| |
| |||||||
Log-Analyse und Auswertung: Adware Adw Cleaner hilft nicht Google Chrome infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
08.03.2017, 17:03
| #1 |
 |  Adware Adw Cleaner hilft nicht Google Chrome infiziert Hallo, hab schon länger ein Problem mit nerviger adware in google chrome, die meine Suchmaschine durch z.B "luckystarting.com" ersetzt und auch neue Programme auf meinen Pc installiert, so wird z.B firefox runtergeladen. Ich hab jetzt öfter versucht es mit adw cleaner zu bereinigen, was auch etwas ruhe gibt, aber ich hab das Gefühl dass es schlimmer wird, deswegen wäre es sehr nett wenn mir jemand helfen könnte  Hier der neuste log von adw cleaner: # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 16:29:46 # Aktualisiert am 28/02/2017 von Malwarebytes # Datenbank : 2017-03-07.1 [Lokal] # Betriebssystem : Windows 10 Pro (X64) # Benutzername : Princhi - EPONA # Gestartet von : C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe # Modus: Suchlauf # Unterstützung : https://www.malwarebytes.com/support ***** [ Dienste ] ***** Dienst Gefunden: iSafeKrnl Dienst Gefunden: FirefoxU Dienst Gefunden: WinSAPSvc Dienst Gefunden: ed2kidle Dienst Gefunden: WinSnare Dienst Gefunden: Apps_Cfg Dienst Gefunden: Kyubey ***** [ Ordner ] ***** Ordner Gefunden: C:\Program Files (x86)\WinSnare(4.2.6) Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Elex-tech Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSAPSvc Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\winsapsvc Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\aMule Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Kyubey Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ Ordner Gefunden: C:\Program Files (x86)\Elex-tech Ordner Gefunden: C:\Program Files (x86)\BikaQRss Ordner Gefunden: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent Ordner Gefunden: C:\Program Files (x86)\Firefox Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare Ordner Gefunden: C:\Program Files (x86)\MIO Ordner Gefunden: C:\Program Files (x86)\reports ***** [ Dateien ] ***** Datei Gefunden: C:\Program Files (x86)\settings.dat Datei Gefunden: C:\Users\Public\Documents\temp.dat Datei Gefunden: C:\Users\Public\Documents\report.dat ***** [ DLL ] ***** Keine infizierten DLLs gefunden. ***** [ WMI ] ***** Keine schädlichen Schlüssel gefunden. ***** [ Verknüpfungen ] ***** Verknüpfung infiziert: C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM Verknüpfung infiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001 Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5 Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=ch Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7 Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz ***** [ Aufgabenplanung ] ***** Aufgabe Gefunden: Milimili Aufgabe Gefunden: BikaQ_FetchAndUpgrade_CanBeDel ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare Schlüssel Gefunden: HKU\.DEFAULT\Software\jhtrsq Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare Schlüssel Gefunden: HKU\S-1-5-18\Software\jhtrsq Schlüssel Gefunden: HKCU\Software\WinSnare Schlüssel Gefunden: HKLM\SOFTWARE\Elex-tech Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot Schlüssel Gefunden: HKLM\SOFTWARE\amule-custom Schlüssel Gefunden: HKLM\SOFTWARE\jhtrsq Schlüssel Gefunden: HKLM\SOFTWARE\startpageing123Software Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70} Schlüssel Gefunden: [x64] HKCU\Software\WinSnare Schlüssel Gefunden: [x64] HKLM\SOFTWARE\jhtrsq Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307 Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307 Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zf Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7td Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1 Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1 Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000D Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001- Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST100 Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be Daten Gefunden: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3 Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc] Schlüssel Gefunden: HKCU\SOFTWARE\Classes\ChromeHTML ***** [ Internetbrowser ] ***** Keine schädlichen Elemente in Firefox basierten Browsern gefunden. Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&u Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences ] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812& ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39] C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02] C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04] C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01] C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28] C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42] C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19] C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49] C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32] C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03] C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43] C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46] C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17] C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42] C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27] C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22] C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38] C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48] C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29] C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27] C:\AdwCleaner\AdwCleaner[S16].txt - [12090 Bytes] - [08/03/2017 16:29:46] C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45] C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40] C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37] C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17] C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01] C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16] C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59] C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26] C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S16].txt - [12826 Bytes] ########## |
|
08.03.2017, 17:09
| #2 |
| /// TB-Ausbilder   | Adware Adw Cleaner hilft nicht Google Chrome infiziert Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Was passiert, wenn du die Funde mit AdwCleaner entfernen lässt? Mach das mal bitte und poste die Logdatei dazu. AdwCleaner ruhig mehrmals ausführen... d. h. Suchen und entfernen lassen > Neustart > nochmal suchen und entfernen lassen > Neustart ... Danach geht es so weiter: Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
08.03.2017, 18:01
| #3 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziert Hier AdwCleaner (Bei dem ersten ist er mir zuerst abgeschmiert, konnte daraufhin erst beim 2. Durchlauf neustarten) :
__________________Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 16:29:46
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-07.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Princhi - EPONA
# Gestartet von : C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Dienst Gefunden: iSafeKrnl
Dienst Gefunden: FirefoxU
Dienst Gefunden: WinSAPSvc
Dienst Gefunden: ed2kidle
Dienst Gefunden: WinSnare
Dienst Gefunden: Apps_Cfg
Dienst Gefunden: Kyubey
***** [ Ordner ] *****
Ordner Gefunden: C:\Program Files (x86)\WinSnare(4.2.6)
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Elex-tech
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSAPSvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\winsapsvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\aMule
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Kyubey
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
Ordner Gefunden: C:\Program Files (x86)\Elex-tech
Ordner Gefunden: C:\Program Files (x86)\BikaQRss
Ordner Gefunden: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
Ordner Gefunden: C:\Program Files (x86)\Firefox
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Program Files (x86)\MIO
Ordner Gefunden: C:\Program Files (x86)\reports
***** [ Dateien ] *****
Datei Gefunden: C:\Program Files (x86)\settings.dat
Datei Gefunden: C:\Users\Public\Documents\temp.dat
Datei Gefunden: C:\Users\Public\Documents\report.dat
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Verknüpfung infiziert: C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
Verknüpfung infiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=ch
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: Milimili
Aufgabe Gefunden: BikaQ_FetchAndUpgrade_CanBeDel
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: HKU\.DEFAULT\Software\jhtrsq
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare
Schlüssel Gefunden: HKU\S-1-5-18\Software\jhtrsq
Schlüssel Gefunden: HKCU\Software\WinSnare
Schlüssel Gefunden: HKLM\SOFTWARE\Elex-tech
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\amule-custom
Schlüssel Gefunden: HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: HKLM\SOFTWARE\startpageing123Software
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Schlüssel Gefunden: [x64] HKCU\Software\WinSnare
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zf
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7td
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000D
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST100
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be
Daten Gefunden: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Schlüssel Gefunden: HKCU\SOFTWARE\Classes\ChromeHTML
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&u
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences ] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39]
C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02]
C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04]
C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19]
C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49]
C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32]
C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03]
C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43]
C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42]
C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22]
C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29]
C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27]
C:\AdwCleaner\AdwCleaner[S16].txt - [12090 Bytes] - [08/03/2017 16:29:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26]
C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S16].txt - [12826 Bytes] ##########
Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 16:30:35
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-07.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Princhi - EPONA
# Gestartet von : C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Dienst Gefunden: Apps_Cfg
Dienst Gefunden: Kyubey
***** [ Ordner ] *****
Ordner Gefunden: C:\Program Files (x86)\WinSnare(4.2.6)
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Elex-tech
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSAPSvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\winsapsvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\aMule
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Kyubey
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
Ordner Gefunden: C:\Program Files (x86)\Elex-tech
Ordner Gefunden: C:\Program Files (x86)\BikaQRss
Ordner Gefunden: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
Ordner Gefunden: C:\Program Files (x86)\Firefox
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Program Files (x86)\MIO
Ordner Gefunden: C:\Program Files (x86)\reports
***** [ Dateien ] *****
Datei Gefunden: C:\Program Files (x86)\settings.dat
Datei Gefunden: C:\Users\Public\Documents\temp.dat
Datei Gefunden: C:\Users\Public\Documents\report.dat
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Verknüpfung infiziert: C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
Verknüpfung infiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=ch
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: Milimili
Aufgabe Gefunden: BikaQ_FetchAndUpgrade_CanBeDel
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: HKU\.DEFAULT\Software\jhtrsq
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare
Schlüssel Gefunden: HKU\S-1-5-18\Software\jhtrsq
Schlüssel Gefunden: HKCU\Software\WinSnare
Schlüssel Gefunden: HKLM\SOFTWARE\Elex-tech
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\amule-custom
Schlüssel Gefunden: HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: HKLM\SOFTWARE\startpageing123Software
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Schlüssel Gefunden: [x64] HKCU\Software\WinSnare
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zf
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7td
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000D
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&uid=ST100
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be21fd67d
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3be
Daten Gefunden: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488986453&z=c3
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Schlüssel Gefunden: HKCU\SOFTWARE\Classes\ChromeHTML
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&u
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences ] - hxxp://www.startpageing123.com/?type=hp&ts=1488986453&z=c3be21fd67d7565f77e7b26gfz4b1b7tdbbq5zfw0q&from=che0812&
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39]
C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02]
C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04]
C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19]
C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49]
C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32]
C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03]
C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43]
C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42]
C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22]
C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29]
C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27]
C:\AdwCleaner\AdwCleaner[S16].txt - [12979 Bytes] - [08/03/2017 16:29:46]
C:\AdwCleaner\AdwCleaner[S17].txt - [12028 Bytes] - [08/03/2017 16:30:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26]
C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S17].txt - [12764 Bytes] ##########
Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 17:17:02
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-07.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Princhi - EPONA
# Gestartet von : C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Dienst Gefunden: WinSAPSvc
Dienst Gefunden: WinSnare
Dienst Gefunden: Kyubey
***** [ Ordner ] *****
Ordner Gefunden: C:\Program Files (x86)\WinSnare(4.2.6)
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSAPSvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\winsapsvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\aMule
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\Kyubey
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
Ordner Gefunden: C:\Program Files (x86)\BikaQRss
Ordner Gefunden: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Program Files (x86)\MIO
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2
Verknüpfung infiziert: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: Milimili
Aufgabe Gefunden: BikaQ_FetchAndUpgrade_CanBeDel
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: HKU\.DEFAULT\Software\jhtrsq
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare
Schlüssel Gefunden: HKU\S-1-5-18\Software\jhtrsq
Schlüssel Gefunden: HKCU\Software\WinSnare
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: HKLM\SOFTWARE\startpageing123Software
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Schlüssel Gefunden: [x64] HKCU\Software\WinSnare
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000D
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z1D
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1C
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST100
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488987296&z=b0e3968b651
Daten Gefunden: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488987296&z=b0e3
Daten Gefunden: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488987296&z=b0
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&u
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences ] - hxxp://www.startpageing123.com/?type=hp&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39]
C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02]
C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04]
C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01]
C:\AdwCleaner\AdwCleaner[C13].txt - [11139 Bytes] - [08/03/2017 16:31:51]
C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19]
C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49]
C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32]
C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03]
C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43]
C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42]
C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22]
C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29]
C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27]
C:\AdwCleaner\AdwCleaner[S16].txt - [12979 Bytes] - [08/03/2017 16:29:46]
C:\AdwCleaner\AdwCleaner[S17].txt - [12917 Bytes] - [08/03/2017 16:30:35]
C:\AdwCleaner\AdwCleaner[S18].txt - [10640 Bytes] - [08/03/2017 17:17:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26]
C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S18].txt - [11376 Bytes] ##########
Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 17:20:04
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-07.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Princhi - EPONA
# Gestartet von : C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Dienst Gefunden: WinSAPSvc
Dienst Gefunden: WinSnare
***** [ Ordner ] *****
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSAPSvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\winsapsvc
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
Ordner Gefunden: C:\Program Files (x86)\BikaQRss
Ordner Gefunden: C:\Users\Princhi\AppData\Roaming\WinSnare
Ordner Gefunden: C:\Program Files (x86)\MIO
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: Milimili
Aufgabe Gefunden: BikaQ_FetchAndUpgrade_CanBeDel
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Schlüssel Gefunden: HKU\.DEFAULT\Software\jhtrsq
Schlüssel Gefunden: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare
Schlüssel Gefunden: HKU\S-1-5-18\Software\jhtrsq
Schlüssel Gefunden: HKCU\Software\WinSnare
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Schlüssel Gefunden: [x64] HKCU\Software\WinSnare
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\jhtrsq
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Chrome pref Gefunden: [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39]
C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02]
C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04]
C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01]
C:\AdwCleaner\AdwCleaner[C13].txt - [11139 Bytes] - [08/03/2017 16:31:51]
C:\AdwCleaner\AdwCleaner[C14].txt - [10112 Bytes] - [08/03/2017 17:18:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19]
C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49]
C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32]
C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03]
C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43]
C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42]
C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22]
C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29]
C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27]
C:\AdwCleaner\AdwCleaner[S16].txt - [12979 Bytes] - [08/03/2017 16:29:46]
C:\AdwCleaner\AdwCleaner[S17].txt - [12917 Bytes] - [08/03/2017 16:30:35]
C:\AdwCleaner\AdwCleaner[S18].txt - [11529 Bytes] - [08/03/2017 17:17:02]
C:\AdwCleaner\AdwCleaner[S19].txt - [5178 Bytes] - [08/03/2017 17:20:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26]
C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S19].txt - [5913 Bytes] ##########
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
durchgeführt von Princhi (Administrator) auf EPONA (08-03-2017 17:31:46)
Gestartet von C:\Users\Princhi\Downloads
Geladene Profile: Princhi (Verfügbare Profile: Princhi)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\notepad2\notepad2.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Spotify Ltd) C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
(IEC) C:\Program Files (x86)\BikaQRss\BikaQ.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
() C:\Users\Princhi\AppData\Roaming\Kyubey\Kyubey.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [Blackcomb] => C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe [131072 2011-02-11] (Samsung Electronics.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1206784 2016-08-12] (Cisco Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-21] (Electronic Arts)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [Spotify Web Helper] => C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-24] (Spotify Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation)
IFEO\MRT.exe: [Debugger] C:\Program Files (x86)\Clerack\_ALLOWDEL_135ff\Gubed.exe -Yrrehs
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
Startup: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{11c06b9c-c7a3-42f0-b493-0dcb6de1d03f}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{1920ae60-1c7d-4c3e-8d02-ba2d7909bffb}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4aa061a8-dd76-4dde-ab8c-36f40625fc51}: [DhcpNameServer] 139.7.30.126 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Kein Name -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> hxxp://www.mylucky123.com/?type=hp&ts=1477502682&z=1424f2c43d7ec0075006d7bg2z0m2mbwce8o6qab8g&from=interhop1024&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
FireFox:
========
FF DefaultProfile: 3d6ithxa.default
FF ProfilePath: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default [2017-03-08]
FF Extension: (FF Adr) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-01-18] [ist nicht signiert]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2017-03-08] [ist nicht signiert]
FF Extension: (English (US) Language Pack) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-01-20] [ist nicht signiert]
FF SearchPlugin: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\searchplugins\startsearch.xml [2017-03-02]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @gametree.co.kr/GTL -> C:\ProgramData\Gametree\GTL\npGTL.dll [2013-06-13] (NtreevSoft)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
CHR StartupUrls: Profile 1 -> "hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> startpageing123
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-08]
CHR Extension: (Google Präsentationen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-18]
CHR Extension: (Google Docs) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Google Drive) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (YouTube) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (Adblock Plus) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-17]
CHR Extension: (Google Tabellen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Google Mail) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
CHR Extension: (pumpkin) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkigkiflejlmpibnlecfdgkhjijgkoao [2016-10-19]
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-10]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.startpageing123.com/?type=sc&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 HmaOpenVpnService; D:\Programme\HMA! Pro VPN\bin\openvpnserv.exe [46688 2016-09-23] (The OpenVPN Project)
R2 Kyubey; C:\Users\Princhi\AppData\Roaming\Kyubey\Kyubey.exe [111104 2017-03-08] () [Datei ist nicht signiert]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.)
R2 Ntp2NetSvc; C:\Program Files (x86)\notepad2\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 Ntp2UpSvc; C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-02-21] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-02-21] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Princhi\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-03-08] (Windows) [Datei ist nicht signiert]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)
R2 Zerzitain; C:\Program Files (x86)\Clerack\Grshlp.dll [274944 2016-10-18] () [Datei ist nicht signiert]
S2 Convxxxx; "C:\Users\Princhi\AppData\Roaming\gjdgj\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 C2XXCOM; C:\WINDOWS\system32\DRIVERS\C2XXCOM76.sys [49920 2010-08-09] (Samsung Electronics)
S3 C2xxUSB; C:\WINDOWS\system32\DRIVERS\C2xxUSB76.sys [46080 2010-11-04] (Samsung Electronics)
S3 C2xxUsbStorage; C:\WINDOWS\system32\DRIVERS\C2xSTR76.sys [9216 2010-06-10] (Samsung Electronics)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-11-19] (Disc Soft Ltd)
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [27136 2016-09-23] (The OpenVPN Project)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [20128 2017-02-28] () [Datei ist nicht signiert]
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-08-15] (Wellbia.com Co., Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 17:31 - 2017-03-08 17:32 - 00023668 _____ C:\Users\Princhi\Downloads\FRST.txt
2017-03-08 17:31 - 2017-03-08 17:31 - 00000000 ____D C:\FRST
2017-03-08 17:24 - 2017-03-08 17:24 - 02423808 _____ (Farbar) C:\Users\Princhi\Downloads\FRST64.exe
2017-03-08 17:22 - 2017-03-08 17:23 - 00003660 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-03-08 17:22 - 2017-03-08 17:22 - 00003322 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-08 17:22 - 2017-03-08 17:22 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\WinSnare
2017-03-08 17:22 - 2017-03-08 17:22 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\WinSAPSvc
2017-03-08 17:22 - 2017-03-08 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-03-08 17:22 - 2017-03-08 17:22 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-08 17:22 - 2017-03-08 17:22 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-08 17:21 - 2017-03-08 17:21 - 00000000 ____D C:\Program Files (x86)\g6z3smzu
2017-03-08 17:20 - 2017-03-08 17:20 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\aMule
2017-03-08 17:19 - 2017-03-08 17:21 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.6)
2017-03-08 17:19 - 2017-03-08 17:19 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Kyubey
2017-03-08 17:18 - 2017-03-08 17:18 - 00000000 ____D C:\Program Files (x86)\r7nsqjwp
2017-03-08 16:45 - 2017-03-08 16:46 - 22851472 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mbam-setup-2.2.1.1043.exe
2017-03-08 16:39 - 2017-03-08 16:40 - 02870984 _____ (ESET) C:\Users\Princhi\Downloads\esetsmartinstaller_deu.exe
2017-03-08 16:32 - 2017-03-08 16:32 - 00000000 ____D C:\Program Files (x86)\wiv1520h
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Users\Princhi\AppData\Local\Footper
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Program Files (x86)\Footper
2017-03-08 16:21 - 2017-03-08 16:21 - 00000000 ____D C:\Program Files (x86)\58C02182_cacayima
2017-03-08 16:18 - 2017-03-08 16:18 - 00000000 ____D C:\Program Files (x86)\cq7yrhql
2017-03-07 17:37 - 2017-03-07 17:38 - 00124970 _____ C:\Users\Princhi\Downloads\IMG_20170307_0001.pdf
2017-03-07 17:33 - 2017-03-07 17:33 - 00124970 _____ C:\Users\Princhi\Desktop\IMG_20170307_0001.pdf
2017-03-07 15:41 - 2017-03-08 16:31 - 00001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-07 15:41 - 2017-03-08 16:31 - 00001201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-07 15:41 - 2017-03-07 15:41 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup (1).exe
2017-03-07 14:24 - 2017-03-07 14:24 - 00000000 ____D C:\Program Files (x86)\58BEB4A1_cacayima
2017-03-06 18:05 - 2017-03-08 16:20 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-03 11:19 - 2017-03-03 11:19 - 00000000 ____D C:\Program Files (x86)\l2n8xmuh
2017-03-02 14:56 - 2017-03-06 18:05 - 00002760 _____ C:\Program Files (x86)\metadata
2017-03-01 17:31 - 2017-03-01 17:32 - 09036000 _____ (GOG.com ) C:\Users\Princhi\Downloads\setup_settlers3_2.0.0.17.exe
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\AppData\Local\TeamSpeak 3
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\.TeamSpeak 3
2017-03-01 14:42 - 2017-03-01 14:42 - 00000000 ____D C:\Program Files (x86)\5tu6g4x1
2017-03-01 14:32 - 2017-03-01 14:32 - 00000000 ____D C:\Program Files (x86)\ifrhagw1
2017-03-01 14:30 - 2017-03-01 14:30 - 00000000 ____D C:\Program Files (x86)\jqzsal0g
2017-03-01 14:27 - 2017-03-01 14:27 - 00000000 ____D C:\Program Files (x86)\8q8dwuet
2017-03-01 14:19 - 2017-03-08 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-01 14:19 - 2017-03-08 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-01 14:19 - 2017-03-02 15:15 - 00001180 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-01 14:19 - 2017-03-01 14:19 - 00000000 ____D C:\Program Files (x86)\Explorer
2017-02-28 22:11 - 2017-02-28 22:11 - 00004096 _____ C:\WINDOWS\d3dx.dat
2017-02-28 22:10 - 2017-02-28 22:10 - 00003186 _____ C:\WINDOWS\System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC}
2017-02-28 21:45 - 2017-02-28 23:30 - 00020128 _____ C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2017-02-28 21:44 - 2017-02-28 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lionhead Studios Ltd
2017-02-24 01:39 - 2017-02-24 01:39 - 00000000 ____D C:\Program Files (x86)\58AF80DE_jumpeasy
2017-02-22 14:38 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\oe387eqk
2017-02-22 14:34 - 2017-02-22 14:34 - 04015056 _____ C:\Users\Princhi\Downloads\Nicht bestätigt 889461.crdownload
2017-02-22 00:44 - 2017-02-22 00:44 - 00000000 ____D C:\Program Files (x86)\cvbsF
2017-02-21 20:43 - 2017-02-21 20:43 - 00000000 ____D C:\Program Files (x86)\cvbsE
2017-02-21 16:43 - 2017-02-21 16:43 - 00000000 ____D C:\Program Files (x86)\cvbsD
2017-02-21 12:42 - 2017-02-21 12:42 - 00000000 ____D C:\Program Files (x86)\cvbsC
2017-02-18 01:17 - 2017-02-18 01:17 - 00000000 ____D C:\Program Files (x86)\cvbsB
2017-02-17 17:33 - 2017-02-17 17:33 - 00000000 ____D C:\Program Files (x86)\cvbsA
2017-02-17 03:01 - 2017-02-17 03:01 - 00000000 ____D C:\Program Files (x86)\cvbs9
2017-02-16 23:00 - 2017-02-16 23:00 - 00000000 ____D C:\Program Files (x86)\cvbs8
2017-02-16 18:59 - 2017-02-16 18:59 - 00000000 ____D C:\Program Files (x86)\cvbs7
2017-02-16 15:21 - 2017-02-16 15:21 - 00000000 ____D C:\Program Files (x86)\notepad2
2017-02-16 14:58 - 2017-02-16 14:58 - 00000000 ____D C:\Program Files (x86)\cvbs6
2017-02-16 00:24 - 2017-02-16 00:24 - 00000000 ____D C:\Program Files (x86)\cvbs5
2017-02-15 20:22 - 2017-02-15 20:22 - 00000000 ____D C:\Program Files (x86)\cvbs4
2017-02-15 16:22 - 2017-02-15 16:22 - 00000000 ____D C:\Program Files (x86)\cvbs3
2017-02-14 21:54 - 2017-02-14 21:54 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (5).pdf
2017-02-14 19:03 - 2017-02-14 19:03 - 00000000 ____D C:\Program Files (x86)\cvbs2
2017-02-14 15:02 - 2017-02-14 15:02 - 00000000 ____D C:\Program Files (x86)\cvbs1
2017-02-14 14:06 - 2017-02-14 14:06 - 00000000 ____D C:\ProgramData\Apple Computer
2017-02-14 01:00 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{388E5277-3212-4966-9C80-AA74FB48806D}
2017-02-13 20:56 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{68006CA9-71D5-44F1-B31F-3BC092A0D854}
2017-02-13 17:39 - 2017-02-13 17:39 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (4).pdf
2017-02-13 16:54 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{C72739C5-5A2D-4BA4-8BED-EFFD0A0043BC}
2017-02-13 13:30 - 2017-02-13 13:30 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre (2).pdf
2017-02-13 13:29 - 2017-02-13 13:29 - 00460744 _____ C:\Users\Princhi\Downloads\1.04 Grundlagen des Rechts - Methodenlehre (1).pdf
2017-02-13 13:23 - 2017-02-13 13:23 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (3).pdf
2017-02-12 19:35 - 2017-02-12 19:35 - 00019905 _____ C:\Users\Princhi\Downloads\Hausarbeit_Vorlage_Iurratio_de (1).odt
2017-02-11 23:28 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{419A7AE4-8D58-40B0-A342-2955F81059AC}
2017-02-11 19:27 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{E0F5E27E-FECB-4E85-9291-9CA5DB05466E}
2017-02-11 01:46 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{99AA99DF-7123-4883-A3D8-DC13575804E1}
2017-02-10 21:45 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{3DC2C87B-4341-402E-997F-882F25652619}
2017-02-10 17:42 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{195A643B-3F0D-4A26-8AF4-00ECBBDBD436}
2017-02-10 13:43 - 2017-02-10 13:43 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup.exe
2017-02-10 13:40 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\7270h8dx
2017-02-10 13:33 - 2017-02-10 13:33 - 04015056 _____ C:\Users\Princhi\Downloads\adwcleaner_6.043.exe
2017-02-09 23:08 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{0E0D032C-C265-49D3-9E0D-3A192A88609F}
2017-02-09 19:06 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{EEA3300D-2F66-45DF-8733-453BE124C449}
2017-02-08 21:13 - 2017-02-08 21:13 - 00000000 ____D C:\Program Files (x86)\1y27en8m
2017-02-08 20:06 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\36p1ub5x
2017-02-08 19:35 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\{07586952-E21B-4637-8D80-3B78C9E59C23}
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 16:57 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 16:57 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-08 16:57 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-08 16:56 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 16:56 - 2016-12-29 14:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 15:42 - 2017-02-08 15:42 - 00000000 ____D C:\Program Files (x86)\cvbs0
2017-02-08 15:32 - 2017-02-08 15:32 - 00000000 ____D C:\Program Files (x86)\veedo5sl
2017-02-07 19:53 - 2017-02-07 19:53 - 00015226 _____ C:\Users\Princhi\Downloads\Hausarbeit.odt
2017-02-07 17:12 - 2017-02-08 20:06 - 00000000 ____D C:\Users\Princhi\AppData\Local\3
2017-02-07 17:12 - 2017-02-08 20:06 - 00000000 ____D C:\Users\Princhi\AppData\Local\2
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 17:27 - 2016-07-16 23:51 - 01061330 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 17:27 - 2016-07-16 23:51 - 00251172 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 17:27 - 2015-08-04 22:14 - 02519268 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 17:24 - 2016-04-23 01:04 - 00000000 ____D C:\Users\Princhi\AppData\Local\CrashDumps
2017-03-08 17:22 - 2016-10-18 14:22 - 00000000 ____D C:\Program Files (x86)\Clerack
2017-03-08 17:21 - 2016-09-05 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 17:21 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-08 17:21 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-08 17:21 - 2015-02-08 19:49 - 00000000 ____D C:\AdwCleaner
2017-03-08 16:32 - 2016-09-05 16:41 - 00000000 ____D C:\Users\Princhi
2017-03-08 16:27 - 2014-12-26 16:00 - 00000000 ____D C:\ProgramData\Apple
2017-03-08 16:27 - 2014-11-02 14:54 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Origin
2017-03-08 16:24 - 2017-01-18 17:56 - 00001793 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-08 16:24 - 2017-01-18 17:56 - 00000000 ____D C:\Users\Princhi\AppData\LocalLow\Mozilla
2017-03-08 16:10 - 2016-09-05 16:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 16:06 - 2014-11-01 23:48 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Spotify
2017-03-08 15:33 - 2014-11-02 13:20 - 00000000 ____D C:\Users\Princhi\AppData\Local\Spotify
2017-03-08 14:32 - 2014-11-02 14:45 - 00000000 ____D C:\ProgramData\Origin
2017-03-08 14:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-08 13:19 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-08 13:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-08 00:22 - 2015-01-25 19:13 - 00000000 ____D C:\Users\Princhi\AppData\Local\Battle.net
2017-03-07 17:02 - 2015-01-25 19:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-07 15:38 - 2016-10-26 18:28 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-07 15:34 - 2016-08-08 20:40 - 00000000 ____D C:\Users\Princhi\Desktop\Programme
2017-03-07 13:40 - 2014-11-24 12:36 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-07 02:04 - 2016-11-02 18:07 - 00000000 ____D C:\Program Files (x86)\f09er35s
2017-03-07 01:47 - 2016-08-08 19:33 - 00000000 ____D C:\Users\Princhi\Desktop\Games
2017-03-07 01:46 - 2016-08-08 20:42 - 00000000 ____D C:\Users\Princhi\Desktop\Daten
2017-03-04 20:17 - 2015-05-23 11:51 - 00000000 ____D C:\Users\Princhi\Documents\The Witcher 3
2017-03-03 18:32 - 2016-08-01 19:35 - 00000000 ____D C:\Users\Princhi\AppData\Local\BewerbungsMaster
2017-03-02 15:15 - 2016-06-18 17:14 - 00001042 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-03-01 19:37 - 2014-11-07 17:25 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\TS3Client
2017-03-01 15:30 - 2014-11-07 17:25 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-03-01 02:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-28 21:44 - 2015-01-25 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 00:24 - 2016-12-13 16:57 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-28 00:24 - 2015-08-04 22:26 - 00002420 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-28 00:24 - 2015-08-04 22:26 - 00000000 ___RD C:\Users\Princhi\OneDrive
2017-02-24 00:34 - 2014-10-31 14:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 15:41 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 13:55 - 2014-10-31 13:26 - 00000000 ____D C:\Users\Princhi\AppData\Local\Packages
2017-02-16 14:18 - 2017-01-19 19:06 - 00001415 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2017-02-16 13:59 - 2014-10-31 16:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-12 19:26 - 2016-04-14 12:50 - 00000000 ____D C:\Users\Princhi\AppData\Local\BlackDesertOnline
2017-02-08 16:57 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 16:57 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 22:11 - 2016-12-14 21:29 - 00000000 ____D C:\Users\Princhi\Desktop\UNI
2017-02-07 16:55 - 2016-08-24 10:17 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Skype
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 13:41 - 2016-10-28 18:07 - 00000000 ____D C:\ProgramData\ttff
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-03-02 14:56 - 2017-03-06 18:05 - 0002760 _____ () C:\Program Files (x86)\metadata
2014-10-31 14:52 - 2014-11-22 00:55 - 0000153 _____ () C:\Users\Princhi\AppData\Roaming\WB.CFG
2014-11-02 03:52 - 2014-11-02 03:52 - 0022528 _____ () C:\Users\Princhi\AppData\Local\53168421dsisetup531868282.exe
2014-11-02 03:52 - 2014-11-22 00:55 - 0000001 _____ () C:\Users\Princhi\AppData\Local\DSI.DAT
2014-11-22 00:55 - 2014-11-22 00:55 - 0022528 _____ () C:\Users\Princhi\AppData\Local\dsisetup1207321562.exe
2014-11-02 12:37 - 2014-11-02 12:37 - 0469974 _____ () C:\ProgramData\1414928027.bdinstall.bin
2016-09-05 16:36 - 2016-09-05 16:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-12 21:21 - 2015-04-12 21:21 - 0004966 _____ () C:\ProgramData\wmzddnmb.cix
Einige Dateien in TEMP:
====================
2017-01-26 18:55 - 2017-01-26 18:55 - 3017720 _____ (Google) C:\Users\Princhi\AppData\Local\Temp\BAE2.exe
2017-01-12 15:23 - 2017-01-12 15:23 - 7049962 _____ () C:\Users\Princhi\AppData\Local\Temp\insEB60.tmp.exe
2017-01-13 13:22 - 2017-02-15 16:48 - 26964688 _____ () C:\Users\Princhi\AppData\Local\Temp\inst12.exe
2016-10-07 01:33 - 2016-10-07 01:33 - 2458672 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Princhi\AppData\Local\Temp\libeay32.dll
2016-10-07 01:33 - 2016-10-07 01:33 - 0970912 _____ (Microsoft Corporation) C:\Users\Princhi\AppData\Local\Temp\msvcr120.dll
2016-10-07 01:33 - 2016-10-07 01:33 - 0772672 _____ () C:\Users\Princhi\AppData\Local\Temp\sqlite3.dll
2016-12-28 13:43 - 2016-12-28 13:43 - 0792064 _____ (Fun Dw) C:\Users\Princhi\AppData\Local\Temp\~ct13B3.tmp.dll
2016-12-26 16:49 - 2016-12-26 16:49 - 0788480 _____ () C:\Users\Princhi\AppData\Local\Temp\~ct2775.tmp.dll
2017-01-05 14:39 - 2017-01-05 14:39 - 0361472 _____ (update) C:\Users\Princhi\AppData\Local\Temp\~ct803C.tmp.dll
2017-01-03 16:26 - 2017-01-03 16:26 - 0471552 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctB41B.tmp.dll
2017-01-03 16:28 - 2017-01-03 16:28 - 0471552 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctBFDE.tmp.dll
2016-12-26 12:49 - 2016-12-26 12:49 - 0788480 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctD52C.tmp.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-07 17:06
==================== Ende von FRST.txt ============================
|
|
08.03.2017, 18:01
| #4 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziertCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-03-2017
durchgeführt von Princhi (08-03-2017 17:32:27)
Gestartet von C:\Users\Princhi\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-05 15:59:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-88799701-2343346839-193955109-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-88799701-2343346839-193955109-503 - Limited - Disabled)
Gast (S-1-5-21-88799701-2343346839-193955109-501 - Limited - Disabled)
Princhi (S-1-5-21-88799701-2343346839-193955109-1001 - Administrator - Enabled) => C:\Users\Princhi
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
amulesw (HKLM-x32\...\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8}) (Version: 1.0.5 - amules)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BikaQ Rss (HKLM-x32\...\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}) (Version: 2.0.16 - BikaQ) <==== ACHTUNG
Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version: - )
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.5 - Daum Games EU)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series Benutzerregistrierung (HKLM-x32\...\Canon MG6600 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CASIO FA-124 (HKLM-x32\...\{FB47E710-6249-4EFA-BE36-E922B0612AF4}) (Version: 2.04.0000 - CASIO COMPUTER CO., LTD.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.27.80.1020 - Electronic Arts Inc.)
Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dropbox (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Duke Nukem Forever (HKLM\...\Steam App 57900) (Version: - Gearbox Software)
Euro Truck Simulator 2 Demo (HKLM\...\Steam App 231120) (Version: - SCS Software)
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version: - Lionhead Studios)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version: - )
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version: - SQUARE ENIX)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
fx-Manager PLUS (90-Day Trial) (HKLM-x32\...\{80447814-A99C-415D-B019-7A825CEE064B}) (Version: 02.04.4100.0291 - CASIO COMPUTER CO., LTD.)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1242.41000 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\GameMaker-Studio14) (Version: - YoYo Games Ltd.)
Gametree Launcher (HKLM-x32\...\GTL) (Version: 3.0.26.0 - NtreevSoft)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GRID (HKLM\...\Steam App 12750) (Version: - Codemasters Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HMA! Pro VPN 3.2.13.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 3.2.13.0 - Privax Ltd)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{180b9d5a-5197-4326-bcb0-fe448086015b}) (Version: latest - ppy Pty Ltd)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PC Wizard 2015.2.14 (HKLM-x32\...\PC Wizard 2015_is1) (Version: - CPUID)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SABnzbd 0.7.19 (HKLM-x32\...\SABnzbd) (Version: 0.7.19 - The SABnzbd Team)
Samsung Connection Manager (HKLM-x32\...\{F3F95061-0427-4386-AB03-1556CBE52927}) (Version: 112.6 - Samsung Electronics)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{6C8C4577-8E15-4C63-96ED-D40F2072FF74}) (Version: 6.0.19.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{9C926493-16C0-438E-8E51-BC3638E29ABB}) (Version: 6.1.4.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Trillian (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Trillian) (Version: - Cerulean Studios, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{B5761811-28F3-4257-B537-815C5EEF472C}) (Version: 3.1.2.104 - Vodafone)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
WinSnare (HKLM-x32\...\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88}) (Version: 4.2.6 - WinSnare) <==== ACHTUNG
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {004C7BCF-DF05-463F-AE87-A9037EB33295} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {091E4F5D-850A-4359-A8B8-1EBF544D3458} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {0E524B03-1D26-41B6-ABD2-F29FB4F8B41D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-24] (Microsoft Corporation)
Task: {234468EA-8B43-4B63-B02F-48719C50B1D6} - System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {2A144903-ADD3-4EDD-A7BC-CC01CE57DF84} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {339DDE55-629F-4266-B263-9F312E284E09} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {36FA50E1-D56E-483F-AEE3-3F296E349404} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {38261DF8-27F9-49FC-B90E-0716D33F9E03} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {3CA17CED-0C4E-40A1-910C-F2ECB81E40A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {4B9C0926-CF32-484A-A741-A6E2C89BC329} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {518C3D3C-C292-42AB-98EE-A7C53919E7BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {59D17917-85E1-4E2E-959F-2F02B05AA878} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Princhi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {6400C925-1181-4AF3-92E4-BBCDB19DE50E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {8B7D9CE6-6BF7-46D2-B30B-19120BEF004F} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG
Task: {9343FC7C-B573-4742-BDF9-B58789B4F31C} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2016-12-28] ()
Task: {AE88677F-1C9A-4A68-918B-E1DBDB57FBEB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {B5BB4BD1-F18C-40B3-8925-0E98012E2F12} - System32\Tasks\{BAAF7A63-576A-4E4E-96F8-72A8EBB68660} => pcalua.exe -a "D:\Games\The Witcher 3 Wild Hunt\Uninstall.exe"
Task: {BC244B71-84EB-45F8-AC6A-6B2969879183} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {CCE2E5E1-F1F1-4AF8-A21C-2B15C00FCB0D} - System32\Tasks\{D07A19C7-CDC4-4BD3-B00B-C2829140E6CD} => pcalua.exe -a "C:\Users\Princhi\Downloads\skse_1_07_01_installer (1).exe" -d C:\Users\Princhi\Downloads
Task: {D533BD21-EC84-4A14-AEE8-FB6F0D3FAD3B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {DDE677D5-0F3E-48FB-B0D1-BC1F907283F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E914FF3E-2FD3-4044-B9F0-21AB025188C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {ED3BEF71-C902-4E64-B950-6C7472286B52} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ACHTUNG
Task: {EDBB1ADE-5473-442F-805C-7DD1BECAAFB9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {EECBA783-C0A0-4E58-8DB0-58F0C1052B7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f1b9b70e37832c09\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\83d1d964df0d5fea\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
ShortcutWithArgument: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
ShortcutWithArgument: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-05 16:36 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-01-18 19:06 - 2015-08-21 19:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-09-13 19:42 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-01-11 21:54 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 13:36 - 2017-02-22 13:41 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 13:36 - 2017-02-22 13:41 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 13:36 - 2017-02-22 13:47 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 12:47 - 2017-02-06 12:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-04-01 22:05 - 2013-10-29 13:49 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2015-04-01 22:05 - 2013-06-26 16:01 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-03-02 15:14 - 2017-03-02 15:14 - 04031440 _____ () C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
2017-03-08 17:19 - 2017-03-08 03:02 - 00111104 _____ () C:\Users\Princhi\AppData\Roaming\Kyubey\Kyubey.exe
2016-08-12 13:20 - 2016-08-12 13:20 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-09-15 12:55 - 2017-02-14 01:06 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-10-18 14:22 - 2016-10-18 14:22 - 00274944 _____ () c:\program files (x86)\clerack\grshlp.dll
2015-04-14 16:46 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-01 22:05 - 2013-01-15 16:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2015-04-01 22:05 - 2013-06-26 16:01 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2017-03-08 16:27 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Footper\Application\libglesv2.dll
2017-03-08 16:27 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Footper\Application\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [430]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7866 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-07-26 00:22 - 00450771 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15463 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "FlashUpdate"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AA3E9767-E958-417A-A42D-726122390FAD}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Grid\grid.exe
FirewallRules: [{9DBC18C7-BCBE-46C4-A427-BDA250B867F2}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Grid\grid.exe
FirewallRules: [{6DEBB90C-CDBD-4A91-8502-C7F80A6430B1}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Euro Truck Simulator 2 Demo\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C57876C6-1638-4EB6-AC10-66E7B954C768}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Euro Truck Simulator 2 Demo\bin\win_x86\eurotrucks2.exe
FirewallRules: [{79056620-9A6A-4615-87CA-1952B5F0300C}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Duke Nukem Forever\System\DukeForever.exe
FirewallRules: [{2E97D87D-468E-45A0-BCF8-A5292BF6DB27}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Duke Nukem Forever\System\DukeForever.exe
FirewallRules: [UDP Query User{433BC981-68D1-42AF-9A4B-EE5EAD217F90}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DDD05808-227C-4EFB-9750-1CFF75C1B087}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{44B50A7B-D0BB-4589-934B-0A50786FD329}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{2E6858C8-C78D-4430-85A0-4CC367187DFE}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [UDP Query User{93B9A7BD-CD95-47AB-A845-A0DC9D227B5C}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{45ACAA61-9C29-4458-AEED-8AD523C8BE0D}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [{D1075E74-50D5-4948-B9BA-0CD61CCD3112}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe
FirewallRules: [{D5722340-8B36-44C8-BA33-6B46C9C8D418}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe
FirewallRules: [{B87CFB00-E90F-4BA4-9A69-DF124CBCCF81}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{75F2513F-C16A-47CF-ABE8-44BEC6439C81}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [UDP Query User{EBE94ED2-5388-485A-88D5-5AEC2B99BA45}D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{9D2F75BC-24E5-415E-B648-D2E9C180C121}D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{3723B19A-C31B-4A64-9CA2-35178CC85FB1}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{BD15B16E-4434-4885-B5F4-6F8689E33025}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{084A9FE6-758E-4E14-B85B-D06BBB0F0F61}] => (Allow) C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{45415225-36B7-487B-94D7-57CC6F2F0258}] => (Allow) C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C51ECC81-6245-4C53-BA05-7540AE344077}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{AC491E28-6FF0-41BF-958B-8233FE86210F}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [UDP Query User{602C1D83-C965-433E-85C6-D6C80C7F0637}D:\games\dying light\dyinglightgame.exe] => (Allow) D:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{920FB982-DFC7-4EF7-A3E8-976475666FCD}D:\games\dying light\dyinglightgame.exe] => (Allow) D:\games\dying light\dyinglightgame.exe
FirewallRules: [{6B29DA1F-AFE4-494C-A452-C86FE3D3E47F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{20D9EE97-5F76-470F-B27E-B8F316BB4346}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{773BE211-A15B-4BB6-8FD9-3BB26A28F827}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E8A2781B-27E2-4881-A1A7-6C43DE4B7486}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BF61E21F-F3A3-4C03-A833-DB22A0A36107}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{10919623-CA13-458D-848C-CD3B577B6D94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0EF2103A-976E-4E84-BD25-93C433853B91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9F09AF6-CB52-4918-899F-52B0E6EF0DDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{29502284-E5F5-4CE1-B81B-BF88C4798916}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{42A467C8-4C2A-4F98-86C7-C10B56BABD67}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{F62BE5C8-A121-4BC2-85BF-B48E186D43A7}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2B11D43B-DE96-4337-9728-BD43F4CE5D33}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{FE56EA36-F948-4AC7-A957-E70694626A65}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7898A2A6-1A96-4797-8F93-30A5E35847BC}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{87F70AAF-D857-482F-829A-335EE28F8FA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4BE15A0E-F5C0-40DA-B916-7BD325ACC83F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6D60CCE8-D415-4436-91E9-40CE158E7294}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9F2B6253-1903-4759-81DF-37B642BA4C6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{65C95321-80CC-41A5-B393-63BA514E8FCA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9377D7C5-5AED-41CC-A314-64FD930B695C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{85433D13-0C2F-4D9F-B62A-A03491046340}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{CEBEC4F5-0951-465D-8402-0003646DF432}D:\games\fallout 4\fallout4.exe] => (Allow) D:\games\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{59AFF884-B69B-4477-AAEB-B0298E8858C1}D:\games\fallout 4\fallout4.exe] => (Allow) D:\games\fallout 4\fallout4.exe
FirewallRules: [{CD901227-D724-4713-9106-EDF3FFF2D430}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{AA7E3856-7441-4365-B47F-1A567321B6E8}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [TCP Query User{52F347C0-C575-4240-8B60-E734F85FF1DB}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A2BCDE7F-A756-4DE7-A8EE-3F3F8D9B869A}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [{CAD7759B-35EE-4687-8B58-B7221A00B5F9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9EBA7F21-544A-4C04-8ABD-98AFFF92315D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DCB5CD2F-2853-429E-9D64-8931E1E4DAF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F87FA9EB-2E3E-4C02-8C12-2E27949DB16F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{88F9AD83-5CB0-48CA-8A4E-43E5E549CC7C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{D728C369-1A3E-4F26-90A2-B5B81B9E284F}D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{C2E7C391-58C9-4215-BDB9-C0052C89A2C6}D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{8E09CCD3-0A4A-4033-912F-571DDA7CD421}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{E60A3479-5B49-46A1-A0AB-9126C405B360}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [TCP Query User{16975BF0-EDDD-4E69-960D-2CE8FEE274D0}C:\program files (x86)\amulec\amule.exe] => (Block) C:\program files (x86)\amulec\amule.exe
FirewallRules: [UDP Query User{A555A009-B6B6-40C2-992E-8B739880ECA6}C:\program files (x86)\amulec\amule.exe] => (Block) C:\program files (x86)\amulec\amule.exe
FirewallRules: [TCP Query User{561856D7-33AF-4F8E-8423-161786F6E12C}D:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AF2989E4-8158-4A75-9318-5592B5390B4D}D:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D559BD0F-157B-4B1D-897B-101FF24C9FAF}D:\games\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AAD4688C-EC79-4F47-A93B-DB47D97E8F2C}D:\games\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [{8DA6395A-3C91-4FDF-9B40-671517F4B04A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D08F5069-B898-4AC7-B529-0E32F7084B8F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{21BFE8C9-800E-4279-89C6-680D499CBD0F}D:\games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3BD88588-EDAF-4801-B8A0-0B3DB1EF528D}D:\games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{739F3F8E-58BF-44BE-9397-00F9D58535D8}D:\games\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3D5B546D-3B14-4270-8A71-2D68187C4B6B}D:\games\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{ADC29A1A-E376-4D25-B2CC-0449D1C70396}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [UDP Query User{CD82B265-F91F-4F19-9AD3-AAB58697D21C}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [TCP Query User{10E4BF73-2B71-46A1-AF90-4D369746BBC1}C:\program files (x86)\battle.net\battle.net.8288\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8288\battle.net.exe
FirewallRules: [UDP Query User{725A9649-915C-499A-B583-F2C27323A02B}C:\program files (x86)\battle.net\battle.net.8288\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8288\battle.net.exe
FirewallRules: [TCP Query User{EA94FF22-B8DA-49C3-BBB2-722A193F6783}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [UDP Query User{34717146-5DBD-4DD6-AD10-269D82BC0269}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [TCP Query User{DECB5554-F262-4730-B569-8EBF6C40D6E4}C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [UDP Query User{5E89A617-F504-44CD-A8CF-240EB1BDEF38}C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [{809B46EC-D486-4F7B-9F0E-163B668FB2F9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{D9EA1209-B43B-4A64-9705-B70D5C5DF3D6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{08EE23F8-6E9A-4AAA-9AF1-43F3AE7C498D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{62F83E86-3CF3-4ABF-98C6-9EABDDD15136}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [TCP Query User{1CABAAA3-3DE8-46AC-A353-23987FE5ABD6}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [UDP Query User{E778CA01-19B1-4097-8750-ECD5605ADAA6}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [TCP Query User{4EA71E1E-324F-4D2D-A1C5-258E93A6D41C}D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F91FF794-A7C4-4A6E-919D-91A17BDACA86}D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [{A86AE849-1D33-4C98-A14D-26AD51DEE466}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8E21FD9F-69D4-4436-8FE1-CB9B7D7C0FBE}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{E010336C-5C39-42AD-96B9-3F3A0DA25795}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{A68F9182-4AE3-4C44-8A93-1F0CB776EC93}] => (Allow) C:\Program Files (x86)\Footper\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
16-02-2017 14:18:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
22-02-2017 15:40:58 Windows Update
01-03-2017 18:18:03 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/08/2017 05:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x71b5d473
ID des fehlerhaften Prozesses: 0x2524
Startzeit der fehlerhaften Anwendung: 0x01d298286de3e0f2
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: ea0e9d83-4a79-4b89-9395-04afee92afe5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 04:35:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x6b18d473
ID des fehlerhaften Prozesses: 0x27f8
Startzeit der fehlerhaften Anwendung: 0x01d29821aa11ba98
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 343e9e7b-e84b-468b-b081-7d589bc94618
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 04:30:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x57d8d473
ID des fehlerhaften Prozesses: 0x17ac
Startzeit der fehlerhaften Anwendung: 0x01d29820f7d26211
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 727a4a2f-a316-4c02-bab7-c6a35bf5d385
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 04:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_6.044.exe, Version: 6.0.4.4, Zeitstempel: 0x58b5dbcb
Name des fehlerhaften Moduls: adwcleaner_6.044.exe, Version: 6.0.4.4, Zeitstempel: 0x58b5dbcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00022d82
ID des fehlerhaften Prozesses: 0x4fc
Startzeit der fehlerhaften Anwendung: 0x01d29820b442ed74
Pfad der fehlerhaften Anwendung: C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
Pfad des fehlerhaften Moduls: C:\Users\Princhi\Desktop\Programme\adwcleaner_6.044.exe
Berichtskennung: 78ab6fc2-c0c0-477e-b4f2-9ccfde3eb5f7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 04:29:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.14393.0, Zeitstempel: 0x57899148
Name des fehlerhaften Moduls: InputService.dll, Version: 10.0.14393.576, Zeitstempel: 0x584a76ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00057f66
ID des fehlerhaften Prozesses: 0x299c
Startzeit der fehlerhaften Anwendung: 0x01d298202054f832
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\InputService.dll
Berichtskennung: 47c5e0d9-2a3c-43f0-9675-168a0546cd7c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/07/2017 03:34:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_6.044.exe, Version: 6.0.4.4, Zeitstempel: 0x58b5dbcb
Name des fehlerhaften Moduls: adwcleaner_6.044.exe, Version: 6.0.4.4, Zeitstempel: 0x58b5dbcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00022d82
ID des fehlerhaften Prozesses: 0x1c70
Startzeit der fehlerhaften Anwendung: 0x01d2974fcca9a7d9
Pfad der fehlerhaften Anwendung: C:\Users\Princhi\Downloads\adwcleaner_6.044.exe
Pfad des fehlerhaften Moduls: C:\Users\Princhi\Downloads\adwcleaner_6.044.exe
Berichtskennung: 46806284-5481-4e45-816c-d001346fcd0f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/07/2017 03:34:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.14393.0, Zeitstempel: 0x57899148
Name des fehlerhaften Moduls: InputService.dll, Version: 10.0.14393.576, Zeitstempel: 0x584a76ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00057f66
ID des fehlerhaften Prozesses: 0x1e78
Startzeit der fehlerhaften Anwendung: 0x01d29746cd37eff9
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\InputService.dll
Berichtskennung: d8681e43-359f-46b4-91f2-0a1278495b3f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/07/2017 01:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x693cd473
ID des fehlerhaften Prozesses: 0x2be8
Startzeit der fehlerhaften Anwendung: 0x01d2973a8451a751
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Stancine\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: a26a94c4-b5fc-4c9b-a93b-e3b4490dad7c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/07/2017 02:00:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x693cd473
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0x01d296de3bda30b8
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Stancine\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: e8e0a402-3d5d-4656-a614-fa9a323e8b6e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/07/2017 12:54:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x693cd473
ID des fehlerhaften Prozesses: 0x31a0
Startzeit der fehlerhaften Anwendung: 0x01d296d50a6abfe5
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Stancine\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 77a84877-3de3-4fd8-b55c-3547793e7948
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (03/08/2017 05:25:02 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (03/08/2017 05:21:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Convxxxx" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/08/2017 05:21:11 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2017 05:21:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Kyubey" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 05:21:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/08/2017 05:21:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/08/2017 05:21:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 05:21:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 05:21:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 05:21:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Ntp2NetSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-03-07 15:34:35.588
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-03-07 15:08:10.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-02-03 17:00:27.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-02-03 16:56:56.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-21 01:08:28.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-21 00:12:20.064
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 23:15:15.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 22:03:49.090
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 21:52:52.863
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 21:12:20.027
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 8093.39 MB
Verfügbarer physikalischer RAM: 5906.85 MB
Summe virtueller Speicher: 9373.39 MB
Verfügbarer virtueller Speicher: 7099.04 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:390.16 GB) (Free:136.58 GB) NTFS
Drive d: (Volume) (Fixed) (Total:540.4 GB) (Free:152.65 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter 17:41:13.0849 0x1830 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
17:41:13.0849 0x1830 UEFI system
17:48:26.0468 0x1830 ============================================================
17:48:26.0468 0x1830 Current date / time: 2017/03/08 17:48:26.0467
17:48:26.0468 0x1830 SystemInfo:
17:48:26.0468 0x1830
17:48:26.0468 0x1830 OS Version: 10.0.14393 ServicePack: 0.0
17:48:26.0468 0x1830 Product type: Workstation
17:48:26.0468 0x1830 ComputerName: EPONA
17:48:26.0468 0x1830 UserName: Princhi
17:48:26.0468 0x1830 Windows directory: C:\WINDOWS
17:48:26.0468 0x1830 System windows directory: C:\WINDOWS
17:48:26.0468 0x1830 Running under WOW64
17:48:26.0468 0x1830 Processor architecture: Intel x64
17:48:26.0468 0x1830 Number of processors: 8
17:48:26.0468 0x1830 Page size: 0x1000
17:48:26.0468 0x1830 Boot type: Normal boot
17:48:26.0468 0x1830 CodeIntegrityOptions = 0x00000001
17:48:26.0468 0x1830 ============================================================
17:48:26.0510 0x1830 KLMD registered as C:\WINDOWS\system32\drivers\55301967.sys
17:48:26.0511 0x1830 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
17:48:26.0626 0x1830 System UUID: {C94E5BFC-A34E-F76E-4230-0C2AA1032B50}
17:48:26.0853 0x1830 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:48:26.0859 0x1830 ============================================================
17:48:26.0859 0x1830 \Device\Harddisk0\DR0:
17:48:26.0859 0x1830 GPT partitions:
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {2E07B7E2-BA6B-436F-89A9-52134F6D736A}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {17569911-260F-48B6-AD50-40327C3D91F8}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x31800
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {1E27707F-CED8-4213-9BE7-966A097D482D}, Name: Microsoft reserved partition, StartLBA 0xC8000, BlocksNum 0x40000
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {15700A44-E6E1-486E-96D3-30E273E518B8}, Name: Basic data partition, StartLBA 0x108000, BlocksNum 0x30C51000
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {D4AE4C6B-00C2-4F38-8296-53C8864D766B}, Name: , StartLBA 0x30D59000, BlocksNum 0xE1000
17:48:26.0867 0x1830 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1B71F301-972F-456B-9B19-2B4FD61B702D}, Name: Basic data partition, StartLBA 0x30E3A000, BlocksNum 0x438CC000
17:48:26.0867 0x1830 MBR partitions:
17:48:26.0867 0x1830 ============================================================
17:48:26.0872 0x1830 C: <-> \Device\Harddisk0\DR0\Partition4
17:48:26.0902 0x1830 D: <-> \Device\Harddisk0\DR0\Partition6
17:48:26.0902 0x1830 ============================================================
17:48:26.0902 0x1830 Initialize success
17:48:26.0902 0x1830 ============================================================
17:49:03.0792 0x0478 ============================================================
17:49:03.0792 0x0478 Scan started
17:49:03.0792 0x0478 Mode: Manual; SigCheck; TDLFS;
17:49:03.0792 0x0478 ============================================================
17:49:03.0792 0x0478 KSN ping started
17:49:03.0918 0x0478 KSN ping finished: true
17:49:04.0741 0x0478 ================ Scan system memory ========================
17:49:04.0741 0x0478 System memory - ok
17:49:04.0742 0x0478 ================ Scan services =============================
17:49:04.0950 0x0478 1394ohci - ok
17:49:04.0957 0x0478 3ware - ok
17:49:04.0963 0x0478 ACPI - ok
17:49:04.0969 0x0478 AcpiDev - ok
17:49:04.0974 0x0478 acpiex - ok
17:49:04.0979 0x0478 acpipagr - ok
17:49:05.0001 0x0478 AcpiPmi - ok
17:49:05.0003 0x0478 acpitime - ok
17:49:05.0011 0x0478 [ B598E1D166E92198948BA07888E196F6, DF8764F444020C271D00BCC36D7530CDDF1394035CABE7444625B75FBEF4D624 ] acsock C:\WINDOWS\system32\DRIVERS\acsock64.sys
17:49:05.0057 0x0478 acsock - ok
17:49:05.0064 0x0478 ADP80XX - ok
17:49:05.0071 0x0478 AFD - ok
17:49:05.0076 0x0478 ahcache - ok
17:49:05.0078 0x0478 AJRouter - ok
17:49:05.0080 0x0478 ALG - ok
17:49:05.0084 0x0478 AmdK8 - ok
17:49:05.0086 0x0478 AmdPPM - ok
17:49:05.0088 0x0478 amdsata - ok
17:49:05.0092 0x0478 amdsbs - ok
17:49:05.0094 0x0478 amdxata - ok
17:49:05.0096 0x0478 AppID - ok
17:49:05.0099 0x0478 AppIDSvc - ok
17:49:05.0101 0x0478 Appinfo - ok
17:49:05.0103 0x0478 applockerfltr - ok
17:49:05.0105 0x0478 AppMgmt - ok
17:49:05.0111 0x0478 AppReadiness - ok
17:49:05.0114 0x0478 AppVClient - ok
17:49:05.0116 0x0478 AppvStrm - ok
17:49:05.0133 0x0478 AppvVemgr - ok
17:49:05.0135 0x0478 AppvVfs - ok
17:49:05.0137 0x0478 AppXSvc - ok
17:49:05.0139 0x0478 arcsas - ok
17:49:05.0142 0x0478 AsyncMac - ok
17:49:05.0145 0x0478 atapi - ok
17:49:05.0147 0x0478 AudioEndpointBuilder - ok
17:49:05.0149 0x0478 Audiosrv - ok
17:49:05.0151 0x0478 AxInstSV - ok
17:49:05.0153 0x0478 b06bdrv - ok
17:49:05.0155 0x0478 BasicDisplay - ok
17:49:05.0157 0x0478 BasicRender - ok
17:49:05.0160 0x0478 bcmfn - ok
17:49:05.0162 0x0478 bcmfn2 - ok
17:49:05.0164 0x0478 BDESVC - ok
17:49:05.0166 0x0478 Beep - ok
17:49:05.0168 0x0478 BFE - ok
17:49:05.0170 0x0478 BITS - ok
17:49:05.0217 0x0478 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:49:05.0227 0x0478 Bonjour Service - ok
17:49:05.0230 0x0478 bowser - ok
17:49:05.0232 0x0478 BrokerInfrastructure - ok
17:49:05.0234 0x0478 Browser - ok
17:49:05.0236 0x0478 BthAvrcpTg - ok
17:49:05.0239 0x0478 BthHFEnum - ok
17:49:05.0241 0x0478 bthhfhid - ok
17:49:05.0243 0x0478 BthHFSrv - ok
17:49:05.0245 0x0478 BTHMODEM - ok
17:49:05.0251 0x0478 bthserv - ok
17:49:05.0253 0x0478 buttonconverter - ok
17:49:05.0266 0x0478 [ 6A50EAB6C21EF0886A0366E11AF10762, 39231BC53B2C61783F6C1BA8D21B51E1942E0F5CE63D651692530AD003AA4539 ] C2XXCOM C:\WINDOWS\system32\DRIVERS\C2XXCOM76.sys
17:49:05.0273 0x0478 C2XXCOM - ok
17:49:05.0296 0x0478 [ DA5363A532BA554483F5B1EC6ADE73BC, 6CBFA5FC862FE4E4B9317B423C21EBC3F2AF22C990A3982FA426F51D317A7A41 ] C2xxUSB C:\WINDOWS\system32\DRIVERS\C2xxUSB76.sys
17:49:05.0317 0x0478 C2xxUSB - ok
17:49:05.0323 0x0478 [ B8E6BE77C47F1FE2C9F696BCEAEAC6F1, 6B6F1211F4C8594D41AB0D137389B243C1DC7441180507CF4DED03A6968E7ACC ] C2xxUsbStorage C:\WINDOWS\system32\DRIVERS\C2xSTR76.sys
17:49:05.0334 0x0478 C2xxUsbStorage - ok
17:49:05.0338 0x0478 CapImg - ok
17:49:05.0343 0x0478 cdfs - ok
17:49:05.0345 0x0478 CDPSvc - ok
17:49:05.0348 0x0478 CDPUserSvc - ok
17:49:05.0364 0x0478 cdrom - ok
17:49:05.0367 0x0478 CertPropSvc - ok
17:49:05.0370 0x0478 cht4iscsi - ok
17:49:05.0372 0x0478 cht4vbd - ok
17:49:05.0376 0x0478 circlass - ok
17:49:05.0379 0x0478 CLFS - ok
17:49:05.0381 0x0478 ClipSVC - ok
17:49:05.0383 0x0478 clreg - ok
17:49:05.0390 0x0478 CmBatt - ok
17:49:05.0392 0x0478 CNG - ok
17:49:05.0395 0x0478 cnghwassist - ok
17:49:05.0431 0x0478 CompositeBus - ok
17:49:05.0433 0x0478 COMSysApp - ok
17:49:05.0435 0x0478 condrv - ok
17:49:05.0468 0x0478 Convxxxx - ok
17:49:05.0483 0x0478 CoreMessagingRegistrar - ok
17:49:05.0515 0x0478 [ 5212E0957468D3F94D90FA7A0F06B58F, 955DAC77A0148E9F9ED744F5D341CB9C9118261E52FE622AC6213965F2BC4CAD ] cpuz137 C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys
17:49:05.0518 0x0478 cpuz137 - ok
17:49:05.0522 0x0478 CryptSvc - ok
17:49:05.0524 0x0478 CSC - ok
17:49:05.0526 0x0478 CscService - ok
17:49:05.0528 0x0478 dam - ok
17:49:05.0531 0x0478 DcomLaunch - ok
17:49:05.0533 0x0478 DcpSvc - ok
17:49:05.0536 0x0478 defragsvc - ok
17:49:05.0538 0x0478 DeviceAssociationService - ok
17:49:05.0540 0x0478 DeviceInstall - ok
17:49:05.0542 0x0478 DevQueryBroker - ok
17:49:05.0544 0x0478 Dfsc - ok
17:49:05.0559 0x0478 Dhcp - ok
17:49:05.0562 0x0478 diagnosticshub.standardcollector.service - ok
17:49:05.0565 0x0478 DiagTrack - ok
17:49:05.0567 0x0478 disk - ok
17:49:05.0569 0x0478 DmEnrollmentSvc - ok
17:49:05.0571 0x0478 dmvsc - ok
17:49:05.0574 0x0478 dmwappushservice - ok
17:49:05.0576 0x0478 Dnscache - ok
17:49:05.0579 0x0478 dot3svc - ok
17:49:05.0581 0x0478 DPS - ok
17:49:05.0583 0x0478 drmkaud - ok
17:49:05.0585 0x0478 DsmSvc - ok
17:49:05.0587 0x0478 DsSvc - ok
17:49:05.0601 0x0478 [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys
17:49:05.0609 0x0478 dtsoftbus01 - ok
17:49:05.0630 0x0478 DXGKrnl - ok
17:49:05.0633 0x0478 EapHost - ok
17:49:05.0634 0x0478 ebdrv - ok
17:49:05.0637 0x0478 EFS - ok
17:49:05.0639 0x0478 EhStorClass - ok
17:49:05.0644 0x0478 EhStorTcgDrv - ok
17:49:05.0649 0x0478 embeddedmode - ok
17:49:05.0653 0x0478 EntAppSvc - ok
17:49:05.0657 0x0478 ErrDev - ok
17:49:05.0675 0x0478 EventSystem - ok
17:49:05.0677 0x0478 exfat - ok
17:49:05.0689 0x0478 fastfat - ok
17:49:05.0693 0x0478 Fax - ok
17:49:05.0695 0x0478 fdc - ok
17:49:05.0698 0x0478 fdPHost - ok
17:49:05.0700 0x0478 FDResPub - ok
17:49:05.0703 0x0478 fhsvc - ok
17:49:05.0705 0x0478 FileCrypt - ok
17:49:05.0707 0x0478 FileInfo - ok
17:49:05.0710 0x0478 Filetrace - ok
17:49:05.0712 0x0478 flpydisk - ok
17:49:05.0715 0x0478 FltMgr - ok
17:49:05.0718 0x0478 FontCache - ok
17:49:05.0729 0x0478 FontCache3.0.0.0 - ok
17:49:05.0731 0x0478 FrameServer - ok
17:49:05.0733 0x0478 FsDepends - ok
17:49:05.0737 0x0478 Fs_Rec - ok
17:49:05.0739 0x0478 fvevol - ok
17:49:05.0742 0x0478 gencounter - ok
17:49:05.0743 0x0478 genericusbfn - ok
17:49:05.0745 0x0478 GPIOClx0101 - ok
17:49:05.0747 0x0478 gpsvc - ok
17:49:05.0749 0x0478 GpuEnergyDrv - ok
17:49:05.0764 0x0478 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:49:05.0769 0x0478 gupdate - ok
17:49:05.0772 0x0478 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:49:05.0778 0x0478 gupdatem - ok
17:49:05.0780 0x0478 HDAudBus - ok
17:49:05.0782 0x0478 HidBatt - ok
17:49:05.0784 0x0478 HidBth - ok
17:49:05.0786 0x0478 hidi2c - ok
17:49:05.0788 0x0478 hidinterrupt - ok
17:49:05.0792 0x0478 HidIr - ok
17:49:05.0799 0x0478 [ C6AB0711E75F90B501F30260463CB026, B5CF27552A000D2BCE0C9B557F0FA2CE60FACAB596B262F07BED57D00422C388 ] hidkmdf C:\WINDOWS\System32\drivers\hidkmdf.sys
17:49:05.0802 0x0478 hidkmdf - ok
17:49:05.0806 0x0478 hidserv - ok
17:49:05.0818 0x0478 HidUsb - ok
17:49:05.0826 0x0478 [ E627AD9A64052C659704FAA979C225F1, 7630ADA53A43581A314386D43BF5582604AB4651E5E229C8D5C5551F09740542 ] HmaOpenVpnService D:\Programme\HMA! Pro VPN\bin\openvpnserv.exe
17:49:05.0831 0x0478 HmaOpenVpnService - ok
17:49:05.0849 0x0478 [ D7670FC8D023073F3A40CCBD93976F2F, 22054DC2DD524DC4CAECA23EDBCF7552A90C1082939FFBEC35708D1D02C81673 ] hmatap C:\WINDOWS\System32\drivers\hmatap.sys
17:49:05.0854 0x0478 hmatap - ok
17:49:05.0857 0x0478 HomeGroupListener - ok
17:49:05.0859 0x0478 HomeGroupProvider - ok
17:49:05.0863 0x0478 HpSAMD - ok
17:49:05.0865 0x0478 HTTP - ok
17:49:05.0878 0x0478 HvHost - ok
17:49:05.0880 0x0478 hvservice - ok
17:49:05.0882 0x0478 hwpolicy - ok
17:49:05.0884 0x0478 hyperkbd - ok
17:49:05.0887 0x0478 i8042prt - ok
17:49:05.0889 0x0478 iagpio - ok
17:49:05.0893 0x0478 iai2c - ok
17:49:05.0895 0x0478 iaLPSS2i_GPIO2 - ok
17:49:05.0897 0x0478 iaLPSS2i_I2C - ok
17:49:05.0899 0x0478 iaLPSSi_GPIO - ok
17:49:05.0900 0x0478 iaLPSSi_I2C - ok
17:49:05.0902 0x0478 iaStorAV - ok
17:49:05.0904 0x0478 iaStorV - ok
17:49:05.0906 0x0478 ibbus - ok
17:49:05.0909 0x0478 icssvc - ok
17:49:05.0911 0x0478 IKEEXT - ok
17:49:05.0918 0x0478 IndirectKmd - ok
17:49:06.0042 0x0478 [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
17:49:06.0108 0x0478 IntcAzAudAddService - ok
17:49:06.0127 0x0478 intelide - ok
17:49:06.0129 0x0478 intelpep - ok
17:49:06.0131 0x0478 intelppm - ok
17:49:06.0132 0x0478 iorate - ok
17:49:06.0134 0x0478 IpFilterDriver - ok
17:49:06.0137 0x0478 iphlpsvc - ok
17:49:06.0139 0x0478 IPMIDRV - ok
17:49:06.0142 0x0478 IPNAT - ok
17:49:06.0143 0x0478 irda - ok
17:49:06.0145 0x0478 IRENUM - ok
17:49:06.0147 0x0478 irmon - ok
17:49:06.0149 0x0478 isapnp - ok
17:49:06.0151 0x0478 iScsiPrt - ok
17:49:06.0153 0x0478 kbdclass - ok
17:49:06.0156 0x0478 kbdhid - ok
17:49:06.0158 0x0478 kdnic - ok
17:49:06.0160 0x0478 KeyIso - ok
17:49:06.0162 0x0478 KSecDD - ok
17:49:06.0164 0x0478 KSecPkg - ok
17:49:06.0166 0x0478 ksthunk - ok
17:49:06.0169 0x0478 KtmRm - ok
17:49:06.0186 0x0478 Kyubey - ok
17:49:06.0190 0x0478 LanmanServer - ok
17:49:06.0213 0x0478 LanmanWorkstation - ok
17:49:06.0227 0x0478 lfsvc - ok
17:49:06.0238 0x0478 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys
17:49:06.0242 0x0478 LGBusEnum - ok
17:49:06.0251 0x0478 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys
17:49:06.0259 0x0478 LGVirHid - ok
17:49:06.0264 0x0478 LicenseManager - ok
17:49:06.0269 0x0478 lltdio - ok
17:49:06.0274 0x0478 lltdsvc - ok
17:49:06.0278 0x0478 lmhosts - ok
17:49:06.0284 0x0478 LSI_SAS - ok
17:49:06.0288 0x0478 LSI_SAS2i - ok
17:49:06.0293 0x0478 LSI_SAS3i - ok
17:49:06.0298 0x0478 LSI_SSS - ok
17:49:06.0303 0x0478 LSM - ok
17:49:06.0306 0x0478 luafv - ok
17:49:06.0309 0x0478 MapsBroker - ok
17:49:06.0312 0x0478 megasas - ok
17:49:06.0315 0x0478 megasas2i - ok
17:49:06.0318 0x0478 megasr - ok
17:49:06.0329 0x0478 [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
17:49:06.0340 0x0478 MEIx64 - ok
17:49:06.0367 0x0478 MessagingService - ok
17:49:06.0370 0x0478 mlx4_bus - ok
17:49:06.0372 0x0478 MMCSS - ok
17:49:06.0374 0x0478 Modem - ok
17:49:06.0377 0x0478 monitor - ok
17:49:06.0379 0x0478 mouclass - ok
17:49:06.0381 0x0478 mouhid - ok
17:49:06.0382 0x0478 mountmgr - ok
17:49:06.0384 0x0478 mpsdrv - ok
17:49:06.0386 0x0478 MpsSvc - ok
17:49:06.0389 0x0478 MRxDAV - ok
17:49:06.0399 0x0478 mrxsmb - ok
17:49:06.0401 0x0478 mrxsmb10 - ok
17:49:06.0404 0x0478 mrxsmb20 - ok
17:49:06.0406 0x0478 MsBridge - ok
17:49:06.0409 0x0478 MSDTC - ok
17:49:06.0412 0x0478 Msfs - ok
17:49:06.0418 0x0478 msgpiowin32 - ok
17:49:06.0420 0x0478 mshidkmdf - ok
17:49:06.0422 0x0478 mshidumdf - ok
17:49:06.0424 0x0478 msisadrv - ok
17:49:06.0436 0x0478 MSiSCSI - ok
17:49:06.0438 0x0478 msiserver - ok
17:49:06.0440 0x0478 MSKSSRV - ok
17:49:06.0442 0x0478 MsLldp - ok
17:49:06.0444 0x0478 MSPCLOCK - ok
17:49:06.0445 0x0478 MSPQM - ok
17:49:06.0447 0x0478 MsRPC - ok
17:49:06.0450 0x0478 MsSecFlt - ok
17:49:06.0452 0x0478 mssmbios - ok
17:49:06.0454 0x0478 MSTEE - ok
17:49:06.0456 0x0478 MTConfig - ok
17:49:06.0458 0x0478 Mup - ok
17:49:06.0460 0x0478 mvumis - ok
17:49:06.0463 0x0478 NativeWifiP - ok
17:49:06.0465 0x0478 NcaSvc - ok
17:49:06.0467 0x0478 NcbService - ok
17:49:06.0469 0x0478 NcdAutoSetup - ok
17:49:06.0471 0x0478 ndfltr - ok
17:49:06.0474 0x0478 NDIS - ok
17:49:06.0478 0x0478 NdisCap - ok
17:49:06.0490 0x0478 NdisImPlatform - ok
17:49:06.0492 0x0478 NdisTapi - ok
17:49:06.0493 0x0478 Ndisuio - ok
17:49:06.0495 0x0478 NdisVirtualBus - ok
17:49:06.0497 0x0478 NdisWan - ok
17:49:06.0499 0x0478 ndiswanlegacy - ok
17:49:06.0501 0x0478 ndproxy - ok
17:49:06.0502 0x0478 Ndu - ok
17:49:06.0504 0x0478 NetAdapterCx - ok
17:49:06.0506 0x0478 NetBIOS - ok
17:49:06.0509 0x0478 NetBT - ok
17:49:06.0511 0x0478 Netlogon - ok
17:49:06.0513 0x0478 Netman - ok
17:49:06.0516 0x0478 netprofm - ok
17:49:06.0518 0x0478 NetSetupSvc - ok
17:49:06.0530 0x0478 NetTcpPortSharing - ok
17:49:06.0533 0x0478 NgcCtnrSvc - ok
17:49:06.0535 0x0478 NgcSvc - ok
17:49:06.0537 0x0478 NlaSvc - ok
17:49:06.0539 0x0478 Npfs - ok
17:49:06.0541 0x0478 npggsvc - ok
17:49:06.0551 0x0478 npsvctrig - ok
17:49:06.0553 0x0478 nsi - ok
17:49:06.0555 0x0478 nsiproxy - ok
17:49:06.0558 0x0478 NTFS - ok
17:49:06.0574 0x0478 Ntp2NetSvc - ok
17:49:06.0581 0x0478 Ntp2UpSvc - ok
17:49:06.0584 0x0478 Null - ok
17:49:06.0597 0x0478 [ 302A57479E9A2A95CE723521A7ED1BD0, CEF8E26DBCA2E840ED32378193127FDC321828D28941AE42C5AA800613A85E91 ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys
17:49:06.0604 0x0478 NVHDA - ok
17:49:06.0929 0x0478 [ E0854DA823FBC14F750BFD46E690F60F, BAACD13006B7EA377BC57CA502D342097E327486957F905DD720C870C1B4C67C ] nvlddmkm C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys
17:49:07.0130 0x0478 nvlddmkm - ok
17:49:07.0142 0x0478 nvraid - ok
17:49:07.0144 0x0478 nvstor - ok
17:49:07.0208 0x0478 [ 99D42078C9596A20A7B3419159265A25, E9F5380E6597C79B26B2CBAAC534F31C5027F32AAA0FD5876CF7E9BB6658F30C ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
17:49:07.0212 0x0478 NvStreamKms - ok
17:49:07.0300 0x0478 [ E6A64322EB213AEACBB61584AA6FB032, FA91C89B81DD7F3EC22DF71FFC3A506AD40AE76EC91F1115CCAB6ED39431369D ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
17:49:07.0355 0x0478 NvStreamNetworkSvc - ok
17:49:07.0412 0x0478 [ A8213BF32D2E75ADD362E118AD164749, 6F35210ED11088FE64F13DD63053FFDA4628A5F6397DA33A345970962AB83499 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
17:49:07.0452 0x0478 NvStreamSvc - ok
17:49:07.0468 0x0478 [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
17:49:07.0473 0x0478 nvvad_WaveExtensible - ok
17:49:07.0476 0x0478 OneSyncSvc - ok
17:49:07.0527 0x0478 [ 241B7F92346973C10195AD7861596709, E0972047D202F539A8367E50DE278AF6103FA72C8E61F6D5B0DC1EA8FD338355 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
17:49:07.0560 0x0478 Origin Client Service - ok
17:49:07.0613 0x0478 [ 685176200A9246175FB8EF95F6FF9EAF, 93A5F307B1DF545CA5334BBB81E5E388A3E7911A9FF6ECBC066A3A5E11300AE4 ] Origin Web Helper Service C:\Program Files (x86)\Origin\OriginWebHelperService.exe
17:49:07.0646 0x0478 Origin Web Helper Service - ok
17:49:07.0650 0x0478 p2pimsvc - ok
17:49:07.0652 0x0478 p2psvc - ok
17:49:07.0653 0x0478 Parport - ok
17:49:07.0664 0x0478 partmgr - ok
17:49:07.0666 0x0478 PcaSvc - ok
17:49:07.0668 0x0478 pci - ok
17:49:07.0671 0x0478 pciide - ok
17:49:07.0674 0x0478 pcmcia - ok
17:49:07.0676 0x0478 pcw - ok
17:49:07.0678 0x0478 pdc - ok
17:49:07.0680 0x0478 PEAUTH - ok
17:49:07.0682 0x0478 PeerDistSvc - ok
17:49:07.0683 0x0478 percsas2i - ok
17:49:07.0685 0x0478 percsas3i - ok
17:49:07.0718 0x0478 PerfHost - ok
17:49:07.0729 0x0478 PhoneSvc - ok
17:49:07.0733 0x0478 PimIndexMaintenanceSvc - ok
17:49:07.0741 0x0478 pla - ok
17:49:07.0745 0x0478 PlugPlay - ok
17:49:07.0748 0x0478 PNRPAutoReg - ok
17:49:07.0750 0x0478 PNRPsvc - ok
17:49:07.0754 0x0478 PolicyAgent - ok
17:49:07.0758 0x0478 Power - ok
17:49:07.0761 0x0478 PptpMiniport - ok
17:49:07.0859 0x0478 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:49:07.0968 0x0478 PrintNotify - ok
17:49:07.0973 0x0478 Processor - ok
17:49:07.0975 0x0478 ProfSvc - ok
17:49:07.0987 0x0478 Psched - ok
17:49:07.0989 0x0478 QWAVE - ok
17:49:07.0992 0x0478 QWAVEdrv - ok
17:49:07.0994 0x0478 RasAcd - ok
17:49:08.0004 0x0478 RasAgileVpn - ok
17:49:08.0006 0x0478 RasAuto - ok
17:49:08.0008 0x0478 Rasl2tp - ok
17:49:08.0010 0x0478 RasMan - ok
17:49:08.0012 0x0478 RasPppoe - ok
17:49:08.0014 0x0478 RasSstp - ok
17:49:08.0016 0x0478 rdbss - ok
17:49:08.0021 0x0478 rdpbus - ok
17:49:08.0024 0x0478 RDPDR - ok
17:49:08.0028 0x0478 RdpVideoMiniport - ok
17:49:08.0030 0x0478 rdyboost - ok
17:49:08.0032 0x0478 ReFSv1 - ok
17:49:08.0052 0x0478 RemoteAccess - ok
17:49:08.0055 0x0478 RemoteRegistry - ok
17:49:08.0058 0x0478 RetailDemo - ok
17:49:08.0060 0x0478 RmSvc - ok
17:49:08.0062 0x0478 RpcEptMapper - ok
17:49:08.0064 0x0478 RpcLocator - ok
17:49:08.0066 0x0478 RpcSs - ok
17:49:08.0068 0x0478 rspndr - ok
17:49:08.0071 0x0478 rt640x64 - ok
17:49:08.0075 0x0478 s3cap - ok
17:49:08.0078 0x0478 SamSs - ok
17:49:08.0081 0x0478 sbp2port - ok
17:49:08.0083 0x0478 SCardSvr - ok
17:49:08.0098 0x0478 ScDeviceEnum - ok
17:49:08.0101 0x0478 scfilter - ok
17:49:08.0103 0x0478 Schedule - ok
17:49:08.0105 0x0478 scmbus - ok
17:49:08.0107 0x0478 scmdisk0101 - ok
17:49:08.0110 0x0478 SCPolicySvc - ok
17:49:08.0112 0x0478 sdbus - ok
17:49:08.0133 0x0478 SDRSVC - ok
17:49:08.0135 0x0478 sdstor - ok
17:49:08.0137 0x0478 Secdrv - ok
17:49:08.0142 0x0478 seclogon - ok
17:49:08.0144 0x0478 SENS - ok
17:49:08.0161 0x0478 Sense - ok
17:49:08.0175 0x0478 SensorDataService - ok
17:49:08.0179 0x0478 SensorService - ok
17:49:08.0181 0x0478 SensrSvc - ok
17:49:08.0183 0x0478 SerCx - ok
17:49:08.0185 0x0478 SerCx2 - ok
17:49:08.0188 0x0478 Serenum - ok
17:49:08.0191 0x0478 Serial - ok
17:49:08.0193 0x0478 sermouse - ok
17:49:08.0198 0x0478 SessionEnv - ok
17:49:08.0201 0x0478 sfloppy - ok
17:49:08.0228 0x0478 SharedAccess - ok
17:49:08.0245 0x0478 ShellHWDetection - ok
17:49:08.0248 0x0478 shpamsvc - ok
17:49:08.0249 0x0478 SiSRaid2 - ok
17:49:08.0252 0x0478 SiSRaid4 - ok
17:49:08.0284 0x0478 [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:49:08.0295 0x0478 SkypeUpdate - ok
17:49:08.0304 0x0478 smphost - ok
17:49:08.0312 0x0478 SmsRouter - ok
17:49:08.0315 0x0478 SNMPTRAP - ok
17:49:08.0331 0x0478 spaceport - ok
17:49:08.0333 0x0478 SpbCx - ok
17:49:08.0335 0x0478 Spooler - ok
17:49:08.0338 0x0478 sppsvc - ok
17:49:08.0346 0x0478 srv - ok
17:49:08.0348 0x0478 srv2 - ok
17:49:08.0359 0x0478 srvnet - ok
17:49:08.0361 0x0478 SSDPSRV - ok
17:49:08.0363 0x0478 SstpSvc - ok
17:49:08.0365 0x0478 StateRepository - ok
17:49:08.0409 0x0478 [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:49:08.0434 0x0478 Steam Client Service - ok
17:49:08.0438 0x0478 stexstor - ok
17:49:08.0450 0x0478 stisvc - ok
17:49:08.0457 0x0478 storahci - ok
17:49:08.0461 0x0478 storflt - ok
17:49:08.0463 0x0478 stornvme - ok
17:49:08.0466 0x0478 storqosflt - ok
17:49:08.0468 0x0478 StorSvc - ok
17:49:08.0470 0x0478 storufs - ok
17:49:08.0471 0x0478 storvsc - ok
17:49:08.0474 0x0478 svsvc - ok
17:49:08.0476 0x0478 swenum - ok
17:49:08.0478 0x0478 swprv - ok
17:49:08.0481 0x0478 Synth3dVsc - ok
17:49:08.0483 0x0478 SysMain - ok
17:49:08.0486 0x0478 SystemEventsBroker - ok
17:49:08.0488 0x0478 TabletInputService - ok
17:49:08.0492 0x0478 TapiSrv - ok
17:49:08.0494 0x0478 Tcpip - ok
17:49:08.0496 0x0478 Tcpip6 - ok
17:49:08.0499 0x0478 tcpipreg - ok
17:49:08.0502 0x0478 tdx - ok
17:49:08.0677 0x0478 [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
17:49:08.0786 0x0478 TeamViewer - ok
17:49:08.0793 0x0478 terminpt - ok
17:49:08.0795 0x0478 TermService - ok
17:49:08.0797 0x0478 Themes - ok
17:49:08.0800 0x0478 TieringEngineService - ok
17:49:08.0803 0x0478 tiledatamodelsvc - ok
17:49:08.0806 0x0478 TimeBrokerSvc - ok
17:49:08.0818 0x0478 TPM - ok
17:49:08.0821 0x0478 TrkWks - ok
17:49:08.0826 0x0478 TrustedInstaller - ok
17:49:08.0828 0x0478 tsusbflt - ok
17:49:08.0831 0x0478 TsUsbGD - ok
17:49:08.0833 0x0478 tsusbhub - ok
17:49:08.0835 0x0478 tunnel - ok
17:49:08.0842 0x0478 tzautoupdate - ok
17:49:08.0845 0x0478 UASPStor - ok
17:49:08.0847 0x0478 UcmCx0101 - ok
17:49:08.0849 0x0478 UcmTcpciCx0101 - ok
17:49:08.0851 0x0478 UcmUcsi - ok
17:49:08.0853 0x0478 Ucx01000 - ok
17:49:08.0855 0x0478 UdeCx - ok
17:49:08.0859 0x0478 udfs - ok
17:49:08.0862 0x0478 UEFI - ok
17:49:08.0864 0x0478 UevAgentDriver - ok
17:49:08.0866 0x0478 UevAgentService - ok
17:49:08.0867 0x0478 Ufx01000 - ok
17:49:08.0870 0x0478 UfxChipidea - ok
17:49:08.0872 0x0478 ufxsynopsys - ok
17:49:08.0877 0x0478 UI0Detect - ok
17:49:08.0879 0x0478 umbus - ok
17:49:08.0881 0x0478 UmPass - ok
17:49:08.0883 0x0478 UmRdpService - ok
17:49:08.0886 0x0478 UnistoreSvc - ok
17:49:08.0890 0x0478 upnphost - ok
17:49:08.0892 0x0478 UrsChipidea - ok
17:49:08.0895 0x0478 UrsCx01000 - ok
17:49:08.0897 0x0478 UrsSynopsys - ok
17:49:08.0909 0x0478 usbaudio - ok
17:49:08.0912 0x0478 usbccgp - ok
17:49:08.0915 0x0478 usbcir - ok
17:49:08.0917 0x0478 usbehci - ok
17:49:08.0920 0x0478 usbhub - ok
17:49:08.0922 0x0478 USBHUB3 - ok
17:49:08.0925 0x0478 usbohci - ok
17:49:08.0927 0x0478 usbprint - ok
17:49:08.0929 0x0478 usbser - ok
17:49:08.0931 0x0478 USBSTOR - ok
17:49:08.0933 0x0478 usbuhci - ok
17:49:08.0944 0x0478 usbvideo - ok
17:49:08.0946 0x0478 USBXHCI - ok
17:49:08.0949 0x0478 UserDataSvc - ok
17:49:08.0965 0x0478 UserManager - ok
17:49:08.0967 0x0478 UsoSvc - ok
17:49:08.0969 0x0478 VaultSvc - ok
17:49:08.0971 0x0478 vdrvroot - ok
17:49:08.0973 0x0478 vds - ok
17:49:08.0975 0x0478 VerifierExt - ok
17:49:08.0977 0x0478 vhdmp - ok
17:49:08.0979 0x0478 vhf - ok
17:49:08.0982 0x0478 vmbus - ok
17:49:08.0984 0x0478 VMBusHID - ok
17:49:08.0986 0x0478 vmgid - ok
17:49:08.0988 0x0478 vmicguestinterface - ok
17:49:08.0992 0x0478 vmicheartbeat - ok
17:49:08.0993 0x0478 vmickvpexchange - ok
17:49:08.0996 0x0478 vmicrdv - ok
17:49:08.0998 0x0478 vmicshutdown - ok
17:49:09.0000 0x0478 vmictimesync - ok
17:49:09.0002 0x0478 vmicvmsession - ok
17:49:09.0004 0x0478 vmicvss - ok
17:49:09.0006 0x0478 volmgr - ok
17:49:09.0008 0x0478 volmgrx - ok
17:49:09.0010 0x0478 volsnap - ok
17:49:09.0013 0x0478 volume - ok
17:49:09.0015 0x0478 vpci - ok
17:49:09.0061 0x0478 [ 4C768463461D2C78E671EFB43AD3A267, 30FF18AD8C781A13091AA1D7413428C9FBA3525E44A359E90A16C3AD06F15D7D ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
17:49:09.0095 0x0478 vpnagent - ok
17:49:09.0104 0x0478 [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva C:\WINDOWS\System32\drivers\vpnva64-6.sys
17:49:09.0109 0x0478 vpnva - ok
17:49:09.0112 0x0478 vsmraid - ok
17:49:09.0114 0x0478 VSS - ok
17:49:09.0117 0x0478 VSTXRAID - ok
17:49:09.0119 0x0478 vwifibus - ok
17:49:09.0121 0x0478 vwififlt - ok
17:49:09.0124 0x0478 W32Time - ok
17:49:09.0141 0x0478 [ 90A7D70E48A69F6E4FFB49440674B3B8, 6C31BE40D9FF3C91B420AB2CFF17FA0D463BD97DF94B9CFCB8735A9EBC8FDFB0 ] WacHidRouter C:\WINDOWS\System32\drivers\wachidrouter.sys
17:49:09.0145 0x0478 WacHidRouter - ok
17:49:09.0148 0x0478 WacomPen - ok
17:49:09.0160 0x0478 [ A46EA18DFA3CB657732909570F021578, 36A87A8A3402BBD79367B6F0D9C59C3BAF18AAE154A273DA067D7F08A7B94CC8 ] wacomrouterfilter C:\WINDOWS\System32\drivers\wacomrouterfilter.sys
17:49:09.0164 0x0478 wacomrouterfilter - ok
17:49:09.0167 0x0478 WalletService - ok
17:49:09.0169 0x0478 wanarp - ok
17:49:09.0171 0x0478 wanarpv6 - ok
17:49:09.0174 0x0478 wbengine - ok
17:49:09.0177 0x0478 WbioSrvc - ok
17:49:09.0179 0x0478 wcifs - ok
17:49:09.0182 0x0478 Wcmsvc - ok
17:49:09.0184 0x0478 wcncsvc - ok
17:49:09.0186 0x0478 wcnfs - ok
17:49:09.0188 0x0478 WdBoot - ok
17:49:09.0191 0x0478 Wdf01000 - ok
17:49:09.0194 0x0478 WdFilter - ok
17:49:09.0196 0x0478 WdiServiceHost - ok
17:49:09.0198 0x0478 WdiSystemHost - ok
17:49:09.0200 0x0478 wdiwifi - ok
17:49:09.0202 0x0478 WdNisDrv - ok
17:49:09.0204 0x0478 WdNisSvc - ok
17:49:09.0207 0x0478 WebClient - ok
17:49:09.0209 0x0478 Wecsvc - ok
17:49:09.0212 0x0478 WEPHOSTSVC - ok
17:49:09.0215 0x0478 wercplsupport - ok
17:49:09.0217 0x0478 WerSvc - ok
17:49:09.0219 0x0478 WFPLWFS - ok
17:49:09.0222 0x0478 WiaRpc - ok
17:49:09.0224 0x0478 WIMMount - ok
17:49:09.0225 0x0478 WinDefend - ok
17:49:09.0231 0x0478 WindowsTrustedRT - ok
17:49:09.0233 0x0478 WindowsTrustedRTProxy - ok
17:49:09.0235 0x0478 WinHttpAutoProxySvc - ok
17:49:09.0238 0x0478 WinMad - ok
17:49:09.0256 0x0478 Winmgmt - ok
17:49:09.0262 0x0478 WinRM - ok
17:49:09.0334 0x0478 [ F18C9057490CC4082BDB86D64537F4EA, 4B72FCDE3E3A010573A6C147E36643B373A04F33526EE85269BF9A87D2E7FD27 ] WinSAPSvc C:\Users\Princhi\AppData\Roaming\WinSAPSvc\WinSAP.dll
17:49:09.0350 0x0478 WinSAPSvc - detected UnsignedFile.Multi.Generic ( 1 )
17:49:09.0498 0x0478 Detect turned to UDS exact due to KSN untrusted
17:49:09.0563 0x0478 WinSAPSvc ( UDS:DangerousObject.Multi.Generic ) - infected
17:49:09.0563 0x0478 Force sending object to P2P due to detect: WinSAPSvc
17:49:09.0761 0x0478 Object send P2P result: true
17:49:09.0913 0x0478 WINUSB - ok
17:49:09.0923 0x0478 WinVerbs - ok
17:49:09.0932 0x0478 wisvc - ok
17:49:09.0948 0x0478 WlanSvc - ok
17:49:09.0954 0x0478 wlidsvc - ok
17:49:09.0966 0x0478 [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
17:49:09.0976 0x0478 WmBEnum - ok
17:49:09.0983 0x0478 [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
17:49:09.0992 0x0478 WmFilter - ok
17:49:09.0996 0x0478 [ AC4331AF118A720F13C9C5CABBFE27BD, 2C5F453996B00078F3E8E731F6B3DD4529831BDA2146EAFC66727C9460E85112 ] WmHidLo C:\WINDOWS\system32\drivers\WmHidLo.sys
17:49:10.0000 0x0478 WmHidLo - ok
17:49:10.0003 0x0478 WmiAcpi - ok
17:49:10.0008 0x0478 wmiApSrv - ok
17:49:10.0010 0x0478 WMPNetworkSvc - ok
17:49:10.0021 0x0478 [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
17:49:10.0026 0x0478 WmVirHid - ok
17:49:10.0032 0x0478 [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
17:49:10.0037 0x0478 WmXlCore - ok
17:49:10.0041 0x0478 Wof - ok
17:49:10.0045 0x0478 workfolderssvc - ok
17:49:10.0048 0x0478 WPDBusEnum - ok
17:49:10.0051 0x0478 WpdUpFltr - ok
17:49:10.0055 0x0478 WpnService - ok
17:49:10.0057 0x0478 WpnUserService - ok
17:49:10.0066 0x0478 ws2ifsl - ok
17:49:10.0068 0x0478 wscsvc - ok
17:49:10.0070 0x0478 WSDPrintDevice - ok
17:49:10.0073 0x0478 WSDScan - ok
17:49:10.0074 0x0478 WSearch - ok
17:49:10.0105 0x0478 [ F746E515661B69953030C6C7F2672821, AB454BE1EA00F7FB2655EEB429D0B1795E435E91D88E7C3F1288AE243D270989 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
17:49:10.0124 0x0478 WTabletServicePro - ok
17:49:10.0130 0x0478 wuauserv - ok
17:49:10.0133 0x0478 WudfPf - ok
17:49:10.0138 0x0478 WUDFRd - ok
17:49:10.0142 0x0478 wudfsvc - ok
17:49:10.0145 0x0478 WUDFWpdFs - ok
17:49:10.0146 0x0478 WUDFWpdMtp - ok
17:49:10.0149 0x0478 WwanSvc - ok
17:49:10.0151 0x0478 XblAuthManager - ok
17:49:10.0155 0x0478 XblGameSave - ok
17:49:10.0157 0x0478 xboxgip - ok
17:49:10.0160 0x0478 XboxNetApiSvc - ok
17:49:10.0172 0x0478 [ 7439DCAF71314B1D85E452B3F2E1138A, DAAF67C90C35DC1839CEC6962AD001961EFDE00DDFCDC702882AFA234D71248B ] xhunter1 C:\WINDOWS\xhunter1.sys
17:49:10.0176 0x0478 xhunter1 - ok
17:49:10.0188 0x0478 xinputhid - ok
17:49:10.0205 0x0478 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
17:49:10.0212 0x0478 xusb21 - ok
17:49:10.0215 0x0478 xusb22 - ok
17:49:10.0250 0x0478 [ 7B918284E375EC625973F193078EAA6A, DB8254AD2F25522BEDA3972B96B3874D122572F746AD0D6DAC1AA84198E32F0A ] Zerzitain C:\Program Files (x86)\Clerack\Grshlp.dll
17:49:10.0265 0x0478 Zerzitain - detected UnsignedFile.Multi.Generic ( 1 )
17:49:10.0407 0x0478 Detect turned to UDS exact due to KSN untrusted
17:49:10.0407 0x0478 Zerzitain ( UDS:DangerousObject.Multi.Generic ) - infected
17:49:10.0407 0x0478 Force sending object to P2P due to detect: Zerzitain
17:49:10.0569 0x0478 Object send P2P result: true
17:49:11.0391 0x0478 ================ Scan global ===============================
17:49:11.0428 0x0478 [ Global ] - ok
17:49:11.0429 0x0478 ================ Scan MBR ==================================
17:49:11.0440 0x0478 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:49:11.0529 0x0478 \Device\Harddisk0\DR0 - ok
17:49:11.0530 0x0478 ================ Scan VBR ==================================
17:49:11.0531 0x0478 [ 25E6C44901467F1AD46EB9F883CD0161 ] \Device\Harddisk0\DR0\Partition1
17:49:11.0534 0x0478 \Device\Harddisk0\DR0\Partition1 - ok
17:49:11.0535 0x0478 [ 1B7A554F4080B09FC0CECF2885F78B48 ] \Device\Harddisk0\DR0\Partition2
17:49:11.0536 0x0478 \Device\Harddisk0\DR0\Partition2 - ok
17:49:11.0538 0x0478 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
17:49:11.0538 0x0478 \Device\Harddisk0\DR0\Partition3 - ok
17:49:11.0540 0x0478 [ FB51C1F912C14BCC7FAAA8C26A1988F7 ] \Device\Harddisk0\DR0\Partition4
17:49:11.0542 0x0478 \Device\Harddisk0\DR0\Partition4 - ok
17:49:11.0543 0x0478 [ D67C0F154AA0CC2C803674166AAB840E ] \Device\Harddisk0\DR0\Partition5
17:49:11.0545 0x0478 \Device\Harddisk0\DR0\Partition5 - ok
17:49:11.0546 0x0478 [ 22E7F164060B7EB85A000F003BE40834 ] \Device\Harddisk0\DR0\Partition6
17:49:11.0548 0x0478 \Device\Harddisk0\DR0\Partition6 - ok
17:49:11.0548 0x0478 ================ Scan generic autorun ======================
17:49:11.0742 0x0478 [ 22EBD5AE3B3220D713E544D1D3AB3FEE, 9EF058B096DAA5C6242FBEB3DF509108180B1EB1EA252E63C437CF6C1B743BE0 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
17:49:11.0933 0x0478 RTHDVCPL - ok
17:49:12.0005 0x0478 [ BE586B5D1D73E1F07ED5AADDEFBCAA47, 68D957EBE01DD369BF4E2D5D07A7EDF9408066E61056A1C4968DBF8CE5841BBE ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
17:49:12.0056 0x0478 NvBackend - ok
17:49:12.0302 0x0478 [ 19ECAAEA3CC248489FE987C10B688C0D, 967CB23A8176B3181EE2A55DFBB04A69988AB22105D4C450C5B5E729B91FAD5A ] C:\Program Files\Logitech Gaming Software\LCore.exe
17:49:12.0595 0x0478 Launch LCore - ok
17:49:12.0619 0x0478 [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
17:49:12.0631 0x0478 AdobeAAMUpdater-1.0 - ok
17:49:12.0641 0x0478 [ 0104F4CA73154C23FFB449501F6D2D53, 0610AC01C06CC15D67F11C0EE00097A4D0A56B9EED16489FD3306EC2E1E6F301 ] C:\Program Files\Logitech\Gaming Software\LWEMon.exe
17:49:12.0654 0x0478 Start WingMan Profiler - ok
17:49:12.0678 0x0478 [ 5E7601CCBC2A98A4457E50612E0AEE73, 3F5FDCF1BEC5B134433F62ADD5C2931F700F2B7CBEDB0A98EF1362BF6E9FAC03 ] C:\Program Files (x86)\Drakonia Configurator\hid.exe
17:49:12.0698 0x0478 GamingMouse - detected UnsignedFile.Multi.Generic ( 1 )
17:49:12.0919 0x0478 GamingMouse ( UnsignedFile.Multi.Generic ) - warning
17:49:13.0096 0x0478 [ F8A8125BF28F03D79CDEA5B0B69FF60B, 13E5DE36EB61384B0726447442F0CE4838C20E4F3F730B9B9BB84A2020A68A82 ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
17:49:13.0123 0x0478 IJNetworkScannerSelectorEX - ok
17:49:13.0146 0x0478 [ 33BEA9023A6F47492889269E2C541D34, 7478C3F2653C0B07C981BA8B47A56595BE5910FDA63775AA91247B3DF947B89B ] C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe
17:49:13.0162 0x0478 Blackcomb - detected UnsignedFile.Multi.Generic ( 1 )
17:49:13.0307 0x0478 Blackcomb ( UnsignedFile.Multi.Generic ) - warning
17:49:13.0422 0x0478 OneDriveSetup - ok
17:49:13.0427 0x0478 OneDriveSetup - ok
17:49:13.0546 0x0478 [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
17:49:13.0624 0x0478 DAEMON Tools Lite - ok
17:49:13.0694 0x0478 [ DE664BEED7C0AFD37E78A8B44AE08112, ED1469112F43D0B91524281CB4DC19974D99515EEFFA095E9B9599739916C8B3 ] C:\Program Files (x86)\Origin\Origin.exe
17:49:13.0750 0x0478 EADM - ok
17:49:13.0789 0x0478 [ 131410FC40F1AC25ECA8EF7C321C5DEE, 77BF2476C38A059E93A53A0EADC3163AA545915B7D37039EAA43E33E17D64673 ] C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
17:49:13.0813 0x0478 Spotify Web Helper - ok
17:49:13.0878 0x0478 [ AAE92457F50F4DD74E2D502ADB9549EE, 70C8FBE410FE388D6B85334215EBE3393C16E8F8B19F5A8BA50DB6DF23196D50 ] C:\Users\Princhi\AppData\Local\Microsoft\OneDrive\OneDrive.exe
17:49:13.0911 0x0478 OneDrive - ok
17:49:13.0938 0x0478 [ 1AF1360E070BD8EA402F793EF6FBAAEB, B20EDEFCFDEA5721A615E88F6B0448BEFEC79B76986A0065F20CEC1576D3C354 ] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
17:49:13.0945 0x0478 ISUSPM - ok
17:49:14.0139 0x0478 [ F81F345586F08409752FC89EE3C02B17, 64D6F5D290C53DA2867205B659C4EFFF245194E2ACA764CC88D32594A9EA5D56 ] C:\Program Files\CCleaner\CCleaner64.exe
17:49:14.0345 0x0478 CCleaner Monitoring - ok
17:49:14.0351 0x0478 Waiting for KSN requests completion. In queue: 24
17:49:15.0381 0x0478 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
17:49:15.0388 0x0478 Win FW state via NFP2: enabled ( trusted )
17:49:15.0496 0x0478 ============================================================
17:49:15.0496 0x0478 Scan finished
17:49:15.0496 0x0478 ============================================================
17:49:15.0512 0x1094 Detected object count: 4
17:49:15.0512 0x1094 Actual detected object count: 4
17:50:22.0749 0x1094 WinSAPSvc ( UDS:DangerousObject.Multi.Generic ) - skipped by user
17:50:22.0749 0x1094 WinSAPSvc ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
17:50:22.0749 0x1094 Zerzitain ( UDS:DangerousObject.Multi.Generic ) - skipped by user
17:50:22.0749 0x1094 Zerzitain ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
17:50:22.0750 0x1094 GamingMouse ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0750 0x1094 GamingMouse ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:50:22.0750 0x1094 Blackcomb ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0750 0x1094 Blackcomb ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
08.03.2017, 18:07
| #5 | |
| /// TB-Ausbilder | Adware Adw Cleaner hilft nicht Google Chrome infiziert Servus, wie lange hast du schon Probleme mit Adware? wieso postest du mir nie die Logdateien, in denen steht, was AdwCleaner entfernt hat? Stattdessen postest du nur die Logdateien mit den Suchläufen... wir beginnen jetzt erst mit MABM. bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Schritt 1 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
08.03.2017, 19:19
| #6 |
| | Adware Adw Cleaner hilft nicht Google Chrome infiziert Probleme dürfte ich schon so ein halbes Jahr haben. Oh das tut mir Leid dachte es wäre das gleiche, da ich ja den adwCleaner mehrmals gestartet habe. Die Log datei von MBAM ist zu groß, wie soll ich die aufteilen? Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 08/03/2017 um 18:55:56
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-07.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Princhi - EPONA
# Gestartet von : C:\Users\Princhi\Desktop\adwcleaner_6.044.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
[-] Dienst gelöscht: Kyubey
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Users\Princhi\AppData\Roaming\aMule
[-] Ordner gelöscht: C:\Users\Princhi\AppData\Roaming\Kyubey
[-] Ordner gelöscht: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKU\S-1-5-21-88799701-2343346839-193955109-1001\Software\WinSnare
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\WinSnare
[-] Schlüssel gelöscht: HKLM\SOFTWARE\ScreenShot
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\WinSnare
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Browser ] *****
[-] [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1] [startup_urls] Gelöscht: hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
[-] [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1] [favicon_url] Gelöscht: hxxp://www.startpageing123.com/searchfavicon.ico
[-] [C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1] [homepage] Gelöscht: hxxp://www.startpageing123.com/?type=hp&ts=1488990052&z=169400fa2c9264492185c7ag4z3bbbdtft5eeedwdo&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Image File Execution Options" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Firewall Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [14031 Bytes] - [19/10/2016 09:48:39]
C:\AdwCleaner\AdwCleaner[C10].txt - [4234 Bytes] - [01/03/2017 14:42:02]
C:\AdwCleaner\AdwCleaner[C11].txt - [10583 Bytes] - [02/03/2017 15:16:04]
C:\AdwCleaner\AdwCleaner[C12].txt - [10803 Bytes] - [07/03/2017 15:39:01]
C:\AdwCleaner\AdwCleaner[C13].txt - [11139 Bytes] - [08/03/2017 16:31:51]
C:\AdwCleaner\AdwCleaner[C14].txt - [10112 Bytes] - [08/03/2017 17:18:06]
C:\AdwCleaner\AdwCleaner[C15].txt - [6236 Bytes] - [08/03/2017 17:21:07]
C:\AdwCleaner\AdwCleaner[C16].txt - [3845 Bytes] - [08/03/2017 18:55:56]
C:\AdwCleaner\AdwCleaner[C2].txt - [14626 Bytes] - [20/12/2016 14:13:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2620 Bytes] - [20/12/2016 14:18:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [11288 Bytes] - [19/01/2017 13:20:19]
C:\AdwCleaner\AdwCleaner[C5].txt - [9666 Bytes] - [10/02/2017 13:39:49]
C:\AdwCleaner\AdwCleaner[C6].txt - [3059 Bytes] - [22/02/2017 14:37:32]
C:\AdwCleaner\AdwCleaner[C7].txt - [6626 Bytes] - [01/03/2017 14:27:03]
C:\AdwCleaner\AdwCleaner[C8].txt - [4149 Bytes] - [01/03/2017 14:29:43]
C:\AdwCleaner\AdwCleaner[C9].txt - [3381 Bytes] - [01/03/2017 14:31:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [3924 Bytes] - [08/02/2015 19:50:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3824 Bytes] - [08/02/2015 19:51:42]
C:\AdwCleaner\AdwCleaner[S10].txt - [3962 Bytes] - [01/03/2017 14:29:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [3430 Bytes] - [01/03/2017 14:31:22]
C:\AdwCleaner\AdwCleaner[S12].txt - [4068 Bytes] - [01/03/2017 14:33:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [13014 Bytes] - [02/03/2017 15:15:48]
C:\AdwCleaner\AdwCleaner[S14].txt - [11770 Bytes] - [07/03/2017 15:34:29]
C:\AdwCleaner\AdwCleaner[S15].txt - [11673 Bytes] - [07/03/2017 15:35:27]
C:\AdwCleaner\AdwCleaner[S16].txt - [12979 Bytes] - [08/03/2017 16:29:46]
C:\AdwCleaner\AdwCleaner[S17].txt - [12917 Bytes] - [08/03/2017 16:30:35]
C:\AdwCleaner\AdwCleaner[S18].txt - [11529 Bytes] - [08/03/2017 17:17:02]
C:\AdwCleaner\AdwCleaner[S19].txt - [6029 Bytes] - [08/03/2017 17:20:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [13111 Bytes] - [19/10/2016 09:43:45]
C:\AdwCleaner\AdwCleaner[S20].txt - [5889 Bytes] - [08/03/2017 18:55:13]
C:\AdwCleaner\AdwCleaner[S2].txt - [15870 Bytes] - [20/12/2016 14:12:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [2520 Bytes] - [20/12/2016 14:17:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [2606 Bytes] - [20/12/2016 14:18:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [12125 Bytes] - [19/01/2017 13:19:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [10644 Bytes] - [10/02/2017 13:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [4551 Bytes] - [22/02/2017 14:35:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [3202 Bytes] - [22/02/2017 14:37:26]
C:\AdwCleaner\AdwCleaner[S9].txt - [7962 Bytes] - [01/03/2017 14:26:38]
########## EOF - C:\AdwCleaner\AdwCleaner[C16].txt - [6132 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Pro x64
Ran by Princhi (Administrator) on 08.03.2017 at 19:00:30,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Successfully deleted: C:\ProgramData\1414928027.bdinstall.bin (File)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.03.2017 at 19:01:43,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
durchgeführt von Princhi (Administrator) auf EPONA (08-03-2017 19:03:42)
Gestartet von C:\Users\Princhi\Desktop
Geladene Profile: Princhi (Verfügbare Profile: Princhi)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [Blackcomb] => C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe [131072 2011-02-11] (Samsung Electronics.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1206784 2016-08-12] (Cisco Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-21] (Electronic Arts)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [Spotify Web Helper] => C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-24] (Spotify Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
Startup: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{11c06b9c-c7a3-42f0-b493-0dcb6de1d03f}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{1920ae60-1c7d-4c3e-8d02-ba2d7909bffb}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4aa061a8-dd76-4dde-ab8c-36f40625fc51}: [DhcpNameServer] 139.7.30.126 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> hxxp://www.google.com
FireFox:
========
FF DefaultProfile: 3d6ithxa.default
FF ProfilePath: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default [2017-03-08]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2017-03-08] [ist nicht signiert]
FF Extension: (English (US) Language Pack) - C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-01-20] [ist nicht signiert]
FF SearchPlugin: C:\Users\Princhi\AppData\Roaming\Firefox\Firefox\Profiles\3d6ithxa.default\searchplugins\startsearch.xml [2017-03-02]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @gametree.co.kr/GTL -> C:\ProgramData\Gametree\GTL\npGTL.dll [2013-06-13] (NtreevSoft)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/
CHR DefaultSearchURL: Profile 1 -> hxxp://www.startpageing123.com/search/?type=ds&ts=1488987296&z=b0e3968b6515cd9db849b4cg0zdb6b6t9bdm2o6t5t&from=che0812&uid=ST1000DX001-1CM162_Z1DAK2HMXXXXZ1DAK2HM&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> startpageing123
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-08]
CHR Extension: (Google Präsentationen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-18]
CHR Extension: (Google Docs) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Google Drive) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (YouTube) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (Adblock Plus) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-17]
CHR Extension: (Google Tabellen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Google Mail) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
CHR Extension: (pumpkin) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkigkiflejlmpibnlecfdgkhjijgkoao [2016-10-19]
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-10]
StartMenuInternet: Google Chrome - Chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 HmaOpenVpnService; D:\Programme\HMA! Pro VPN\bin\openvpnserv.exe [46688 2016-09-23] (The OpenVPN Project)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.)
S2 Ntp2NetSvc; C:\Program Files (x86)\notepad2\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 Ntp2UpSvc; C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-02-21] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-02-21] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)
S2 Zerzitain; C:\Program Files (x86)\Clerack\Grshlp.dll [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 C2XXCOM; C:\WINDOWS\system32\DRIVERS\C2XXCOM76.sys [49920 2010-08-09] (Samsung Electronics)
S3 C2xxUSB; C:\WINDOWS\system32\DRIVERS\C2xxUSB76.sys [46080 2010-11-04] (Samsung Electronics)
S3 C2xxUsbStorage; C:\WINDOWS\system32\DRIVERS\C2xSTR76.sys [9216 2010-06-10] (Samsung Electronics)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-11-19] (Disc Soft Ltd)
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [27136 2016-09-23] (The OpenVPN Project)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [20128 2017-02-28] () [Datei ist nicht signiert]
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-08-15] (Wellbia.com Co., Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 19:03 - 2017-03-08 19:03 - 00018947 _____ C:\Users\Princhi\Desktop\FRST.txt
2017-03-08 19:01 - 2017-03-08 19:01 - 00000619 _____ C:\Users\Princhi\Desktop\JRT.txt
2017-03-08 18:59 - 2017-03-08 18:59 - 01663736 _____ (Malwarebytes) C:\Users\Princhi\Desktop\JRT.exe
2017-03-08 18:58 - 2017-03-08 18:59 - 01663736 _____ (Malwarebytes) C:\Users\Princhi\Downloads\JRT.exe
2017-03-08 18:51 - 2017-03-08 18:51 - 00819352 _____ C:\Users\Princhi\Desktop\mbam.txt
2017-03-08 18:21 - 2017-03-08 18:56 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-08 18:20 - 2017-03-08 18:56 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 18:20 - 2017-03-08 18:56 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-08 18:20 - 2017-03-08 18:56 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-08 18:20 - 2017-03-08 18:20 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-08 18:20 - 2017-03-08 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-08 18:20 - 2017-03-08 18:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-08 18:20 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-08 18:19 - 2017-03-08 18:19 - 57131432 _____ (Malwarebytes ) C:\Users\Princhi\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 18:15 - 2017-03-08 18:19 - 57131432 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 17:41 - 2017-03-08 18:08 - 00080986 _____ C:\TDSSKiller.3.1.0.12_08.03.2017_17.41.13_log.txt
2017-03-08 17:39 - 2017-03-08 17:39 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Princhi\Downloads\tdsskiller.exe
2017-03-08 17:32 - 2017-03-08 17:33 - 00065691 _____ C:\Users\Princhi\Downloads\Addition.txt
2017-03-08 17:31 - 2017-03-08 19:03 - 00000000 ____D C:\FRST
2017-03-08 17:31 - 2017-03-08 17:33 - 00042386 _____ C:\Users\Princhi\Downloads\FRST.txt
2017-03-08 17:24 - 2017-03-08 17:24 - 02423808 _____ (Farbar) C:\Users\Princhi\Desktop\FRST64.exe
2017-03-08 17:21 - 2017-03-08 17:21 - 00000000 ____D C:\Program Files (x86)\g6z3smzu
2017-03-08 17:18 - 2017-03-08 17:18 - 00000000 ____D C:\Program Files (x86)\r7nsqjwp
2017-03-08 16:45 - 2017-03-08 16:46 - 22851472 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mbam-setup-2.2.1.1043.exe
2017-03-08 16:39 - 2017-03-08 16:40 - 02870984 _____ (ESET) C:\Users\Princhi\Downloads\esetsmartinstaller_deu.exe
2017-03-08 16:32 - 2017-03-08 16:32 - 00000000 ____D C:\Program Files (x86)\wiv1520h
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Users\Princhi\AppData\Local\Footper
2017-03-08 16:27 - 2017-03-08 16:27 - 00000000 ____D C:\Program Files (x86)\Footper
2017-03-08 16:21 - 2017-03-08 16:21 - 00000000 ____D C:\Program Files (x86)\58C02182_cacayima
2017-03-08 16:18 - 2017-03-08 16:18 - 00000000 ____D C:\Program Files (x86)\cq7yrhql
2017-03-07 17:37 - 2017-03-07 17:38 - 00124970 _____ C:\Users\Princhi\Downloads\IMG_20170307_0001.pdf
2017-03-07 17:33 - 2017-03-07 17:33 - 00124970 _____ C:\Users\Princhi\Desktop\IMG_20170307_0001.pdf
2017-03-07 15:41 - 2017-03-08 16:31 - 00001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-07 15:41 - 2017-03-08 16:31 - 00001201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-07 15:41 - 2017-03-07 15:41 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup (1).exe
2017-03-07 14:24 - 2017-03-07 14:24 - 00000000 ____D C:\Program Files (x86)\58BEB4A1_cacayima
2017-03-06 18:05 - 2017-03-08 16:20 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-03 11:19 - 2017-03-03 11:19 - 00000000 ____D C:\Program Files (x86)\l2n8xmuh
2017-03-02 15:14 - 2017-03-02 15:14 - 04031440 _____ C:\Users\Princhi\Desktop\adwcleaner_6.044.exe
2017-03-02 14:56 - 2017-03-06 18:05 - 00002760 _____ C:\Program Files (x86)\metadata
2017-03-01 17:31 - 2017-03-01 17:32 - 09036000 _____ (GOG.com ) C:\Users\Princhi\Downloads\setup_settlers3_2.0.0.17.exe
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\AppData\Local\TeamSpeak 3
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\.TeamSpeak 3
2017-03-01 14:42 - 2017-03-01 14:42 - 00000000 ____D C:\Program Files (x86)\5tu6g4x1
2017-03-01 14:32 - 2017-03-01 14:32 - 00000000 ____D C:\Program Files (x86)\ifrhagw1
2017-03-01 14:30 - 2017-03-01 14:30 - 00000000 ____D C:\Program Files (x86)\jqzsal0g
2017-03-01 14:27 - 2017-03-01 14:27 - 00000000 ____D C:\Program Files (x86)\8q8dwuet
2017-03-01 14:19 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\Explorer
2017-03-01 14:19 - 2017-03-08 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-01 14:19 - 2017-03-08 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-01 14:19 - 2017-03-02 15:15 - 00001180 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-28 22:11 - 2017-02-28 22:11 - 00004096 _____ C:\WINDOWS\d3dx.dat
2017-02-28 22:10 - 2017-02-28 22:10 - 00003186 _____ C:\WINDOWS\System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC}
2017-02-28 21:45 - 2017-02-28 23:30 - 00020128 _____ C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2017-02-28 21:44 - 2017-02-28 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lionhead Studios Ltd
2017-02-24 01:39 - 2017-02-24 01:39 - 00000000 ____D C:\Program Files (x86)\58AF80DE_jumpeasy
2017-02-22 14:38 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\oe387eqk
2017-02-22 14:34 - 2017-02-22 14:34 - 04015056 _____ C:\Users\Princhi\Downloads\Nicht bestätigt 889461.crdownload
2017-02-22 00:44 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsF
2017-02-21 20:43 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsE
2017-02-21 16:43 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsD
2017-02-21 12:42 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsC
2017-02-18 01:17 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsB
2017-02-17 17:33 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbsA
2017-02-17 03:01 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs9
2017-02-16 23:00 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs8
2017-02-16 18:59 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs7
2017-02-16 15:21 - 2017-02-16 15:21 - 00000000 ____D C:\Program Files (x86)\notepad2
2017-02-16 14:58 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs6
2017-02-16 00:24 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs5
2017-02-15 20:22 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs4
2017-02-15 16:22 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs3
2017-02-14 21:54 - 2017-02-14 21:54 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (5).pdf
2017-02-14 19:03 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs2
2017-02-14 15:02 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs1
2017-02-14 14:06 - 2017-02-14 14:06 - 00000000 ____D C:\ProgramData\Apple Computer
2017-02-14 01:00 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{388E5277-3212-4966-9C80-AA74FB48806D}
2017-02-13 20:56 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{68006CA9-71D5-44F1-B31F-3BC092A0D854}
2017-02-13 17:39 - 2017-02-13 17:39 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (4).pdf
2017-02-13 16:54 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{C72739C5-5A2D-4BA4-8BED-EFFD0A0043BC}
2017-02-13 13:30 - 2017-02-13 13:30 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre (2).pdf
2017-02-13 13:29 - 2017-02-13 13:29 - 00460744 _____ C:\Users\Princhi\Downloads\1.04 Grundlagen des Rechts - Methodenlehre (1).pdf
2017-02-13 13:23 - 2017-02-13 13:23 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (3).pdf
2017-02-12 19:35 - 2017-02-12 19:35 - 00019905 _____ C:\Users\Princhi\Downloads\Hausarbeit_Vorlage_Iurratio_de (1).odt
2017-02-11 23:28 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{419A7AE4-8D58-40B0-A342-2955F81059AC}
2017-02-11 19:27 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{E0F5E27E-FECB-4E85-9291-9CA5DB05466E}
2017-02-11 01:46 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{99AA99DF-7123-4883-A3D8-DC13575804E1}
2017-02-10 21:45 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{3DC2C87B-4341-402E-997F-882F25652619}
2017-02-10 17:42 - 2017-02-22 14:38 - 00000000 ____D C:\Program Files (x86)\{195A643B-3F0D-4A26-8AF4-00ECBBDBD436}
2017-02-10 13:43 - 2017-02-10 13:43 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup.exe
2017-02-10 13:40 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\7270h8dx
2017-02-10 13:33 - 2017-02-10 13:33 - 04015056 _____ C:\Users\Princhi\Downloads\adwcleaner_6.043.exe
2017-02-09 23:08 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{0E0D032C-C265-49D3-9E0D-3A192A88609F}
2017-02-09 19:06 - 2017-02-10 13:40 - 00000000 ____D C:\Program Files (x86)\{EEA3300D-2F66-45DF-8733-453BE124C449}
2017-02-08 21:13 - 2017-02-08 21:13 - 00000000 ____D C:\Program Files (x86)\1y27en8m
2017-02-08 20:06 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\36p1ub5x
2017-02-08 19:35 - 2017-02-08 20:06 - 00000000 ____D C:\Program Files (x86)\{07586952-E21B-4637-8D80-3B78C9E59C23}
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 16:57 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 16:57 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-08 16:57 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-08 16:56 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 16:56 - 2016-12-29 14:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 15:42 - 2017-03-08 18:46 - 00000000 ____D C:\Program Files (x86)\cvbs0
2017-02-08 15:32 - 2017-02-08 15:32 - 00000000 ____D C:\Program Files (x86)\veedo5sl
2017-02-07 19:53 - 2017-02-07 19:53 - 00015226 _____ C:\Users\Princhi\Downloads\Hausarbeit.odt
2017-02-07 17:12 - 2017-03-08 18:47 - 00000000 ____D C:\Users\Princhi\AppData\Local\3
2017-02-07 17:12 - 2017-02-08 20:06 - 00000000 ____D C:\Users\Princhi\AppData\Local\2
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-08 19:03 - 2016-07-16 23:51 - 01092706 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-08 19:03 - 2016-07-16 23:51 - 00260208 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-08 19:03 - 2015-08-04 22:14 - 02577648 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 19:02 - 2016-04-23 01:04 - 00000000 ____D C:\Users\Princhi\AppData\Local\CrashDumps
2017-03-08 18:56 - 2016-09-05 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 18:56 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-08 18:56 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-08 18:55 - 2016-10-19 08:23 - 00000008 __RSH C:\Users\Princhi\ntuser.pol
2017-03-08 18:55 - 2016-10-18 14:25 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-08 18:55 - 2016-09-05 16:41 - 00000000 ____D C:\Users\Princhi
2017-03-08 18:55 - 2015-02-08 19:49 - 00000000 ____D C:\AdwCleaner
2017-03-08 18:47 - 2017-01-13 13:22 - 00000000 ____D C:\Users\Princhi\AppData\Local\1
2017-03-08 18:47 - 2016-09-05 16:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 18:46 - 2017-01-20 16:29 - 00000000 ____D C:\ProgramData\wintooll
2017-03-08 18:29 - 2017-01-20 16:29 - 00000000 ____D C:\ProgramData\ie8
2017-03-08 18:29 - 2016-12-26 16:49 - 00000000 ____D C:\ProgramData\jdgjd
2017-03-08 18:29 - 2016-12-26 12:49 - 00000000 ____D C:\ProgramData\gjcgj
2017-03-08 18:29 - 2016-11-18 14:54 - 00000000 ____D C:\ProgramData\cfibf
2017-03-08 18:29 - 2016-11-14 13:28 - 00000000 ____D C:\ProgramData\hbehb
2017-03-08 18:29 - 2016-11-08 15:58 - 00000000 ____D C:\ProgramData\cficf
2017-03-08 18:28 - 2016-12-19 16:01 - 00000000 ____D C:\ProgramData\haeha
2017-03-08 18:20 - 2014-12-17 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-08 18:13 - 2016-08-08 20:40 - 00000000 ____D C:\Users\Princhi\Desktop\Programme
2017-03-08 16:27 - 2014-12-26 16:00 - 00000000 ____D C:\ProgramData\Apple
2017-03-08 16:27 - 2014-11-02 14:54 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Origin
2017-03-08 16:24 - 2017-01-18 17:56 - 00001793 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-08 16:24 - 2017-01-18 17:56 - 00000000 ____D C:\Users\Princhi\AppData\LocalLow\Mozilla
2017-03-08 16:06 - 2014-11-01 23:48 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Spotify
2017-03-08 15:33 - 2014-11-02 13:20 - 00000000 ____D C:\Users\Princhi\AppData\Local\Spotify
2017-03-08 14:32 - 2014-11-02 14:45 - 00000000 ____D C:\ProgramData\Origin
2017-03-08 14:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-08 13:19 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-08 13:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-08 00:22 - 2015-01-25 19:13 - 00000000 ____D C:\Users\Princhi\AppData\Local\Battle.net
2017-03-07 17:02 - 2015-01-25 19:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-07 15:38 - 2016-10-26 18:28 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-07 13:40 - 2014-11-24 12:36 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-07 01:47 - 2016-08-08 19:33 - 00000000 ____D C:\Users\Princhi\Desktop\Games
2017-03-07 01:46 - 2016-08-08 20:42 - 00000000 ____D C:\Users\Princhi\Desktop\Daten
2017-03-04 20:17 - 2015-05-23 11:51 - 00000000 ____D C:\Users\Princhi\Documents\The Witcher 3
2017-03-03 18:32 - 2016-08-01 19:35 - 00000000 ____D C:\Users\Princhi\AppData\Local\BewerbungsMaster
2017-03-02 15:15 - 2016-06-18 17:14 - 00001042 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-03-01 19:37 - 2014-11-07 17:25 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\TS3Client
2017-03-01 15:30 - 2014-11-07 17:25 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-03-01 02:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-28 21:44 - 2015-01-25 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 00:24 - 2016-12-13 16:57 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-28 00:24 - 2015-08-04 22:26 - 00002420 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-28 00:24 - 2015-08-04 22:26 - 00000000 ___RD C:\Users\Princhi\OneDrive
2017-02-24 00:34 - 2014-10-31 14:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 15:41 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 13:55 - 2014-10-31 13:26 - 00000000 ____D C:\Users\Princhi\AppData\Local\Packages
2017-02-16 14:18 - 2017-01-19 19:06 - 00001415 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2017-02-16 13:59 - 2014-10-31 16:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-12 19:26 - 2016-04-14 12:50 - 00000000 ____D C:\Users\Princhi\AppData\Local\BlackDesertOnline
2017-02-08 16:57 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 16:57 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 22:11 - 2016-12-14 21:29 - 00000000 ____D C:\Users\Princhi\Desktop\UNI
2017-02-07 16:55 - 2016-08-24 10:17 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Skype
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 13:41 - 2016-10-28 18:07 - 00000000 ____D C:\ProgramData\ttff
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-03-02 14:56 - 2017-03-06 18:05 - 0002760 _____ () C:\Program Files (x86)\metadata
2014-10-31 14:52 - 2014-11-22 00:55 - 0000153 _____ () C:\Users\Princhi\AppData\Roaming\WB.CFG
2014-11-02 03:52 - 2014-11-22 00:55 - 0000001 _____ () C:\Users\Princhi\AppData\Local\DSI.DAT
2016-09-05 16:36 - 2016-09-05 16:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-12 21:21 - 2015-04-12 21:21 - 0004966 _____ () C:\ProgramData\wmzddnmb.cix
Einige Dateien in TEMP:
====================
2017-01-26 18:55 - 2017-01-26 18:55 - 3017720 _____ (Google) C:\Users\Princhi\AppData\Local\Temp\BAE2.exe
2017-01-12 15:23 - 2017-01-12 15:23 - 7049962 _____ () C:\Users\Princhi\AppData\Local\Temp\insEB60.tmp.exe
2016-12-28 13:43 - 2016-12-28 13:43 - 0792064 _____ (Fun Dw) C:\Users\Princhi\AppData\Local\Temp\~ct13B3.tmp.dll
2016-12-26 16:49 - 2016-12-26 16:49 - 0788480 _____ () C:\Users\Princhi\AppData\Local\Temp\~ct2775.tmp.dll
2017-01-05 14:39 - 2017-01-05 14:39 - 0361472 _____ (update) C:\Users\Princhi\AppData\Local\Temp\~ct803C.tmp.dll
2017-01-03 16:26 - 2017-01-03 16:26 - 0471552 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctB41B.tmp.dll
2017-01-03 16:28 - 2017-01-03 16:28 - 0471552 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctBFDE.tmp.dll
2016-12-26 12:49 - 2016-12-26 12:49 - 0788480 _____ () C:\Users\Princhi\AppData\Local\Temp\~ctD52C.tmp.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-07 17:06
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-03-2017
durchgeführt von Princhi (08-03-2017 19:04:04)
Gestartet von C:\Users\Princhi\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-05 15:59:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-88799701-2343346839-193955109-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-88799701-2343346839-193955109-503 - Limited - Disabled)
Gast (S-1-5-21-88799701-2343346839-193955109-501 - Limited - Disabled)
Princhi (S-1-5-21-88799701-2343346839-193955109-1001 - Administrator - Enabled) => C:\Users\Princhi
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version: - Hyper Hippo Games)
American Truck Simulator MULTi23 - ElAmigos Version 1.3.1.1 (HKLM-x32\...\{1E1A283E-DA44-4DCB-BC57-295E54DF18CA}_is1) (Version: 1.3.1.1 - SCS Software)
amulesw (HKLM-x32\...\{57C598F7-B9E0-401E-8BAC-D171EB8A01A8}) (Version: 1.0.5 - amules)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version: - )
Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version: - )
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.5 - Daum Games EU)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series Benutzerregistrierung (HKLM-x32\...\Canon MG6600 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CASIO FA-124 (HKLM-x32\...\{FB47E710-6249-4EFA-BE36-E922B0612AF4}) (Version: 2.04.0000 - CASIO COMPUTER CO., LTD.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.27.80.1020 - Electronic Arts Inc.)
Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dropbox (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Duke Nukem Forever (HKLM\...\Steam App 57900) (Version: - Gearbox Software)
Dying Light Ultimate Edition MULTi2 1.0 (HKLM-x32\...\Dying Light Ultimate Edition MULTi2 1.0) (Version: - )
Euro Truck Simulator 2 Demo (HKLM\...\Steam App 231120) (Version: - SCS Software)
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version: - Lionhead Studios)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version: - )
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version: - SQUARE ENIX)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
fx-Manager PLUS (90-Day Trial) (HKLM-x32\...\{80447814-A99C-415D-B019-7A825CEE064B}) (Version: 02.04.4100.0291 - CASIO COMPUTER CO., LTD.)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1242.41000 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\GameMaker-Studio14) (Version: - YoYo Games Ltd.)
Gametree Launcher (HKLM-x32\...\GTL) (Version: 3.0.26.0 - NtreevSoft)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GRID (HKLM\...\Steam App 12750) (Version: - Codemasters Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HMA! Pro VPN 3.2.13.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 3.2.13.0 - Privax Ltd)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.2 - Smith Micro)
Microsoft OneDrive (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{180b9d5a-5197-4326-bcb0-fe448086015b}) (Version: latest - ppy Pty Ltd)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PC Wizard 2015.2.14 (HKLM-x32\...\PC Wizard 2015_is1) (Version: - CPUID)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Risen 3 Titan Lords Enhanced Edition MULTI2 1.0 (HKLM-x32\...\Risen 3 Titan Lords Enhanced Edition MULTI2 1.0) (Version: - )
RPG MAKER VX Ace (HKLM-x32\...\RPG MAKER VX Ace_is1) (Version: 1.01a - )
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SABnzbd 0.7.19 (HKLM-x32\...\SABnzbd) (Version: 0.7.19 - The SABnzbd Team)
Samsung Connection Manager (HKLM-x32\...\{F3F95061-0427-4386-AB03-1556CBE52927}) (Version: 112.6 - Samsung Electronics)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{6C8C4577-8E15-4C63-96ED-D40F2072FF74}) (Version: 6.0.19.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{9C926493-16C0-438E-8E51-BC3638E29ABB}) (Version: 6.1.4.0 - Husdawg, LLC)
Tales of Symphonia Version 1.0 u3 (HKLM-x32\...\{1E213234-7E5C-42A5-8FA1-766E7728015D}_is1) (Version: 1.0 u3 - Bandai Namco Entertainment)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Sims 3 Ultimate Collection Version 1.67.2 (HKLM-x32\...\The Sims 3 Ultimate Collection_is1) (Version: 1.67.2 - EA Games)
The Witcher 3 Wild Hunt Collectors Edition Incl. Blood and Wine DLC and Update 14 MULTi2 1.22 (HKLM-x32\...\The Witcher 3 Wild Hunt Collectors Edition Incl. Blood and Wine DLC and Update 14 MULTi2 1.22) (Version: - )
The Witcher 3 Wild Hunt Collectors Edition MULTi2 1.02 (HKLM-x32\...\The Witcher 3 Wild Hunt Collectors Edition MULTi2 1.02) (Version: - )
Trillian (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Trillian) (Version: - Cerulean Studios, LLC)
Undertale version 1.0 u09.03.2016 (HKLM-x32\...\{800C5999-FCC6-4C6D-95B6-5E8574896874}_is1) (Version: 1.0 u09.03.2016 - tobyfox)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{B5761811-28F3-4257-B537-815C5EEF472C}) (Version: 3.1.2.104 - Vodafone)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
WinSnare (HKLM-x32\...\{6F28E3A8-BEC0-4CCD-A35F-7155729C7A88}) (Version: 4.2.6 - WinSnare) <==== ACHTUNG
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {004C7BCF-DF05-463F-AE87-A9037EB33295} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {091E4F5D-850A-4359-A8B8-1EBF544D3458} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {0E524B03-1D26-41B6-ABD2-F29FB4F8B41D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-24] (Microsoft Corporation)
Task: {234468EA-8B43-4B63-B02F-48719C50B1D6} - System32\Tasks\{438F159D-A759-457B-A222-FD5013D632EC} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {2A144903-ADD3-4EDD-A7BC-CC01CE57DF84} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {339DDE55-629F-4266-B263-9F312E284E09} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {36FA50E1-D56E-483F-AEE3-3F296E349404} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {38261DF8-27F9-49FC-B90E-0716D33F9E03} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {3CA17CED-0C4E-40A1-910C-F2ECB81E40A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {4B9C0926-CF32-484A-A741-A6E2C89BC329} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {518C3D3C-C292-42AB-98EE-A7C53919E7BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {59D17917-85E1-4E2E-959F-2F02B05AA878} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Princhi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {6400C925-1181-4AF3-92E4-BBCDB19DE50E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {8B7D9CE6-6BF7-46D2-B30B-19120BEF004F} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG
Task: {AE88677F-1C9A-4A68-918B-E1DBDB57FBEB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {B5BB4BD1-F18C-40B3-8925-0E98012E2F12} - System32\Tasks\{BAAF7A63-576A-4E4E-96F8-72A8EBB68660} => pcalua.exe -a "D:\Games\The Witcher 3 Wild Hunt\Uninstall.exe"
Task: {BC244B71-84EB-45F8-AC6A-6B2969879183} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {CCE2E5E1-F1F1-4AF8-A21C-2B15C00FCB0D} - System32\Tasks\{D07A19C7-CDC4-4BD3-B00B-C2829140E6CD} => pcalua.exe -a "C:\Users\Princhi\Downloads\skse_1_07_01_installer (1).exe" -d C:\Users\Princhi\Downloads
Task: {D533BD21-EC84-4A14-AEE8-FB6F0D3FAD3B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {DDE677D5-0F3E-48FB-B0D1-BC1F907283F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E914FF3E-2FD3-4044-B9F0-21AB025188C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {EDBB1ADE-5473-442F-805C-7DD1BECAAFB9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {EECBA783-C0A0-4E58-8DB0-58F0C1052B7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f1b9b70e37832c09\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\83d1d964df0d5fea\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Princhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-01-11 21:54 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-02-22 13:36 - 2017-02-22 13:41 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 13:36 - 2017-02-22 13:41 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 13:36 - 2017-02-22 13:47 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 12:47 - 2017-02-06 12:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-09-13 19:42 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 21:54 - 2016-12-21 07:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-08-12 13:20 - 2016-08-12 13:20 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-09-15 12:55 - 2017-02-14 01:06 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-03-08 16:27 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Footper\Application\libglesv2.dll
2017-03-08 16:27 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Footper\Application\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [430]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7866 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2015-07-26 00:22 - 00450771 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15463 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "FlashUpdate"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{649C4E67-76FA-41B2-AC20-CB9A7DCE0AC1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{9D6995F4-621F-468C-9927-30F9F39A47E4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{74E2F077-4ACA-44FF-9E29-96287C38B293}C:\program files (x86)\footper\application\chrome.exe] => (Allow) C:\program files (x86)\footper\application\chrome.exe
FirewallRules: [UDP Query User{0DE2D777-C7B8-4F56-ACEC-AD594CA4B9C8}C:\program files (x86)\footper\application\chrome.exe] => (Allow) C:\program files (x86)\footper\application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
16-02-2017 14:18:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
22-02-2017 15:40:58 Windows Update
01-03-2017 18:18:03 Geplanter Prüfpunkt
08-03-2017 19:00:32 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/08/2017 07:02:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Princhi\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (03/08/2017 07:02:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0x25d8
Startzeit der fehlerhaften Anwendung: 0x01d298362d3bd93a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 65707c63-1cc4-4b3b-b65e-817e942c753d
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 07:00:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (03/08/2017 07:00:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.1.0.415, Zeitstempel: 0x5881b7a1
Name des fehlerhaften Moduls: CleanControllerImpl.dll_unloaded, Version: 3.1.0.264, Zeitstempel: 0x589e00c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000027f6eb
ID des fehlerhaften Prozesses: 0xe8c
Startzeit der fehlerhaften Anwendung: 0x01d2983555fe78e7
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Pfad des fehlerhaften Moduls: CleanControllerImpl.dll
Berichtskennung: c219b00f-6cd2-40a6-bb78-7ba0b1cf2a99
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 06:58:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0x1ebc
Startzeit der fehlerhaften Anwendung: 0x01d2983598b93e17
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 7cf18ed1-abbf-4898-b18a-29dd5fc488f7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 06:53:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.1.0.415, Zeitstempel: 0x5881b7a1
Name des fehlerhaften Moduls: CleanControllerImpl.dll_unloaded, Version: 3.1.0.264, Zeitstempel: 0x589e00c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000027f6eb
ID des fehlerhaften Prozesses: 0xc50
Startzeit der fehlerhaften Anwendung: 0x01d2983438819515
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Pfad des fehlerhaften Moduls: CleanControllerImpl.dll
Berichtskennung: bc02cb0f-53f9-4d47-89f3-ded91c189a6d
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 06:49:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x777cd473
ID des fehlerhaften Prozesses: 0xfc0
Startzeit der fehlerhaften Anwendung: 0x01d2983461f7e898
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: a8f715a1-ebf3-47f2-8f1e-3b7e43a015a2
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 06:10:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x71b5d473
ID des fehlerhaften Prozesses: 0x20c4
Startzeit der fehlerhaften Anwendung: 0x01d2982ee18c70eb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: aec7df4e-7327-42dc-b71a-42691c424c83
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 05:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x71b5d473
ID des fehlerhaften Prozesses: 0x2524
Startzeit der fehlerhaften Anwendung: 0x01d298286de3e0f2
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: ea0e9d83-4a79-4b89-9395-04afee92afe5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2017 04:35:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x6b18d473
ID des fehlerhaften Prozesses: 0x27f8
Startzeit der fehlerhaften Anwendung: 0x01d29821aa11ba98
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 343e9e7b-e84b-468b-b081-7d589bc94618
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (03/08/2017 07:00:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 06:59:53 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (03/08/2017 06:56:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Zerzitain" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.
Error: (03/08/2017 06:56:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2017 06:55:46 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2017 06:55:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/08/2017 06:55:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/08/2017 06:55:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 06:55:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Kyubey" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/08/2017 06:55:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Ntp2UpSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-03-07 15:34:35.588
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-03-07 15:08:10.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-02-03 17:00:27.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-02-03 16:56:56.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-21 01:08:28.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-21 00:12:20.064
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 23:15:15.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 22:03:49.090
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 21:52:52.863
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-01-20 21:12:20.027
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 25%
Installierter physikalischer RAM: 8093.39 MB
Verfügbarer physikalischer RAM: 6055.25 MB
Summe virtueller Speicher: 9373.39 MB
Verfügbarer virtueller Speicher: 7346.22 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:390.16 GB) (Free:136.04 GB) NTFS
Drive d: (Volume) (Fixed) (Total:540.4 GB) (Free:152.65 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
| Themen zu Adware Adw Cleaner hilft nicht Google Chrome infiziert |
| askbar, launch |
Hybrid-Darstellung
