.kr/GTL -> C:\ProgramData\Gametree\GTL\npGTL.dll [2013-06-13] (NtreevSoft)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/
CHR DefaultSearchURL: Profile 1 -> hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> startpageing123
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-08]
CHR Extension: (Google Präsentationen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-18]
CHR Extension: (Google Docs) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Google Drive) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (YouTube) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (Adblock Plus) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-17]
CHR Extension: (Google Tabellen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Google Mail) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
CHR Extension: (pumpkin) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkigkiflejlmpibnlecfdgkhjijgkoao [2016-10-19]
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-10]
StartMenuInternet: Google Chrome - Chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 HmaOpenVpnService; D:\Programme\HMA! Pro VPN\bin\openvpnserv.exe [46688 2016-09-23] (The OpenVPN Project)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.)
S2 Ntp2NetSvc; C:\Program Files (x86)\notepad2\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 Ntp2UpSvc; C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-02-21] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-02-21] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)
S2 Zerzitain; C:\Program Files (x86)\Clerack\Grshlp.dll [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 C2XXCOM; C:\WINDOWS\system32\DRIVERS\C2XXCOM76.sys [49920 2010-08-09] (Samsung Electronics)
S3 C2xxUSB; C:\WINDOWS\system32\DRIVERS\C2xxUSB76.sys [46080 2010-11-04] (Samsung Electronics)
S3 C2xxUsbStorage; C:\WINDOWS\system32\DRIVERS\C2xSTR76.sys [9216 2010-06-10] (Samsung Electronics)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-11-19] (Disc Soft Ltd)
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [27136 2016-09-23] (The OpenVPN Project)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [20128 2017-02-28] () [Datei ist nicht signiert]
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-08-15] (Wellbia.com Co., Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 19:03 - 2017-03-08 19:03 - 00018947 _____ C:\Users\Princhi\Desktop\FRST.txt
2017-03-08 19:01 - 2017-03-08 19:01 - 00000619 _____ C:\Users\Princhi\Desktop\JRT.txt
2017-03-08 18:59 - 2017-03-08 18:59 - 01663736 _____ (Malwarebytes) C:\Users\Princhi\Desktop\JRT.exe
2017-03-08 18:58 - 2017-03-08 18:59 - 01663736 _____ (Malwarebytes) C:\Users\Princhi\Downloads\JRT.exe
2017-03-08 18:51 - 2017-03-08 18:51 - 00819352 _____ C:\Users\Princhi\Desktop\mbam.txt
2017-03-08 18:21 - 2017-03-08 18:56 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-08 18:20 - 2017-03-08 18:56 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 18:20 - 2017-03-08 18:56 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-08 18:20 - 2017-03-08 18:56 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-08 18:20 - 2017-03-08 18:20 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-08 18:20 - 2017-03-08 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-08 18:20 - 2017-03-08 18:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-08 18:20 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-08 18:19 - 2017-03-08 18:19 - 57131432 _____ (Malwarebytes ) C:\Users\Princhi\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 18:15 - 2017-03-08 18:19 - 57131432 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 17:41 - 2017-03-08 18:08 - 00080986 _____ C:\TDSSKiller.3.1.0.12_08.03.2017_17.41.13_log.txt
2017-03-08 17:39 - 2017-03-08 17:39 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Princhi\Downloads\tdsskiller.exe
2017-03-08 17:32 - 2017-03-08 17:33 - 00065691 _____ C:\Users\Princhi\Downloads\Addition.txt
2017-03-08 17:31 - 2017-03-08 19:03 - 00000000 ____D C:\FRST
2017-03-08 17:31 - 2017-03-08 17:33 - 00042386 _____ C:\Users\Princhi\Downloads\FRST.txt
2017-03-08 17:24 - 2017-03-08 17:24 - 02423808 _____ (Farbar) C:\Users\Princhi\Desktop\FRST64.exe
2017-03-08 17:21 - 2017-03-08 17:21 - 00000000 ____D C:\Program Files (x86)\g6z3smzu
2017-03-08 17:18 - 2017-03-08 17:18 - 00000000 ____D C:\Program Files (x86)\r7nsqjwp
2017-03-08 16:45 - 2017-03-08 16:46 - 22851472 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mbam-setup-2.2.1.1043.exe
2017-03-08 16:39 - 2017-03-08 16:40 - 02870984 _____ (ESET) C:\Users\Princhi\Downloads\esetsmartinstaller_deu.exe
2017-03-08 16:32 - 2017-03-08 16:32 - 00000000 ____D C:\Program Files (x86)\wiv1520h
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Users\Princhi\AppData\Local\Footper
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Program Files (x86)\Footper
2017-03-08 16:21 - 2017-03-08 16:21 - 00000000 ____D C:\Program Files (x86)\58C02182_cacayima
2017-03-08 16:18 - 2017-03-08 16:18 - 00000000 ____D C:\Program Files (x86)\cq7yrhql
2017-03-07 17:37 - 2017-03-07 17:38 - 00124970 _____ C:\Users\Princhi\Downloads\IMG_20170307_0001.pdf
2017-03-07 17:33 - 2017-03-07 17:33 - 00124970 _____ C:\Users\Princhi\Desktop\IMG_20170307_0001.pdf
2017-03-07 15:41 - 2017-03-08 16:31 - 00001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-07 15:41 - 2017-03-08 16:31 - 00001201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-07 15:41 - 2017-03-07 15:41 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup (1).exe
2017-03-07 14:24 - 2017-03-07 14:24 - 00000000 ____D C:\Program Files (x86)\58BEB4A1_cacayima
2017-03-06 18:05 - 2017-03-08 16:20 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-03 11:19 - 2017-03-03 11:19 - 00000000 ____D C:\Program Files (x86)\l2n8xmuh
2017-03-02 15:14 - 2017-03-02 15:14 - 04031440 _____ C:\Users\Princhi\Desktop\adwcleaner_6.044.exe
2017-03-02 14:56 - 2017-03-06 18:05 - 00002760 _____ C:\Program Files (x86)\metadata
2017-03-01 17:31 - 2017-03-01 17:32 - 09036000 _____ (GOG.com ) C:\Users\Princhi\Downloads\setup_settlers3_2.0.0.17.exe
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\AppData\Local\TeamSpeak 3
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\.TeamSpeak 3
2017-03-01 14:42 - 2017-03-01 14:42 - 00000000 ____D C:\Program Files (x86)\5tu6g4x1
2017-03-01 14:32 - 2017-03-01 14:32 - 00000000 ____D C:\Program Files (x86)\ifrhagw1
2017-03-01 14:30 - 2017-03-01 14:30 - 00000000 ____D C:\Program Files (x86)\jqzsal0g
2017-03-01 14:27 - 2017-03-01 14:27 - 00000000 ____D C:\Program Files (x86)\8q8dwuet
2017-03-01 14:19 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\Explorer
2017-03-01 14:19 - 2017-03-08 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-01 14:19 - 2017-03-08 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-01 14:19 - 2017-03-02 15:15 - 00001180 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-28 22:11 - 2017-02-28 22:11 - 00004096 _____ C:\WINDOWS\d3dx.dat
2017-02-28 22:10 - 2017-02-28 22:10 - 00003186 _____ C:\WINDOWS\System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC}
2017-02-28 21:45 - 2017-02-28 23:30 - 00020128 _____ C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2017-02-28 21:44 - 2017-02-28 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lionhead Studios Ltd
2017-02-24 01:39 - 2017-02-24 01:39 - 00000000 ____D C:\Program Files (x86)\58AF80DE_jumpeasy
2017-02-22 14:38 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\oe387eqk
2017-02-22 14:34 - 2017-02-22 14:34 - 04015056 _____ C:\Users\Princhi\Downloads\Nicht bestätigt 889461.crdownload
2017-02-22 00:44 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsF
2017-02-21 20:43 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsE
2017-02-21 16:43 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsD
2017-02-21 12:42 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsC
2017-02-18 01:17 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsB
2017-02-17 17:33 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsA
2017-02-17 03:01 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs9
2017-02-16 23:00 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs8
2017-02-16 18:59 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs7
2017-02-16 15:21 - 2017-02-16 15:21 - 00000000 ____D C:\Program Files (x86)\notepad2
2017-02-16 14:58 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs6
2017-02-16 00:24 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs5
2017-02-15 20:22 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs4
2017-02-15 16:22 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs3
2017-02-14 21:54 - 2017-02-14 21:54 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (5).pdf
2017-02-14 19:03 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs2
2017-02-14 15:02 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs1
2017-02-14 14:06 - 2017-02-14 14:06 - 00000000 ____D C:\ProgramData\Apple Computer
2017-02-14 01:00 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{388E5277-3212-4966-9C80-AA74FB48806D}
2017-02-13 20:56 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{68006CA9-71D5-44F1-B31F-3BC092A0D854}
2017-02-13 17:39 - 2017-02-13 17:39 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (4).pdf
2017-02-13 16:54 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{C72739C5-5A2D-4BA4-8BED-EFFD0A0043BC}
2017-02-13 13:30 - 2017-02-13 13:30 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre (2).pdf
2017-02-13 13:29 - 2017-02-13 13:29 - 00460744 _____ C:\Users\Princhi\Downloads\1.04 Grundlagen des Rechts - Methodenlehre (1).pdf
2017-02-13 13:23 - 2017-02-13 13:23 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (3).pdf
2017-02-12 19:35 - 2017-02-12 19:35 - 00019905 _____ C:\Users\Princhi\Downloads\Hausarbeit_Vorlage_Iurratio_de (1).odt
2017-02-11 23:28 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{419A7AE4-8D58-40B0-A342-2955F81059AC}
2017-02-11 19:27 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{E0F5E27E-FECB-4E85-9291-9CA5DB05466E}
2017-02-11 01:46 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{99AA99DF-7123-4883-A3D8-DC13575804E1}
2017-02-10 21:45 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{3DC2C87B-4341-402E-997F-882F25652619}
2017-02-10 17:42 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{195A643B-3F0D-4A26-8AF4-00ECBBDBD436}
2017-02-10 13:43 - 2017-02-10 13:43 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup.exe
2017-02-10 13:40 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\7270h8dx
2017-02-10 13:33 - 2017-02-10 13:33 - 04015056 _____ C:\Users\Princhi\Downloads\adwcleaner_6.043.exe
2017-02-09 23:08 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{0E0D032C-C265-49D3-9E0D-3A192A88609F}
2017-02-09 19:06 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{EEA3300D-2F66-45DF-8733-453BE124C449}
2017-02-08 21:13 - 2017-02-08 21:13 - 00000000 ____D C:\Program Files (x86)\1y27en8m
2017-02-08 20:06 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\36p1ub5x
2017-02-08 19:35 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\{07586952-E21B-4637-8D80-3B78C9E59C23}
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 16:57 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 16:57 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-08 16:57 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-08 16:56 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 16:56 - 2016-12-29 14:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 15:42 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs0
2017-02-08 15:32 - 2017-02-08 15:32 - 00000000 ____D C:\Program Files (x86)\veedo5sl
2017-02-07 19:53 - 2017-02-07 19:53 - 00015226 _____ C:\Users\Princhi\Downloads\Hausarbeit.odt
2017-02-07 17:12 - 2017-03-08 18:47 - 00000000 ____D C:\Users\Princhi\AppData\Local\3
2017-02-07 17:12 - 2017-02-08 20:06 - 00000000 ____D C:\Users\Princhi\AppData\Local\2
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 19:03 - 2016-07-16 23:51 - 01092706 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 19:03 - 2016-07-16 23:51 - 00260208 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 19:03 - 2015-08-04 22:14 - 02577648 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 19:02 - 2016-04-23 01:04 - 00000000 ____D C:\Users\Princhi\AppData\Local\CrashDumps
2017-03-08 18:56 - 2016-09-05 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 18:56 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-08 18:56 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-08 18:55 - 2016-10-19 08:23 - 00000008 __RSH C:\Users\Princhi\ntuser.pol
2017-03-08 18:55 - 2016-10-18 14:25 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-08 18:55 - 2016-09-05 16:41 - 00000000 ____D C:\Users\Princhi
2017-03-08 18:55 - 2015-02-08 19:49 - 00000000 ____D C:\AdwCleaner
2017-03-08 18:47 - 2017-01-13 13:22 - 00000000 ____D C:\Users\Princhi\AppData\Local\1
2017-03-08 18:47 - 2016-09-05 16:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 18:46 - 2017-01-20 16:29 - 00000000 ____D C:\ProgramData\wintooll
2017-03-08 18:29 - 2017-01-20 16:29 - 00000000 ____D C:\ProgramData\ie8
2017-03-08 18:29 - 2016-12-26 16:49 - 00000000 ____D C:\ProgramData\jdgjd
2017-03-08 18:29 - 2016-12-26 12:49 - 00000000 ____D C:\ProgramData\gjcgj
2017-03-08 18:29 - 2016-11-18 14:54 - 00000000 ____D C:\ProgramData\cfibf
2017-03-08 18:29 - 2016-11-14 13:28 - 00000000 ____D C:\ProgramData\hbehb
2017-03-08 18:29 - 2016-11-08 15:58 - 00000000 ____D C:\ProgramData\cficf
2017-03-08 18:28 - 2016-12-19 16:01 - 00000000 ____D C:\ProgramData\haeha
2017-03-08 18:20 - 2014-12-17 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-08 18:13 - 2016-08-08 20:40 - 00000000 ____D C:\Users\Princhi\Desktop\Programme
2017-03-08 16:27 - 2014-12-26 16:00 - 00000000 ____D C:\ProgramData\Apple
2017-03-08 16:27 - 2014-11-02 14:54 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Origin
2017-03-08 16:24 - 2017-01-18 17:56 - 00001793 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-08 16:24 - 2017-01-18 17:56 - 00000000 ____D C:\Users\Princhi\AppData\LocalLow\Mozilla
2017-03-08 16:06 - 2014-11-01 23:48 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Spotify
2017-03-08 15:33 - 2014-11-02 13:20 - 00000000 ____D C:\Users\Princhi\AppData\Local\Spotify
2017-03-08 14:32 - 2014-11-02 14:45 - 00000000 ____D C:\ProgramData\Origin
2017-03-08 14:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-08 13:19 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-08 13:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-08 00:22 - 2015-01-25 19:13 - 00000000 ____D C:\Users\Princhi\AppData\Local\Battle.net
2017-03-07 17:02 - 2015-01-25 19:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-07 15:38 - 2016-10-26 18:28 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-07 13:40 - 2014-11-24 12:36 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-07 01:47 - 2016-08-08 19:33 - 00000000 ____D C:\Users\Princhi\Desktop\Games
2017-03-07 01:46 - 2016-08-08 20:42 - 00000000 ____D C:\Users\Princhi\Desktop\Daten
2017-03-04 20:17 - 2015-05-23 11:51 - 00000000 ____D C:\Users\Princhi\Documents\The Witcher 3
2017-03-03 18:32 - 2016-08-01 19:35 - 00000000 ____D C:\Users\Princhi\AppData\Local\BewerbungsMaster
2017-03-02 15:15 - 2016-06-18 17:14 - 00001042 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-03-01 19:37 - 2014-11-07 17:25 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\TS3Client
2017-03-01 15:30 - 2014-11-07 17:25 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-03-01 02:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-28 21:44 - 2015-01-25 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 00:24 - 2016-12-13 16:57 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-28 00:24 - 2015-08-04 22:26 - 00002420 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-28 00:24 - 2015-08-04 22:26 - 00000000 ___RD C:\Users\Princhi\OneDrive
2017-02-24 00:34 - 2014-10-31 14:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 15:41 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 13:55 - 2014-10-31 13:26 - 00000000 ____D C:\Users\Princhi\AppData\Local\Packages
2017-02-16 14:18 - 2017-01-19 19:06 - 00001415 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2017-02-16 13:59 - 2014-10-31 16:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-12 19:26 - 2016-04-14 12:50 - 00000000 ____D C:\Users\Princhi\AppData\Local\BlackDesertOnline
2017-02-08 16:57 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 16:57 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 22:11 - 2016-12-14 21:29 - 00000000 ____D C:\Users\Princhi\Desktop\UNI
2017-02-07 16:55 - 2016-08-24 10:17 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Skype
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 13:41 - 2016-10-28 18:07 - 00000000 ____D C:\ProgramData\ttff
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-03-02 14:56 - 2017-03-06 18:05 - 0002760 _____ () C:\Program Files (x86)\metadata
2014-10-31 14:52 - 2014-11-22 00:55 - 0000153 _____ () C:\Users\Princhi\AppData\Roaming\WB.CFG
2014-11-02 03:52 - 2014-11-22 00:55 - 0000001 _____ () C:\Users\Princhi\AppData\Local\DSI.DAT
2016-09-05 16:36 - 2016-09-05 16:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-12 21:21 - 2015-04-12 21:21 - 0004966 _____ () C:\ProgramData\wmzddnmb.cix
Einige Dateien in TEMP:
====================
2017-01-26 18:55 - 2017-01-26 18:55 - 3017720 _____ (Google) C:\Users\Princhi\AppData\Local\Temp\BAE2.exe
2017-01-12 15:23 - 2017-01-12 15:23 - 7049962 _____ () C:\Users\Princhi\AppData\Local\Temp\insEB60.tmp.exe
2016-12-28 13:43 - 2016-12-28 13:43 - 0792064 _____ (Fun Dw) C:\Users\Princhi\AppData\Local\Temp\~ct13B3.tmp.dll
2016-12-26 16:49 - 2016-12-26 16:49 - 0788480 _____ () C:\Users\Princhi\AppData\Local\Temp\~ct2775.tmp.dll
2017-01-05 14:39 - 2017-01-05 14:39 - 0361472 _____ (update) C:\Users\Princhi\AppData\Local\Temp\~ct803C.tmp.dll
2017-01-03 16:26 - 2017-01-03 16:26 - 0471552 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctB41B.tmp.dll
2017-01-03 16:28 - 2017-01-03 16:28 - 0471552 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctBFDE.tmp.dll
2016-12-26 12:49 - 2016-12-26 12:49 - 0788480 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctD52C.tmp.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-07 17:06
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-03-2017
durchgeführt von Princhi (08-03-2017 19:04:04)
Gestartet von C:\Users\Princhi\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-05 15:59:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-88799701-2343346839-193955109-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-88799701-2343346839-193955109-503 - Limited - Disabled)
Gast (S-1-5-21-88799701-2343346839-193955109-501 - Limited - Disabled)
Princhi (S-1-5-21-88799701-2343346839-193955109-1001 - Administrator - Enabled) => C:\Users\Princhi
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version: - Hyper Hippo Games)
American Truck Simulator MULTi23 - ElAmigos Version 1.3.1.1 (HKLM-x32\...\{1E1A283E-DA44-4DCB-BC57-295E54DF18CA}_is1) (Version: 1.3.1.1 - SCS Software)
amulesw (HKLM-x32\...\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8}) (Version: 1.0.5 - amules)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version: - )
Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version: - )
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.5 - Daum Games EU)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series Benutzerregistrierung (HKLM-x32\...\Canon MG6600 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CASIO FA-124 (HKLM-x32\...\{FB47E710-6249-4EFA-BE36-E922B0612AF4}) (Version: 2.04.0000 - CASIO COMPUTER CO., LTD.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.27.80.1020 - Electronic Arts Inc.)
Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dropbox (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Duke Nukem Forever (HKLM\...\Steam App 57900) (Version: - Gearbox Software)
Dying Light Ultimate Edition MULTi2 1.0 (HKLM-x32\...\Dying Light Ultimate Edition MULTi2 1.0) (Version: - )
Euro Truck Simulator 2 Demo (HKLM\...\Steam App 231120) (Version: - SCS Software)
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version: - Lionhead Studios)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version: - )
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version: - SQUARE ENIX)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
fx-Manager PLUS (90-Day Trial) (HKLM-x32\...\{80447814-A99C-415D-B019-7A825CEE064B}) (Version: 02.04.4100.0291 - CASIO COMPUTER CO., LTD.)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1242.41000 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\GameMaker-Studio14) (Version: - YoYo Games Ltd.)
Gametree Launcher (HKLM-x32\...\GTL) (Version: 3.0.26.0 - NtreevSoft)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GRID (HKLM\...\Steam App 12750) (Version: - Codemasters Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HMA! Pro VPN 3.2.13.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 3.2.13.0 - Privax Ltd)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.2 - Smith Micro)
Microsoft OneDrive (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{180b9d5a-5197-4326-bcb0-fe448086015b}) (Version: latest - ppy Pty Ltd)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PC Wizard 2015.2.14 (HKLM-x32\...\PC Wizard 2015_is1) (Version: - CPUID)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Risen 3 Titan Lords Enhanced Edition MULTI2 1.0 (HKLM-x32\...\Risen 3 Titan Lords Enhanced Edition MULTI2 1.0) (Version: - )
RPG MAKER VX Ace (HKLM-x32\...\RPG MAKER VX Ace_is1) (Version: 1.01a - )
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SABnzbd 0.7.19 (HKLM-x32\...\SABnzbd) (Version: 0.7.19 - The SABnzbd Team)
Samsung Connection Manager (HKLM-x32\...\{F3F95061-0427-4386-AB03-1556CBE52927}) (Version: 112.6 - Samsung Electronics)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{6C8C4577-8E15-4C63-96ED-D40F2072FF74}) (Version: 6.0.19.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{9C926493-16C0-438E-8E51-BC3638E29ABB}) (Version: 6.1.4.0 - Husdawg, LLC)
Tales of Symphonia Version 1.0 u3 (HKLM-x32\...\{1E213234-7E5C-42A5-8FA1-766E7728015D}_is1) (Version: 1.0 u3 - Bandai Namco Entertainment)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Sims 3 Ultimate Collection Version 1.67.2 (HKLM-x32\...\The Sims 3 Ultimate Collection_is1) (Version: 1.67.2 - EA Games)
The Witcher 3 Wild Hunt Collectors Edition Incl. Blood and Wine DLC and Update 14 MULTi2 1.22 (HKLM-x32\...\The Witcher 3 Wild Hunt Collectors Edition Incl. Blood and Wine DLC and Update 14 MULTi2 1.22) (Version: - )
The Witcher 3 Wild Hunt Collectors Edition MULTi2 1.02 (HKLM-x32\...\The Witcher 3 Wild Hunt Collectors Edition MULTi2 1.02) (Version: - )
Trillian (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Trillian) (Version: - Cerulean Studios, LLC)
Undertale version 1.0 u09.03.2016 (HKLM-x32\...\{800C5999-FCC6-4C6D-95B6-5E8574896874}_is1) (Version: 1.0 u09.03.2016 - tobyfox)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{B5761811-28F3-4257-B537-815C5EEF472C}) (Version: 3.1.2.104 - Vodafone)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
WinSnare (HKLM-x32\...\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88}) (Version: 4.2.6 - WinSnare) <==== ACHTUNG
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {004C7BCF-DF05-463F-AE87-A9037EB33295} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {091E4F5D-850A-4359-A8B8-1EBF544D3458} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {0E524B03-1D26-41B6-ABD2-F29FB4F8B41D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-24] (Microsoft Corporation)
Task: {234468EA-8B43-4B63-B02F-48719C50B1D6} - System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {2A144903-ADD3-4EDD-A7BC-CC01CE57DF84} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {339DDE55-629F-4266-B263-9F312E284E09} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {36FA50E1-D56E-483F-AEE3-3F296E349404} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {38261DF8-27F9-49FC-B90E-0716D33F9E03} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {3CA17CED-0C4E-40A1-910C-F2ECB81E40A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {4B9C0926-CF32-484A-A741-A6E2C89BC329} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {518C3D3C-C292-42AB-98EE-A7C53919E7BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {59D17917-85E1-4E2E-959F-2F02B05AA878} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Princhi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {6400C925-1181-4AF3-92E4-BBCDB19DE50E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {8B7D9CE6-6BF7-46D2-B30B-19120BEF004F} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG
Task: {AE88677F-1C9A-4A68-918B-E1DBDB57FBEB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {B5BB4BD1-F18C-40B3-8925-0E98012E2F12} - System32\Tasks\{BAAF7A63-576A-4E4E-96F8-72A8EBB68660} => pcalua.exe -a "D:\Games\The Witcher 3 Wild Hunt\Uninstall.exe"
Task: {BC244B71-84EB-45F8-AC6A-6B2969879183} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {CCE2E5E1-F1F1-4AF8-A21C-2B15C00FCB0D} - System32\Tasks\{D07A19C7-CDC4-4BD3-B00B-C2829140E6CD} => pcalua.exe -a "C:\Users\Princhi\Downloads\skse_1_07_01_installer (1).exe" -d C:\Users\Princhi\Downloads
Task: {D533BD21-EC84-4A14-AEE8-FB6F0D3FAD3B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {DDE677D5-0F3E-48FB-B0D1-BC1F907283F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E914FF3E-2FD3-4044-B9F0-21AB025188C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {EDBB1ADE-5473-442F-805C-7DD1BECAAFB9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {EECBA783-C0A0-4E58-8DB0-58F0C1052B7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f1b9b70e37832c09\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\83d1d964df0d5fea\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-01-11 21:54 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-02-22 13:36 - 2017-02-22 13:41 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 13:36 - 2017-02-22 13:41 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 13:36 - 2017-02-22 13:47 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 12:47 - 2017-02-06 12:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-09-13 19:42 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 21:54 - 2016-12-21 07:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-08-12 13:20 - 2016-08-12 13:20 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-09-15 12:55 - 2017-02-14 01:06 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-03-08 16:27 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Footper\Application\libglesv2.dll
2017-03-08 16:27 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Footper\Application\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [430]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7866 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-07-26 00:22 - 00450771 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15463 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "FlashUpdate"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{649C4E67-76FA-41B2-AC20-CB9A7DCE0AC1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{9D6995F4-621F-468C-9927-30F9F39A47E4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{74E2F077-4ACA-44FF-9E29-96287C38B293}C:\program files (x86)\footper\application\chrome.exe] => (Allow) C:\program files (x86)\footper\application\chrome.exe
FirewallRules: [UDP Query User{0DE2D777-C7B8-4F56-ACEC-AD594CA4B9C8}C:\program files (x86)\footper\application\chrome.exe] => (Allow) C:\program files (x86)\footper\application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
16-02-2017 14:18:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
22-02-2017 15:40:58 Windows Update
01-03-2017 18:18:03 Geplanter Prüfpunkt
08-03-2017 19:00:32 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/08/2017 07:02:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Princhi\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (03/08/2017 07:02:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0x25d8
Startzeit der fehlerhaften Anwendung: 0x01d298362d3bd93a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 65707c63-1cc4-4b3b-b65e-817e942c753d
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 07:00:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (03/08/2017 07:00:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.1.0.415, Zeitstempel: 0x5881b7a1
Name des fehlerhaften Moduls: CleanControllerImpl.dll_unloaded, Version: 3.1.0.264, Zeitstempel: 0x589e00c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000027f6eb
ID des fehlerhaften Prozesses: 0xe8c
Startzeit der fehlerhaften Anwendung: 0x01d2983555fe78e7
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Pfad des fehlerhaften Moduls: CleanControllerImpl.dll
Berichtskennung: c219b00f-6cd2-40a6-bb78-7ba0b1cf2a99
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 06:58:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0x1ebc
Startzeit der fehlerhaften Anwendung: 0x01d2983598b93e17
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 7cf18ed1-abbf-4898-b18a-29dd5fc488f7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 06:53:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.1.0.415, Zeitstempel: 0x5881b7a1
Name des fehlerhaften Moduls: CleanControllerImpl.dll_unloaded, Version: 3.1.0.264, Zeitstempel: 0x589e00c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000027f6eb
ID des fehlerhaften Prozesses: 0xc50
Startzeit der fehlerhaften Anwendung: 0x01d2983438819515
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Pfad des fehlerhaften Moduls: CleanControllerImpl.dll
Berichtskennung: bc02cb0f-53f9-4d47-89f3-ded91c189a6d
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 06:49:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x777cd473
ID des fehlerhaften Prozesses: 0xfc0
Startzeit der fehlerhaften Anwendung: 0x01d2983461f7e898
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: a8f715a1-ebf3-47f2-8f1e-3b7e43a015a2
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 06:10:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x71b5d473
ID des fehlerhaften Prozesses: 0x20c4
Startzeit der fehlerhaften Anwendung: 0x01d2982ee18c70eb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: aec7df4e-7327-42dc-b71a-42691c424c83
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 05:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x71b5d473
ID des fehlerhaften Prozesses: 0x2524
Startzeit der fehlerhaften Anwendung: 0x01d298286de3e0f2
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: ea0e9d83-4a79-4b89-9395-04afee92afe5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 04:35:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x6b18d473
ID des fehlerhaften Prozesses: 0x27f8
Startzeit der fehlerhaften Anwendung: 0x01d29821aa11ba98
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 343e9e7b-e84b-468b-b081-7d589bc94618
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (03/08/2017 07:00:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 06:59:53 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (03/08/2017 06:56:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Zerzitain" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.
Error: (03/08/2017 06:56:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2017 06:55:46 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2017 06:55:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/08/2017 06:55:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/08/2017 06:55:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 06:55:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Kyubey" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 06:55:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Ntp2UpSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-03-07 15:34:35.588
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-03-07 15:08:10.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-02-03 17:00:27.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-02-03 16:56:56.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-21 01:08:28.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-21 00:12:20.064
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 23:15:15.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 22:03:49.090
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 21:52:52.863
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 21:12:20.027
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 25%
Installierter physikalischer RAM: 8093.39 MB
Verfügbarer physikalischer RAM: 6055.25 MB
Summe virtueller Speicher: 9373.39 MB
Verfügbarer virtueller Speicher: 7346.22 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:390.16 GB) (Free:136.04 GB) NTFS
Drive d: (Volume) (Fixed) (Total:540.4 GB) (Free:152.65 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
08.03.2017, 20:22
| #7 |
| /// TB-Ausbilder | Adware Adw Cleaner hilft nicht Google Chrome infiziert Servus, du kannst die mbam.txt zippen (in ein .zip Archiv packen) (Rechtsklick > Senden an > zip-komprimierter Ordner) und als Anhang hochladen. |
|
08.03.2017, 20:31
| #8 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziert |
|
08.03.2017, 21:03
| #9 |
| /// TB-Ausbilder | Adware Adw Cleaner hilft nicht Google Chrome infiziert Servus, man ist da viel Adware auf deinem PC...  Du bist aktuell mein Lieblingsuser... endlich mal wieder eine Herausforderung So geht es weiter: Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR DefaultSearchURL: Profile 1 -> hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> startpageing123
S2 Zerzitain; C:\Program Files (x86)\Clerack\Grshlp.dll [X]
C:\Program Files (x86)\Clerack
2017-03-08 17:21 - 2017-03-08 17:21 - 00000000 ____D C:\Program Files (x86)\g6z3smzu
2017-03-08 17:18 - 2017-03-08 17:18 - 00000000 ____D C:\Program Files (x86)\r7nsqjwp
2017-03-08 16:45 - 2017-03-08 16:46 - 22851472 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mbam-setup-2.2.1.1043.exe
2017-03-08 16:32 - 2017-03-08 16:32 - 00000000 ____D C:\Program Files (x86)\wiv1520h
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Users\Princhi\AppData\Local\Footper
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Program Files (x86)\Footper
2017-03-08 16:21 - 2017-03-08 16:21 - 00000000 ____D C:\Program Files (x86)\58C02182_cacayima
2017-03-08 16:18 - 2017-03-08 16:18 - 00000000 ____D C:\Program Files (x86)\cq7yrhql
2017-03-07 14:24 - 2017-03-07 14:24 - 00000000 ____D C:\Program Files (x86)\58BEB4A1_cacayima
2017-03-06 18:05 - 2017-03-08 16:20 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-03 11:19 - 2017-03-03 11:19 - 00000000 ____D C:\Program Files (x86)\l2n8xmuh
2017-03-01 14:42 - 2017-03-01 14:42 - 00000000 ____D C:\Program Files (x86)\5tu6g4x1
2017-03-01 14:32 - 2017-03-01 14:32 - 00000000 ____D C:\Program Files (x86)\ifrhagw1
2017-03-01 14:30 - 2017-03-01 14:30 - 00000000 ____D C:\Program Files (x86)\jqzsal0g
2017-03-01 14:27 - 2017-03-01 14:27 - 00000000 ____D C:\Program Files (x86)\8q8dwuet
2017-03-01 14:19 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\Explorer
2017-02-24 01:39 - 2017-02-24 01:39 - 00000000 ____D C:\Program Files (x86)\58AF80DE_jumpeasy
2017-02-22 14:38 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\oe387eqk
2017-02-22 00:44 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsF
2017-02-21 20:43 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsE
2017-02-21 16:43 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsD
2017-02-21 12:42 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsC
2017-02-18 01:17 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsB
2017-02-17 17:33 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsA
2017-02-17 03:01 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs9
2017-02-16 23:00 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs8
2017-02-16 18:59 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs7
2017-02-16 14:58 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs6
2017-02-16 00:24 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs5
2017-02-15 20:22 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs4
2017-02-15 16:22 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs3
2017-02-14 19:03 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs2
2017-02-14 15:02 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs1
2017-02-14 01:00 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{388E5277-3212-4966-9C80-AA74FB48806D}
2017-02-13 20:56 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{68006CA9-71D5-44F1-B31F-3BC092A0D854}
2017-02-11 23:28 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{419A7AE4-8D58-40B0-A342-2955F81059AC}
2017-02-11 19:27 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{E0F5E27E-FECB-4E85-9291-9CA5DB05466E}
2017-02-11 01:46 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{99AA99DF-7123-4883-A3D8-DC13575804E1}
2017-02-10 21:45 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{3DC2C87B-4341-402E-997F-882F25652619}
2017-02-10 17:42 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{195A643B-3F0D-4A26-8AF4-00ECBBDBD436}
2017-02-10 13:40 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\7270h8dx
2017-02-09 23:08 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{0E0D032C-C265-49D3-9E0D-3A192A88609F}
2017-02-09 19:06 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{EEA3300D-2F66-45DF-8733-453BE124C449}
2017-02-08 21:13 - 2017-02-08 21:13 - 00000000 ____D C:\Program Files (x86)\1y27en8m
2017-02-08 20:06 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\36p1ub5x
2017-02-08 19:35 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\{07586952-E21B-4637-8D80-3B78C9E59C23}
2017-02-08 15:42 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs0
2017-02-08 15:32 - 2017-02-08 15:32 - 00000000 ____D C:\Program Files (x86)\veedo5sl
2017-02-07 17:12 - 2017-03-08 18:47 - 00000000 ____D C:\Users\Princhi\AppData\Local\3
2017-02-07 17:12 - 2017-02-08 20:06 - 00000000 ____D C:\Users\Princhi\AppData\Local\2
2017-03-08 18:55 - 2016-10-19 08:23 - 00000008 __RSH C:\Users\Princhi\ntuser.pol
2017-03-08 18:55 - 2016-10-18 14:25 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-08 18:47 - 2017-01-13 13:22 - 00000000 ____D C:\Users\Princhi\AppData\Local\1
2017-03-08 18:46 - 2017-01-20 16:29 - 00000000 ____D C:\ProgramData\wintooll
2017-03-08 18:29 - 2017-01-20 16:29 - 00000000 ____D C:\ProgramData\ie8
2017-03-08 18:29 - 2016-12-26 16:49 - 00000000 ____D C:\ProgramData\jdgjd
2017-03-08 18:29 - 2016-12-26 12:49 - 00000000 ____D C:\ProgramData\gjcgj
2017-03-08 18:29 - 2016-11-18 14:54 - 00000000 ____D C:\ProgramData\cfibf
2017-03-08 18:29 - 2016-11-14 13:28 - 00000000 ____D C:\ProgramData\hbehb
2017-03-08 18:29 - 2016-11-08 15:58 - 00000000 ____D C:\ProgramData\cficf
2017-03-08 18:28 - 2016-12-19 16:01 - 00000000 ____D C:\ProgramData\haeha
2017-02-06 13:41 - 2016-10-28 18:07 - 00000000 ____D C:\ProgramData\ttff
2015-04-12 21:21 - 2015-04-12 21:21 - 0004966 _____ () C:\ProgramData\wmzddnmb.cix
Task: {004C7BCF-DF05-463F-AE87-A9037EB33295} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {091E4F5D-850A-4359-A8B8-1EBF544D3458} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {234468EA-8B43-4B63-B02F-48719C50B1D6} - System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {2A144903-ADD3-4EDD-A7BC-CC01CE57DF84} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {339DDE55-629F-4266-B263-9F312E284E09} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {38261DF8-27F9-49FC-B90E-0716D33F9E03} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {3CA17CED-0C4E-40A1-910C-F2ECB81E40A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {518C3D3C-C292-42AB-98EE-A7C53919E7BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {6400C925-1181-4AF3-92E4-BBCDB19DE50E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {8B7D9CE6-6BF7-46D2-B30B-19120BEF004F} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG
Task: {AE88677F-1C9A-4A68-918B-E1DBDB57FBEB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {BC244B71-84EB-45F8-AC6A-6B2969879183} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {E914FF3E-2FD3-4044-B9F0-21AB025188C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {EDBB1ADE-5473-442F-805C-7DD1BECAAFB9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {EECBA783-C0A0-4E58-8DB0-58F0C1052B7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f1b9b70e37832c09\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\83d1d964df0d5fea\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [430]
FirewallRules: [TCP Query User{74E2F077-4ACA-44FF-9E29-96287C38B293}C:\program files (x86)\footper\application\chrome.exe] => (Allow) C:\program files (x86)\footper\application\chrome.exe
FirewallRules: [UDP Query User{0DE2D777-C7B8-4F56-ACEC-AD594CA4B9C8}C:\program files (x86)\footper\application\chrome.exe] => (Allow) C:\program files (x86)\footper\application\chrome.exe
C:\program files (x86)\footper
C:\Users\Princhi\AppData\Local\Stelers
Folder: C:\WINDOWS\SysWOW64\4
Folder: C:\WINDOWS\SysWOW64\3
Folder: C:\Program Files (x86)\metadata
Folder: C:\PROGRAM FILES (X86)\MICROSOFT XNA
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 3
Bitte poste mit deiner nächsten Antwort
Geändert von M-K-D-B (08.03.2017 um 21:31 Uhr) |
|
08.03.2017, 22:32
| #10 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziert Ja hab wohl doch etwas über die Jahre gesammelt, ist mir nur jetzt aufgefallen Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-03-2017
durchgeführt von Princhi (08-03-2017 21:31:03) Run:1
Gestartet von C:\Users\Princhi\Desktop
Geladene Profile: Princhi (Verfügbare Profile: Princhi)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR DefaultSearchURL: Profile 1 -> hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> startpageing123
S2 Zerzitain; C:\Program Files (x86)\Clerack\Grshlp.dll [X]
C:\Program Files (x86)\Clerack
2017-03-08 17:21 - 2017-03-08 17:21 - 00000000 ____D C:\Program Files (x86)\g6z3smzu
2017-03-08 17:18 - 2017-03-08 17:18 - 00000000 ____D C:\Program Files (x86)\r7nsqjwp
2017-03-08 16:45 - 2017-03-08 16:46 - 22851472 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mbam-setup-2.2.1.1043.exe
2017-03-08 16:32 - 2017-03-08 16:32 - 00000000 ____D C:\Program Files (x86)\wiv1520h
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Users\Princhi\AppData\Local\Footper
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Program Files (x86)\Footper
2017-03-08 16:21 - 2017-03-08 16:21 - 00000000 ____D C:\Program Files (x86)\58C02182_cacayima
2017-03-08 16:18 - 2017-03-08 16:18 - 00000000 ____D C:\Program Files (x86)\cq7yrhql
2017-03-07 14:24 - 2017-03-07 14:24 - 00000000 ____D C:\Program Files (x86)\58BEB4A1_cacayima
2017-03-06 18:05 - 2017-03-08 16:20 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-03 11:19 - 2017-03-03 11:19 - 00000000 ____D C:\Program Files (x86)\l2n8xmuh
2017-03-01 14:42 - 2017-03-01 14:42 - 00000000 ____D C:\Program Files (x86)\5tu6g4x1
2017-03-01 14:32 - 2017-03-01 14:32 - 00000000 ____D C:\Program Files (x86)\ifrhagw1
2017-03-01 14:30 - 2017-03-01 14:30 - 00000000 ____D C:\Program Files (x86)\jqzsal0g
2017-03-01 14:27 - 2017-03-01 14:27 - 00000000 ____D C:\Program Files (x86)\8q8dwuet
2017-03-01 14:19 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\Explorer
2017-02-24 01:39 - 2017-02-24 01:39 - 00000000 ____D C:\Program Files (x86)\58AF80DE_jumpeasy
2017-02-22 14:38 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\oe387eqk
2017-02-22 00:44 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsF
2017-02-21 20:43 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsE
2017-02-21 16:43 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsD
2017-02-21 12:42 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsC
2017-02-18 01:17 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsB
2017-02-17 17:33 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsA
2017-02-17 03:01 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs9
2017-02-16 23:00 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs8
2017-02-16 18:59 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs7
2017-02-16 14:58 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs6
2017-02-16 00:24 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs5
2017-02-15 20:22 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs4
2017-02-15 16:22 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs3
2017-02-14 19:03 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs2
2017-02-14 15:02 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs1
2017-02-14 01:00 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{388E5277-3212-4966-9C80-AA74FB48806D}
2017-02-13 20:56 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{68006CA9-71D5-44F1-B31F-3BC092A0D854}
2017-02-11 23:28 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{419A7AE4-8D58-40B0-A342-2955F81059AC}
2017-02-11 19:27 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{E0F5E27E-FECB-4E85-9291-9CA5DB05466E}
2017-02-11 01:46 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{99AA99DF-7123-4883-A3D8-DC13575804E1}
2017-02-10 21:45 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{3DC2C87B-4341-402E-997F-882F25652619}
2017-02-10 17:42 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{195A643B-3F0D-4A26-8AF4-00ECBBDBD436}
2017-02-10 13:40 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\7270h8dx
2017-02-09 23:08 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{0E0D032C-C265-49D3-9E0D-3A192A88609F}
2017-02-09 19:06 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{EEA3300D-2F66-45DF-8733-453BE124C449}
2017-02-08 21:13 - 2017-02-08 21:13 - 00000000 ____D C:\Program Files (x86)\1y27en8m
2017-02-08 20:06 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\36p1ub5x
2017-02-08 19:35 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\{07586952-E21B-4637-8D80-3B78C9E59C23}
2017-02-08 15:42 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs0
2017-02-08 15:32 - 2017-02-08 15:32 - 00000000 ____D C:\Program Files (x86)\veedo5sl
2017-02-07 17:12 - 2017-03-08 18:47 - 00000000 ____D C:\Users\Princhi\AppData\Local\3
2017-02-07 17:12 - 2017-02-08 20:06 - 00000000 ____D C:\Users\Princhi\AppData\Local\2
2017-03-08 18:55 - 2016-10-19 08:23 - 00000008 __RSH C:\Users\Princhi\ntuser.pol
2017-03-08 18:55 - 2016-10-18 14:25 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-08 18:47 - 2017-01-13 13:22 - 00000000 ____D C:\Users\Princhi\AppData\Local\1
2017-03-08 18:46 - 2017-01-20 16:29 - 00000000 ____D C:\ProgramData\wintooll
2017-03-08 18:29 - 2017-01-20 16:29 - 00000000 ____D C:\ProgramData\ie8
2017-03-08 18:29 - 2016-12-26 16:49 - 00000000 ____D C:\ProgramData\jdgjd
2017-03-08 18:29 - 2016-12-26 12:49 - 00000000 ____D C:\ProgramData\gjcgj
2017-03-08 18:29 - 2016-11-18 14:54 - 00000000 ____D C:\ProgramData\cfibf
2017-03-08 18:29 - 2016-11-14 13:28 - 00000000 ____D C:\ProgramData\hbehb
2017-03-08 18:29 - 2016-11-08 15:58 - 00000000 ____D C:\ProgramData\cficf
2017-03-08 18:28 - 2016-12-19 16:01 - 00000000 ____D C:\ProgramData\haeha
2017-02-06 13:41 - 2016-10-28 18:07 - 00000000 ____D C:\ProgramData\ttff
2015-04-12 21:21 - 2015-04-12 21:21 - 0004966 _____ () C:\ProgramData\wmzddnmb.cix
Task: {004C7BCF-DF05-463F-AE87-A9037EB33295} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {091E4F5D-850A-4359-A8B8-1EBF544D3458} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {234468EA-8B43-4B63-B02F-48719C50B1D6} - System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {2A144903-ADD3-4EDD-A7BC-CC01CE57DF84} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {339DDE55-629F-4266-B263-9F312E284E09} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {38261DF8-27F9-49FC-B90E-0716D33F9E03} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {3CA17CED-0C4E-40A1-910C-F2ECB81E40A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {518C3D3C-C292-42AB-98EE-A7C53919E7BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {6400C925-1181-4AF3-92E4-BBCDB19DE50E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {8B7D9CE6-6BF7-46D2-B30B-19120BEF004F} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG
Task: {AE88677F-1C9A-4A68-918B-E1DBDB57FBEB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {BC244B71-84EB-45F8-AC6A-6B2969879183} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {E914FF3E-2FD3-4044-B9F0-21AB025188C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {EDBB1ADE-5473-442F-805C-7DD1BECAAFB9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {EECBA783-C0A0-4E58-8DB0-58F0C1052B7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f1b9b70e37832c09\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\83d1d964df0d5fea\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [430]
FirewallRules: [TCP Query User{74E2F077-4ACA-44FF-9E29-96287C38B293}C:\program files (x86)\footper\application\chrome.exe] => (Allow) C:\program files (x86)\footper\application\chrome.exe
FirewallRules: [UDP Query User{0DE2D777-C7B8-4F56-ACEC-AD594CA4B9C8}C:\program files (x86)\footper\application\chrome.exe] => (Allow) C:\program files (x86)\footper\application\chrome.exe
C:\program files (x86)\footper
C:\Users\Princhi\AppData\Local\Stelers
Folder: C:\WINDOWS\SysWOW64\4
Folder: C:\WINDOWS\SysWOW64\3
Folder: C:\Program Files (x86)\metadata
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozesse erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKU\S-1-5-21-88799701-2343346839-193955109-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
Chrome DefaultSearchURL => erfolgreich entfernt
Chrome DefaultSearchKeyword => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Zerzitain => Schlüssel erfolgreich entfernt
Zerzitain => Dienst erfolgreich entfernt
"C:\Program Files (x86)\Clerack" => nicht gefunden.
C:\Program Files (x86)\g6z3smzu => erfolgreich verschoben
C:\Program Files (x86)\r7nsqjwp => erfolgreich verschoben
C:\Users\Princhi\Downloads\mbam-setup-2.2.1.1043.exe => erfolgreich verschoben
C:\Program Files (x86)\wiv1520h => erfolgreich verschoben
C:\Users\Princhi\AppData\Local\Footper => erfolgreich verschoben
C:\Program Files (x86)\Footper => erfolgreich verschoben
C:\Program Files (x86)\58C02182_cacayima => erfolgreich verschoben
C:\Program Files (x86)\cq7yrhql => erfolgreich verschoben
C:\Program Files (x86)\58BEB4A1_cacayima => erfolgreich verschoben
C:\Program Files (x86)\amulell => erfolgreich verschoben
C:\Program Files (x86)\l2n8xmuh => erfolgreich verschoben
C:\Program Files (x86)\5tu6g4x1 => erfolgreich verschoben
C:\Program Files (x86)\ifrhagw1 => erfolgreich verschoben
C:\Program Files (x86)\jqzsal0g => erfolgreich verschoben
C:\Program Files (x86)\8q8dwuet => erfolgreich verschoben
C:\Program Files (x86)\Explorer => erfolgreich verschoben
C:\Program Files (x86)\58AF80DE_jumpeasy => erfolgreich verschoben
C:\Program Files (x86)\oe387eqk => erfolgreich verschoben
C:\Program Files (x86)\cvbsF => erfolgreich verschoben
C:\Program Files (x86)\cvbsE => erfolgreich verschoben
C:\Program Files (x86)\cvbsD => erfolgreich verschoben
C:\Program Files (x86)\cvbsC => erfolgreich verschoben
C:\Program Files (x86)\cvbsB => erfolgreich verschoben
C:\Program Files (x86)\cvbsA => erfolgreich verschoben
C:\Program Files (x86)\cvbs9 => erfolgreich verschoben
C:\Program Files (x86)\cvbs8 => erfolgreich verschoben
C:\Program Files (x86)\cvbs7 => erfolgreich verschoben
C:\Program Files (x86)\cvbs6 => erfolgreich verschoben
C:\Program Files (x86)\cvbs5 => erfolgreich verschoben
C:\Program Files (x86)\cvbs4 => erfolgreich verschoben
C:\Program Files (x86)\cvbs3 => erfolgreich verschoben
C:\Program Files (x86)\cvbs2 => erfolgreich verschoben
C:\Program Files (x86)\cvbs1 => erfolgreich verschoben
C:\Program Files (x86)\{388E5277-3212-4966-9C80-AA74FB48806D} => erfolgreich verschoben
C:\Program Files (x86)\{68006CA9-71D5-44F1-B31F-3BC092A0D854} => erfolgreich verschoben
C:\Program Files (x86)\{419A7AE4-8D58-40B0-A342-2955F81059AC} => erfolgreich verschoben
C:\Program Files (x86)\{E0F5E27E-FECB-4E85-9291-9CA5DB05466E} => erfolgreich verschoben
C:\Program Files (x86)\{99AA99DF-7123-4883-A3D8-DC13575804E1} => erfolgreich verschoben
C:\Program Files (x86)\{3DC2C87B-4341-402E-997F-882F25652619} => erfolgreich verschoben
C:\Program Files (x86)\{195A643B-3F0D-4A26-8AF4-00ECBBDBD436} => erfolgreich verschoben
C:\Program Files (x86)\7270h8dx => erfolgreich verschoben
C:\Program Files (x86)\{0E0D032C-C265-49D3-9E0D-3A192A88609F} => erfolgreich verschoben
C:\Program Files (x86)\{EEA3300D-2F66-45DF-8733-453BE124C449} => erfolgreich verschoben
C:\Program Files (x86)\1y27en8m => erfolgreich verschoben
C:\Program Files (x86)\36p1ub5x => erfolgreich verschoben
C:\Program Files (x86)\{07586952-E21B-4637-8D80-3B78C9E59C23} => erfolgreich verschoben
C:\Program Files (x86)\cvbs0 => erfolgreich verschoben
C:\Program Files (x86)\veedo5sl => erfolgreich verschoben
C:\Users\Princhi\AppData\Local\3 => erfolgreich verschoben
C:\Users\Princhi\AppData\Local\2 => erfolgreich verschoben
C:\Users\Princhi\ntuser.pol => erfolgreich verschoben
C:\ProgramData\ntuser.pol => erfolgreich verschoben
C:\Users\Princhi\AppData\Local\1 => erfolgreich verschoben
C:\ProgramData\wintooll => erfolgreich verschoben
C:\ProgramData\ie8 => erfolgreich verschoben
C:\ProgramData\jdgjd => erfolgreich verschoben
C:\ProgramData\gjcgj => erfolgreich verschoben
C:\ProgramData\cfibf => erfolgreich verschoben
C:\ProgramData\hbehb => erfolgreich verschoben
C:\ProgramData\cficf => erfolgreich verschoben
C:\ProgramData\haeha => erfolgreich verschoben
C:\ProgramData\ttff => erfolgreich verschoben
C:\ProgramData\wmzddnmb.cix => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{004C7BCF-DF05-463F-AE87-A9037EB33295} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{004C7BCF-DF05-463F-AE87-A9037EB33295} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{091E4F5D-850A-4359-A8B8-1EBF544D3458} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{091E4F5D-850A-4359-A8B8-1EBF544D3458} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{234468EA-8B43-4B63-B02F-48719C50B1D6} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{234468EA-8B43-4B63-B02F-48719C50B1D6} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{438F159D-A759-457B-A222-FD5013D632EC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A144903-ADD3-4EDD-A7BC-CC01CE57DF84} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A144903-ADD3-4EDD-A7BC-CC01CE57DF84} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{339DDE55-629F-4266-B263-9F312E284E09} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{339DDE55-629F-4266-B263-9F312E284E09} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38261DF8-27F9-49FC-B90E-0716D33F9E03} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38261DF8-27F9-49FC-B90E-0716D33F9E03} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CA17CED-0C4E-40A1-910C-F2ECB81E40A8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CA17CED-0C4E-40A1-910C-F2ECB81E40A8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{518C3D3C-C292-42AB-98EE-A7C53919E7BC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{518C3D3C-C292-42AB-98EE-A7C53919E7BC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6400C925-1181-4AF3-92E4-BBCDB19DE50E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6400C925-1181-4AF3-92E4-BBCDB19DE50E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B7D9CE6-6BF7-46D2-B30B-19120BEF004F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B7D9CE6-6BF7-46D2-B30B-19120BEF004F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE88677F-1C9A-4A68-918B-E1DBDB57FBEB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE88677F-1C9A-4A68-918B-E1DBDB57FBEB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC244B71-84EB-45F8-AC6A-6B2969879183} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC244B71-84EB-45F8-AC6A-6B2969879183} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E914FF3E-2FD3-4044-B9F0-21AB025188C3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E914FF3E-2FD3-4044-B9F0-21AB025188C3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDBB1ADE-5473-442F-805C-7DD1BECAAFB9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDBB1ADE-5473-442F-805C-7DD1BECAAFB9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EECBA783-C0A0-4E58-8DB0-58F0C1052B7C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EECBA783-C0A0-4E58-8DB0-58F0C1052B7C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel erfolgreich entfernt
C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => erfolgreich verschoben
C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f1b9b70e37832c09\Google Chrome.lnk => erfolgreich verschoben
C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\83d1d964df0d5fea\Google Chrome.lnk => erfolgreich verschoben
C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => erfolgreich verschoben
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => erfolgreich verschoben
C:\Users\Public\Desktop\Google Chrome.lnk => erfolgreich verschoben
C:\ProgramData\TEMP => ":FB6A21E3" ADS erfolgreich entfernt.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{74E2F077-4ACA-44FF-9E29-96287C38B293}C:\program files (x86)\footper\application\chrome.exe => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0DE2D777-C7B8-4F56-ACEC-AD594CA4B9C8}C:\program files (x86)\footper\application\chrome.exe => Wert erfolgreich entfernt
"C:\program files (x86)\footper" => nicht gefunden.
"C:\Users\Princhi\AppData\Local\Stelers" => nicht gefunden.
========================= Folder: C:\WINDOWS\SysWOW64\4 ========================
C:\WINDOWS\SysWOW64\4 => Datei
====== Ende von Folder: ======
========================= Folder: C:\WINDOWS\SysWOW64\3 ========================
C:\WINDOWS\SysWOW64\3 => Datei
====== Ende von Folder: ======
========================= Folder: C:\Program Files (x86)\metadata ========================
C:\Program Files (x86)\metadata => Datei
====== Ende von Folder: ======
========= dir "%ProgramFiles%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2E64-430F
Verzeichnis von C:\Program Files
08.03.2017 18:20 <DIR> .
08.03.2017 18:20 <DIR> ..
02.11.2014 12:37 <DIR> Bitdefender
26.12.2014 16:00 <DIR> Bonjour
25.12.2015 14:42 <DIR> Canon
18.10.2016 14:28 <DIR> CCleaner
05.09.2016 17:30 <DIR> CMAK
18.10.2016 14:51 <DIR> Common Files
12.01.2017 00:37 <DIR> Internet Explorer
16.04.2016 23:47 <DIR> Logitech
26.12.2014 16:00 <DIR> Logitech Gaming Software
08.03.2017 18:20 <DIR> Malwarebytes
05.09.2016 17:24 <DIR> MSBuild
24.12.2014 15:54 <DIR> Nexus Mod Manager
08.02.2017 16:56 <DIR> NVIDIA Corporation
31.08.2016 23:10 <DIR> OBS
10.11.2014 16:03 <DIR> OpenOffice 4.1.1 (de) Installation Files
01.04.2015 19:56 <DIR> Prison Architect
05.09.2016 16:36 <DIR> Realtek
05.09.2016 17:24 <DIR> Reference Assemblies
06.09.2015 19:03 <DIR> Tablet
18.01.2015 19:06 <DIR> TabletPlugins
01.03.2017 15:30 <DIR> TeamSpeak 3 Client
13.09.2016 19:49 <DIR> Windows Defender
29.09.2016 22:25 <DIR> Windows Defender Advanced Threat Protection
13.10.2016 19:57 <DIR> Windows Mail
27.10.2016 23:23 <DIR> Windows Media Player
16.07.2016 12:47 <DIR> Windows Multimedia Platform
05.09.2016 16:59 <DIR> Windows NT
13.10.2016 19:57 <DIR> Windows Photo Viewer
16.07.2016 12:47 <DIR> Windows Portable Devices
16.07.2016 12:47 <DIR> WindowsPowerShell
31.10.2014 15:44 <DIR> WinRAR
0 Datei(en), 0 Bytes
33 Verzeichnis(se), 149.635.100.672 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramFiles(x86)%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2E64-430F
Verzeichnis von C:\Program Files (x86)
08.03.2017 21:31 <DIR> .
08.03.2017 21:31 <DIR> ..
03.02.2017 16:45 <DIR> 3jq34c24
12.12.2016 16:11 <DIR> 5vfzp0oa
07.12.2016 20:05 <DIR> 7dzsnilj
18.01.2017 21:51 <DIR> 9ed212pd
22.01.2017 13:41 <DIR> 9mivm68y
18.10.2016 14:23 <DIR> Adobe
18.10.2016 14:23 <DIR> Audacity
07.03.2017 17:02 <DIR> Battle.net
18.10.2016 14:23 <DIR> Bonjour
18.10.2016 14:23 <DIR> Canon
18.10.2016 14:23 <DIR> CASIO
01.11.2016 16:39 <DIR> Cisco
18.10.2016 14:23 <DIR> CMAK
18.10.2016 14:23 <DIR> CodeBlocks
28.02.2017 21:42 <DIR> Common Files
18.10.2016 14:23 <DIR> CPUID
18.10.2016 14:23 <DIR> DAEMON Tools Lite
18.10.2016 14:23 <DIR> Drakonia Configurator
18.10.2016 14:23 <DIR> Evernote
18.10.2016 14:23 <DIR> Google
01.12.2016 16:09 <DIR> Hearthstone
12.01.2017 00:37 <DIR> Internet Explorer
18.10.2016 14:23 <DIR> Java
12.11.2016 17:11 <DIR> l9hfc0lu
06.03.2017 18:05 2.760 metadata
18.10.2016 14:23 <DIR> Microsoft Office
18.10.2016 14:23 <DIR> Microsoft XNA
18.10.2016 14:23 <DIR> Microsoft.NET
18.10.2016 14:23 <DIR> Mobile Partner
13.01.2017 21:24 <DIR> MouseRecorder
18.10.2016 14:23 <DIR> MSBuild
03.01.2017 16:26 <DIR> mup1dg4v
18.10.2016 14:23 <DIR> NCSOFT
18.10.2016 14:23 <DIR> NCWest
16.02.2017 15:21 <DIR> notepad2
08.02.2017 16:56 <DIR> NVIDIA Corporation
18.10.2016 14:23 <DIR> OBS
18.10.2016 14:23 <DIR> OpenOffice 4
07.03.2017 13:40 <DIR> Origin
02.02.2017 20:54 <DIR> Origin Games
18.10.2016 14:23 <DIR> PCSX2 1.4.0
18.10.2016 14:23 <DIR> Reference Assemblies
18.10.2016 14:23 <DIR> SABnzbd
18.10.2016 14:23 <DIR> Samsung Connection Manager
17.12.2016 13:08 <DIR> Skype
18.10.2016 14:23 <DIR> Sony
01.11.2016 15:18 <DIR> st2qnxas
16.02.2017 13:59 <DIR> Steam
18.10.2016 14:23 <DIR> SystemRequirementsLab
18.10.2016 14:23 <DIR> TabletPlugins
03.02.2017 17:40 <DIR> TeamViewer
26.12.2016 12:47 <DIR> usir3bcv
18.10.2016 14:23 <DIR> VideoLAN
18.10.2016 14:23 <DIR> Vodafone
08.02.2017 16:57 <DIR> VulkanRT
13.09.2016 19:49 <DIR> Windows Defender
18.10.2016 14:23 <DIR> Windows Mail
27.10.2016 23:23 <DIR> Windows Media Player
18.10.2016 14:23 <DIR> Windows Multimedia Platform
18.10.2016 14:23 <DIR> Windows NT
18.10.2016 14:23 <DIR> Windows Photo Viewer
18.10.2016 14:23 <DIR> Windows Portable Devices
18.10.2016 14:23 <DIR> WindowsPowerShell
26.10.2016 18:23 <DIR> x3o9achi
20.12.2016 14:14 <DIR> z91a12n4
10.11.2016 18:32 <DIR> {39B8E62D-C3E1-4E5D-916B-4C09E3BFD79E}
10.11.2016 18:32 <DIR> {8EC75265-1107-46A4-B15D-E5E78F686B1E}
10.11.2016 18:32 <DIR> {91DAAF58-54C3-46E5-9F1E-D4614D6AE963}
22.02.2017 14:38 <DIR> {C72739C5-5A2D-4BA4-8BED-EFFD0A0043BC}
1 Datei(en), 2.760 Bytes
70 Verzeichnis(se), 149.635.039.232 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramData%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2E64-430F
Verzeichnis von C:\ProgramData
24.03.2016 21:08 <DIR> .mono
04.04.2015 23:19 <DIR> Adobe
08.03.2017 16:27 <DIR> Apple
14.02.2017 14:06 <DIR> Apple Computer
18.10.2016 14:23 <DIR> AVAST Software
18.10.2016 14:23 <DIR> Avg
18.10.2016 14:23 <DIR> Avira
24.03.2016 14:50 <DIR> Battle.net
31.10.2014 16:36 <DIR> BDLogging
01.12.2016 14:32 <DIR> bfibe
02.11.2014 12:37 <DIR> Bitdefender
31.03.2015 10:46 <DIR> Blizzard Entertainment
17.07.2016 13:15 <DIR> BlueStacksSetup
04.02.2017 00:47 <DIR> boost_interprocess
25.12.2015 14:43 <DIR> Canon IJ Network Tool
25.12.2015 14:42 <DIR> CanonIJWSpt
07.04.2016 14:12 <DIR> CASIO
01.11.2016 16:39 <DIR> Cisco
03.09.2016 12:19 <DIR> Codemasters
16.07.2016 12:47 <DIR> Comms
19.11.2014 12:03 <DIR> DAEMON Tools Lite
07.12.2016 20:06 <DIR> dgadg
10.11.2016 19:33 <DIR> dgjcg
08.12.2016 17:08 <DIR> ehaeh
28.03.2015 12:04 <DIR> Electronic Arts
25.03.2016 22:50 <DIR> Gametree
08.01.2015 20:31 <DIR> Glyph
17.01.2016 00:43 <DIR> Hi-Rez Studios
10.12.2016 12:51 <DIR> Jagex
26.12.2014 16:00 <DIR> LogiShrd
13.03.2016 14:14 <DIR> Macrovision
08.03.2017 18:20 <DIR> Malwarebytes
05.09.2016 17:02 <DIR> Microsoft OneDrive
13.01.2017 21:24 <DIR> MouseRecorder
26.04.2015 15:10 <DIR> Movavi
08.03.2017 21:31 <DIR> NVIDIA
08.02.2017 16:57 <DIR> NVIDIA Corporation
08.02.2015 19:40 <DIR> Oracle
08.03.2017 14:32 <DIR> Origin
31.08.2016 23:11 <DIR> Package Cache
05.09.2016 16:47 <DIR> regid.1986-12.com.adobe
05.09.2016 16:36 <DIR> regid.1991-06.com.microsoft
18.01.2017 15:36 <DIR> Skype
25.01.2015 20:34 <DIR> Smith Micro
16.07.2016 12:47 <DIR> SoftwareDistribution
20.12.2014 19:06 <DIR> Sony
01.11.2014 14:15 <DIR> Sun
10.01.2016 21:28 <DIR> SYSTEMAX Software Development
01.11.2014 14:18 <DIR> SystemRequirementsLab
16.04.2016 23:41 <DIR> TEMP
05.09.2016 17:01 <DIR> USOPrivate
05.09.2016 17:01 <DIR> USOShared
0 Datei(en), 0 Bytes
52 Verzeichnis(se), 149.634.981.888 Bytes frei
========= Ende von CMD: =========
========= dir "%Appdata%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2E64-430F
Verzeichnis von C:\Users\Princhi\AppData\Roaming
08.03.2017 18:55 <DIR> .
08.03.2017 18:55 <DIR> ..
24.03.2016 21:08 <DIR> .mono
05.04.2015 00:08 <DIR> Adobe
11.12.2016 01:15 <DIR> Audacity
14.02.2016 12:22 <DIR> Awesomium
19.03.2015 03:38 <DIR> B811151F-8DD6-4B32-9FE4-DEDABBFD9935
24.03.2016 14:50 <DIR> Battle.net
25.05.2016 15:38 <DIR> Canon
07.04.2016 14:13 <DIR> CASIO
27.01.2015 20:13 <DIR> CELSYS
26.06.2016 15:44 <DIR> CodeBlocks
18.10.2016 14:30 <DIR> DAEMON Tools Lite
13.06.2015 22:59 <DIR> Dropbox
03.02.2017 22:16 <DIR> DS4Windows
24.05.2015 17:43 <DIR> dvdcss
06.09.2016 11:49 <DIR> Easeware
18.01.2017 17:56 <DIR> Firefox
30.08.2015 18:30 <DIR> Fran_Bow
13.09.2016 18:08 <DIR> GameMaker-Studio
23.11.2015 23:23 <DIR> Guild Wars 2
19.03.2015 16:06 <DIR> Identities
09.09.2015 20:45 <DIR> Leadertech
26.12.2014 15:59 <DIR> Logishrd
26.12.2014 15:59 <DIR> Logitech
31.10.2014 13:29 <DIR> Macromedia
14.03.2016 16:15 <DIR> Macrovision
01.04.2015 22:05 <DIR> MingGuan
13.01.2017 23:11 <DIR> Mouse Recorder
12.04.2015 21:53 <DIR> Movavi
18.01.2017 17:56 <DIR> Mozilla
31.10.2014 17:28 <DIR> NCSOFT
18.10.2016 14:26 <DIR> Notepad++
20.12.2014 19:13 <DIR> NVIDIA
12.01.2017 19:26 <DIR> OBS
05.09.2016 13:04 <DIR> obs-studio
10.11.2014 16:09 <DIR> OpenOffice
08.03.2017 16:27 <DIR> Origin
18.10.2016 14:22 <DIR> Profiles
20.12.2014 19:13 <DIR> Publish Providers
31.10.2014 15:59 <DIR> QuickScan
05.03.2016 17:10 <DIR> Riot Games
07.02.2017 16:55 <DIR> Skype
21.05.2016 19:13 <DIR> SmartSteamEmu
25.01.2015 20:36 <DIR> Smith Micro
31.12.2014 19:13 <DIR> Sony
08.03.2017 16:06 <DIR> Spotify
20.05.2016 15:20 <DIR> StardewValley
29.06.2016 16:55 <DIR> Steam
10.01.2016 21:28 <DIR> SYSTEMAX Software Development
10.12.2016 12:41 <DIR> TeamViewer
06.09.2016 12:01 <DIR> Trillian
29.12.2014 16:10 <DIR> Tropico 5
01.03.2017 19:37 <DIR> TS3Client
01.02.2017 13:35 <DIR> vlc
22.11.2014 00:55 153 WB.CFG
22.11.2014 16:01 <DIR> WinFixex
02.11.2014 11:37 <DIR> WinRAR
25.01.2015 20:41 <DIR> WTablet
1 Datei(en), 153 Bytes
58 Verzeichnis(se), 149.634.924.544 Bytes frei
========= Ende von CMD: =========
========= dir "%LocalAppdata%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2E64-430F
Verzeichnis von C:\Users\Princhi\AppData\Local
08.03.2017 21:31 <DIR> .
08.03.2017 21:31 <DIR> ..
17.01.2017 17:19 <DIR> 0
27.03.2016 10:39 <DIR> ActiveSync
06.04.2015 20:35 <DIR> Adobe
01.04.2015 20:42 <DIR> Apps
05.09.2016 20:35 <DIR> assembly
22.04.2016 22:31 <DIR> BANDAI NAMCO Games
08.03.2017 00:22 <DIR> Battle.net
03.03.2017 18:32 <DIR> BewerbungsMaster
12.02.2017 19:26 <DIR> BlackDesertOnline
24.12.2014 15:54 <DIR> Black_Tree_Gaming
31.01.2015 19:32 <DIR> Blizzard
25.01.2015 19:13 <DIR> Blizzard Entertainment
17.07.2016 13:11 <DIR> Bluestacks
22.07.2015 21:33 <DIR> CEF
23.12.2016 19:08 <DIR> Chromium
01.11.2016 16:39 <DIR> Cisco
22.08.2015 15:12 <DIR> Comms
05.09.2016 20:20 <DIR> ConnectedDevicesPlatform
08.03.2017 21:18 <DIR> CrashDumps
28.08.2015 21:50 <DIR> Daedalic Entertainment
12.04.2015 21:53 <DIR> Deshaker
13.03.2016 14:14 <DIR> DevelopmentFiles
01.03.2017 02:11 <DIR> Diagnostics
13.03.2016 14:13 <DIR> Downloaded Installations
22.11.2014 00:55 1 DSI.DAT
06.10.2016 18:19 <DIR> ElevatedDiagnostics
04.04.2015 16:39 <DIR> Evernote
14.11.2015 20:20 <DIR> Fallout4
18.01.2017 17:56 <DIR> Firefox
13.09.2016 23:35 <DIR> GameMaker-Studio
14.04.2016 17:17 <DIR> Glyph
01.11.2016 14:53 <DIR> Google
01.06.2015 13:07 <DIR> GWX
01.04.2015 19:36 <DIR> Introversion
10.12.2016 12:51 <DIR> Jagex
02.09.2016 00:36 <DIR> JDownloader v2.0
16.11.2016 18:36 <DIR> KADOKAWA
02.09.2016 01:29 <DIR> Logitech
17.07.2016 13:15 <DIR> Macromedia
27.11.2016 21:17 <DIR> Microsoft
04.08.2015 22:31 <DIR> MicrosoftEdge
12.04.2015 21:53 <DIR> Movavi
06.07.2016 12:33 <DIR> MSfree Inc
24.11.2014 12:35 <DIR> NCSOFT
03.12.2015 19:57 <DIR> NetworkTiles
16.12.2016 11:33 <DIR> NVIDIA
16.12.2016 11:33 <DIR> NVIDIA Corporation
23.10.2016 20:56 <DIR> Origin
12.01.2017 17:45 <DIR> osu!
22.02.2017 13:55 <DIR> Packages
04.08.2015 23:04 <DIR> PeerDistRepub
10.10.2016 10:56 <DIR> Privax Ltd
31.10.2014 15:46 <DIR> Programs
04.08.2015 22:24 <DIR> Publishers
06.07.2016 14:14 <DIR> Risen3
19.11.2014 21:11 <DIR> sabnzbd
05.01.2015 17:32 <DIR> Skyrim
20.12.2014 19:11 <DIR> Sony
08.03.2017 15:33 <DIR> Spotify
23.12.2016 19:09 <DIR> Steam
01.03.2017 15:31 <DIR> TeamSpeak 3
29.07.2016 15:34 <DIR> TeamViewer
08.03.2017 21:31 <DIR> Temp
05.11.2014 08:01 <DIR> The Witcher 2
04.08.2015 22:24 <DIR> TileDataLayer
10.08.2016 17:19 <DIR> UNDERTALE
13.04.2016 18:18 <DIR> VirtualStore
25.01.2015 20:41 <DIR> Wacom
25.01.2015 20:41 <DIR> Wacom Help
13.09.2016 18:21 <DIR> YoYo_Games_Ltd
11.08.2015 15:34 <DIR> Zelda_Engine_Backup
1 Datei(en), 1 Bytes
72 Verzeichnis(se), 149.634.863.104 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramFiles(x86)%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2E64-430F
Verzeichnis von C:\Program Files (x86)\Common Files
28.02.2017 21:42 <DIR> .
28.02.2017 21:42 <DIR> ..
04.04.2015 23:20 <DIR> Adobe
31.10.2014 15:58 <DIR> Bitdefender
25.01.2015 23:35 <DIR> Blizzard Entertainment
06.11.2015 20:12 <DIR> Enterbrain
28.02.2017 21:43 <DIR> InstallShield
08.02.2015 19:39 <DIR> Java
05.09.2016 16:43 <DIR> Microsoft Shared
16.02.2017 23:25 <DIR> ntp2UpSvc
22.02.2017 14:36 <DIR> Services
16.11.2016 22:43 <DIR> Skype
04.02.2017 21:10 <DIR> Steam
16.07.2016 23:50 <DIR> System
0 Datei(en), 0 Bytes
14 Verzeichnis(se), 149.634.281.472 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramW6432%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2E64-430F
Verzeichnis von C:\Program Files\Common Files
18.10.2016 14:51 <DIR> .
18.10.2016 14:51 <DIR> ..
04.04.2015 23:20 <DIR> Adobe
02.11.2014 12:37 <DIR> Bitdefender
06.03.2016 14:45 <DIR> INCA Shared
02.09.2016 01:26 <DIR> Logitech
05.09.2016 16:43 <DIR> microsoft shared
16.07.2016 12:47 <DIR> Services
16.07.2016 23:50 <DIR> System
0 Datei(en), 0 Bytes
9 Verzeichnis(se), 149.634.228.224 Bytes frei
========= Ende von CMD: =========
========= RemoveProxy: =========
HKU\S-1-5-21-88799701-2343346839-193955109-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-88799701-2343346839-193955109-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 799607859 B
Java, Flash, Steam htmlcache => 495158456 B
Windows/system/drivers => 233817801 B
Edge => 120249533 B
Chrome => 791425979 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 152 B
systemprofile32 => 249780103 B
LocalService => 83474 B
NetworkService => 128 B
Princhi => 835670594 B
RecycleBin => 0 B
EmptyTemp: => 3.3 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 21:32:17 ====
|
|
08.03.2017, 22:34
| #11 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziert |
|
08.03.2017, 22:36
| #12 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziertCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
durchgeführt von Princhi (Administrator) auf EPONA (08-03-2017 22:23:43)
Gestartet von C:\Users\Princhi\Desktop
Geladene Profile: Princhi (Verfügbare Profile: Princhi)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\notepad2\notepad2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [Blackcomb] => C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe [131072 2011-02-11] (Samsung Electronics.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1206784 2016-08-12] (Cisco Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-21] (Electronic Arts)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [Spotify Web Helper] => C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-24] (Spotify Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
Startup: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{11c06b9c-c7a3-42f0-b493-0dcb6de1d03f}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{1920ae60-1c7d-4c3e-8d02-ba2d7909bffb}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4aa061a8-dd76-4dde-ab8c-36f40625fc51}: [DhcpNameServer] 139.7.30.126 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> hxxp://www.google.com
FireFox:
========
FF DefaultProfile: 3d6ithxa.default
FF ProfilePath: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default [2017-03-08]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2017-03-08] [ist nicht signiert]
FF Extension: (English (US) Language Pack) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-01-20] [ist nicht signiert]
FF SearchPlugin: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\searchplugins\startsearch.xml [2017-03-02]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @gametree.co.kr/GTL -> C:\ProgramData\Gametree\GTL\npGTL.dll [2013-06-13] (NtreevSoft)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-08]
CHR Extension: (Google Präsentationen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-18]
CHR Extension: (Google Docs) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Google Drive) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (YouTube) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (Adblock Plus) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-17]
CHR Extension: (Google Tabellen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Google Mail) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
CHR Extension: (pumpkin) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkigkiflejlmpibnlecfdgkhjijgkoao [2016-10-19]
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-08]
StartMenuInternet: Google Chrome - Chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 HmaOpenVpnService; D:\Programme\HMA! Pro VPN\bin\openvpnserv.exe [46688 2016-09-23] (The OpenVPN Project)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.)
R2 Ntp2NetSvc; C:\Program Files (x86)\notepad2\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
S2 Ntp2UpSvc; C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-02-21] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-02-21] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 C2XXCOM; C:\WINDOWS\system32\DRIVERS\C2XXCOM76.sys [49920 2010-08-09] (Samsung Electronics)
S3 C2xxUSB; C:\WINDOWS\system32\DRIVERS\C2xxUSB76.sys [46080 2010-11-04] (Samsung Electronics)
S3 C2xxUsbStorage; C:\WINDOWS\system32\DRIVERS\C2xSTR76.sys [9216 2010-06-10] (Samsung Electronics)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-11-19] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [27136 2016-09-23] (The OpenVPN Project)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-08] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [20128 2017-02-28] () [Datei ist nicht signiert]
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-08-15] (Wellbia.com Co., Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Drei Monate: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 21:42 - 2017-03-08 22:07 - 00671952 _____ C:\Users\Princhi\Desktop\SystemLook.txt
2017-03-08 21:39 - 2017-03-08 21:40 - 00165376 _____ C:\Users\Princhi\Desktop\SystemLook_x64.exe
2017-03-08 21:31 - 2017-03-08 21:32 - 00042845 _____ C:\Users\Princhi\Desktop\Fixlog.txt
2017-03-08 21:30 - 2017-03-08 21:30 - 00000000 ____D C:\Users\Princhi\Desktop\FRST-OlderVersion
2017-03-08 20:30 - 2017-03-08 20:30 - 00037601 _____ C:\Users\Princhi\Downloads\mbam.zip
2017-03-08 20:30 - 2017-03-08 20:30 - 00037601 _____ C:\Users\Princhi\Desktop\mbam.zip
2017-03-08 19:37 - 2017-03-08 21:36 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-08 19:04 - 2017-03-08 19:04 - 00049314 _____ C:\Users\Princhi\Desktop\Addition.txt
2017-03-08 19:03 - 2017-03-08 22:24 - 00020352 _____ C:\Users\Princhi\Desktop\FRST.txt
2017-03-08 19:01 - 2017-03-08 19:12 - 00000548 _____ C:\Users\Princhi\Desktop\JRT.txt
2017-03-08 18:59 - 2017-03-08 18:59 - 01663736 _____ (Malwarebytes) C:\Users\Princhi\Desktop\JRT.exe
2017-03-08 18:58 - 2017-03-08 18:59 - 01663736 _____ (Malwarebytes) C:\Users\Princhi\Downloads\JRT.exe
2017-03-08 18:51 - 2017-03-08 18:51 - 00819352 _____ C:\Users\Princhi\Desktop\mbam.txt
2017-03-08 18:21 - 2017-03-08 21:36 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-08 18:20 - 2017-03-08 21:36 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 18:20 - 2017-03-08 21:36 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-08 18:20 - 2017-03-08 21:36 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-08 18:20 - 2017-03-08 18:20 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-08 18:20 - 2017-03-08 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-08 18:20 - 2017-03-08 18:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-08 18:20 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-08 18:19 - 2017-03-08 18:19 - 57131432 _____ (Malwarebytes ) C:\Users\Princhi\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 18:15 - 2017-03-08 18:19 - 57131432 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 17:41 - 2017-03-08 18:08 - 00080986 _____ C:\TDSSKiller.3.1.0.12_08.03.2017_17.41.13_log.txt
2017-03-08 17:39 - 2017-03-08 17:39 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Princhi\Downloads\tdsskiller.exe
2017-03-08 17:32 - 2017-03-08 17:33 - 00065691 _____ C:\Users\Princhi\Downloads\Addition.txt
2017-03-08 17:31 - 2017-03-08 22:23 - 00000000 ____D C:\FRST
2017-03-08 17:31 - 2017-03-08 17:33 - 00042386 _____ C:\Users\Princhi\Downloads\FRST.txt
2017-03-08 17:24 - 2017-03-08 21:30 - 02423808 _____ (Farbar) C:\Users\Princhi\Desktop\FRST64.exe
2017-03-08 16:39 - 2017-03-08 16:40 - 02870984 _____ (ESET) C:\Users\Princhi\Downloads\esetsmartinstaller_deu.exe
2017-03-07 17:37 - 2017-03-07 17:38 - 00124970 _____ C:\Users\Princhi\Downloads\IMG_20170307_0001.pdf
2017-03-07 17:33 - 2017-03-07 17:33 - 00124970 _____ C:\Users\Princhi\Desktop\IMG_20170307_0001.pdf
2017-03-07 15:41 - 2017-03-07 15:41 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup (1).exe
2017-03-02 15:14 - 2017-03-02 15:14 - 04031440 _____ C:\Users\Princhi\Desktop\adwcleaner_6.044.exe
2017-03-02 14:56 - 2017-03-06 18:05 - 00002760 _____ C:\Program Files (x86)\metadata
2017-03-01 17:31 - 2017-03-01 17:32 - 09036000 _____ (GOG.com ) C:\Users\Princhi\Downloads\setup_settlers3_2.0.0.17.exe
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\AppData\Local\TeamSpeak 3
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\.TeamSpeak 3
2017-03-01 14:19 - 2017-03-08 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-01 14:19 - 2017-03-08 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-01 14:19 - 2017-03-02 15:15 - 00001180 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-28 22:11 - 2017-02-28 22:11 - 00004096 _____ C:\WINDOWS\d3dx.dat
2017-02-28 21:45 - 2017-02-28 23:30 - 00020128 _____ C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2017-02-28 21:44 - 2017-02-28 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lionhead Studios Ltd
2017-02-22 14:34 - 2017-02-22 14:34 - 04015056 _____ C:\Users\Princhi\Downloads\Nicht bestätigt 889461.crdownload
2017-02-16 15:21 - 2017-02-16 15:21 - 00000000 ____D C:\Program Files (x86)\notepad2
2017-02-14 21:54 - 2017-02-14 21:54 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (5).pdf
2017-02-14 14:06 - 2017-02-14 14:06 - 00000000 ____D C:\ProgramData\Apple Computer
2017-02-13 17:39 - 2017-02-13 17:39 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (4).pdf
2017-02-13 16:54 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{C72739C5-5A2D-4BA4-8BED-EFFD0A0043BC}
2017-02-13 13:30 - 2017-02-13 13:30 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre (2).pdf
2017-02-13 13:29 - 2017-02-13 13:29 - 00460744 _____ C:\Users\Princhi\Downloads\1.04 Grundlagen des Rechts - Methodenlehre (1).pdf
2017-02-13 13:23 - 2017-02-13 13:23 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (3).pdf
2017-02-12 19:35 - 2017-02-12 19:35 - 00019905 _____ C:\Users\Princhi\Downloads\Hausarbeit_Vorlage_Iurratio_de (1).odt
2017-02-10 13:43 - 2017-02-10 13:43 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup.exe
2017-02-10 13:33 - 2017-02-10 13:33 - 04015056 _____ C:\Users\Princhi\Downloads\adwcleaner_6.043.exe
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 16:57 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 16:57 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-08 16:57 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-08 16:56 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 16:56 - 2016-12-29 14:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-07 19:53 - 2017-02-07 19:53 - 00015226 _____ C:\Users\Princhi\Downloads\Hausarbeit.odt
2017-02-05 19:50 - 2017-02-05 19:50 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre (1).pdf
2017-02-05 18:43 - 2017-02-05 18:43 - 02665322 _____ C:\Users\Princhi\Downloads\Beispiel fuer Hausarbeit - unverbindlich (2).pdf
2017-02-05 18:31 - 2017-02-05 18:31 - 00019905 _____ C:\Users\Princhi\Downloads\Hausarbeit_Vorlage_Iurratio_de.odt
2017-02-05 18:16 - 2017-02-05 18:16 - 00006127 _____ C:\Users\Princhi\Downloads\Literaturverzeichnis OeR (1).pdf
2017-02-05 15:22 - 2017-02-05 15:22 - 00006859 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (2).txt
2017-02-05 15:21 - 2017-02-05 15:21 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (2).pdf
2017-02-05 15:21 - 2017-02-05 15:21 - 00033891 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (2).odt
2017-02-05 15:12 - 2017-02-05 15:12 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (1).pdf
2017-02-04 18:33 - 2017-02-04 18:33 - 02780961 _____ C:\Users\Princhi\Downloads\1.09 BGB-AT - Stellvertretung (1).pdf
2017-02-04 18:33 - 2017-02-04 18:33 - 00740900 _____ C:\Users\Princhi\Downloads\1.12 BGB-AT - Inhalt und Ausuebung subj. Rechte (Teil 3).pdf
2017-02-04 18:33 - 2017-02-04 18:33 - 00333750 _____ C:\Users\Princhi\Downloads\1.13 BGB-AT - Fristen und Termine.pdf
2017-02-03 22:12 - 2017-02-03 22:16 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\DS4Windows
2017-02-03 22:12 - 2017-02-03 22:12 - 01174539 _____ C:\Users\Princhi\Downloads\DS4Windows.zip
2017-02-03 22:08 - 2017-02-03 22:08 - 00000000 ____D C:\Princhi
2017-02-03 17:34 - 2017-02-03 17:35 - 00398006 _____ C:\Users\Princhi\Downloads\FRITZ.Box 7430 146.06.30_03.02.17_1735.export
2017-02-03 16:45 - 2017-02-03 16:45 - 00000000 ____D C:\Program Files (x86)\3jq34c24
2017-02-02 15:55 - 2017-02-02 15:55 - 00447087 _____ C:\Users\Princhi\Downloads\1.07 BGB-AT -Rechtssubjekte, Geschaeftsfaehigkeit.pdf
2017-02-02 12:25 - 2017-02-02 12:25 - 00083358 _____ C:\Users\Princhi\Downloads\AD$47A1.tmp
2017-01-29 21:46 - 2017-01-29 21:46 - 02396359 _____ C:\Users\Princhi\Downloads\servobride-babbob.package
2017-01-29 21:35 - 2017-01-29 21:35 - 03969586 _____ C:\Users\Princhi\Downloads\magicalgirlsimmer_s3tos4_doublebedteen.package
2017-01-29 21:30 - 2017-01-29 21:32 - 11485169 _____ C:\Users\Princhi\Downloads\Nightcrawler AF Hair CONFETTI.package
2017-01-29 21:30 - 2017-01-29 21:31 - 04089184 _____ C:\Users\Princhi\Downloads\[marinaandtheplumbobs]nightcrawlerconfettifortoddlers.package
2017-01-29 21:18 - 2017-01-29 21:21 - 07067923 _____ C:\Users\Princhi\Downloads\KKsweatshirts02.zip
2017-01-29 21:18 - 2017-01-29 21:18 - 02928925 _____ C:\Users\Princhi\Downloads\KKsweatshirts02forToddler.package
2017-01-29 21:16 - 2017-01-29 21:17 - 02191957 _____ C:\Users\Princhi\Downloads\JZest_MessyHair.package
2017-01-29 17:13 - 2017-01-29 17:13 - 00947120 _____ C:\Users\Princhi\Downloads\1.05 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-29 17:13 - 2017-01-29 17:13 - 00671454 _____ C:\Users\Princhi\Downloads\1.06 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-29 17:11 - 2017-01-29 17:11 - 00800612 _____ C:\Users\Princhi\Downloads\1.03 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-29 17:11 - 2017-01-29 17:11 - 00460744 _____ C:\Users\Princhi\Downloads\1.04 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-29 17:10 - 2017-01-29 17:10 - 00858619 _____ C:\Users\Princhi\Downloads\1.02 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-28 13:44 - 2017-01-28 13:44 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-28 13:44 - 2017-01-28 13:44 - 01137309 _____ C:\Users\Princhi\Downloads\1.08 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-28 13:43 - 2017-01-28 13:44 - 01931308 _____ C:\Users\Princhi\Downloads\1.09 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-28 13:43 - 2017-01-28 13:43 - 00762944 _____ C:\Users\Princhi\Downloads\1.10 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-26 15:25 - 2017-01-26 15:25 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise.pdf
2017-01-25 20:42 - 2017-01-25 20:42 - 00109615 _____ C:\Users\Princhi\Downloads\Schema Grundrechtspruefung.pdf
2017-01-25 17:43 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 17:43 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 17:18 - 2017-01-25 17:18 - 00103080 _____ C:\Users\Princhi\Downloads\Verfassungsbeschwerde (1).pdf
2017-01-25 16:46 - 2017-01-25 16:46 - 00343893 _____ C:\Users\Princhi\Downloads\Frostschutzmittelwarnung Loesungsskizze.pdf
2017-01-25 13:08 - 2017-01-25 13:08 - 00103080 _____ C:\Users\Princhi\Downloads\Verfassungsbeschwerde.pdf
2017-01-25 13:07 - 2017-01-25 13:07 - 00009667 _____ C:\Users\Princhi\Downloads\Frostschutzmittelwarnung Fall.pdf
2017-01-22 17:35 - 2017-01-22 17:36 - 10723543 _____ C:\Users\Princhi\Downloads\Praesentation Buchfuehrung WS16-17 - Wirtschaftsrecht-aktualisiert.pdf
2017-01-22 17:35 - 2017-01-22 17:35 - 00237957 _____ C:\Users\Princhi\Downloads\bungsaufgaben zur wiederholung - WI und WR (1).pdf
2017-01-22 13:41 - 2017-01-22 13:41 - 00000000 ____D C:\Program Files (x86)\9mivm68y
2017-01-22 00:29 - 2017-01-22 00:29 - 00000772 _____ C:\WINDOWS\SysWOW64\ping.cfg
2017-01-21 20:52 - 2017-01-21 20:52 - 00237957 _____ C:\Users\Princhi\Downloads\bungsaufgaben zur wiederholung - WI und WR.pdf
2017-01-19 19:41 - 2017-01-19 19:41 - 00100319 _____ C:\Users\Princhi\Downloads\bung 1.pdf
2017-01-19 19:06 - 2017-02-16 14:18 - 00001415 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2017-01-19 18:31 - 2017-01-19 18:31 - 00185921 _____ C:\Users\Princhi\Downloads\Beiblatt.pdf
2017-01-19 18:31 - 2017-01-19 18:31 - 00168917 _____ C:\Users\Princhi\Downloads\bung 6.pdf
2017-01-19 18:31 - 2017-01-19 18:31 - 00090633 _____ C:\Users\Princhi\Downloads\0. Ablaufplan WS 16-17.pdf
2017-01-19 15:55 - 2017-01-19 15:55 - 00361440 _____ C:\Users\Princhi\Downloads\ticketdirect1893193764.pdf
2017-01-19 15:55 - 2017-01-19 15:55 - 00361440 _____ C:\Users\Princhi\Downloads\ticketdirect1893193764 (1).pdf
2017-01-19 13:17 - 2017-01-19 13:18 - 03988944 _____ C:\Users\Princhi\Downloads\adwcleaner_6.042.exe
2017-01-18 21:51 - 2017-01-18 21:51 - 00000000 ____D C:\Program Files (x86)\9ed212pd
2017-01-18 17:56 - 2017-03-08 16:24 - 00001793 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-18 17:56 - 2017-03-08 16:24 - 00000000 ____D C:\Users\Princhi\AppData\LocalLow\Mozilla
2017-01-18 17:56 - 2017-01-18 17:56 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Firefox
2017-01-18 17:56 - 2017-01-18 17:56 - 00000000 ____D C:\Users\Princhi\AppData\Local\Firefox
2017-01-18 15:45 - 2017-01-18 15:45 - 01180823 _____ C:\Users\Princhi\Downloads\BGB-AT_Probeklausur.pdf
2017-01-13 21:24 - 2017-01-13 23:11 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Mouse Recorder
2017-01-13 21:24 - 2017-01-13 21:24 - 00001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MouseRecorder.lnk
2017-01-13 21:24 - 2017-01-13 21:24 - 00000000 ____D C:\ProgramData\MouseRecorder
2017-01-13 21:24 - 2017-01-13 21:24 - 00000000 ____D C:\Program Files (x86)\MouseRecorder
2017-01-13 21:22 - 2017-01-13 21:22 - 01496584 _____ C:\Users\Princhi\Downloads\Mouse Recorder Premium - CHIP-Installer.exe
2017-01-13 13:22 - 2017-01-17 17:19 - 00000000 ____D C:\Users\Princhi\AppData\Local\0
2017-01-11 21:54 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 21:54 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 21:54 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 21:54 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 21:54 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 21:54 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 21:54 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 21:54 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 21:54 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 21:54 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 21:54 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 21:54 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 21:54 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 21:54 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 21:54 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 21:54 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 21:54 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 21:54 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 21:54 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 21:54 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 21:54 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 21:54 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 21:54 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 21:54 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 21:54 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 21:54 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 21:54 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 21:54 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 21:54 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 21:54 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 21:54 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 21:54 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 21:54 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 21:54 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 21:54 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 21:54 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 21:54 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 21:54 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 21:54 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 21:54 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 21:54 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 21:54 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 21:54 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 21:54 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 21:54 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 21:54 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 21:54 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 21:54 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 21:54 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 21:54 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 21:54 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 21:54 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 21:54 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 21:54 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 21:54 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 21:54 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 21:54 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 21:54 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 21:54 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 21:54 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 21:54 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 21:54 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 21:54 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 21:54 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 21:54 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 21:54 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 21:54 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 21:54 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 21:54 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 21:54 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 21:54 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 21:54 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 21:54 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 21:54 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 21:54 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 21:54 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 21:54 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 21:54 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 21:54 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 21:54 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 21:54 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 21:54 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 21:54 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 21:54 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 21:54 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 21:54 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 21:54 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 21:54 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 21:54 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 21:54 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 21:54 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 21:54 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 21:54 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 21:54 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 21:54 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 21:54 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 21:54 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 21:54 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 21:54 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 21:54 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 21:54 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 21:54 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 21:54 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 21:54 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 21:54 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 21:54 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 21:54 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 21:54 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 21:54 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 21:54 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 21:54 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 21:54 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 21:54 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 21:54 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 21:54 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 21:54 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 21:54 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 21:54 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 21:54 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 21:54 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 21:54 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 21:54 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 21:54 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 21:54 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 21:54 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 21:54 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 21:54 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 21:54 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 21:54 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 21:54 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 21:54 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 21:54 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 21:54 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 21:54 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 21:54 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 21:54 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 21:54 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 21:54 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 21:54 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 21:54 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 21:54 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 21:54 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 21:54 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 21:54 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 21:54 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 21:54 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 21:54 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 21:54 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 21:54 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 21:54 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 21:54 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 21:54 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 21:54 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-07 19:58 - 2017-01-07 20:05 - 17249298 _____ C:\Users\Princhi\Downloads\364943 Chimame-tai - Tokimeki Poporon.osz
2017-01-07 13:15 - 2017-01-07 13:15 - 06918399 _____ C:\Users\Princhi\Downloads\Fabi Wach was läuft bei dir Falsch__.mp4
2017-01-04 15:21 - 2017-01-04 15:21 - 34719288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-04 15:21 - 2017-01-04 15:21 - 28211768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-04 15:20 - 2017-01-04 15:20 - 00951224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-04 15:20 - 2017-01-04 15:20 - 00903096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-04 15:20 - 2017-01-04 15:20 - 00448560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-04 15:20 - 2017-01-04 15:20 - 00397240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-04 15:19 - 2017-01-04 15:19 - 01964600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437653.dll
2017-01-04 15:19 - 2017-01-04 15:19 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437653.dll
2017-01-04 15:19 - 2017-01-04 15:19 - 01047088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-04 15:19 - 2017-01-04 15:19 - 00985136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-04 15:19 - 2017-01-04 15:19 - 00054720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 40132536 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 35231160 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 02957240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 02594744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 00394800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 00355768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-04 15:03 - 2017-01-04 15:03 - 11016832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-04 15:03 - 2017-01-04 15:03 - 10907184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-04 15:03 - 2017-01-04 15:03 - 09247528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-04 15:03 - 2017-01-04 15:03 - 09000152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 10453336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 08846832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 03513632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00818496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00698728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00658400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00586968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00407240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00338960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-04 10:07 - 2017-01-04 10:07 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-04 10:07 - 2017-01-04 10:07 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-03 16:26 - 2017-01-03 16:26 - 00000000 ____D C:\Program Files (x86)\mup1dg4v
2016-12-26 13:48 - 2016-12-27 00:48 - 00001108 _____ C:\WINDOWS\SysWOW64\cookies_icc.log
2016-12-26 13:48 - 2016-12-27 00:48 - 00000621 _____ C:\WINDOWS\SysWOW64\cookies.log
2016-12-26 12:47 - 2016-12-26 12:47 - 00000000 ____D C:\Program Files (x86)\usir3bcv
2016-12-23 19:08 - 2016-12-23 19:08 - 00000000 ____D C:\Users\Princhi\AppData\Local\Chromium
2016-12-20 14:14 - 2016-12-20 14:14 - 00000000 ____D C:\Program Files (x86)\z91a12n4
2016-12-20 14:09 - 2016-12-20 14:10 - 03977168 _____ C:\Users\Princhi\Downloads\AdwCleaner_6.041.exe
2016-12-16 15:50 - 2016-12-16 15:50 - 02780961 _____ C:\Users\Princhi\Downloads\1.09 BGB-AT - Stellvertretung.pdf
2016-12-16 15:49 - 2016-12-16 15:50 - 09377826 _____ C:\Users\Princhi\Downloads\Skript Buchfuehrung - WI-WR-WS2016-2017-Endfassung (2).pdf
2016-12-16 15:44 - 2016-12-16 15:44 - 09377826 _____ C:\Users\Princhi\Downloads\Skript Buchfuehrung - WI-WR-WS2016-2017-Endfassung (1).pdf
2016-12-15 17:26 - 2016-12-15 17:26 - 00000283 _____ C:\Users\Princhi\Downloads\Download.htm
2016-12-15 15:24 - 2017-03-08 18:48 - 00292176 _____ C:\WINDOWS\PFRO.log
2016-12-14 21:29 - 2017-02-07 22:11 - 00000000 ____D C:\Users\Princhi\Desktop\UNI
2016-12-14 20:09 - 2016-12-14 20:10 - 09377826 _____ C:\Users\Princhi\Downloads\Skript Buchfuehrung - WI-WR-WS2016-2017-Endfassung.pdf
2016-12-14 19:41 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 19:41 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 19:41 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 19:41 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 19:41 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:41 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 19:41 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 19:41 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 19:41 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 19:41 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 19:41 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 19:41 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 19:41 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 19:41 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 19:41 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 19:41 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 19:41 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 19:41 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 19:41 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 19:41 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 19:40 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 19:40 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 19:40 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 19:40 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 19:40 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 19:40 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 19:40 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 19:40 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 19:40 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 19:40 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 19:40 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 19:40 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 19:40 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 19:40 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 19:40 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 19:40 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 19:40 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 19:40 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 19:40 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 19:40 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 19:40 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 19:40 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 19:40 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 19:40 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 19:40 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 19:40 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 19:40 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:40 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 19:40 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 19:40 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 19:40 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 19:40 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 19:40 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 19:40 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 19:40 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 19:40 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 19:40 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 19:40 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 19:40 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 19:40 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 19:40 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 19:40 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 19:40 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 19:40 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 19:40 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 19:40 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 19:40 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 19:40 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 19:40 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 19:40 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 19:40 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 19:40 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 19:40 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 19:40 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 19:40 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 19:40 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 19:40 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 19:40 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 19:40 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 19:40 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 19:40 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 16:57 - 2017-02-28 00:24 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-13 14:24 - 2016-12-13 14:17 - 48900766 _____ C:\Users\Princhi\Desktop\Roach 2.1.3 - Specials-498-2-1-3.rar
2016-12-13 14:24 - 2016-09-06 10:55 - 00000000 ____D C:\Users\Princhi\Desktop\Fera_RoachSpecials
2016-12-13 14:13 - 2016-12-13 14:17 - 48900766 _____ C:\Users\Princhi\Downloads\Roach 2.1.3 - Specials-498-2-1-3.rar
2016-12-13 13:54 - 2016-12-13 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-12-12 16:11 - 2016-12-12 16:11 - 00000000 ____D C:\Program Files (x86)\5vfzp0oa
2016-12-11 00:21 - 2017-02-19 16:54 - 00003519 _____ C:\WINDOWS\setupact.log
2016-12-11 00:21 - 2016-12-11 00:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2016-12-10 16:53 - 2017-03-08 21:36 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-10 12:56 - 2016-12-10 12:56 - 00085218 _____ C:\Users\Princhi\Documents\cc_20161210_125624.reg
2016-12-09 20:54 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 20:54 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 20:54 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 20:54 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 20:54 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 20:54 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 20:54 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 20:54 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 20:54 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 20:54 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 20:54 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 20:54 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 20:54 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 20:54 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 20:54 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 20:54 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 20:54 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 20:54 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 20:54 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 20:54 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 20:54 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 20:54 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 20:54 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 20:54 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 20:54 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 20:54 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 20:54 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 20:54 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 20:54 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 20:54 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 20:54 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 20:54 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 20:54 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 20:54 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 20:54 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 20:54 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 20:54 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 20:54 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 20:54 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 20:54 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 20:54 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 20:54 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 20:54 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 20:54 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 20:54 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 20:54 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 20:54 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 20:54 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 20:54 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 20:54 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 20:54 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 20:54 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 20:54 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 20:54 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 20:54 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 20:54 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 20:54 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 20:54 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 20:54 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 20:54 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 20:54 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 20:54 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 20:54 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 20:54 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 20:54 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 20:54 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 20:54 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 20:54 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 20:54 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 20:54 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 20:54 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 20:54 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 20:54 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 20:54 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 20:54 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 20:54 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 20:54 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 20:54 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 20:54 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 20:54 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 20:54 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 20:54 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 20:54 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 20:54 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 20:54 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 20:54 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 20:54 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 20:54 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 20:54 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 20:54 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 20:54 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 20:54 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 20:54 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 20:54 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 20:54 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 20:54 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 20:54 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 20:54 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 20:54 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 20:54 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 20:54 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 20:54 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 20:54 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 20:54 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 20:54 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 20:54 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 20:54 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 20:54 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 20:54 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 20:54 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 20:54 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 20:54 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 20:54 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 20:54 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 20:54 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 20:54 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 20:54 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 20:54 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 20:54 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 20:54 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 20:54 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 20:54 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 20:54 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 20:54 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 20:54 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 20:54 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 20:54 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 20:54 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 20:54 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 20:54 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 20:54 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 20:54 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 20:54 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 20:54 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-09 20:53 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 20:53 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 20:53 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 20:53 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 20:53 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 20:53 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 20:53 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 20:53 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 20:53 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 20:53 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 20:53 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 20:53 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 20:53 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 20:53 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 20:53 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 20:53 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 20:53 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 20:53 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 20:53 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 20:53 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 20:53 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 20:53 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 20:53 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 20:53 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 20:53 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 20:53 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 20:53 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 20:53 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 20:53 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 20:53 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 20:53 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 20:53 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 20:53 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 20:53 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 20:53 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 20:53 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 20:53 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 20:53 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 20:53 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 20:53 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 20:53 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 20:53 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 20:53 - 2016-11-11 10:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-12-09 20:53 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 20:53 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 20:53 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 20:53 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 20:53 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 20:53 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 20:53 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 20:53 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 20:53 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 20:53 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 20:53 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 20:53 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 20:53 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 20:53 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 20:53 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 20:53 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 20:53 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 20:53 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 20:53 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 20:53 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 20:53 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 20:53 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 20:53 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 20:53 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 20:53 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-08 17:07 - 2016-12-08 17:08 - 00000000 ____D C:\ProgramData\ehaeh
==================== Drei Monate: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 22:16 - 2016-09-05 16:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 21:42 - 2016-07-16 23:51 - 01108394 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 21:42 - 2016-07-16 23:51 - 00264726 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 21:42 - 2015-08-04 22:14 - 02606838 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 21:36 - 2016-09-05 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 21:36 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-08 21:35 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-08 21:35 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-08 21:35 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-08 21:33 - 2014-11-01 14:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-08 21:31 - 2016-09-05 16:41 - 00000000 ____D C:\Users\Princhi
2017-03-08 21:31 - 2015-11-10 21:03 - 00000000 ____D C:\Users\Princhi\AppData\LocalLow\Temp
2017-03-08 21:18 - 2016-04-23 01:04 - 00000000 ____D C:\Users\Princhi\AppData\Local\CrashDumps
2017-03-08 18:55 - 2015-02-08 19:49 - 00000000 ____D C:\AdwCleaner
2017-03-08 18:20 - 2014-12-17 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-08 18:13 - 2016-08-08 20:40 - 00000000 ____D C:\Users\Princhi\Desktop\Programme
2017-03-08 16:27 - 2014-12-26 16:00 - 00000000 ____D C:\ProgramData\Apple
2017-03-08 16:27 - 2014-11-02 14:54 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Origin
2017-03-08 16:06 - 2014-11-01 23:48 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Spotify
2017-03-08 15:33 - 2014-11-02 13:20 - 00000000 ____D C:\Users\Princhi\AppData\Local\Spotify
2017-03-08 14:32 - 2014-11-02 14:45 - 00000000 ____D C:\ProgramData\Origin
2017-03-08 13:19 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-08 00:22 - 2015-01-25 19:13 - 00000000 ____D C:\Users\Princhi\AppData\Local\Battle.net
2017-03-07 17:02 - 2015-01-25 19:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-07 15:38 - 2016-10-26 18:28 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-07 13:40 - 2014-11-24 12:36 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-07 01:47 - 2016-08-08 19:33 - 00000000 ____D C:\Users\Princhi\Desktop\Games
2017-03-07 01:46 - 2016-08-08 20:42 - 00000000 ____D C:\Users\Princhi\Desktop\Daten
2017-03-04 20:17 - 2015-05-23 11:51 - 00000000 ____D C:\Users\Princhi\Documents\The Witcher 3
2017-03-03 18:32 - 2016-08-01 19:35 - 00000000 ____D C:\Users\Princhi\AppData\Local\BewerbungsMaster
2017-03-02 15:15 - 2016-06-18 17:14 - 00001042 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-03-01 19:37 - 2014-11-07 17:25 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\TS3Client
2017-03-01 15:30 - 2014-11-07 17:25 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-03-01 02:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-28 21:44 - 2015-01-25 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 00:24 - 2015-08-04 22:26 - 00002420 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-28 00:24 - 2015-08-04 22:26 - 00000000 ___RD C:\Users\Princhi\OneDrive
2017-02-24 00:34 - 2014-10-31 14:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 15:41 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 13:55 - 2014-10-31 13:26 - 00000000 ____D C:\Users\Princhi\AppData\Local\Packages
2017-02-16 13:59 - 2014-10-31 16:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-12 19:26 - 2016-04-14 12:50 - 00000000 ____D C:\Users\Princhi\AppData\Local\BlackDesertOnline
2017-02-08 16:57 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 16:57 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 16:55 - 2016-08-24 10:17 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Skype
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-03-02 14:56 - 2017-03-06 18:05 - 0002760 _____ () C:\Program Files (x86)\metadata
2014-10-31 14:52 - 2014-11-22 00:55 - 0000153 _____ () C:\Users\Princhi\AppData\Roaming\WB.CFG
2014-11-02 03:52 - 2014-11-22 00:55 - 0000001 _____ () C:\Users\Princhi\AppData\Local\DSI.DAT
2016-09-05 16:36 - 2016-09-05 16:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-07 17:06
==================== Ende von FRST.txt ============================
|
|
08.03.2017, 22:37
| #13 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziertCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-03-2017
durchgeführt von Princhi (08-03-2017 22:24:38)
Gestartet von C:\Users\Princhi\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-05 15:59:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-88799701-2343346839-193955109-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-88799701-2343346839-193955109-503 - Limited - Disabled)
Gast (S-1-5-21-88799701-2343346839-193955109-501 - Limited - Disabled)
Princhi (S-1-5-21-88799701-2343346839-193955109-1001 - Administrator - Enabled) => C:\Users\Princhi
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version: - Hyper Hippo Games)
American Truck Simulator MULTi23 - ElAmigos Version 1.3.1.1 (HKLM-x32\...\{1E1A283E-DA44-4DCB-BC57-295E54DF18CA}_is1) (Version: 1.3.1.1 - SCS Software)
amulesw (HKLM-x32\...\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8}) (Version: 1.0.5 - amules)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version: - )
Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version: - )
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.5 - Daum Games EU)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series Benutzerregistrierung (HKLM-x32\...\Canon MG6600 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CASIO FA-124 (HKLM-x32\...\{FB47E710-6249-4EFA-BE36-E922B0612AF4}) (Version: 2.04.0000 - CASIO COMPUTER CO., LTD.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.27.80.1020 - Electronic Arts Inc.)
Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dropbox (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Duke Nukem Forever (HKLM\...\Steam App 57900) (Version: - Gearbox Software)
Dying Light Ultimate Edition MULTi2 1.0 (HKLM-x32\...\Dying Light Ultimate Edition MULTi2 1.0) (Version: - )
Euro Truck Simulator 2 Demo (HKLM\...\Steam App 231120) (Version: - SCS Software)
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version: - Lionhead Studios)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version: - )
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version: - SQUARE ENIX)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
fx-Manager PLUS (90-Day Trial) (HKLM-x32\...\{80447814-A99C-415D-B019-7A825CEE064B}) (Version: 02.04.4100.0291 - CASIO COMPUTER CO., LTD.)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1242.41000 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\GameMaker-Studio14) (Version: - YoYo Games Ltd.)
Gametree Launcher (HKLM-x32\...\GTL) (Version: 3.0.26.0 - NtreevSoft)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GRID (HKLM\...\Steam App 12750) (Version: - Codemasters Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HMA! Pro VPN 3.2.13.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 3.2.13.0 - Privax Ltd)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.2 - Smith Micro)
Microsoft OneDrive (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{180b9d5a-5197-4326-bcb0-fe448086015b}) (Version: latest - ppy Pty Ltd)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PC Wizard 2015.2.14 (HKLM-x32\...\PC Wizard 2015_is1) (Version: - CPUID)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Risen 3 Titan Lords Enhanced Edition MULTI2 1.0 (HKLM-x32\...\Risen 3 Titan Lords Enhanced Edition MULTI2 1.0) (Version: - )
RPG MAKER VX Ace (HKLM-x32\...\RPG MAKER VX Ace_is1) (Version: 1.01a - )
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SABnzbd 0.7.19 (HKLM-x32\...\SABnzbd) (Version: 0.7.19 - The SABnzbd Team)
Samsung Connection Manager (HKLM-x32\...\{F3F95061-0427-4386-AB03-1556CBE52927}) (Version: 112.6 - Samsung Electronics)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{6C8C4577-8E15-4C63-96ED-D40F2072FF74}) (Version: 6.0.19.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{9C926493-16C0-438E-8E51-BC3638E29ABB}) (Version: 6.1.4.0 - Husdawg, LLC)
Tales of Symphonia Version 1.0 u3 (HKLM-x32\...\{1E213234-7E5C-42A5-8FA1-766E7728015D}_is1) (Version: 1.0 u3 - Bandai Namco Entertainment)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Sims 3 Ultimate Collection Version 1.67.2 (HKLM-x32\...\The Sims 3 Ultimate Collection_is1) (Version: 1.67.2 - EA Games)
The Witcher 3 Wild Hunt Collectors Edition Incl. Blood and Wine DLC and Update 14 MULTi2 1.22 (HKLM-x32\...\The Witcher 3 Wild Hunt Collectors Edition Incl. Blood and Wine DLC and Update 14 MULTi2 1.22) (Version: - )
The Witcher 3 Wild Hunt Collectors Edition MULTi2 1.02 (HKLM-x32\...\The Witcher 3 Wild Hunt Collectors Edition MULTi2 1.02) (Version: - )
Trillian (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Trillian) (Version: - Cerulean Studios, LLC)
Undertale version 1.0 u09.03.2016 (HKLM-x32\...\{800C5999-FCC6-4C6D-95B6-5E8574896874}_is1) (Version: 1.0 u09.03.2016 - tobyfox)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{B5761811-28F3-4257-B537-815C5EEF472C}) (Version: 3.1.2.104 - Vodafone)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
WinSnare (HKLM-x32\...\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88}) (Version: 4.2.6 - WinSnare) <==== ACHTUNG
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0E524B03-1D26-41B6-ABD2-F29FB4F8B41D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-24] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {36FA50E1-D56E-483F-AEE3-3F296E349404} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4B9C0926-CF32-484A-A741-A6E2C89BC329} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {59D17917-85E1-4E2E-959F-2F02B05AA878} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Princhi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {B5BB4BD1-F18C-40B3-8925-0E98012E2F12} - System32\Tasks\{BAAF7A63-576A-4E4E-96F8-72A8EBB68660} => pcalua.exe -a "D:\Games\The Witcher 3 Wild Hunt\Uninstall.exe"
Task: {CCE2E5E1-F1F1-4AF8-A21C-2B15C00FCB0D} - System32\Tasks\{D07A19C7-CDC4-4BD3-B00B-C2829140E6CD} => pcalua.exe -a "C:\Users\Princhi\Downloads\skse_1_07_01_installer (1).exe" -d C:\Users\Princhi\Downloads
Task: {D533BD21-EC84-4A14-AEE8-FB6F0D3FAD3B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {DDE677D5-0F3E-48FB-B0D1-BC1F907283F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-05 16:36 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-03-08 18:20 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-08 18:20 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-01-18 19:06 - 2015-08-21 19:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-09-13 19:42 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 21:54 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-04-01 22:05 - 2013-10-29 13:49 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2015-04-01 22:05 - 2013-06-26 16:01 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-03-01 21:00 - 2017-03-01 21:10 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-03-01 21:00 - 2017-03-01 21:10 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-03-01 21:00 - 2017-03-01 21:09 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-06-05 17:25 - 2016-06-05 17:29 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-03-01 21:00 - 2017-03-01 21:10 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-03-01 21:00 - 2017-03-01 21:11 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-03-04 14:27 - 2016-03-04 14:31 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-08-12 13:20 - 2016-08-12 13:20 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-09-15 12:55 - 2017-02-14 01:06 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2015-04-14 16:46 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-01 22:05 - 2013-01-15 16:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2015-04-01 22:05 - 2013-06-26 16:01 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7866 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-07-26 00:22 - 00450771 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15463 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "FlashUpdate"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{649C4E67-76FA-41B2-AC20-CB9A7DCE0AC1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{9D6995F4-621F-468C-9927-30F9F39A47E4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
22-02-2017 15:40:58 Windows Update
01-03-2017 18:18:03 Geplanter Prüfpunkt
08-03-2017 19:00:32 JRT Pre-Junkware Removal
08-03-2017 19:11:46 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/08/2017 09:33:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: EPONA)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (03/08/2017 09:33:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: EPONA)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error: (03/08/2017 09:33:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: EPONA)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (03/08/2017 09:33:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
for C:\Users\Princhi\ntuser.dat
Error: (03/08/2017 09:18:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0x15d4
Startzeit der fehlerhaften Anwendung: 0x01d2984920e296f4
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 35ce3851-9dbd-4bae-85c7-1866b810869e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 08:30:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0xad8
Startzeit der fehlerhaften Anwendung: 0x01d29842638728cf
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 6ce37961-428a-4096-9c21-dca2ab62a126
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 08:06:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0x2158
Startzeit der fehlerhaften Anwendung: 0x01d2983f2651c8c1
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: c72ded85-bd64-4cdf-9441-67a61655a778
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 07:46:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0xe9c
Startzeit der fehlerhaften Anwendung: 0x01d2983c41b4dd1a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 63bfd0ff-31d2-4912-abe0-ec59e5a3ba0a
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 07:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0x2544
Startzeit der fehlerhaften Anwendung: 0x01d2983aada42014
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: a4cc7627-9feb-4ee3-acfb-f2ec00bfd889
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 07:13:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0x2bb8
Startzeit der fehlerhaften Anwendung: 0x01d29837c2481f21
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 51561f2d-d005-4edb-8ceb-2b7404f4efe2
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (03/08/2017 09:48:10 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2017 09:39:22 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (03/08/2017 09:35:31 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (03/08/2017 09:34:54 PM) (Source: DCOM) (EventID: 10010) (User: EPONA)
Description: Der Server "{F9717507-6651-4EDB-BFF7-AE615179BCCF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (03/08/2017 09:34:46 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2017 09:34:02 PM) (Source: DCOM) (EventID: 10016) (User: EPONA)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "Epona\Princhi" (SID: S-1-5-21-88799701-2343346839-193955109-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
und der APPID
{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
im Anwendungscontainer "Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2017 09:32:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2017 09:31:33 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (03/08/2017 09:31:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/08/2017 09:31:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-03-07 15:34:35.588
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-03-07 15:08:10.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-02-03 17:00:27.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-02-03 16:56:56.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-21 01:08:28.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-21 00:12:20.064
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 23:15:15.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 22:03:49.090
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 21:52:52.863
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 21:12:20.027
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 8093.39 MB
Verfügbarer physikalischer RAM: 5697.14 MB
Summe virtueller Speicher: 9373.39 MB
Verfügbarer virtueller Speicher: 6742.99 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:390.16 GB) (Free:142.46 GB) NTFS
Drive d: (Volume) (Fixed) (Total:540.4 GB) (Free:152.65 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
09.03.2017, 15:52
| #14 |
| /// TB-Ausbilder | Adware Adw Cleaner hilft nicht Google Chrome infiziert Servus, und gleich nochmal...  Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Program Files (x86)\metadata
C:\WINDOWS\SysWOW64\4
C:\WINDOWS\SysWOW64\3
C:\Program Files (x86)\3jq34c24
C:\Program Files (x86)\5vfzp0oa
C:\Program Files (x86)\7dzsnilj
C:\Program Files (x86)\9ed212pd
C:\Program Files (x86)\9mivm68y
C:\Program Files (x86)\mup1dg4v
C:\Program Files (x86)\st2qnxas
C:\Program Files (x86)\usir3bcv
C:\Program Files (x86)\x3o9achi
C:\Program Files (x86)\z91a12n4
C:\Program Files (x86)\{39B8E62D-C3E1-4E5D-916B-4C09E3BFD79E}
C:\Program Files (x86)\{8EC75265-1107-46A4-B15D-E5E78F686B1E}
C:\Program Files (x86)\{91DAAF58-54C3-46E5-9F1E-D4614D6AE963}
C:\Program Files (x86)\{C72739C5-5A2D-4BA4-8BED-EFFD0A0043BC}
C:\ProgramData\dgadg
C:\ProgramData\dgjcg
C:\ProgramData\ehaeh
C:\Users\Princhi\AppData\Roaming\B811151F-8DD6-4B32-9FE4-DEDABBFD9935
C:\Users\Princhi\AppData\Roaming\Firefox
C:\Users\Princhi\AppData\Local\0
C:\Users\Princhi\AppData\Local\Chromium
C:\Users\Princhi\AppData\Local\Firefox
FF SearchPlugin: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\searchplugins\startsearch.xml [2017-03-02]
C:\Users\Princhi\Downloads\*CHIP-Installer*.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
C:\Users\Princhi\Documents\aMule Downloads
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\E4DFFE2B890D5484D965ED57EB3B9531
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A3E82F60CEBDCC43AF5175527C9A788
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A3E82F60CEBDCC43AF5175527C9A788
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|WinSnare
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRssReader|BikaQ.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRssReader|Interop.Microsoft.Feeds.Interop.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRssReader|MagicLibrary.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRss|BikaQ.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRss|Interop.Microsoft.Feeds.Interop.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRss|MagicLibrary.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3CADD814C61E2C745BEFF4CBBAE0010D
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\E4DFFE2B890D5484D965ED57EB3B9531
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8}
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\7F895C750E9BE104B8CA1D17BEA8108A
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA0118CE95AE0D70F14E7E8A72452C8
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8}
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Svchost|Zerzitain
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A3E82F60CEBDCC43AF5175527C9A788
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88}
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Footper
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\292ccb68_0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Footper
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Svchost|Zerzitain
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment|BREAKPAD_DUMP_LOCATION
DeleteValue: HKCU\SOFTWARE\Classes\ftp\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\ftp\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\http\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\http\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\https\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\https\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\irc\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\irc\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\mailto\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\mailto\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\mms\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\mms\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\news\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\news\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\nntp\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\nntp\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\sms\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\sms\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\smsto\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\smsto\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\tel\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\tel\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\urn\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\urn\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\webcal\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\webcal\shell\open\command|
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2
Bitte poste mit deiner nächsten Antwort
Geändert von M-K-D-B (09.03.2017 um 16:39 Uhr) |
|
09.03.2017, 16:45
| #15 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziertCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-03-2017
durchgeführt von Princhi (09-03-2017 16:08:43) Run:2
Gestartet von C:\Users\Princhi\Desktop
Geladene Profile: Princhi (Verfügbare Profile: Princhi)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Program Files (x86)\metadata
C:\WINDOWS\SysWOW64\4
C:\WINDOWS\SysWOW64\3
C:\Program Files (x86)\3jq34c24
C:\Program Files (x86)\5vfzp0oa
C:\Program Files (x86)\7dzsnilj
C:\Program Files (x86)\9ed212pd
C:\Program Files (x86)\9mivm68y
C:\Program Files (x86)\mup1dg4v
C:\Program Files (x86)\st2qnxas
C:\Program Files (x86)\usir3bcv
C:\Program Files (x86)\x3o9achi
C:\Program Files (x86)\z91a12n4
C:\Program Files (x86)\{39B8E62D-C3E1-4E5D-916B-4C09E3BFD79E}
C:\Program Files (x86)\{8EC75265-1107-46A4-B15D-E5E78F686B1E}
C:\Program Files (x86)\{91DAAF58-54C3-46E5-9F1E-D4614D6AE963}
C:\Program Files (x86)\{C72739C5-5A2D-4BA4-8BED-EFFD0A0043BC}
C:\ProgramData\dgadg
C:\ProgramData\dgjcg
C:\ProgramData\ehaeh
C:\Users\Princhi\AppData\Roaming\B811151F-8DD6-4B32-9FE4-DEDABBFD9935
C:\Users\Princhi\AppData\Roaming\Firefox
C:\Users\Princhi\AppData\Local\0
C:\Users\Princhi\AppData\Local\Chromium
C:\Users\Princhi\AppData\Local\Firefox
FF SearchPlugin: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\searchplugins\startsearch.xml [2017-03-02]
C:\Users\Princhi\AppData\LocalLow\Mozilla
C:\Users\Princhi\Downloads\*CHIP-Installer*.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
C:\Users\Princhi\Documents\aMule Downloads
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\E4DFFE2B890D5484D965ED57EB3B9531
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A3E82F60CEBDCC43AF5175527C9A788
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A3E82F60CEBDCC43AF5175527C9A788
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|WinSnare
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRssReader|BikaQ.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRssReader|Interop.Microsoft.Feeds.Interop.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRssReader|MagicLibrary.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRss|BikaQ.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRss|Interop.Microsoft.Feeds.Interop.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRss|MagicLibrary.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3CADD814C61E2C745BEFF4CBBAE0010D
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\E4DFFE2B890D5484D965ED57EB3B9531
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8}
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\7F895C750E9BE104B8CA1D17BEA8108A
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA0118CE95AE0D70F14E7E8A72452C8
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8}
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Svchost|Zerzitain
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A3E82F60CEBDCC43AF5175527C9A788
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88}
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Footper
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\292ccb68_0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Footper
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Svchost|Zerzitain
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment|BREAKPAD_DUMP_LOCATION
DeleteValue: HKCU\SOFTWARE\Classes\ftp\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\ftp\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\http\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\http\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\https\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\https\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\irc\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\irc\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\mailto\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\mailto\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\mms\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\mms\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\news\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\news\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\nntp\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\nntp\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\sms\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\sms\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\smsto\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\smsto\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\tel\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\tel\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\urn\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\urn\shell\open\command|
DeleteValue: HKCU\SOFTWARE\Classes\webcal\DefaultIcon|
DeleteValue: HKCU\SOFTWARE\Classes\webcal\shell\open\command|
EmptyTemp:
end
*****************
Prozesse erfolgreich geschlossen.
C:\Program Files (x86)\metadata => erfolgreich verschoben
C:\WINDOWS\SysWOW64\4 => erfolgreich verschoben
C:\WINDOWS\SysWOW64\3 => erfolgreich verschoben
C:\Program Files (x86)\3jq34c24 => erfolgreich verschoben
C:\Program Files (x86)\5vfzp0oa => erfolgreich verschoben
C:\Program Files (x86)\7dzsnilj => erfolgreich verschoben
C:\Program Files (x86)\9ed212pd => erfolgreich verschoben
C:\Program Files (x86)\9mivm68y => erfolgreich verschoben
C:\Program Files (x86)\mup1dg4v => erfolgreich verschoben
C:\Program Files (x86)\st2qnxas => erfolgreich verschoben
C:\Program Files (x86)\usir3bcv => erfolgreich verschoben
C:\Program Files (x86)\x3o9achi => erfolgreich verschoben
C:\Program Files (x86)\z91a12n4 => erfolgreich verschoben
C:\Program Files (x86)\{39B8E62D-C3E1-4E5D-916B-4C09E3BFD79E} => erfolgreich verschoben
C:\Program Files (x86)\{8EC75265-1107-46A4-B15D-E5E78F686B1E} => erfolgreich verschoben
C:\Program Files (x86)\{91DAAF58-54C3-46E5-9F1E-D4614D6AE963} => erfolgreich verschoben
C:\Program Files (x86)\{C72739C5-5A2D-4BA4-8BED-EFFD0A0043BC} => erfolgreich verschoben
C:\ProgramData\dgadg => erfolgreich verschoben
C:\ProgramData\dgjcg => erfolgreich verschoben
C:\ProgramData\ehaeh => erfolgreich verschoben
C:\Users\Princhi\AppData\Roaming\B811151F-8DD6-4B32-9FE4-DEDABBFD9935 => erfolgreich verschoben
C:\Users\Princhi\AppData\Roaming\Firefox => erfolgreich verschoben
C:\Users\Princhi\AppData\Local\0 => erfolgreich verschoben
C:\Users\Princhi\AppData\Local\Chromium => erfolgreich verschoben
C:\Users\Princhi\AppData\Local\Firefox => erfolgreich verschoben
"C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\searchplugins\startsearch.xml" => nicht gefunden.
C:\Users\Princhi\AppData\LocalLow\Mozilla => erfolgreich verschoben
=========== "C:\Users\Princhi\Downloads\*CHIP-Installer*.exe" ==========
C:\Users\Princhi\Downloads\Mouse Recorder Premium - CHIP-Installer.exe => erfolgreich verschoben
========= Ende -> "C:\Users\Princhi\Downloads\*CHIP-Installer*.exe" ========
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC => erfolgreich verschoben
C:\Users\Princhi\Documents\aMule Downloads => erfolgreich verschoben
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\E4DFFE2B890D5484D965ED57EB3B9531 => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A3E82F60CEBDCC43AF5175527C9A788 => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A3E82F60CEBDCC43AF5175527C9A788 => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\WinSnare => Wert erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRssReader|BikaQ.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRssReader|Interop.Microsoft.Feeds.Interop.DLL => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRssReader|MagicLibrary.DLL => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRss|BikaQ.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRss|Interop.Microsoft.Feeds.Interop.DLL => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|BikaQRss|MagicLibrary.DLL => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736 => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736 => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F => Schlüssel nicht gefunden.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3CADD814C61E2C745BEFF4CBBAE0010D => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\E4DFFE2B890D5484D965ED57EB3B9531 => Schlüssel nicht gefunden.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8} => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\7F895C750E9BE104B8CA1D17BEA8108A => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA0118CE95AE0D70F14E7E8A72452C8 => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8} => Schlüssel nicht gefunden.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\\Zerzitain => Wert erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A3E82F60CEBDCC43AF5175527C9A788 => Schlüssel nicht gefunden.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736 => Schlüssel nicht gefunden.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88} => Schlüssel nicht gefunden.
HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\29993591C160B8E40935701B5703A34F => Schlüssel nicht gefunden.
HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Footper => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\292ccb68_0 => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Footper => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\\Zerzitain => Wert nicht gefunden.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\BREAKPAD_DUMP_LOCATION => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\ftp\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\ftp\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\http\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\http\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\https\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\https\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\irc\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\irc\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\mailto\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\mailto\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\mms\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\mms\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\news\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\news\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\nntp\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\nntp\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\sms\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\sms\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\smsto\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\smsto\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\tel\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\tel\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\urn\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\urn\shell\open\command\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\webcal\DefaultIcon\\ => Wert erfolgreich entfernt
HKCU\SOFTWARE\Classes\webcal\shell\open\command\\ => Wert erfolgreich entfernt
=========== EmptyTemp: ==========
BITS transfer queue => 1382468 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24274264 B
Java, Flash, Steam htmlcache => 1220 B
Windows/system/drivers => 41 B
Edge => 214842643 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 818 B
NetworkService => 0 B
Princhi => 267008703 B
RecycleBin => 1064172 B
EmptyTemp: => 485 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 16:08:58 ====
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
durchgeführt von Princhi (Administrator) auf EPONA (09-03-2017 16:41:24)
Gestartet von C:\Users\Princhi\Desktop
Geladene Profile: Princhi (Verfügbare Profile: Princhi)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [Blackcomb] => C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe [131072 2011-02-11] (Samsung Electronics.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1206784 2016-08-12] (Cisco Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-21] (Electronic Arts)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [Spotify Web Helper] => C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-09] (Spotify Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
Startup: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{11c06b9c-c7a3-42f0-b493-0dcb6de1d03f}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{1920ae60-1c7d-4c3e-8d02-ba2d7909bffb}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4aa061a8-dd76-4dde-ab8c-36f40625fc51}: [DhcpNameServer] 139.7.30.126 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> hxxp://www.google.com
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @gametree.co.kr/GTL -> C:\ProgramData\Gametree\GTL\npGTL.dll [2013-06-13] (NtreevSoft)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-08]
CHR Extension: (Google Präsentationen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-18]
CHR Extension: (Google Docs) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Google Drive) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (YouTube) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (Adblock Plus) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-17]
CHR Extension: (Google Tabellen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Google Mail) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
CHR Extension: (pumpkin) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkigkiflejlmpibnlecfdgkhjijgkoao [2016-10-19]
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-08]
StartMenuInternet: Google Chrome - Chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 HmaOpenVpnService; D:\Programme\HMA! Pro VPN\bin\openvpnserv.exe [46688 2016-09-23] (The OpenVPN Project)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.)
S2 Ntp2NetSvc; C:\Program Files (x86)\notepad2\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 Ntp2UpSvc; C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-02-21] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-02-21] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 C2XXCOM; C:\WINDOWS\system32\DRIVERS\C2XXCOM76.sys [49920 2010-08-09] (Samsung Electronics)
S3 C2xxUSB; C:\WINDOWS\system32\DRIVERS\C2xxUSB76.sys [46080 2010-11-04] (Samsung Electronics)
S3 C2xxUsbStorage; C:\WINDOWS\system32\DRIVERS\C2xSTR76.sys [9216 2010-06-10] (Samsung Electronics)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-11-19] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [27136 2016-09-23] (The OpenVPN Project)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-09] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-09] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-09] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-09] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [20128 2017-02-28] () [Datei ist nicht signiert]
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-08-15] (Wellbia.com Co., Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Drei Monate: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 22:33 - 2017-03-08 22:33 - 00048843 _____ C:\Users\Princhi\Desktop\SystemLook.zip
2017-03-08 21:42 - 2017-03-08 22:07 - 00671952 _____ C:\Users\Princhi\Desktop\SystemLook.txt
2017-03-08 21:39 - 2017-03-08 21:40 - 00165376 _____ C:\Users\Princhi\Desktop\SystemLook_x64.exe
2017-03-08 21:31 - 2017-03-09 16:08 - 00016719 _____ C:\Users\Princhi\Desktop\Fixlog.txt
2017-03-08 21:30 - 2017-03-08 21:30 - 00000000 ____D C:\Users\Princhi\Desktop\FRST-OlderVersion
2017-03-08 20:30 - 2017-03-08 20:30 - 00037601 _____ C:\Users\Princhi\Downloads\mbam.zip
2017-03-08 20:30 - 2017-03-08 20:30 - 00037601 _____ C:\Users\Princhi\Desktop\mbam.zip
2017-03-08 19:37 - 2017-03-09 16:33 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-08 19:04 - 2017-03-08 22:25 - 00047478 _____ C:\Users\Princhi\Desktop\Addition.txt
2017-03-08 19:03 - 2017-03-09 16:42 - 00019607 _____ C:\Users\Princhi\Desktop\FRST.txt
2017-03-08 19:01 - 2017-03-08 19:12 - 00000548 _____ C:\Users\Princhi\Desktop\JRT.txt
2017-03-08 18:59 - 2017-03-08 18:59 - 01663736 _____ (Malwarebytes) C:\Users\Princhi\Desktop\JRT.exe
2017-03-08 18:58 - 2017-03-08 18:59 - 01663736 _____ (Malwarebytes) C:\Users\Princhi\Downloads\JRT.exe
2017-03-08 18:51 - 2017-03-08 18:51 - 00819352 _____ C:\Users\Princhi\Desktop\mbam.txt
2017-03-08 18:21 - 2017-03-09 16:33 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-08 18:20 - 2017-03-09 16:33 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 18:20 - 2017-03-09 16:33 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-08 18:20 - 2017-03-09 16:33 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-08 18:20 - 2017-03-08 18:20 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-08 18:20 - 2017-03-08 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-08 18:20 - 2017-03-08 18:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-08 18:20 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-08 18:19 - 2017-03-08 18:19 - 57131432 _____ (Malwarebytes ) C:\Users\Princhi\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 18:15 - 2017-03-08 18:19 - 57131432 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 17:41 - 2017-03-08 18:08 - 00080986 _____ C:\TDSSKiller.3.1.0.12_08.03.2017_17.41.13_log.txt
2017-03-08 17:39 - 2017-03-08 17:39 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Princhi\Downloads\tdsskiller.exe
2017-03-08 17:32 - 2017-03-08 17:33 - 00065691 _____ C:\Users\Princhi\Downloads\Addition.txt
2017-03-08 17:31 - 2017-03-09 16:41 - 00000000 ____D C:\FRST
2017-03-08 17:31 - 2017-03-08 17:33 - 00042386 _____ C:\Users\Princhi\Downloads\FRST.txt
2017-03-08 17:24 - 2017-03-08 21:30 - 02423808 _____ (Farbar) C:\Users\Princhi\Desktop\FRST64.exe
2017-03-08 16:39 - 2017-03-08 16:40 - 02870984 _____ (ESET) C:\Users\Princhi\Downloads\esetsmartinstaller_deu.exe
2017-03-07 17:37 - 2017-03-07 17:38 - 00124970 _____ C:\Users\Princhi\Downloads\IMG_20170307_0001.pdf
2017-03-07 15:41 - 2017-03-07 15:41 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup (1).exe
2017-03-02 15:14 - 2017-03-02 15:14 - 04031440 _____ C:\Users\Princhi\Desktop\adwcleaner_6.044.exe
2017-03-01 17:31 - 2017-03-01 17:32 - 09036000 _____ (GOG.com ) C:\Users\Princhi\Downloads\setup_settlers3_2.0.0.17.exe
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\AppData\Local\TeamSpeak 3
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\.TeamSpeak 3
2017-03-01 14:19 - 2017-03-02 15:15 - 00001180 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-28 22:11 - 2017-02-28 22:11 - 00004096 _____ C:\WINDOWS\d3dx.dat
2017-02-28 21:45 - 2017-02-28 23:30 - 00020128 _____ C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2017-02-28 21:44 - 2017-02-28 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lionhead Studios Ltd
2017-02-22 14:34 - 2017-02-22 14:34 - 04015056 _____ C:\Users\Princhi\Downloads\Nicht bestätigt 889461.crdownload
2017-02-16 15:21 - 2017-02-16 15:21 - 00000000 ____D C:\Program Files (x86)\notepad2
2017-02-14 21:54 - 2017-02-14 21:54 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (5).pdf
2017-02-14 14:06 - 2017-02-14 14:06 - 00000000 ____D C:\ProgramData\Apple Computer
2017-02-13 17:39 - 2017-02-13 17:39 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (4).pdf
2017-02-13 13:30 - 2017-02-13 13:30 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre (2).pdf
2017-02-13 13:29 - 2017-02-13 13:29 - 00460744 _____ C:\Users\Princhi\Downloads\1.04 Grundlagen des Rechts - Methodenlehre (1).pdf
2017-02-13 13:23 - 2017-02-13 13:23 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (3).pdf
2017-02-12 19:35 - 2017-02-12 19:35 - 00019905 _____ C:\Users\Princhi\Downloads\Hausarbeit_Vorlage_Iurratio_de (1).odt
2017-02-10 13:43 - 2017-02-10 13:43 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup.exe
2017-02-10 13:33 - 2017-02-10 13:33 - 04015056 _____ C:\Users\Princhi\Downloads\adwcleaner_6.043.exe
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 16:57 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 16:57 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-08 16:57 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-08 16:56 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 16:56 - 2016-12-29 14:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-07 19:53 - 2017-02-07 19:53 - 00015226 _____ C:\Users\Princhi\Downloads\Hausarbeit.odt
2017-02-05 19:50 - 2017-02-05 19:50 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre (1).pdf
2017-02-05 18:43 - 2017-02-05 18:43 - 02665322 _____ C:\Users\Princhi\Downloads\Beispiel fuer Hausarbeit - unverbindlich (2).pdf
2017-02-05 18:31 - 2017-02-05 18:31 - 00019905 _____ C:\Users\Princhi\Downloads\Hausarbeit_Vorlage_Iurratio_de.odt
2017-02-05 18:16 - 2017-02-05 18:16 - 00006127 _____ C:\Users\Princhi\Downloads\Literaturverzeichnis OeR (1).pdf
2017-02-05 15:22 - 2017-02-05 15:22 - 00006859 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (2).txt
2017-02-05 15:21 - 2017-02-05 15:21 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (2).pdf
2017-02-05 15:21 - 2017-02-05 15:21 - 00033891 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (2).odt
2017-02-05 15:12 - 2017-02-05 15:12 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (1).pdf
2017-02-04 18:33 - 2017-02-04 18:33 - 02780961 _____ C:\Users\Princhi\Downloads\1.09 BGB-AT - Stellvertretung (1).pdf
2017-02-04 18:33 - 2017-02-04 18:33 - 00740900 _____ C:\Users\Princhi\Downloads\1.12 BGB-AT - Inhalt und Ausuebung subj. Rechte (Teil 3).pdf
2017-02-04 18:33 - 2017-02-04 18:33 - 00333750 _____ C:\Users\Princhi\Downloads\1.13 BGB-AT - Fristen und Termine.pdf
2017-02-03 22:12 - 2017-02-03 22:16 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\DS4Windows
2017-02-03 22:12 - 2017-02-03 22:12 - 01174539 _____ C:\Users\Princhi\Downloads\DS4Windows.zip
2017-02-03 22:08 - 2017-02-03 22:08 - 00000000 ____D C:\Princhi
2017-02-03 17:34 - 2017-02-03 17:35 - 00398006 _____ C:\Users\Princhi\Downloads\FRITZ.Box 7430 146.06.30_03.02.17_1735.export
2017-02-02 15:55 - 2017-02-02 15:55 - 00447087 _____ C:\Users\Princhi\Downloads\1.07 BGB-AT -Rechtssubjekte, Geschaeftsfaehigkeit.pdf
2017-02-02 12:25 - 2017-02-02 12:25 - 00083358 _____ C:\Users\Princhi\Downloads\AD$47A1.tmp
2017-01-29 21:46 - 2017-01-29 21:46 - 02396359 _____ C:\Users\Princhi\Downloads\servobride-babbob.package
2017-01-29 21:35 - 2017-01-29 21:35 - 03969586 _____ C:\Users\Princhi\Downloads\magicalgirlsimmer_s3tos4_doublebedteen.package
2017-01-29 21:30 - 2017-01-29 21:32 - 11485169 _____ C:\Users\Princhi\Downloads\Nightcrawler AF Hair CONFETTI.package
2017-01-29 21:30 - 2017-01-29 21:31 - 04089184 _____ C:\Users\Princhi\Downloads\[marinaandtheplumbobs]nightcrawlerconfettifortoddlers.package
2017-01-29 21:18 - 2017-01-29 21:21 - 07067923 _____ C:\Users\Princhi\Downloads\KKsweatshirts02.zip
2017-01-29 21:18 - 2017-01-29 21:18 - 02928925 _____ C:\Users\Princhi\Downloads\KKsweatshirts02forToddler.package
2017-01-29 21:16 - 2017-01-29 21:17 - 02191957 _____ C:\Users\Princhi\Downloads\JZest_MessyHair.package
2017-01-29 17:13 - 2017-01-29 17:13 - 00947120 _____ C:\Users\Princhi\Downloads\1.05 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-29 17:13 - 2017-01-29 17:13 - 00671454 _____ C:\Users\Princhi\Downloads\1.06 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-29 17:11 - 2017-01-29 17:11 - 00800612 _____ C:\Users\Princhi\Downloads\1.03 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-29 17:11 - 2017-01-29 17:11 - 00460744 _____ C:\Users\Princhi\Downloads\1.04 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-29 17:10 - 2017-01-29 17:10 - 00858619 _____ C:\Users\Princhi\Downloads\1.02 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-28 13:44 - 2017-01-28 13:44 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-28 13:44 - 2017-01-28 13:44 - 01137309 _____ C:\Users\Princhi\Downloads\1.08 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-28 13:43 - 2017-01-28 13:44 - 01931308 _____ C:\Users\Princhi\Downloads\1.09 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-28 13:43 - 2017-01-28 13:43 - 00762944 _____ C:\Users\Princhi\Downloads\1.10 Grundlagen des Rechts - Methodenlehre.pdf
2017-01-26 15:25 - 2017-01-26 15:25 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise.pdf
2017-01-25 20:42 - 2017-01-25 20:42 - 00109615 _____ C:\Users\Princhi\Downloads\Schema Grundrechtspruefung.pdf
2017-01-25 17:43 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 17:43 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 17:18 - 2017-01-25 17:18 - 00103080 _____ C:\Users\Princhi\Downloads\Verfassungsbeschwerde (1).pdf
2017-01-25 16:46 - 2017-01-25 16:46 - 00343893 _____ C:\Users\Princhi\Downloads\Frostschutzmittelwarnung Loesungsskizze.pdf
2017-01-25 13:08 - 2017-01-25 13:08 - 00103080 _____ C:\Users\Princhi\Downloads\Verfassungsbeschwerde.pdf
2017-01-25 13:07 - 2017-01-25 13:07 - 00009667 _____ C:\Users\Princhi\Downloads\Frostschutzmittelwarnung Fall.pdf
2017-01-22 17:35 - 2017-01-22 17:36 - 10723543 _____ C:\Users\Princhi\Downloads\Praesentation Buchfuehrung WS16-17 - Wirtschaftsrecht-aktualisiert.pdf
2017-01-22 17:35 - 2017-01-22 17:35 - 00237957 _____ C:\Users\Princhi\Downloads\bungsaufgaben zur wiederholung - WI und WR (1).pdf
2017-01-22 00:29 - 2017-01-22 00:29 - 00000772 _____ C:\WINDOWS\SysWOW64\ping.cfg
2017-01-21 20:52 - 2017-01-21 20:52 - 00237957 _____ C:\Users\Princhi\Downloads\bungsaufgaben zur wiederholung - WI und WR.pdf
2017-01-19 19:41 - 2017-01-19 19:41 - 00100319 _____ C:\Users\Princhi\Downloads\bung 1.pdf
2017-01-19 19:06 - 2017-02-16 14:18 - 00001415 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2017-01-19 18:31 - 2017-01-19 18:31 - 00185921 _____ C:\Users\Princhi\Downloads\Beiblatt.pdf
2017-01-19 18:31 - 2017-01-19 18:31 - 00168917 _____ C:\Users\Princhi\Downloads\bung 6.pdf
2017-01-19 18:31 - 2017-01-19 18:31 - 00090633 _____ C:\Users\Princhi\Downloads\0. Ablaufplan WS 16-17.pdf
2017-01-19 15:55 - 2017-01-19 15:55 - 00361440 _____ C:\Users\Princhi\Downloads\ticketdirect1893193764.pdf
2017-01-19 15:55 - 2017-01-19 15:55 - 00361440 _____ C:\Users\Princhi\Downloads\ticketdirect1893193764 (1).pdf
2017-01-19 13:17 - 2017-01-19 13:18 - 03988944 _____ C:\Users\Princhi\Downloads\adwcleaner_6.042.exe
2017-01-18 17:56 - 2017-03-08 16:24 - 00001793 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-18 15:45 - 2017-01-18 15:45 - 01180823 _____ C:\Users\Princhi\Downloads\BGB-AT_Probeklausur.pdf
2017-01-13 21:24 - 2017-01-13 23:11 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Mouse Recorder
2017-01-13 21:24 - 2017-01-13 21:24 - 00001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MouseRecorder.lnk
2017-01-13 21:24 - 2017-01-13 21:24 - 00000000 ____D C:\ProgramData\MouseRecorder
2017-01-13 21:24 - 2017-01-13 21:24 - 00000000 ____D C:\Program Files (x86)\MouseRecorder
2017-01-11 21:54 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 21:54 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 21:54 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 21:54 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 21:54 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 21:54 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 21:54 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 21:54 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 21:54 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 21:54 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 21:54 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 21:54 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 21:54 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 21:54 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 21:54 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 21:54 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 21:54 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 21:54 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 21:54 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 21:54 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 21:54 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 21:54 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 21:54 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 21:54 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 21:54 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 21:54 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 21:54 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 21:54 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 21:54 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 21:54 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 21:54 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 21:54 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 21:54 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 21:54 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 21:54 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 21:54 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 21:54 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 21:54 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 21:54 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 21:54 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 21:54 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 21:54 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 21:54 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 21:54 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 21:54 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 21:54 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 21:54 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 21:54 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 21:54 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 21:54 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 21:54 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 21:54 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 21:54 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 21:54 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 21:54 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 21:54 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 21:54 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 21:54 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 21:54 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 21:54 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 21:54 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 21:54 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 21:54 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 21:54 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 21:54 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 21:54 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 21:54 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 21:54 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 21:54 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 21:54 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 21:54 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 21:54 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 21:54 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 21:54 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 21:54 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 21:54 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 21:54 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 21:54 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 21:54 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 21:54 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 21:54 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 21:54 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 21:54 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 21:54 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 21:54 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 21:54 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 21:54 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 21:54 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 21:54 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 21:54 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 21:54 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 21:54 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 21:54 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 21:54 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 21:54 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 21:54 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 21:54 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 21:54 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 21:54 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 21:54 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 21:54 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 21:54 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 21:54 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 21:54 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 21:54 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 21:54 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 21:54 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 21:54 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 21:54 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 21:54 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 21:54 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 21:54 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 21:54 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 21:54 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 21:54 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 21:54 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 21:54 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 21:54 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 21:54 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 21:54 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 21:54 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 21:54 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 21:54 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 21:54 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 21:54 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 21:54 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 21:54 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 21:54 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 21:54 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 21:54 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 21:54 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 21:54 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 21:54 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 21:54 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 21:54 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 21:54 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 21:54 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 21:54 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 21:54 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 21:54 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 21:54 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 21:54 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 21:54 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 21:54 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 21:54 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 21:54 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 21:54 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 21:54 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 21:54 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 21:54 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 21:54 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 21:54 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 21:54 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 21:54 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 21:54 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 21:54 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-07 19:58 - 2017-01-07 20:05 - 17249298 _____ C:\Users\Princhi\Downloads\364943 Chimame-tai - Tokimeki Poporon.osz
2017-01-07 13:15 - 2017-01-07 13:15 - 06918399 _____ C:\Users\Princhi\Downloads\Fabi Wach was läuft bei dir Falsch__.mp4
2017-01-04 15:21 - 2017-01-04 15:21 - 34719288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-04 15:21 - 2017-01-04 15:21 - 28211768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-04 15:20 - 2017-01-04 15:20 - 00951224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-04 15:20 - 2017-01-04 15:20 - 00903096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-04 15:20 - 2017-01-04 15:20 - 00448560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-04 15:20 - 2017-01-04 15:20 - 00397240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-04 15:19 - 2017-01-04 15:19 - 01964600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437653.dll
2017-01-04 15:19 - 2017-01-04 15:19 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437653.dll
2017-01-04 15:19 - 2017-01-04 15:19 - 01047088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-04 15:19 - 2017-01-04 15:19 - 00985136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-04 15:19 - 2017-01-04 15:19 - 00054720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 40132536 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 35231160 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 02957240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 02594744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 00394800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-04 15:18 - 2017-01-04 15:18 - 00355768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-04 15:03 - 2017-01-04 15:03 - 11016832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-04 15:03 - 2017-01-04 15:03 - 10907184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-04 15:03 - 2017-01-04 15:03 - 09247528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-04 15:03 - 2017-01-04 15:03 - 09000152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 10453336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 08846832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 03513632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00818496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00698728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00658400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00586968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00407240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-01-04 15:02 - 2017-01-04 15:02 - 00338960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-04 10:07 - 2017-01-04 10:07 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-04 10:07 - 2017-01-04 10:07 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-12-26 13:48 - 2016-12-27 00:48 - 00001108 _____ C:\WINDOWS\SysWOW64\cookies_icc.log
2016-12-26 13:48 - 2016-12-27 00:48 - 00000621 _____ C:\WINDOWS\SysWOW64\cookies.log
2016-12-20 14:09 - 2016-12-20 14:10 - 03977168 _____ C:\Users\Princhi\Downloads\AdwCleaner_6.041.exe
2016-12-16 15:50 - 2016-12-16 15:50 - 02780961 _____ C:\Users\Princhi\Downloads\1.09 BGB-AT - Stellvertretung.pdf
2016-12-16 15:49 - 2016-12-16 15:50 - 09377826 _____ C:\Users\Princhi\Downloads\Skript Buchfuehrung - WI-WR-WS2016-2017-Endfassung (2).pdf
2016-12-16 15:44 - 2016-12-16 15:44 - 09377826 _____ C:\Users\Princhi\Downloads\Skript Buchfuehrung - WI-WR-WS2016-2017-Endfassung (1).pdf
2016-12-15 17:26 - 2016-12-15 17:26 - 00000283 _____ C:\Users\Princhi\Downloads\Download.htm
2016-12-15 15:24 - 2017-03-08 18:48 - 00292176 _____ C:\WINDOWS\PFRO.log
2016-12-14 21:29 - 2017-02-07 22:11 - 00000000 ____D C:\Users\Princhi\Desktop\UNI
2016-12-14 20:09 - 2016-12-14 20:10 - 09377826 _____ C:\Users\Princhi\Downloads\Skript Buchfuehrung - WI-WR-WS2016-2017-Endfassung.pdf
2016-12-14 19:41 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 19:41 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 19:41 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 19:41 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 19:41 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:41 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 19:41 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 19:41 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 19:41 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 19:41 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 19:41 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 19:41 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 19:41 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 19:41 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 19:41 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 19:41 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 19:41 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 19:41 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 19:41 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 19:41 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 19:40 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 19:40 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 19:40 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 19:40 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 19:40 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 19:40 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 19:40 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 19:40 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 19:40 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 19:40 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 19:40 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 19:40 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 19:40 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 19:40 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 19:40 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 19:40 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 19:40 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 19:40 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 19:40 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 19:40 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 19:40 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 19:40 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 19:40 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 19:40 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 19:40 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 19:40 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 19:40 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:40 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 19:40 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 19:40 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 19:40 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 19:40 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 19:40 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 19:40 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 19:40 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 19:40 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 19:40 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 19:40 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 19:40 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 19:40 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 19:40 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 19:40 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 19:40 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 19:40 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 19:40 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 19:40 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 19:40 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 19:40 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 19:40 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 19:40 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 19:40 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 19:40 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 19:40 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 19:40 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 19:40 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 19:40 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 19:40 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 19:40 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 19:40 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 19:40 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 19:40 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 16:57 - 2017-02-28 00:24 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-13 14:24 - 2016-12-13 14:17 - 48900766 _____ C:\Users\Princhi\Desktop\Roach 2.1.3 - Specials-498-2-1-3.rar
2016-12-13 14:24 - 2016-09-06 10:55 - 00000000 ____D C:\Users\Princhi\Desktop\Fera_RoachSpecials
2016-12-13 14:13 - 2016-12-13 14:17 - 48900766 _____ C:\Users\Princhi\Downloads\Roach 2.1.3 - Specials-498-2-1-3.rar
2016-12-13 13:54 - 2016-12-13 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-12-11 00:21 - 2017-02-19 16:54 - 00003519 _____ C:\WINDOWS\setupact.log
2016-12-11 00:21 - 2016-12-11 00:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2016-12-10 16:53 - 2017-03-09 16:32 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-10 12:56 - 2016-12-10 12:56 - 00085218 _____ C:\Users\Princhi\Documents\cc_20161210_125624.reg
2016-12-09 20:54 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 20:54 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 20:54 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 20:54 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 20:54 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 20:54 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 20:54 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 20:54 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 20:54 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 20:54 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 20:54 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 20:54 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 20:54 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 20:54 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 20:54 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 20:54 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 20:54 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 20:54 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 20:54 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 20:54 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 20:54 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 20:54 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 20:54 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 20:54 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 20:54 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 20:54 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 20:54 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 20:54 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 20:54 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 20:54 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 20:54 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 20:54 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 20:54 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 20:54 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 20:54 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 20:54 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 20:54 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 20:54 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 20:54 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 20:54 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 20:54 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 20:54 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 20:54 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 20:54 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 20:54 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 20:54 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 20:54 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 20:54 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 20:54 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 20:54 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 20:54 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 20:54 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 20:54 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 20:54 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 20:54 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 20:54 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 20:54 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 20:54 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 20:54 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 20:54 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 20:54 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 20:54 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 20:54 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 20:54 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 20:54 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 20:54 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 20:54 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 20:54 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 20:54 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 20:54 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 20:54 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 20:54 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 20:54 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 20:54 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 20:54 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 20:54 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 20:54 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 20:54 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 20:54 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 20:54 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 20:54 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 20:54 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 20:54 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 20:54 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 20:54 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 20:54 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 20:54 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 20:54 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 20:54 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 20:54 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 20:54 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 20:54 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 20:54 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 20:54 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 20:54 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 20:54 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 20:54 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 20:54 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 20:54 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 20:54 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 20:54 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 20:54 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 20:54 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 20:54 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 20:54 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 20:54 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 20:54 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 20:54 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 20:54 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 20:54 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 20:54 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 20:54 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 20:54 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 20:54 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 20:54 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 20:54 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 20:54 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 20:54 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 20:54 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 20:54 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 20:54 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 20:54 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 20:54 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 20:54 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 20:54 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 20:54 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 20:54 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 20:54 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 20:54 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 20:54 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 20:54 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 20:54 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 20:54 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 20:54 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 20:54 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 20:54 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 20:54 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 20:54 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-09 20:53 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 20:53 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 20:53 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 20:53 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 20:53 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 20:53 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 20:53 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 20:53 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 20:53 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 20:53 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 20:53 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 20:53 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 20:53 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 20:53 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 20:53 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 20:53 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 20:53 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 20:53 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 20:53 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 20:53 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 20:53 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 20:53 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 20:53 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 20:53 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 20:53 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 20:53 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 20:53 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 20:53 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 20:53 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 20:53 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 20:53 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 20:53 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 20:53 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 20:53 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 20:53 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 20:53 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 20:53 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 20:53 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 20:53 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 20:53 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 20:53 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 20:53 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 20:53 - 2016-11-11 10:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-12-09 20:53 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 20:53 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 20:53 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 20:53 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 20:53 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 20:53 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 20:53 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 20:53 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 20:53 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 20:53 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 20:53 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 20:53 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 20:53 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 20:53 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 20:53 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 20:53 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 20:53 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 20:53 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 20:53 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 20:53 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 20:53 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 20:53 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 20:53 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 20:53 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 20:53 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
==================== Drei Monate: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-09 16:38 - 2016-07-16 23:51 - 01124082 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-09 16:38 - 2016-07-16 23:51 - 00269244 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-09 16:38 - 2015-08-04 22:14 - 02636028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 16:32 - 2016-09-05 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 16:32 - 2016-09-05 16:41 - 00000000 ____D C:\Users\Princhi
2017-03-09 16:32 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-09 16:32 - 2016-09-05 16:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 16:32 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-09 16:02 - 2015-01-25 19:13 - 00000000 ____D C:\Users\Princhi\AppData\Local\Battle.net
2017-03-09 15:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-09 13:24 - 2015-05-23 11:51 - 00000000 ____D C:\Users\Princhi\Documents\The Witcher 3
2017-03-09 12:22 - 2015-01-25 19:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-09 11:32 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 11:31 - 2015-02-08 19:49 - 00000000 ____D C:\AdwCleaner
2017-03-09 11:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-09 00:13 - 2014-11-02 13:20 - 00000000 ____D C:\Users\Princhi\AppData\Local\Spotify
2017-03-09 00:13 - 2014-11-01 23:48 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Spotify
2017-03-08 22:45 - 2016-04-23 01:04 - 00000000 ____D C:\Users\Princhi\AppData\Local\CrashDumps
2017-03-08 21:33 - 2014-11-01 14:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-08 21:31 - 2015-11-10 21:03 - 00000000 ____D C:\Users\Princhi\AppData\LocalLow\Temp
2017-03-08 18:46 - 2016-03-29 20:28 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-03-08 18:20 - 2014-12-17 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-08 18:13 - 2016-08-08 20:40 - 00000000 ____D C:\Users\Princhi\Desktop\Programme
2017-03-08 16:27 - 2014-12-26 16:00 - 00000000 ____D C:\ProgramData\Apple
2017-03-08 16:27 - 2014-11-02 14:54 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Origin
2017-03-08 14:32 - 2014-11-02 14:45 - 00000000 ____D C:\ProgramData\Origin
2017-03-07 15:38 - 2016-10-26 18:28 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-07 13:40 - 2014-11-24 12:36 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-07 01:47 - 2016-08-08 19:33 - 00000000 ____D C:\Users\Princhi\Desktop\Games
2017-03-07 01:46 - 2016-08-08 20:42 - 00000000 ____D C:\Users\Princhi\Desktop\Daten
2017-03-03 18:32 - 2016-08-01 19:35 - 00000000 ____D C:\Users\Princhi\AppData\Local\BewerbungsMaster
2017-03-02 15:15 - 2016-06-18 17:14 - 00001042 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-03-01 19:37 - 2014-11-07 17:25 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\TS3Client
2017-03-01 15:30 - 2014-11-07 17:25 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-03-01 02:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-28 21:44 - 2015-01-25 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 00:24 - 2015-08-04 22:26 - 00002420 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-28 00:24 - 2015-08-04 22:26 - 00000000 ___RD C:\Users\Princhi\OneDrive
2017-02-24 00:34 - 2014-10-31 14:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 15:41 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 13:55 - 2014-10-31 13:26 - 00000000 ____D C:\Users\Princhi\AppData\Local\Packages
2017-02-16 13:59 - 2014-10-31 16:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-12 19:26 - 2016-04-14 12:50 - 00000000 ____D C:\Users\Princhi\AppData\Local\BlackDesertOnline
2017-02-08 16:57 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 16:57 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 16:55 - 2016-08-24 10:17 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Skype
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-10-31 14:52 - 2014-11-22 00:55 - 0000153 _____ () C:\Users\Princhi\AppData\Roaming\WB.CFG
2014-11-02 03:52 - 2014-11-22 00:55 - 0000001 _____ () C:\Users\Princhi\AppData\Local\DSI.DAT
2016-09-05 16:36 - 2016-09-05 16:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-07 17:06
==================== Ende von FRST.txt ============================
|
|
| Themen zu Adware Adw Cleaner hilft nicht Google Chrome infiziert |
| askbar, launch |
Linear-Darstellung
