| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1: Malware Bytes findet ChinADWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.06.2017, 11:30
| #1 |
 |  Windows 8.1: Malware Bytes findet ChinAD Hallo liebes Trojanerboardteam, Malwarebytes hat heute bei einem Suchlauf mehere Treffer für "ChinAd" angezeigt. Da ich im allgemeinen relativ wenig Ahnung von PC-Sicherheit habe, wollte ich sichergehen, dass ich diese auch wirklich loswerde und nichts weiteres im Argen ist. Neben Malwarebytes habe ich bereits mit Adw-Cleaner und Anti Rootkit, davon finde ich aber keine Logs. Es zeigte beim start allerdings an: Registry Value "AppInit_Dlls" has been found, which may be caused by Rootkit activity ..." Danke schonmal für die Unterstützung! FRTS-Protokoll Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
durchgeführt von Bine (ACHTUNG: der Benutzer ist kein Administrator) auf LALELU (17-06-2017 11:48:44)
Gestartet von C:\Users\Bine\Downloads
Geladene Profile: Bine & Bine_2 (Verfügbare Profile: Bine & Bine_2)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
konnte nicht auf den Prozess zugreifen -> smss.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> wininit.exe
konnte nicht auf den Prozess zugreifen -> winlogon.exe
konnte nicht auf den Prozess zugreifen -> services.exe
konnte nicht auf den Prozess zugreifen -> lsass.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> OmniServ.exe
konnte nicht auf den Prozess zugreifen -> dwm.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> igfxCUIService.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> hpservice.exe
konnte nicht auf den Prozess zugreifen -> RtkAudioService64.exe
konnte nicht auf den Prozess zugreifen -> RAVBg64.exe
konnte nicht auf den Prozess zugreifen -> SavService.exe
konnte nicht auf den Prozess zugreifen -> RAVBg64.exe
konnte nicht auf den Prozess zugreifen -> WUDFHost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> wlanext.exe
konnte nicht auf den Prozess zugreifen -> conhost.exe
konnte nicht auf den Prozess zugreifen -> spoolsv.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> OfficeClickToRun.exe
konnte nicht auf den Prozess zugreifen -> cvpnd.exe
konnte nicht auf den Prozess zugreifen -> DbxSvc.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> dasHost.exe
konnte nicht auf den Prozess zugreifen -> HPWMISVC.exe
konnte nicht auf den Prozess zugreifen -> mbae-svc.exe
konnte nicht auf den Prozess zugreifen -> mbae64.exe
konnte nicht auf den Prozess zugreifen -> conhost.exe
konnte nicht auf den Prozess zugreifen -> nvcontainer.exe
konnte nicht auf den Prozess zugreifen -> NVDisplay.Container.exe
konnte nicht auf den Prozess zugreifen -> nvxdsync.exe
konnte nicht auf den Prozess zugreifen -> NvTelemetryContainer.exe
konnte nicht auf den Prozess zugreifen -> SAVAdminService.exe
konnte nicht auf den Prozess zugreifen -> SntpService.exe
konnte nicht auf den Prozess zugreifen -> ALsvc.exe
konnte nicht auf den Prozess zugreifen -> swc_service.exe
konnte nicht auf den Prozess zugreifen -> ssp.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> swi_filter.exe
konnte nicht auf den Prozess zugreifen -> swi_fc.exe
konnte nicht auf den Prozess zugreifen -> swi_service.exe
konnte nicht auf den Prozess zugreifen -> SynTPEnhService.exe
konnte nicht auf den Prozess zugreifen -> valWBFPolicyService.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
konnte nicht auf den Prozess zugreifen -> PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
konnte nicht auf den Prozess zugreifen -> opvapp.exe
konnte nicht auf den Prozess zugreifen -> SearchIndexer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
konnte nicht auf den Prozess zugreifen -> WmiPrvSE.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
konnte nicht auf den Prozess zugreifen -> HPSupportSolutionsFrameworkService.exe
konnte nicht auf den Prozess zugreifen -> hpqwmiex.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
konnte nicht auf den Prozess zugreifen -> IAStorDataMgrSvc.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
konnte nicht auf den Prozess zugreifen -> IntelMeFWService.exe
konnte nicht auf den Prozess zugreifen -> jhi_service.exe
konnte nicht auf den Prozess zugreifen -> LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2014-10-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-06-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1481256 2017-04-25] (Sophos Limited)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-05-05] (Malwarebytes Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [465320 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Spotify Web Helper] => "C:\Users\Bine\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Spotify] => "C:\Users\Bine\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [235928 2017-04-25] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [207864 2017-04-25] (Sophos Limited)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2017-02-21]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-12-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2017-02-13]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [2016-01-19]
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk [2017-06-17]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{77320BAC-9ED2-49D0-94BF-EFDEC023C0D3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BACB4E71-C30B-4C4C-BBF0-9BD809C398B8}: [DhcpNameServer] 141.13.240.33 141.13.240.2
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.twitch.tv/rocketbeanstv
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
URLSearchHook: [S-1-5-21-1742589508-3326327189-3140255072-1007] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {7E2AEA9D-3F84-4E82-ACD1-2BCC4963AB36} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1742589508-3326327189-3140255072-1001 -> {7E2AEA9D-3F84-4E82-ACD1-2BCC4963AB36} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-06] (Microsoft Corporation)
BHO: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation)
BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137 [2017-06-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137 -> Startpage HTTPS
FF Session Restore: Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137 -> ist aktiviert.
FF Extension: (Disconnect) - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Forest: stay focused, be present) - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137\Extensions\@forest-firefox-addon.xpi [2017-02-22]
FF Extension: (HTTPS Everywhere) - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137\Extensions\https-everywhere@eff.org.xpi [2017-06-09]
FF Extension: (Reddit Enhancement Suite) - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-05-22]
FF Extension: (Stylish) - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-08-11]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2017-04-01]
FF Extension: (NoScript) - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-06-01]
FF Extension: (Adblock Plus) - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Extension: (Unpaywall) - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\jpwj89s7.default-1461615542137\Extensions\{f209234a-76f0-4735-9920-eb62507a54cd}.xpi [2017-05-23]
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2017-05-30]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2016-02-18] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Reddit Enhancement Suite) - C:\Users\Bine\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfdcmdcpehpkengmkhkbpifajmbhfgae [2017-05-29]
OPR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\Bine\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmffjpdmbgflojiohllanjaggdenggdo [2015-11-02]
OPR Extension: (Adblock Plus) - C:\Users\Bine\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-05-26]
OPR Extension: (RocketBeansTV Mission Control) - C:\Users\Bine\AppData\Roaming\Opera Software\Opera Stable\Extensions\pmjndimijojkochghjbpkkgeikfncfcn [2015-11-02]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2017-05-05] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-12] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-05-05] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-03] (Softex Inc.) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [229664 2017-04-25] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2017-04-25] (Sophos Limited)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [901248 2016-04-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [761696 2017-04-25] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2017-04-25] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2499872 2017-02-02] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2017-04-25] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3644368 2017-04-25] (Sophos Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7552760 2015-08-15] (Broadcom Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77440 2017-05-05] ()
S3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [199552 2017-04-25] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2016-04-14] (Sophos Limited)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated)
R2 sntp; C:\Windows\system32\DRIVERS\sntp.sys [116144 2016-04-14] (Sophos Limited)
R0 Sophos Endpoint Defense; C:\Windows\System32\DRIVERS\SophosED.sys [200760 2017-02-02] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [45840 2017-04-25] (Sophos Limited)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [47760 2017-02-02] (Sophos Limited)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)
S3 ALSysIO; \??\C:\Users\Bine_2\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-17 11:48 - 2017-06-17 11:49 - 00032672 _____ C:\Users\Bine\Downloads\FRST.txt
2017-06-17 11:48 - 2017-06-17 11:48 - 00000000 ____D C:\FRST
2017-06-17 11:47 - 2017-06-17 11:47 - 02438656 _____ (Farbar) C:\Users\Bine\Downloads\FRST64.exe
2017-06-17 10:04 - 2017-04-21 23:53 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-06-17 10:04 - 2017-04-21 23:50 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-06-17 10:03 - 2017-04-21 23:50 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-06-17 10:03 - 2017-04-11 20:27 - 00485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-06-17 10:03 - 2017-03-15 20:15 - 00690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-06-17 10:02 - 2017-04-21 23:53 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-06-17 10:01 - 2017-04-11 20:27 - 00987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-06-17 10:01 - 2017-03-15 20:15 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-06-14 23:19 - 2017-06-14 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-14 18:27 - 2017-06-03 04:31 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-14 18:27 - 2017-06-03 04:31 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-14 00:12 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 00:12 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-14 00:11 - 2017-06-02 14:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 00:11 - 2017-06-02 14:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-14 00:11 - 2017-06-02 14:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-14 00:11 - 2017-06-02 14:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 00:11 - 2017-06-02 14:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-14 00:11 - 2017-06-02 13:30 - 03635200 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 00:11 - 2017-06-02 13:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 00:11 - 2017-06-02 12:58 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 00:11 - 2017-06-02 12:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-14 00:11 - 2017-06-02 12:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-14 00:11 - 2017-06-02 12:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-14 00:11 - 2017-06-02 12:02 - 02751488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-14 00:11 - 2017-06-02 11:43 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-14 00:11 - 2017-06-02 11:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-14 00:11 - 2017-05-15 21:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-14 00:11 - 2017-05-14 22:44 - 04170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 00:11 - 2017-05-14 22:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 00:11 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 00:11 - 2017-05-14 22:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 00:11 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 00:11 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 00:11 - 2017-05-14 21:32 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-06-14 00:11 - 2017-05-14 21:31 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-06-14 00:11 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-14 00:11 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 00:11 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-14 00:11 - 2017-05-14 21:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 00:11 - 2017-05-14 21:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 00:11 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 00:11 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 00:11 - 2017-05-14 20:48 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-06-14 00:11 - 2017-05-14 20:46 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-06-14 00:11 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-14 00:11 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-14 00:11 - 2017-05-14 20:38 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-14 00:11 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 00:11 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-14 00:11 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 00:11 - 2017-05-14 20:16 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 00:11 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-14 00:11 - 2017-05-14 20:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 00:11 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-14 00:11 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-14 00:11 - 2017-05-14 20:06 - 07441240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 00:11 - 2017-05-14 20:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 00:11 - 2017-05-14 20:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-14 00:11 - 2017-05-12 19:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 00:11 - 2017-05-12 18:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-14 00:11 - 2017-05-12 18:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 00:11 - 2017-05-12 17:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-14 00:11 - 2017-05-12 17:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-14 00:11 - 2017-05-12 17:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-14 00:11 - 2017-05-12 17:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-14 00:11 - 2017-05-12 06:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 00:11 - 2017-05-12 04:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 00:11 - 2017-05-12 04:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 00:11 - 2017-05-12 04:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 00:11 - 2017-05-12 04:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 00:11 - 2017-05-12 04:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 00:11 - 2017-05-12 04:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-06-14 00:11 - 2017-05-12 04:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 00:11 - 2017-05-12 04:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 00:11 - 2017-05-12 04:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 00:11 - 2017-05-12 01:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 00:11 - 2017-05-12 01:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 00:11 - 2017-05-10 20:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 00:11 - 2017-05-06 18:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 00:11 - 2017-05-06 18:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 00:11 - 2017-04-06 19:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-14 00:11 - 2017-04-06 19:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-06-14 00:11 - 2017-04-06 18:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 00:11 - 2017-04-06 18:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 00:11 - 2017-04-06 18:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-14 00:11 - 2017-04-06 18:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-06-14 00:11 - 2017-04-06 18:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-14 00:11 - 2017-04-06 17:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-06-14 00:11 - 2017-04-02 16:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-14 00:11 - 2017-04-02 15:40 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-06-12 13:55 - 2017-06-12 13:55 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-06-09 13:57 - 2017-06-09 13:57 - 00000000 ____D C:\Users\Bine\Desktop\chocolate-doom-2.3.0-win32
2017-06-02 09:54 - 2017-06-02 09:54 - 10120511 _____ C:\Users\Bine\Documents\Scan.pdf
2017-05-31 14:12 - 2017-05-31 14:12 - 00000000 ____D C:\Users\Bine\Documents\Ergebnisse
2017-05-30 14:33 - 2017-05-30 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-05-30 14:33 - 2017-04-25 15:32 - 00044304 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2017-05-30 14:33 - 2017-02-02 16:53 - 00047760 _____ (Sophos Limited) C:\Windows\system32\Drivers\swi_callout.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-17 11:48 - 2016-11-16 10:11 - 00000000 ____D C:\Users\Bine\AppData\LocalLow\Mozilla
2017-06-17 11:45 - 2016-11-03 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-17 11:14 - 2015-10-24 16:39 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-06-17 10:49 - 2015-11-01 21:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-17 10:45 - 2016-11-03 16:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Bine\Downloads\mbar-1.09.3.1001.exe
2017-06-17 10:45 - 2015-11-01 21:53 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-17 10:37 - 2015-12-30 16:26 - 00000000 ____D C:\AdwCleaner
2017-06-17 10:30 - 2014-10-31 20:23 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-17 10:27 - 2015-10-24 10:30 - 00000000 ___RD C:\Users\Bine\OneDrive
2017-06-17 10:26 - 2015-10-24 16:39 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-06-17 10:25 - 2014-10-31 10:33 - 00802890 _____ C:\Windows\system32\perfh007.dat
2017-06-17 10:25 - 2014-10-31 10:33 - 00175332 _____ C:\Windows\system32\perfc007.dat
2017-06-17 10:24 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-17 10:18 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-06-17 10:17 - 2015-10-22 07:26 - 00000000 ____D C:\Users\Bine\Documents\Psychologie
2017-06-17 10:17 - 2015-10-22 00:49 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-17 10:17 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-06-17 00:47 - 2016-10-01 12:29 - 00000000 ____D C:\Users\Bine\AppData\Roaming\TS3Client
2017-06-16 14:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-06-16 06:38 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-15 18:59 - 2015-10-25 19:13 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Swiss Academic Software
2017-06-15 17:28 - 2016-01-07 01:04 - 00000000 ____D C:\Users\Bine\AppData\Local\CrashDumps
2017-06-15 08:00 - 2015-10-22 07:26 - 00000000 ____D C:\Users\Bine\Documents\Citavi 5
2017-06-15 05:10 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-06-14 23:19 - 2014-10-31 03:21 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-14 18:36 - 2015-11-02 16:51 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-06-14 18:36 - 2015-10-22 00:47 - 00000000 ____D C:\Program Files (x86)\Opera
2017-06-14 18:33 - 2014-03-18 11:53 - 01924576 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-14 18:25 - 2016-03-14 14:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 18:25 - 2016-03-14 14:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 18:25 - 2013-08-22 16:44 - 00517664 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-14 18:18 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-06-14 12:18 - 2015-10-23 08:10 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 12:06 - 2015-10-23 08:10 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-14 10:45 - 2016-03-14 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 23:53 - 2017-04-12 21:16 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-13 23:53 - 2017-04-12 21:16 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-13 23:51 - 2017-04-12 21:16 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-13 23:22 - 2016-03-27 10:16 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForBine.job
2017-06-13 11:39 - 2015-10-22 00:41 - 00000000 ____D C:\Users\Bine\AppData\Local\Packages
2017-06-12 12:35 - 2016-04-23 15:51 - 00000000 ___RD C:\Users\Bine\OneDrive for Business
2017-06-10 23:18 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing
2017-06-10 21:55 - 2015-11-23 16:05 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-06-10 16:48 - 2016-03-14 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2017-06-06 08:43 - 2017-02-18 13:34 - 00000000 ____D C:\Users\Bine\AppData\Roaming\vlc
2017-06-04 17:49 - 2017-02-18 13:34 - 00000000 ____D C:\Users\Bine\AppData\Roaming\dvdcss
2017-05-30 19:58 - 2015-10-25 19:13 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2017-05-30 19:58 - 2015-10-25 19:12 - 00001944 _____ C:\Users\Public\Desktop\Citavi 5.lnk
2017-05-30 19:58 - 2015-10-25 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2017-05-30 14:34 - 2015-11-02 15:20 - 00000000 ____D C:\ProgramData\Sophos
2017-05-29 11:39 - 2017-04-25 08:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-29 11:39 - 2015-11-16 00:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-24 15:50 - 2015-10-22 00:40 - 00000000 ____D C:\Users\Bine
2017-05-23 10:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\spool
2017-05-23 08:44 - 2015-12-26 01:14 - 00000000 ____D C:\Users\Bine_2
2017-05-22 22:29 - 2017-05-16 23:48 - 00319886 _____ C:\Users\Bine\Documents\Dimensionen.xlsx
2017-05-22 21:10 - 2015-10-28 11:38 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Skype
2017-05-19 18:28 - 2014-10-31 03:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-19 12:33 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-18 16:30 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-18 12:55 - 2017-05-10 15:00 - 01071816 _____ C:\Users\Bine\Documents\AMDP.pptx
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-11-15 17:38 - 2015-11-15 17:38 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-01-08 15:01 - 2017-01-19 21:06 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-08 15:01 - 2017-01-19 20:52 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Einige Dateien in TEMP:
====================
2015-10-25 12:48 - 2015-12-09 21:35 - 22299288 _____ (AVAST Software ) C:\Users\Bine\AppData\Local\Temp\avast_secureline_setup.exe
2016-01-03 01:09 - 2016-01-03 01:09 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\Bine\AppData\Local\Temp\COMAP.EXE
2017-02-21 00:52 - 2010-03-23 14:15 - 0016505 _____ () C:\Users\Bine\AppData\Local\Temp\DelayInst.exe
2015-10-28 14:04 - 2015-10-28 14:04 - 0071168 _____ () C:\Users\Bine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdjlpox.dll
2015-10-23 08:11 - 2013-06-04 11:30 - 0050432 ____R () C:\Users\Bine\AppData\Local\Temp\Extract.exe
2017-02-27 21:45 - 2014-07-17 12:23 - 6739008 _____ (Foxit Corporation) C:\Users\Bine\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
2016-11-04 10:39 - 2016-09-26 12:27 - 11579432 _____ (SurfRight B.V.) C:\Users\Bine\AppData\Local\Temp\HitmanPro.exe
2017-02-21 00:52 - 2010-03-23 14:16 - 0221315 _____ () C:\Users\Bine\AppData\Local\Temp\installservice.exe
2016-03-28 11:22 - 2016-03-28 11:22 - 0736320 _____ (Oracle Corporation) C:\Users\Bine\AppData\Local\Temp\jre-8u77-windows-au.exe
2015-09-01 13:11 - 2015-09-01 13:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Bine\AppData\Local\Temp\McCSPInstall.dll
2015-11-02 15:14 - 2015-09-01 13:11 - 0162120 _____ (McAfee Inc.) C:\Users\Bine\AppData\Local\Temp\mccspuninstall.exe
2016-11-23 22:44 - 2016-11-17 15:42 - 1135552 _____ (NVIDIA Corporation) C:\Users\Bine\AppData\Local\Temp\NvTelemetry.dll
2016-11-23 22:44 - 2017-01-06 03:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Bine\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-11-23 22:44 - 2017-01-06 03:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Bine\AppData\Local\Temp\NvTelemetryAPI64.dll
2017-02-21 00:13 - 2010-09-09 13:50 - 0093802 _____ () C:\Users\Bine\AppData\Local\Temp\Profiles.exe
2015-11-24 20:51 - 2016-12-29 21:35 - 0192512 _____ () C:\Users\Bine\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 _____ () C:\Users\Bine\AppData\Local\Temp\sfextra.dll
2017-04-02 18:40 - 2017-04-02 18:41 - 57547224 _____ (Skype Technologies S.A.) C:\Users\Bine\AppData\Local\Temp\SkypeSetup.exe
2015-10-16 09:54 - 2015-10-16 09:54 - 3358520 _____ (Hewlett-Packard Company ) C:\Users\Bine\AppData\Local\Temp\SP71716.exe
2017-02-21 00:13 - 2010-03-23 14:30 - 0056832 _____ () C:\Users\Bine\AppData\Local\Temp\vpnclient_setup.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden. der Benutzer ist kein Administrator
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
durchgeführt von Bine (17-06-2017 11:50:20)
Gestartet von C:\Users\Bine\Downloads
Windows 8.1 (Update) (X64) (2015-10-21 22:39:59)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1742589508-3326327189-3140255072-500 - Administrator - Disabled)
Bine (S-1-5-21-1742589508-3326327189-3140255072-1001 - Limited - Enabled) => C:\Users\Bine
Bine_2 (S-1-5-21-1742589508-3326327189-3140255072-1007 - Administrator - Enabled) => C:\Users\Bine_2
Gast (S-1-5-21-1742589508-3326327189-3140255072-501 - Limited - Disabled)
SophosSAULALELU0 (S-1-5-21-1742589508-3326327189-3140255072-1014 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Sophos Anti-Virus (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)
Anki (HKLM-x32\...\Anki) (Version: - )
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
Between Me and The Night (HKLM\...\Steam App 285070) (Version: - RainDance LX)
BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM\...\Steam App 8870) (Version: - Irrational Games)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation)
Bullzip PDF Printer 10.24.0.2543 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.24.0.2543 - Bullzip)
calibre 64bit (HKLM\...\{32019BE2-E62F-48CF-B274-2521588B83D8}) (Version: 2.54.0 - Kovid Goyal)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.5.0.1 - Swiss Academic Software)
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version: - Vertigo Gaming Inc.)
Core Temp 1.0 RC9 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Deaktivierungs-Add-on für Browser von Google Analytics (HKLM\...\{9F540EA8-086E-4D53-B845-A06E6903DED6}) (Version: 0.9.6.0 - Google Inc.)
Deponia Doomsday (HKLM\...\Steam App 421050) (Version: - Daedalic Entertainment)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist (HKLM-x32\...\Steam App 409160) (Version: - Crows Crows Crows)
Dropbox (HKLM-x32\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Emily is Away (HKLM-x32\...\Steam App 417860) (Version: - Kyle Seeley)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Exif Tag Remover 2.0 (HKLM-x32\...\Exif Tag Remover_is1) (Version: - RL Vision)
Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.)
Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.3.15 - Open source)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive®)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C203E224-E4BE-4210-9D30-EB6571ACA1F9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{A38E954F-9043-42BD-9DE9-246ED183791D}) (Version: 12.5.32.203 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.46 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.21 - Intel(R) Corporation) Hidden
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Malwarebytes Anti-Exploit version 1.9.1.1403 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1403 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvin's Mittens (HKLM-x32\...\Steam App 333260) (Version: - Breakfall)
Memoria (HKLM-x32\...\Steam App 243200) (Version: - Daedalic Entertainment)
Message Quest (HKLM\...\Steam App 408280) (Version: - Royal Troupe)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7369.2130 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Move or Die (HKLM\...\Steam App 323850) (Version: - Those Awesome Guys)
Mozilla Firefox 53.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 de)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Update 23.23.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 23.23.30.0 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Opera Stable 45.0.2552.898 (HKLM-x32\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version: - Moon Studios GmbH)
Ori and the Blind Forest: Definitive Edition (HKLM\...\Steam App 387290) (Version: - Moon Studios GmbH)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
Reflections (HKLM-x32\...\Steam App 352360) (Version: - Broken Window Studios)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Sophos Anti-Virus (HKLM-x32\...\{788B9788-7F03-4A2B-8258-3445C0278C33}) (Version: 10.7.2.49 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.7.220 - Sophos Limited)
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 1.0.0.265 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.1 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{F2D2C705-91CE-4F28-9FC2-A51C29137B54}) (Version: 6.1.6.0 - Husdawg, LLC)
Tabletop Simulator (HKLM\...\Steam App 286160) (Version: - Berserk Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
The Banner Saga 2 (HKLM\...\Steam App 281640) (Version: - Stoic)
The Beginner's Guide (HKLM-x32\...\Steam App 303210) (Version: - Everything Unlimited Ltd.)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version: - Daedalic Entertainment)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
The Silent Age (HKLM-x32\...\Steam App 352520) (Version: - House On Fire)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version: - Galactic Cafe)
The Whispered World Special Edition (HKLM-x32\...\Steam App 268540) (Version: - Daedalic Entertainment)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios)
TomTom MyDrive Connect 4.1.4.3031 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.4.3031 - TomTom)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1742589508-3326327189-3140255072-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Bine\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => <==== ACHTUNG
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => <==== ACHTUNG
Task: C:\Windows\Tasks\HPCeeScheduleForBine.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\sharepoint.com -> hxxps://unibamberg.sharepoint.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bine\Downloads\skarnland_by_frankatt-d91ogk6 (1).jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "HP Officejet 6600 (NET)"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{0A85439C-29F0-4453-81A5-F10AFE261DCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{754C0A5E-24FD-4FFF-8D05-F08A52B10861}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7787E021-FF9F-4280-AB81-F5141EE1B111}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0ADE10F1-65EB-4B81-92F8-D260578F2D7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4594148-0C37-4397-9B02-BD0395F1B515}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2BFF083F-02A7-4992-92BB-7EF8A65ACC66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D3313493-3F10-4BDA-BEDB-9435434680CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2A13A4AC-9C73-468B-9CCE-13007B574A05}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AFF68898-0154-4BCC-8693-423CA7EA7E80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvin's Mittens\Jumpman.exe
FirewallRules: [{2987CD3E-3DF9-43D2-B7ED-D2A6E7F6164F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvin's Mittens\Jumpman.exe
FirewallRules: [{C94F582E-3376-436D-BD46-B112BC2B6200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe
FirewallRules: [{A0CBE047-06E0-425D-99C2-D0093619F3F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe
FirewallRules: [{F9E53D3D-38E5-4CD6-9088-7AC797960C90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{B62D8181-CD6B-4049-A4BB-141D317FBD69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{097F4FE2-F9E5-4337-8386-A219CCF550BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{67CEFBF6-5174-489D-A9BC-9519F18F9E9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{F6205133-9C97-4861-8B11-70C623720560}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{728C89D2-B04F-49F4-BAF4-4379F5A862D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{6E594FB4-E8C3-44BA-9EE8-9B0089C37E6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{77E1E50B-6D83-4370-A874-252B7342EF90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{A9CE1712-343B-40AC-A747-97BE54574D14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{F462141D-5703-4183-B4EB-161090E1691B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{B996FBFD-4C17-42C3-8023-60E70609872F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{F6A1EFC3-7EFF-4764-8EEA-92C16978D441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [TCP Query User{3008B0A9-9107-490C-9EF1-EEB99924F9E7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BA9F0E96-E3C2-4625-86E4-AA5B7324D839}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6FA04FAE-EB59-4115-B6D9-37FAFC2516DA}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F2CFB0ED-0A0B-4FF9-9B58-C31BA5F9ACE6}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{55B56DF0-7BDB-41D7-9B64-84F5973A9889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{BA6B412D-2986-4FCA-B33C-5B61143E9401}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{39326E4F-E05C-4DEE-8165-2EFBD1BD430C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\twwse.exe
FirewallRules: [{56FAD213-ECF4-48ED-A667-F8954F841F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\twwse.exe
FirewallRules: [{AF8660FB-27A0-4599-AE6E-E4582450CD5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\VisionaireConfigurationTool.exe
FirewallRules: [{8D800F6D-5335-43AC-87BB-7734EACBD375}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\VisionaireConfigurationTool.exe
FirewallRules: [{71896BF5-F20F-4196-A996-6410DD92F1A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe
FirewallRules: [{F8A2B8C2-D5DF-4830-9A8F-99242113985B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe
FirewallRules: [{77DC00A5-4753-4AC2-8D0E-2C4BA251E061}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{8E187E6E-42A9-429B-A19D-721A4A4B718E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{A5B99823-634A-4545-9CFE-5E1F4629BFA4}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{0C69D586-AF72-4376-8B0D-FDD1861A1D6F}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{07E17082-15FC-476E-BBEA-AE1F86FF680B}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{36451B88-3CD2-4AEF-B384-6DAC67BE2BC8}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{F95CB163-2259-4693-A340-1D0D836588E4}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A728ED5F-57F7-469C-A3AC-A096E6F54954}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{35EF2309-E73E-4F47-97DA-D0478560ED0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D9578EA-971A-411F-A118-9D2858B4D7F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F822C852-7638-42ED-8EC4-26A3DC16B9B8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1EC76916-F579-4D97-93FC-972E348296AC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{CB1A8617-23A9-48A5-BF34-88D3C85FCAC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{ADEE20DC-28FC-42FA-839D-5D49E77AF1EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{6C39532E-3F89-40C7-90A8-A60D7A621C66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{F3230D40-5A68-4805-95B7-5B5923D57C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{28786C85-79E7-4C8F-83B1-766D5FF7E29D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{1E7A28E6-0589-48A6-A199-4F6E7B5837A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{EFF129A8-D2A4-4D5E-BC27-06DCCE61B8B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{078BE467-829A-4E8D-92D7-E49F20EDB828}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF60D578-9659-4F62-9143-D665D6257740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{28BE2BCE-F5BB-4A2F-A609-D74B927BD3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{0D36B12D-C7E4-4A34-8446-BF57A30864F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{663E89A0-59EE-47CC-9F22-164E95774D6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{1E0D946F-A398-4E15-8880-7DB7E32DFE26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Silent Age\TheSilentAge.exe
FirewallRules: [{4C81C78B-1B6A-4A4B-8821-5817CC9DB4C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Silent Age\TheSilentAge.exe
FirewallRules: [{904D59C3-7596-4D34-90EA-C779F615C218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections.exe
FirewallRules: [{9F713D10-48CB-468F-BFD0-243483461EA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections.exe
FirewallRules: [{C6D82283-8B24-4014-BA9A-706EA69981D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections_DirectToRift.exe
FirewallRules: [{F1E7280D-DD55-4304-8FBF-8FCA820912DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections_DirectToRift.exe
FirewallRules: [{A9A1F441-8C27-49BA-89AF-138463AD5D08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{CAD340C1-962C-4273-8719-EEDF90BA9BC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{0B42F004-C798-4A45-B324-92B65E50E63D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Beginners Guide\beginnersguide.exe
FirewallRules: [{CE2FD8BF-48DA-4C7D-BA95-F3FE506D5E98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Beginners Guide\beginnersguide.exe
FirewallRules: [{8B87BE7B-9838-4892-A175-8AEF076C1B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{0F3EF25E-0204-4179-8567-77F3C51BA45E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{8B74166C-9FA9-4353-B832-1DA81EC6367A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{D8FD9B12-80AA-4262-A6B7-4E184BE1B7A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{91237FED-85BA-43EA-A84C-E78F5C9130D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{6472CDA6-3618-4B22-8993-A950BCEA7C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{0E553460-FC44-44CF-961E-5A7F574EA836}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{B5F658B6-E5A5-47A9-820C-48AA072002B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{734F871C-B994-4E89-8DAB-C4B86ADE95EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{92A401F4-E5FD-4052-9F1D-B28C33BEA9DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{930DA6B0-9674-48F1-989C-231E662416AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{8280618D-CBE2-486D-989A-D01118120A51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{2A917A50-905D-494B-AF65-4791806C0074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\deponia4.exe
FirewallRules: [{62D8B494-0658-4D76-BFD6-4EBA7AD7449F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\deponia4.exe
FirewallRules: [{1877BC99-BA9C-41FC-87F5-1635CC3AE096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\VisionaireConfigurationTool.exe
FirewallRules: [{4375FB80-0379-4DB6-B4F8-FB2387AA61CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\VisionaireConfigurationTool.exe
FirewallRules: [{C4B682D9-F5EC-4931-9256-D1CA9AD9D95D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{59AB3187-8CA4-4453-82FC-EC5C738E4E9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{419912A1-3A9C-463E-ACDF-2DD3DA5581F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{9FFA9A1B-111F-48B6-BA2F-64C0AE3FF281}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{CC89EAA1-CFCD-4A8D-80E1-A0840EC0D57E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{03FDA1A0-B7D9-46C3-8C00-85A2A6FD7C4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{300FDE5E-029A-4505-83E3-120F78B98667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{DC78782C-2C7D-4D0C-A750-8C940E755F25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{3DFECC3D-424D-4734-B8B0-D6D034F6A16D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{3F560055-7815-489E-BC38-5D4EA055A636}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{03A4AE59-388D-4897-8748-B06FABCE0923}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E5FEBBA5-F044-4CFF-9173-FEFEB5E9B099}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{15C72515-73C8-4C9B-A0BC-CE631B678185}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{05657337-4BA2-48A3-B576-B0A3884AF61B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{ABEE3210-D66A-4A54-A6C5-933E1D97030C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1F42357A-0C7B-4894-AE6C-18970F3C3943}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe
FirewallRules: [{C57DF365-90B7-4CF8-9F86-BAA00D94C1DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe
FirewallRules: [{0E051C72-7CA5-4FF5-8C32-71DBE11BEC88}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{A21754A3-1854-4CA6-92AC-8A6AC18E0BE5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{820BE837-D242-4D40-B947-68FB7021FECF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{1A009EAE-9AAD-46A4-8311-0019C073210D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{ABA076FE-B164-418C-AB94-F2484D52DB36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{30E70866-3297-4211-8728-6D8B919BB0C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{ADF92A03-0F98-478F-B514-42D46D71CF8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{927E4D44-E313-4C84-9304-F2268BBD8063}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3651CB60-E07E-498C-894A-C5825BD593F4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7382C300-51FE-489A-BBEF-8BCF3F73F954}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0B53A447-4615-4AF3-BF0C-BBF888278A14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{9E0E4EB1-E07F-4E90-926B-6E6B2C100FC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{5912145E-2CFB-45C3-87B9-80B8CFF8237F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{C91E546A-75C3-4C9A-BC96-CA46B6B9A80E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{7DD7ACEF-06F1-456F-9329-CCCD16D3094A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{1935CE8C-171C-4B3A-BBAB-52CA12F8AFB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{094BA965-86AD-48CF-9A94-38B68023E67D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{555DAB97-6791-4717-A7FF-0A633BDD40ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{1A1B3C1B-1FC8-4E8D-9D22-E90163C03B17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DE2DCEB6-6B20-4B09-A1ED-FB156A044B71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{6CB896C4-7D84-46EB-959B-64846E381F98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{2DFDF32B-1876-47D3-A384-B7C9533C445D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{BE85670D-B13C-4D8C-ADF7-1F7D19E0980D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MessageQuest\mq.exe
FirewallRules: [{0781A8A5-53EF-498D-8E74-7CB59A3D71D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MessageQuest\mq.exe
FirewallRules: [{08B35E78-7B21-49C1-A71D-8826D0E179F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between me and The Night\Between Me and The Night.exe
FirewallRules: [{D444EBAA-770B-460A-8F7C-1C7C4BFF0B85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between me and The Night\Between Me and The Night.exe
FirewallRules: [{E8A13532-C15B-41B5-AAAB-7428D3A39458}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BFE1A522-B88C-4FB5-A8CC-84C1A6119B5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{96941D47-6876-455B-A047-97924C142629}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{6AB3A930-2D92-4E70-B0BE-B80F3761A534}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{42E7E9A7-AE63-44D6-A7F0-A74A6EF3E50D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{11345983-F9E4-4067-B410-9B27B1F74CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{42596B2C-5FA8-4625-8674-953601C681F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{51ECA7B7-D0B2-4CB4-94F2-800E89475CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{3FE81569-999C-4132-8CE3-754D0E1AA9FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{171A23BD-5FAF-4E95-9EF4-FF0D3890585C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{68E9C562-DFBC-4C56-8E20-1BE6A70B4E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{BD301DA8-6DCE-4412-9FE1-C167869E0FCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{BC43E574-2483-45DF-A9EA-851FB8D8D410}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
FirewallRules: [{6C184B67-EAC9-4E5C-BF4C-792F124717D9}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.898\opera.exe
FirewallRules: [{24C8F3D6-A54B-4F14-8F9B-4052DB3B6973}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/17/2017 01:17:56 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/17/2017 12:50:49 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (06/16/2017 05:26:24 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/16/2017 05:22:59 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (06/15/2017 05:28:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OPBHOBrokerDsktop.exe, Version: 8.0.1.46, Zeitstempel: 0x55957941
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18696, Zeitstempel: 0x59153753
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f1c00
ID des fehlerhaften Prozesses: 0x22f8
Startzeit der fehlerhaften Anwendung: 0x01d2e5ebd11d3051
Pfad der fehlerhaften Anwendung: C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: 44a3a5f1-51df-11e7-8350-d0bf9c933516
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2017 05:28:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OPBHOBrokerDsktop.exe, Version: 8.0.1.46, Zeitstempel: 0x55957941
Name des fehlerhaften Moduls: OpBHO64.dll, Version: 8.0.0.1, Zeitstempel: 0x55957930
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003377a
ID des fehlerhaften Prozesses: 0x22f8
Startzeit der fehlerhaften Anwendung: 0x01d2e5ebd11d3051
Pfad der fehlerhaften Anwendung: C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
Berichtskennung: 43809bcd-51df-11e7-8350-d0bf9c933516
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2017 05:26:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OPBHOBrokerDsktop.exe, Version: 8.0.1.46, Zeitstempel: 0x55957941
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18696, Zeitstempel: 0x59153753
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f1c00
ID des fehlerhaften Prozesses: 0x1010
Startzeit der fehlerhaften Anwendung: 0x01d2e52b2acd38aa
Pfad der fehlerhaften Anwendung: C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: 0a65f27f-51df-11e7-8350-d0bf9c933516
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2017 05:26:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OPBHOBrokerDsktop.exe, Version: 8.0.1.46, Zeitstempel: 0x55957941
Name des fehlerhaften Moduls: OpBHO64.dll, Version: 8.0.0.1, Zeitstempel: 0x55957930
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003377a
ID des fehlerhaften Prozesses: 0x1010
Startzeit der fehlerhaften Anwendung: 0x01d2e52b2acd38aa
Pfad der fehlerhaften Anwendung: C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
Berichtskennung: 051a27d5-51df-11e7-8350-d0bf9c933516
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2017 01:59:53 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/15/2017 12:51:29 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Systemfehler:
=============
Error: (06/17/2017 10:17:29 AM) (Source: DCOM) (EventID: 10010) (User: LALELU)
Description: Der Server "{BCC57CD7-DCD1-4CD3-8AF0-2982F7F5A720}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (06/15/2017 12:18:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (06/15/2017 12:18:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (06/14/2017 06:17:41 PM) (Source: DCOM) (EventID: 10010) (User: LALELU)
Description: Der Server "{BCC57CD7-DCD1-4CD3-8AF0-2982F7F5A720}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (06/14/2017 12:03:25 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.1.10.188
registriert werden. Der Computer mit IP-Adresse 10.1.12.224 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (06/14/2017 08:14:21 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PEZSO-SURFACE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BACB4E71-C30B-4C4C-BBF0-9BD809C398B8}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (06/13/2017 03:07:44 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.1.10.188
registriert werden. Der Computer mit IP-Adresse 10.1.22.177 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (06/13/2017 12:07:43 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MEINS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BACB4E71-C30B-4C4C-BBF0-9BD809C398B8}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (06/13/2017 11:44:07 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JONAS-LENOVO",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BACB4E71-C30B-4C4C-BBF0-9BD809C398B8}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (06/13/2017 10:16:29 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "DESKTOP-GM89MCK",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BACB4E71-C30B-4C4C-BBF0-9BD809C398B8}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
CodeIntegrity:
===================================
Date: 2017-01-24 10:05:57.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 11:45:14.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 11:45:14.274
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 11:44:28.042
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:50:06.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:50:06.203
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:42:02.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:42:01.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:41:28.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 01:53:32.631
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 12210.27 MB
Verfügbarer physikalischer RAM: 9819.08 MB
Summe virtueller Speicher: 14066.27 MB
Verfügbarer virtueller Speicher: 11724.14 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:906.35 GB) (Free:600.72 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:24.14 GB) (Free:2.66 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (SCRUBSPAL_S4D4 ) (CDROM) (Total:7.78 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
==================== Ende von Addition.txt ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 17.06.2017 Suchlaufzeit: 09:15 Protokolldatei: Malwarebytes 17_06.txt Administrator: Nein Version: 2.2.1.1043 Malware-Datenbank: v2017.06.17.03 Rootkit-Datenbank: v2017.05.27.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Bine Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 218139 Abgelaufene Zeit: 37 Min., 2 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 6 Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\Downloads, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\0263f6a1bed70827ac8a4d947af795ce, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\fc0ad09f4d404282ee6003979010bd8d, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\ffa8fe555840fde3e35d8cde259ba5b1, In Quarantäne, [43044af613967db96f03353521e0f010], Dateien: 12 PUP.Optional.GameHack, C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat, Keine Aktion durch Benutzer, [63e462de436684b2931a4414887948b8], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\cepsxenbcazusqdi.dat, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\dplecnhjsnxxlncp.dat, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\gkdeuiedtiismypd.dat, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\initdebug.nfo, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\kffbwgqxichvvpit.dat, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\mndnvrmirxtyrwae.dat, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\pkdjsingfdpjhotw.dat, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\pxjuaiimonvhfmcj.dat, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\0263f6a1bed70827ac8a4d947af795ce\Opera_33.0.1990.43_Campaign_68_Setup.exe, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\fc0ad09f4d404282ee6003979010bd8d\donothing.exe, In Quarantäne, [43044af613967db96f03353521e0f010], Adware.ChinAd, C:\Users\Bine\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\ffa8fe555840fde3e35d8cde259ba5b1\instspeedfan451.exe, In Quarantäne, [43044af613967db96f03353521e0f010], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v6.047 - Bericht erstellt am 17/06/2017 um 10:37:24
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-06-16.2 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Bine_2 - LALELU
# Gestartet von : C:\Users\Bine_2\Downloads\adwcleaner_6.047.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Keine schädlichen Ordner gefunden.
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Keine schädlichen Aufgaben gefunden.
***** [ Registrierungsdatenbank ] *****
Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
\AdwCleaner\AdwCleaner[C1].txt - [850 Bytes] - [30/12/2015 16:51:40]
\AdwCleaner\AdwCleaner[C2].txt - [4121 Bytes] - [04/11/2016 10:30:54]
\AdwCleaner\AdwCleaner[S1].txt - [731 Bytes] - [30/12/2015 16:26:55]
\AdwCleaner\AdwCleaner[S2].txt - [731 Bytes] - [30/12/2015 16:39:19]
\AdwCleaner\AdwCleaner[S3].txt - [4179 Bytes] - [04/11/2016 10:28:21]
\AdwCleaner\AdwCleaner[S4].txt - [1693 Bytes] - [04/11/2016 10:38:09]
\AdwCleaner\AdwCleaner[S5].txt - [1766 Bytes] - [05/11/2016 11:24:42]
\AdwCleaner\AdwCleaner[S6].txt - [1839 Bytes] - [19/11/2016 22:25:04]
\AdwCleaner\AdwCleaner[S7].txt - [1911 Bytes] - [17/12/2016 08:44:35]
\AdwCleaner\AdwCleaner[S8].txt - [1985 Bytes] - [08/02/2017 16:45:30]
\AdwCleaner\AdwCleaner[S9].txt - [1892 Bytes] - [17/06/2017 10:37:24]
########## EOF - \AdwCleaner\AdwCleaner[S9].txt - [1963 Bytes] ##########
Geändert von Unkreative (17.06.2017 um 11:36 Uhr) Grund: vorher aus Versehen abgeschickt |
|
17.06.2017, 13:01
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 8.1: Malware Bytes findet ChinADZitat:
 Beispiel: Auswertung eines CHIP-Installers bei VT --> https://www.virustotal.com/de/file/e...is/1497700771/Siehe auch ---> http://www.trojaner-board.de/185776-...installer.html Zitat:
__________________ |
|
17.06.2017, 13:30
| #3 | ||
| | Windows 8.1: Malware Bytes findet ChinADZitat:
 Zitat:
Hier die neuen Logs mit Adminrechten: FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01 durchgeführt von Bine_2 (Administrator) auf LALELU (17-06-2017 14:07:27) Gestartet von C:\Users\Bine\Downloads Geladene Profile: Bine & Bine_2 (Verfügbare Profile: Bine & Bine_2) Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe (Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2014-10-07] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-06-12] (Dropbox, Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1481256 2017-04-25] (Sophos Limited) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-05-05] (Malwarebytes Corporation) HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation) HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Spotify Web Helper] => "C:\Users\Bine\AppData\Roaming\Spotify\SpotifyWebHelper.exe" HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Spotify] => "C:\Users\Bine\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.) HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [235928 2017-04-25] (Sophos Limited) AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [207864 2017-04-25] (Sophos Limited) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2017-02-21] ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-12-02] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2017-02-13] ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [2016-01-19] ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk [2017-06-17] ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{77320BAC-9ED2-49D0-94BF-EFDEC023C0D3}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{BACB4E71-C30B-4C4C-BBF0-9BD809C398B8}: [DhcpNameServer] 141.13.240.33 141.13.240.2 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.twitch.tv/rocketbeanstv HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\S-1-5-21-1742589508-3326327189-3140255072-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com/ HKU\S-1-5-21-1742589508-3326327189-3140255072-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {7E2AEA9D-3F84-4E82-ACD1-2BCC4963AB36} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1742589508-3326327189-3140255072-1001 -> {7E2AEA9D-3F84-4E82-ACD1-2BCC4963AB36} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1742589508-3326327189-3140255072-1007 -> {7E2AEA9D-3F84-4E82-ACD1-2BCC4963AB36} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-06] (Microsoft Corporation) BHO: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-06] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation) BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2016-02-18] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2017-05-30] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-05] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-05] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2017-05-05] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-12] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-12] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-05-05] (Malwarebytes Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-03] (Softex Inc.) [Datei ist nicht signiert] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor) R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [229664 2017-04-25] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2017-04-25] (Sophos Limited) R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [901248 2016-04-14] (Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [761696 2017-04-25] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2017-04-25] (Sophos Limited) R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2499872 2017-02-02] (Sophos Limited) R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2017-04-25] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3644368 2017-04-25] (Sophos Limited) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [Datei ist nicht signiert] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7552760 2015-08-15] (Broadcom Corporation) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77440 2017-05-05] () S3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.) S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation) U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [199552 2017-04-25] (Sophos Limited) S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2016-04-14] (Sophos Limited) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated) R2 sntp; C:\Windows\system32\DRIVERS\sntp.sys [116144 2016-04-14] (Sophos Limited) R0 Sophos Endpoint Defense; C:\Windows\System32\DRIVERS\SophosED.sys [200760 2017-02-02] (Sophos Limited) S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [45840 2017-04-25] (Sophos Limited) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [47760 2017-02-02] (Sophos Limited) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-24] (HP) R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-24] (HP) S3 ALSysIO; \??\C:\Users\Bine_2\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X] S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-06-17 12:09 - 2017-06-17 12:09 - 00000000 ____D C:\Users\Bine\Documents\Protokolle 2017-06-17 11:50 - 2017-06-17 11:51 - 00056270 _____ C:\Users\Bine\Downloads\Addition.txt 2017-06-17 11:48 - 2017-06-17 14:07 - 00030777 _____ C:\Users\Bine\Downloads\FRST.txt 2017-06-17 11:48 - 2017-06-17 14:07 - 00000000 ____D C:\FRST 2017-06-17 11:47 - 2017-06-17 11:47 - 02438656 _____ (Farbar) C:\Users\Bine\Downloads\FRST64.exe 2017-06-17 10:45 - 2017-06-17 12:21 - 00000000 ____D C:\Users\Bine_2\Desktop\mbar 2017-06-17 10:30 - 2017-06-17 10:31 - 04110280 _____ C:\Users\Bine_2\Downloads\adwcleaner_6.047.exe 2017-06-17 10:04 - 2017-04-21 23:53 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2017-06-17 10:04 - 2017-04-21 23:50 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2017-06-17 10:03 - 2017-04-21 23:50 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll 2017-06-17 10:03 - 2017-04-11 20:27 - 00485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2017-06-17 10:03 - 2017-03-15 20:15 - 00690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2017-06-17 10:02 - 2017-04-21 23:53 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll 2017-06-17 10:01 - 2017-04-11 20:27 - 00987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2017-06-17 10:01 - 2017-03-15 20:15 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2017-06-14 23:19 - 2017-06-14 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-06-14 18:27 - 2017-06-03 04:31 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-06-14 18:27 - 2017-06-03 04:31 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-06-14 00:12 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-06-14 00:12 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-06-14 00:11 - 2017-06-02 14:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2017-06-14 00:11 - 2017-06-02 14:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2017-06-14 00:11 - 2017-06-02 14:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2017-06-14 00:11 - 2017-06-02 14:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-06-14 00:11 - 2017-06-02 14:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2017-06-14 00:11 - 2017-06-02 13:30 - 03635200 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-06-14 00:11 - 2017-06-02 13:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-06-14 00:11 - 2017-06-02 12:58 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-06-14 00:11 - 2017-06-02 12:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2017-06-14 00:11 - 2017-06-02 12:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2017-06-14 00:11 - 2017-06-02 12:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2017-06-14 00:11 - 2017-06-02 12:02 - 02751488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-06-14 00:11 - 2017-06-02 11:43 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-06-14 00:11 - 2017-06-02 11:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-06-14 00:11 - 2017-05-15 21:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2017-06-14 00:11 - 2017-05-14 22:44 - 04170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-06-14 00:11 - 2017-05-14 22:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-06-14 00:11 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-06-14 00:11 - 2017-05-14 22:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-06-14 00:11 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-06-14 00:11 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-06-14 00:11 - 2017-05-14 21:32 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2017-06-14 00:11 - 2017-05-14 21:31 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2017-06-14 00:11 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-06-14 00:11 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-06-14 00:11 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-06-14 00:11 - 2017-05-14 21:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2017-06-14 00:11 - 2017-05-14 21:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-06-14 00:11 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-06-14 00:11 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-06-14 00:11 - 2017-05-14 20:48 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2017-06-14 00:11 - 2017-05-14 20:46 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2017-06-14 00:11 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-06-14 00:11 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-06-14 00:11 - 2017-05-14 20:38 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-06-14 00:11 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-06-14 00:11 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-06-14 00:11 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-06-14 00:11 - 2017-05-14 20:16 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-06-14 00:11 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-06-14 00:11 - 2017-05-14 20:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2017-06-14 00:11 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-06-14 00:11 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-06-14 00:11 - 2017-05-14 20:06 - 07441240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-06-14 00:11 - 2017-05-14 20:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-06-14 00:11 - 2017-05-14 20:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-06-14 00:11 - 2017-05-12 19:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2017-06-14 00:11 - 2017-05-12 18:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2017-06-14 00:11 - 2017-05-12 18:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2017-06-14 00:11 - 2017-05-12 17:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2017-06-14 00:11 - 2017-05-12 17:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2017-06-14 00:11 - 2017-05-12 17:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2017-06-14 00:11 - 2017-05-12 17:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2017-06-14 00:11 - 2017-05-12 06:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-06-14 00:11 - 2017-05-12 04:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-06-14 00:11 - 2017-05-12 04:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-06-14 00:11 - 2017-05-12 04:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-06-14 00:11 - 2017-05-12 04:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2017-06-14 00:11 - 2017-05-12 04:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2017-06-14 00:11 - 2017-05-12 04:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2017-06-14 00:11 - 2017-05-12 04:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2017-06-14 00:11 - 2017-05-12 04:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-06-14 00:11 - 2017-05-12 04:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2017-06-14 00:11 - 2017-05-12 01:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-06-14 00:11 - 2017-05-12 01:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-06-14 00:11 - 2017-05-10 20:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2017-06-14 00:11 - 2017-05-06 18:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-06-14 00:11 - 2017-05-06 18:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-06-14 00:11 - 2017-04-06 19:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-06-14 00:11 - 2017-04-06 19:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll 2017-06-14 00:11 - 2017-04-06 18:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-06-14 00:11 - 2017-04-06 18:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-06-14 00:11 - 2017-04-06 18:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-06-14 00:11 - 2017-04-06 18:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2017-06-14 00:11 - 2017-04-06 18:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-06-14 00:11 - 2017-04-06 17:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2017-06-14 00:11 - 2017-04-02 16:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2017-06-14 00:11 - 2017-04-02 15:40 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-06-12 13:55 - 2017-06-12 13:55 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-06-09 13:57 - 2017-06-09 13:57 - 00000000 ____D C:\Users\Bine\Desktop\chocolate-doom-2.3.0-win32 2017-06-02 09:54 - 2017-06-02 09:54 - 10120511 _____ C:\Users\Bine\Documents\Scan.pdf 2017-05-31 14:12 - 2017-05-31 14:12 - 00000000 ____D C:\Users\Bine\Documents\Ergebnisse 2017-05-30 19:07 - 2017-05-30 19:07 - 00000000 ____D C:\Users\Bine_2\AppData\Local\Downloaded Installations 2017-05-30 14:33 - 2017-05-30 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-05-30 14:33 - 2017-04-25 15:32 - 00044304 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe 2017-05-30 14:33 - 2017-02-02 16:53 - 00047760 _____ (Sophos Limited) C:\Windows\system32\Drivers\swi_callout.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-06-17 13:44 - 2016-10-01 12:29 - 00000000 ____D C:\Users\Bine\AppData\Roaming\TS3Client 2017-06-17 13:14 - 2015-10-24 16:39 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-06-17 13:13 - 2014-10-31 10:33 - 00802890 _____ C:\Windows\system32\perfh007.dat 2017-06-17 13:13 - 2014-10-31 10:33 - 00175332 _____ C:\Windows\system32\perfc007.dat 2017-06-17 13:13 - 2014-03-18 11:53 - 01927320 _____ C:\Windows\system32\PerfStringBackup.INI 2017-06-17 13:13 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2017-06-17 12:35 - 2015-12-26 01:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1742589508-3326327189-3140255072-1007 2017-06-17 12:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2017-06-17 12:30 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-17 12:25 - 2014-10-31 20:23 - 00000000 ____D C:\ProgramData\NVIDIA 2017-06-17 12:22 - 2015-11-01 21:53 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-06-17 12:21 - 2015-12-26 01:14 - 00000000 ____D C:\Users\Bine_2\AppData\Local\NVIDIA Corporation 2017-06-17 12:19 - 2015-10-24 16:39 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-06-17 11:54 - 2016-11-16 10:11 - 00000000 ____D C:\Users\Bine\AppData\LocalLow\Mozilla 2017-06-17 11:45 - 2016-11-03 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-06-17 10:49 - 2015-11-01 21:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-06-17 10:45 - 2016-11-03 16:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Bine\Downloads\mbar-1.09.3.1001.exe 2017-06-17 10:37 - 2015-12-30 16:26 - 00000000 ____D C:\AdwCleaner 2017-06-17 10:27 - 2015-10-24 10:30 - 00000000 ____D C:\Users\Bine\OneDrive 2017-06-17 10:24 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-17 10:22 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2017-06-17 10:17 - 2015-10-22 07:26 - 00000000 ____D C:\Users\Bine\Documents\Psychologie 2017-06-17 10:17 - 2015-10-22 00:49 - 00000000 ____D C:\Program Files (x86)\Steam 2017-06-17 10:17 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2017-06-16 07:32 - 2015-10-22 00:47 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1742589508-3326327189-3140255072-1001 2017-06-15 18:59 - 2015-10-25 19:13 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Swiss Academic Software 2017-06-15 17:28 - 2016-01-07 01:04 - 00000000 ____D C:\Users\Bine\AppData\Local\CrashDumps 2017-06-15 08:00 - 2015-10-22 07:26 - 00000000 ____D C:\Users\Bine\Documents\Citavi 5 2017-06-15 05:10 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2017-06-14 23:19 - 2014-10-31 03:21 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-06-14 18:36 - 2015-11-02 16:51 - 00003864 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1446475865 2017-06-14 18:36 - 2015-11-02 16:51 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2017-06-14 18:36 - 2015-10-22 00:47 - 00000000 ____D C:\Program Files (x86)\Opera 2017-06-14 18:25 - 2016-03-14 14:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-06-14 18:25 - 2016-03-14 14:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-06-14 18:25 - 2013-08-22 16:44 - 00517664 _____ C:\Windows\system32\FNTCACHE.DAT 2017-06-14 18:18 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2017-06-14 12:18 - 2015-10-23 08:10 - 00000000 ____D C:\Windows\system32\MRT 2017-06-14 12:06 - 2015-10-23 08:10 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-06-14 10:45 - 2016-03-14 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-06-13 23:53 - 2017-04-12 21:16 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-06-13 23:53 - 2017-04-12 21:16 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-06-13 23:51 - 2017-04-12 21:16 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-06-13 23:22 - 2016-04-10 08:36 - 00003150 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBine 2017-06-13 23:22 - 2016-03-27 10:16 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForBine.job 2017-06-13 11:39 - 2015-10-22 00:41 - 00000000 ____D C:\Users\Bine\AppData\Local\Packages 2017-06-12 12:35 - 2016-04-23 15:51 - 00000000 ___RD C:\Users\Bine\OneDrive for Business 2017-06-10 23:18 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing 2017-06-10 21:55 - 2015-11-23 16:05 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2017-06-10 16:48 - 2016-03-14 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET 2017-06-06 08:43 - 2017-02-18 13:34 - 00000000 ____D C:\Users\Bine\AppData\Roaming\vlc 2017-06-04 17:49 - 2017-02-18 13:34 - 00000000 ____D C:\Users\Bine\AppData\Roaming\dvdcss 2017-05-30 19:58 - 2015-10-25 19:13 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2017-05-30 19:58 - 2015-10-25 19:12 - 00001944 _____ C:\Users\Public\Desktop\Citavi 5.lnk 2017-05-30 19:58 - 2015-10-25 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5 2017-05-30 14:34 - 2015-11-02 15:20 - 00000000 ____D C:\ProgramData\Sophos 2017-05-29 11:39 - 2017-04-25 08:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-05-29 11:39 - 2015-11-16 00:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-05-24 15:50 - 2015-10-22 00:40 - 00000000 ____D C:\Users\Bine 2017-05-23 10:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\spool 2017-05-23 08:44 - 2015-12-26 01:14 - 00000000 ____D C:\Users\Bine_2 2017-05-22 22:29 - 2017-05-16 23:48 - 00319886 _____ C:\Users\Bine\Documents\Dimensionen.xlsx 2017-05-22 21:10 - 2015-10-28 11:38 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Skype 2017-05-19 18:28 - 2014-10-31 03:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-05-19 12:33 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-05-18 16:30 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF 2017-05-18 12:55 - 2017-05-10 15:00 - 01071816 _____ C:\Users\Bine\Documents\AMDP.pptx ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-11-15 17:38 - 2015-11-15 17:38 - 0000057 _____ () C:\ProgramData\Ament.ini 2017-01-08 15:01 - 2017-01-19 21:06 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log 2017-01-08 15:01 - 2017-01-19 20:52 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 Einige Dateien in TEMP: ==================== 2015-10-25 12:48 - 2015-12-09 21:35 - 22299288 _____ (AVAST Software ) C:\Users\Bine\AppData\Local\Temp\avast_secureline_setup.exe 2016-01-03 01:09 - 2016-01-03 01:09 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\Bine\AppData\Local\Temp\COMAP.EXE 2017-02-21 00:52 - 2010-03-23 14:15 - 0016505 _____ () C:\Users\Bine\AppData\Local\Temp\DelayInst.exe 2015-10-28 14:04 - 2015-10-28 14:04 - 0071168 _____ () C:\Users\Bine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdjlpox.dll 2015-10-23 08:11 - 2013-06-04 11:30 - 0050432 ____R () C:\Users\Bine\AppData\Local\Temp\Extract.exe 2017-02-27 21:45 - 2014-07-17 12:23 - 6739008 _____ (Foxit Corporation) C:\Users\Bine\AppData\Local\Temp\Foxit PhantomPDF Updater.exe 2016-11-04 10:39 - 2016-09-26 12:27 - 11579432 _____ (SurfRight B.V.) C:\Users\Bine\AppData\Local\Temp\HitmanPro.exe 2017-02-21 00:52 - 2010-03-23 14:16 - 0221315 _____ () C:\Users\Bine\AppData\Local\Temp\installservice.exe 2016-03-28 11:22 - 2016-03-28 11:22 - 0736320 _____ (Oracle Corporation) C:\Users\Bine\AppData\Local\Temp\jre-8u77-windows-au.exe 2015-09-01 13:11 - 2015-09-01 13:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Bine\AppData\Local\Temp\McCSPInstall.dll 2015-11-02 15:14 - 2015-09-01 13:11 - 0162120 _____ (McAfee Inc.) C:\Users\Bine\AppData\Local\Temp\mccspuninstall.exe 2016-11-23 22:44 - 2016-11-17 15:42 - 1135552 _____ (NVIDIA Corporation) C:\Users\Bine\AppData\Local\Temp\NvTelemetry.dll 2016-11-23 22:44 - 2017-01-06 03:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Bine\AppData\Local\Temp\NvTelemetryAPI32.dll 2016-11-23 22:44 - 2017-01-06 03:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Bine\AppData\Local\Temp\NvTelemetryAPI64.dll 2017-02-21 00:13 - 2010-09-09 13:50 - 0093802 _____ () C:\Users\Bine\AppData\Local\Temp\Profiles.exe 2015-11-24 20:51 - 2016-12-29 21:35 - 0192512 _____ () C:\Users\Bine\AppData\Local\Temp\sfamcc00001.dll 2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 _____ () C:\Users\Bine\AppData\Local\Temp\sfextra.dll 2017-04-02 18:40 - 2017-04-02 18:41 - 57547224 _____ (Skype Technologies S.A.) C:\Users\Bine\AppData\Local\Temp\SkypeSetup.exe 2015-10-16 09:54 - 2015-10-16 09:54 - 3358520 _____ (Hewlett-Packard Company ) C:\Users\Bine\AppData\Local\Temp\SP71716.exe 2017-02-21 00:13 - 2010-03-23 14:30 - 0056832 _____ () C:\Users\Bine\AppData\Local\Temp\vpnclient_setup.exe 2017-04-18 08:46 - 2014-07-17 12:23 - 6739008 _____ (Foxit Corporation) C:\Users\Bine_2\AppData\Local\Temp\FoxitUpdater.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-06-10 08:25 ==================== Ende von FRST.txt ============================ |
|
17.06.2017, 13:31
| #4 |
| | Windows 8.1: Malware Bytes findet ChinAD Und hier die Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
durchgeführt von Bine_2 (17-06-2017 14:10:21)
Gestartet von C:\Users\Bine\Downloads
Windows 8.1 (Update) (X64) (2015-10-21 22:39:59)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1742589508-3326327189-3140255072-500 - Administrator - Disabled)
Bine (S-1-5-21-1742589508-3326327189-3140255072-1001 - Limited - Enabled) => C:\Users\Bine
Bine_2 (S-1-5-21-1742589508-3326327189-3140255072-1007 - Administrator - Enabled) => C:\Users\Bine_2
Gast (S-1-5-21-1742589508-3326327189-3140255072-501 - Limited - Disabled)
SophosSAULALELU0 (S-1-5-21-1742589508-3326327189-3140255072-1014 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Sophos Anti-Virus (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)
Anki (HKLM-x32\...\Anki) (Version: - )
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
Between Me and The Night (HKLM\...\Steam App 285070) (Version: - RainDance LX)
BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM\...\Steam App 8870) (Version: - Irrational Games)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation)
Bullzip PDF Printer 10.24.0.2543 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.24.0.2543 - Bullzip)
calibre 64bit (HKLM\...\{32019BE2-E62F-48CF-B274-2521588B83D8}) (Version: 2.54.0 - Kovid Goyal)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.5.0.1 - Swiss Academic Software)
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version: - Vertigo Gaming Inc.)
Core Temp 1.0 RC9 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Deaktivierungs-Add-on für Browser von Google Analytics (HKLM\...\{9F540EA8-086E-4D53-B845-A06E6903DED6}) (Version: 0.9.6.0 - Google Inc.)
Deponia Doomsday (HKLM\...\Steam App 421050) (Version: - Daedalic Entertainment)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist (HKLM-x32\...\Steam App 409160) (Version: - Crows Crows Crows)
Dropbox (HKLM-x32\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Emily is Away (HKLM-x32\...\Steam App 417860) (Version: - Kyle Seeley)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Exif Tag Remover 2.0 (HKLM-x32\...\Exif Tag Remover_is1) (Version: - RL Vision)
Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.)
Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.3.15 - Open source)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive®)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C203E224-E4BE-4210-9D30-EB6571ACA1F9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{A38E954F-9043-42BD-9DE9-246ED183791D}) (Version: 12.5.32.203 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.46 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.21 - Intel(R) Corporation) Hidden
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Malwarebytes Anti-Exploit version 1.9.1.1403 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1403 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvin's Mittens (HKLM-x32\...\Steam App 333260) (Version: - Breakfall)
Memoria (HKLM-x32\...\Steam App 243200) (Version: - Daedalic Entertainment)
Message Quest (HKLM\...\Steam App 408280) (Version: - Royal Troupe)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7369.2130 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Move or Die (HKLM\...\Steam App 323850) (Version: - Those Awesome Guys)
Mozilla Firefox 53.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 de)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Update 23.23.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 23.23.30.0 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Opera Stable 45.0.2552.898 (HKLM-x32\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version: - Moon Studios GmbH)
Ori and the Blind Forest: Definitive Edition (HKLM\...\Steam App 387290) (Version: - Moon Studios GmbH)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
Reflections (HKLM-x32\...\Steam App 352360) (Version: - Broken Window Studios)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Sophos Anti-Virus (HKLM-x32\...\{788B9788-7F03-4A2B-8258-3445C0278C33}) (Version: 10.7.2.49 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.7.220 - Sophos Limited)
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 1.0.0.265 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.1 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{F2D2C705-91CE-4F28-9FC2-A51C29137B54}) (Version: 6.1.6.0 - Husdawg, LLC)
Tabletop Simulator (HKLM\...\Steam App 286160) (Version: - Berserk Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
The Banner Saga 2 (HKLM\...\Steam App 281640) (Version: - Stoic)
The Beginner's Guide (HKLM-x32\...\Steam App 303210) (Version: - Everything Unlimited Ltd.)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version: - Daedalic Entertainment)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
The Silent Age (HKLM-x32\...\Steam App 352520) (Version: - House On Fire)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version: - Galactic Cafe)
The Whispered World Special Edition (HKLM-x32\...\Steam App 268540) (Version: - Daedalic Entertainment)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios)
TomTom MyDrive Connect 4.1.4.3031 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.4.3031 - TomTom)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1742589508-3326327189-3140255072-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Bine\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0E113B96-B6BA-409A-BB1C-8B932A204797} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-06] (Microsoft Corporation)
Task: {22E32BF0-6034-4DC4-AE0C-A69EF72D4406} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-03] (Hewlett-Packard)
Task: {24CC58E2-7A32-4115-AAA0-5BFBAE75D777} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {292153DC-77F1-4C49-B225-24A7939093A6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {3D72558E-3D43-4291-86D1-3A6A9B2361E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {4C9DE15B-E29F-4F7C-AB9F-2DAD2ACAA735} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {5BF19F85-73FA-4F43-A760-7487EBF90C2F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-05] (Microsoft Corporation)
Task: {5E0DC481-88A7-4A79-9626-1522A9643F10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-25] (Google Inc.)
Task: {616EAEF9-E5E4-4724-9490-174380C210B4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {67553B5A-E72C-4956-9003-E31C73FEBFDC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {6A91EBF7-0D51-4274-89F2-8D15872E9412} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {6B6BC213-BC60-4CD5-8DE1-46A1D4F5ABBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {77F28D09-6153-4657-A7E3-CCC1AA27F45D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {7DE92715-915B-488C-B41B-CCF662321D1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-06] (Microsoft Corporation)
Task: {8F99EC5E-72FB-465D-8E0C-4A76FC71FC3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {95915F08-32D4-4708-9B12-0ECEE1886FD8} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-03] (Hewlett-Packard)
Task: {9B60FC4B-18C0-4AB5-829B-276A29020665} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-03] (Hewlett-Packard)
Task: {A14B0FA4-82D9-49A4-AEC8-EF65DD847A33} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Bine_2\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A7076D8C-231A-4FD4-AC3A-8862E48D9997} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {AD8E20C4-7169-45BA-8016-E583014B52C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-05] (Microsoft Corporation)
Task: {B9F2269F-0ABB-48A3-A8F5-FE66C1D19EB2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1742589508-3326327189-3140255072-1001 => C:\Users\Bine_2\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Task: {BA383543-2A3F-4375-9C03-C980EF3418B8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-12] (Dropbox, Inc.)
Task: {BE402C19-F4B4-45E5-A4DA-A07A32734816} - System32\Tasks\HPCeeScheduleForBine => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C87B9343-9127-493E-9281-03A4759E9488} - System32\Tasks\Opera scheduled Autoupdate 1446475865 => C:\Program Files (x86)\Opera\launcher.exe [2017-06-12] (Opera Software)
Task: {CBC240AE-7773-4AB2-A10E-5CE653A797E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {CE8155F0-8937-4283-B013-EAD9DF58EE55} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-12] (Dropbox, Inc.)
Task: {D9B45590-E2A4-4F35-84DB-35ADC8A6DF28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {DE76CC50-AB0B-404B-9AF2-866A0F6F830A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-06] (Microsoft Corporation)
Task: {E6B7D025-7391-426D-B661-37E978A3AFC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-25] (Google Inc.)
Task: {E6CD4BBC-912A-4EBE-8DD9-7B9C1659D206} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {EF7EFCDD-A190-4E58-A9BE-B88DE9EB3319} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {F76CCED9-67C2-479C-850B-6740DBF973E7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {FE5D39EF-1383-4A5F-B891-80721076E6FA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {FF99402E-4725-4DE1-B8CF-090FBEBDC0FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBine.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-11-23 22:44 - 2017-02-23 20:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-23 22:44 - 2017-02-23 20:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-10-31 20:23 - 2017-02-10 00:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-14 15:29 - 2016-04-14 15:29 - 00233608 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2016-04-14 15:29 - 2016-04-14 15:29 - 00140696 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2016-04-14 15:29 - 2016-04-14 15:29 - 00119344 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2016-04-14 15:29 - 2016-04-14 15:29 - 00076704 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2016-04-14 15:29 - 2016-04-14 15:29 - 00165000 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2016-04-14 15:29 - 2016-04-14 15:29 - 00148440 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2016-11-23 22:44 - 2017-01-20 20:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-23 22:44 - 2017-02-23 20:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-23 22:44 - 2017-02-23 20:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-23 22:44 - 2017-01-20 15:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-11-23 22:44 - 2017-01-20 15:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-11-23 22:44 - 2017-01-20 15:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-11-23 22:44 - 2017-01-20 15:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-11-23 22:44 - 2017-01-20 15:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-11-23 22:44 - 2017-01-20 15:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-11-23 22:44 - 2017-01-20 15:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-08 15:01 - 2017-01-20 15:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2014-09-03 12:03 - 2014-09-03 12:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\sharepoint.com -> hxxps://unibamberg.sharepoint.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bine\Downloads\skarnland_by_frankatt-d91ogk6 (1).jpg
HKU\S-1-5-21-1742589508-3326327189-3140255072-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "HP Officejet 6600 (NET)"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{0A85439C-29F0-4453-81A5-F10AFE261DCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{754C0A5E-24FD-4FFF-8D05-F08A52B10861}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7787E021-FF9F-4280-AB81-F5141EE1B111}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0ADE10F1-65EB-4B81-92F8-D260578F2D7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4594148-0C37-4397-9B02-BD0395F1B515}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2BFF083F-02A7-4992-92BB-7EF8A65ACC66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D3313493-3F10-4BDA-BEDB-9435434680CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2A13A4AC-9C73-468B-9CCE-13007B574A05}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AFF68898-0154-4BCC-8693-423CA7EA7E80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvin's Mittens\Jumpman.exe
FirewallRules: [{2987CD3E-3DF9-43D2-B7ED-D2A6E7F6164F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvin's Mittens\Jumpman.exe
FirewallRules: [{C94F582E-3376-436D-BD46-B112BC2B6200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe
FirewallRules: [{A0CBE047-06E0-425D-99C2-D0093619F3F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe
FirewallRules: [{F9E53D3D-38E5-4CD6-9088-7AC797960C90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{B62D8181-CD6B-4049-A4BB-141D317FBD69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{097F4FE2-F9E5-4337-8386-A219CCF550BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{67CEFBF6-5174-489D-A9BC-9519F18F9E9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{F6205133-9C97-4861-8B11-70C623720560}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{728C89D2-B04F-49F4-BAF4-4379F5A862D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{6E594FB4-E8C3-44BA-9EE8-9B0089C37E6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{77E1E50B-6D83-4370-A874-252B7342EF90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{A9CE1712-343B-40AC-A747-97BE54574D14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{F462141D-5703-4183-B4EB-161090E1691B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{B996FBFD-4C17-42C3-8023-60E70609872F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{F6A1EFC3-7EFF-4764-8EEA-92C16978D441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [TCP Query User{3008B0A9-9107-490C-9EF1-EEB99924F9E7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BA9F0E96-E3C2-4625-86E4-AA5B7324D839}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6FA04FAE-EB59-4115-B6D9-37FAFC2516DA}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F2CFB0ED-0A0B-4FF9-9B58-C31BA5F9ACE6}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{55B56DF0-7BDB-41D7-9B64-84F5973A9889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{BA6B412D-2986-4FCA-B33C-5B61143E9401}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{39326E4F-E05C-4DEE-8165-2EFBD1BD430C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\twwse.exe
FirewallRules: [{56FAD213-ECF4-48ED-A667-F8954F841F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\twwse.exe
FirewallRules: [{AF8660FB-27A0-4599-AE6E-E4582450CD5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\VisionaireConfigurationTool.exe
FirewallRules: [{8D800F6D-5335-43AC-87BB-7734EACBD375}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\VisionaireConfigurationTool.exe
FirewallRules: [{71896BF5-F20F-4196-A996-6410DD92F1A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe
FirewallRules: [{F8A2B8C2-D5DF-4830-9A8F-99242113985B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe
FirewallRules: [{77DC00A5-4753-4AC2-8D0E-2C4BA251E061}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{8E187E6E-42A9-429B-A19D-721A4A4B718E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{A5B99823-634A-4545-9CFE-5E1F4629BFA4}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{0C69D586-AF72-4376-8B0D-FDD1861A1D6F}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{07E17082-15FC-476E-BBEA-AE1F86FF680B}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{36451B88-3CD2-4AEF-B384-6DAC67BE2BC8}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{F95CB163-2259-4693-A340-1D0D836588E4}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A728ED5F-57F7-469C-A3AC-A096E6F54954}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{35EF2309-E73E-4F47-97DA-D0478560ED0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D9578EA-971A-411F-A118-9D2858B4D7F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F822C852-7638-42ED-8EC4-26A3DC16B9B8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1EC76916-F579-4D97-93FC-972E348296AC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{CB1A8617-23A9-48A5-BF34-88D3C85FCAC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{ADEE20DC-28FC-42FA-839D-5D49E77AF1EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{6C39532E-3F89-40C7-90A8-A60D7A621C66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{F3230D40-5A68-4805-95B7-5B5923D57C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{28786C85-79E7-4C8F-83B1-766D5FF7E29D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{1E7A28E6-0589-48A6-A199-4F6E7B5837A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{EFF129A8-D2A4-4D5E-BC27-06DCCE61B8B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{078BE467-829A-4E8D-92D7-E49F20EDB828}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF60D578-9659-4F62-9143-D665D6257740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{28BE2BCE-F5BB-4A2F-A609-D74B927BD3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{0D36B12D-C7E4-4A34-8446-BF57A30864F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{663E89A0-59EE-47CC-9F22-164E95774D6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{1E0D946F-A398-4E15-8880-7DB7E32DFE26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Silent Age\TheSilentAge.exe
FirewallRules: [{4C81C78B-1B6A-4A4B-8821-5817CC9DB4C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Silent Age\TheSilentAge.exe
FirewallRules: [{904D59C3-7596-4D34-90EA-C779F615C218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections.exe
FirewallRules: [{9F713D10-48CB-468F-BFD0-243483461EA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections.exe
FirewallRules: [{C6D82283-8B24-4014-BA9A-706EA69981D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections_DirectToRift.exe
FirewallRules: [{F1E7280D-DD55-4304-8FBF-8FCA820912DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections_DirectToRift.exe
FirewallRules: [{A9A1F441-8C27-49BA-89AF-138463AD5D08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{CAD340C1-962C-4273-8719-EEDF90BA9BC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{0B42F004-C798-4A45-B324-92B65E50E63D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Beginners Guide\beginnersguide.exe
FirewallRules: [{CE2FD8BF-48DA-4C7D-BA95-F3FE506D5E98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Beginners Guide\beginnersguide.exe
FirewallRules: [{8B87BE7B-9838-4892-A175-8AEF076C1B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{0F3EF25E-0204-4179-8567-77F3C51BA45E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{8B74166C-9FA9-4353-B832-1DA81EC6367A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{D8FD9B12-80AA-4262-A6B7-4E184BE1B7A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{91237FED-85BA-43EA-A84C-E78F5C9130D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{6472CDA6-3618-4B22-8993-A950BCEA7C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{0E553460-FC44-44CF-961E-5A7F574EA836}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{B5F658B6-E5A5-47A9-820C-48AA072002B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{734F871C-B994-4E89-8DAB-C4B86ADE95EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{92A401F4-E5FD-4052-9F1D-B28C33BEA9DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{930DA6B0-9674-48F1-989C-231E662416AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{8280618D-CBE2-486D-989A-D01118120A51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{2A917A50-905D-494B-AF65-4791806C0074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\deponia4.exe
FirewallRules: [{62D8B494-0658-4D76-BFD6-4EBA7AD7449F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\deponia4.exe
FirewallRules: [{1877BC99-BA9C-41FC-87F5-1635CC3AE096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\VisionaireConfigurationTool.exe
FirewallRules: [{4375FB80-0379-4DB6-B4F8-FB2387AA61CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\VisionaireConfigurationTool.exe
FirewallRules: [{C4B682D9-F5EC-4931-9256-D1CA9AD9D95D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{59AB3187-8CA4-4453-82FC-EC5C738E4E9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{419912A1-3A9C-463E-ACDF-2DD3DA5581F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{9FFA9A1B-111F-48B6-BA2F-64C0AE3FF281}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{CC89EAA1-CFCD-4A8D-80E1-A0840EC0D57E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{03FDA1A0-B7D9-46C3-8C00-85A2A6FD7C4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{300FDE5E-029A-4505-83E3-120F78B98667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{DC78782C-2C7D-4D0C-A750-8C940E755F25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{3DFECC3D-424D-4734-B8B0-D6D034F6A16D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{3F560055-7815-489E-BC38-5D4EA055A636}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{03A4AE59-388D-4897-8748-B06FABCE0923}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E5FEBBA5-F044-4CFF-9173-FEFEB5E9B099}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{15C72515-73C8-4C9B-A0BC-CE631B678185}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{05657337-4BA2-48A3-B576-B0A3884AF61B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{ABEE3210-D66A-4A54-A6C5-933E1D97030C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1F42357A-0C7B-4894-AE6C-18970F3C3943}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe
FirewallRules: [{C57DF365-90B7-4CF8-9F86-BAA00D94C1DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe
FirewallRules: [{0E051C72-7CA5-4FF5-8C32-71DBE11BEC88}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{A21754A3-1854-4CA6-92AC-8A6AC18E0BE5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{820BE837-D242-4D40-B947-68FB7021FECF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{1A009EAE-9AAD-46A4-8311-0019C073210D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{ABA076FE-B164-418C-AB94-F2484D52DB36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{30E70866-3297-4211-8728-6D8B919BB0C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{ADF92A03-0F98-478F-B514-42D46D71CF8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{927E4D44-E313-4C84-9304-F2268BBD8063}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3651CB60-E07E-498C-894A-C5825BD593F4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7382C300-51FE-489A-BBEF-8BCF3F73F954}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0B53A447-4615-4AF3-BF0C-BBF888278A14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{9E0E4EB1-E07F-4E90-926B-6E6B2C100FC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{5912145E-2CFB-45C3-87B9-80B8CFF8237F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{C91E546A-75C3-4C9A-BC96-CA46B6B9A80E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{7DD7ACEF-06F1-456F-9329-CCCD16D3094A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{1935CE8C-171C-4B3A-BBAB-52CA12F8AFB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{094BA965-86AD-48CF-9A94-38B68023E67D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{555DAB97-6791-4717-A7FF-0A633BDD40ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{1A1B3C1B-1FC8-4E8D-9D22-E90163C03B17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DE2DCEB6-6B20-4B09-A1ED-FB156A044B71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{6CB896C4-7D84-46EB-959B-64846E381F98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{2DFDF32B-1876-47D3-A384-B7C9533C445D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{BE85670D-B13C-4D8C-ADF7-1F7D19E0980D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MessageQuest\mq.exe
FirewallRules: [{0781A8A5-53EF-498D-8E74-7CB59A3D71D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MessageQuest\mq.exe
FirewallRules: [{08B35E78-7B21-49C1-A71D-8826D0E179F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between me and The Night\Between Me and The Night.exe
FirewallRules: [{D444EBAA-770B-460A-8F7C-1C7C4BFF0B85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between me and The Night\Between Me and The Night.exe
FirewallRules: [{E8A13532-C15B-41B5-AAAB-7428D3A39458}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BFE1A522-B88C-4FB5-A8CC-84C1A6119B5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{96941D47-6876-455B-A047-97924C142629}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{6AB3A930-2D92-4E70-B0BE-B80F3761A534}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{42E7E9A7-AE63-44D6-A7F0-A74A6EF3E50D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{11345983-F9E4-4067-B410-9B27B1F74CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{42596B2C-5FA8-4625-8674-953601C681F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{51ECA7B7-D0B2-4CB4-94F2-800E89475CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{3FE81569-999C-4132-8CE3-754D0E1AA9FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{171A23BD-5FAF-4E95-9EF4-FF0D3890585C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{68E9C562-DFBC-4C56-8E20-1BE6A70B4E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{BD301DA8-6DCE-4412-9FE1-C167869E0FCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{BC43E574-2483-45DF-A9EA-851FB8D8D410}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
FirewallRules: [{6C184B67-EAC9-4E5C-BF4C-792F124717D9}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.898\opera.exe
FirewallRules: [{24C8F3D6-A54B-4F14-8F9B-4052DB3B6973}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Wiederherstellungspunkte =========================
23-05-2017 08:35:58 Windows Update
01-06-2017 23:24:02 Geplanter Prüfpunkt
10-06-2017 16:47:20 Windows Update
14-06-2017 09:29:13 Windows Update
17-06-2017 09:59:48 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/17/2017 01:17:56 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/17/2017 12:50:49 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (06/16/2017 05:26:24 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/16/2017 05:22:59 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (06/15/2017 05:28:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OPBHOBrokerDsktop.exe, Version: 8.0.1.46, Zeitstempel: 0x55957941
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18696, Zeitstempel: 0x59153753
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f1c00
ID des fehlerhaften Prozesses: 0x22f8
Startzeit der fehlerhaften Anwendung: 0x01d2e5ebd11d3051
Pfad der fehlerhaften Anwendung: C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: 44a3a5f1-51df-11e7-8350-d0bf9c933516
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2017 05:28:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OPBHOBrokerDsktop.exe, Version: 8.0.1.46, Zeitstempel: 0x55957941
Name des fehlerhaften Moduls: OpBHO64.dll, Version: 8.0.0.1, Zeitstempel: 0x55957930
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003377a
ID des fehlerhaften Prozesses: 0x22f8
Startzeit der fehlerhaften Anwendung: 0x01d2e5ebd11d3051
Pfad der fehlerhaften Anwendung: C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
Berichtskennung: 43809bcd-51df-11e7-8350-d0bf9c933516
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2017 05:26:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OPBHOBrokerDsktop.exe, Version: 8.0.1.46, Zeitstempel: 0x55957941
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18696, Zeitstempel: 0x59153753
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f1c00
ID des fehlerhaften Prozesses: 0x1010
Startzeit der fehlerhaften Anwendung: 0x01d2e52b2acd38aa
Pfad der fehlerhaften Anwendung: C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: 0a65f27f-51df-11e7-8350-d0bf9c933516
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2017 05:26:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OPBHOBrokerDsktop.exe, Version: 8.0.1.46, Zeitstempel: 0x55957941
Name des fehlerhaften Moduls: OpBHO64.dll, Version: 8.0.0.1, Zeitstempel: 0x55957930
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003377a
ID des fehlerhaften Prozesses: 0x1010
Startzeit der fehlerhaften Anwendung: 0x01d2e52b2acd38aa
Pfad der fehlerhaften Anwendung: C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
Berichtskennung: 051a27d5-51df-11e7-8350-d0bf9c933516
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/15/2017 01:59:53 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/15/2017 12:51:29 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Systemfehler:
=============
Error: (06/17/2017 12:30:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Microsoft.BingTranslator
Error: (06/17/2017 12:30:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Microsoft.BingSports
Error: (06/17/2017 12:30:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Microsoft.WindowsReadingList
Error: (06/17/2017 12:30:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Microsoft.MicrosoftMahjong
Error: (06/17/2017 12:30:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Microsoft.BingWeather
Error: (06/17/2017 10:17:29 AM) (Source: DCOM) (EventID: 10010) (User: LaLeLu)
Description: Der Server "{BCC57CD7-DCD1-4CD3-8AF0-2982F7F5A720}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (06/15/2017 12:18:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (06/15/2017 12:18:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (06/14/2017 06:17:41 PM) (Source: DCOM) (EventID: 10010) (User: LaLeLu)
Description: Der Server "{BCC57CD7-DCD1-4CD3-8AF0-2982F7F5A720}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (06/14/2017 12:03:25 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.1.10.188
registriert werden. Der Computer mit IP-Adresse 10.1.12.224 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
CodeIntegrity:
===================================
Date: 2017-01-24 10:05:57.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 11:45:14.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 11:45:14.274
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 11:44:28.042
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:50:06.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:50:06.203
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:42:02.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:42:01.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:41:28.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 01:53:32.631
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 12210.27 MB
Verfügbarer physikalischer RAM: 8206.08 MB
Summe virtueller Speicher: 14066.27 MB
Verfügbarer virtueller Speicher: 10194.77 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:906.35 GB) (Free:600.51 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:24.14 GB) (Free:2.66 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (SCRUBSPAL_S4D4 ) (CDROM) (Total:7.78 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0FCE0AD9)
Partition: GPT.
==================== Ende von Addition.txt ============================
Brauchst du von den anderen Sachen auch neue Scans? |
|
17.06.2017, 13:46
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Malware Bytes findet ChinAD Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.06.2017, 15:24
| #6 | |
| | Windows 8.1: Malware Bytes findet ChinAD Also gefunden hat das Programm nichts aber es gibt beim Start folgende Meldung aus: Zitat:
Hier die Log-Datei: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2017.06.17.06
rootkit: v2017.05.27.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18698
Bine_2 :: LALELU [administrator]
17.06.2017 15:04:10
mbar-log-2017-06-17 (15-04-10).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 334011
Time elapsed: 1 hour(s), 7 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
17.06.2017, 22:41
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Malware Bytes findet ChinAD Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2017, 01:13
| #8 |
| | Windows 8.1: Malware Bytes findet ChinAD Ok, hier sind die Logs. Kurze Frage zur der Meldung von Anti-Rootkit: Ist das etwas, um das man sich Sorgen machen sollte? Adw-Cleaner: Code:
ATTFilter # AdwCleaner v6.047 - Bericht erstellt am 18/06/2017 um 02:02:23
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-06-16.2 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Bine_2 - LALELU
# Gestartet von : C:\Users\Bine\Desktop\AdwCleaner_6.047.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Keine schädlichen Ordner gefunden.
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Keine schädlichen Aufgaben gefunden.
***** [ Registrierungsdatenbank ] *****
Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
\AdwCleaner\AdwCleaner[S0].txt - [1181 Bytes] - [18/06/2017 02:02:23]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1252 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64
Ran by Bine_2 (Administrator) on 18.06.2017 at 2:02:45,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7E2AEA9D-3F84-4E82-ACD1-2BCC4963AB36} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7E2AEA9D-3F84-4E82-ACD1-2BCC4963AB36} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.06.2017 at 2:06:13,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
20.06.2017, 11:12
| #9 |
| | Windows 8.1: Malware Bytes findet ChinAD Lieber Cosinus, danke für deine Unterstützung bis jetzt.  Habe ich noch etwas übersehen, das fehlt für den nächsten Schritt? |
|
20.06.2017, 11:14
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Malware Bytes findet ChinAD Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2017, 11:33
| #11 |
| | Windows 8.1: Malware Bytes findet ChinAD Ok, hier sind die Logs: FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-06-2017 01
durchgeführt von Bine_2 (Administrator) auf LALELU (20-06-2017 12:23:20)
Gestartet von C:\Users\Bine\Downloads
Geladene Profile: Bine & Bine_2 (Verfügbare Profile: Bine & Bine_2)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2014-10-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-06-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-05-05] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1481256 2017-06-18] (Sophos Limited)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Spotify Web Helper] => "C:\Users\Bine\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Spotify] => "C:\Users\Bine\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1007\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [235928 2017-06-18] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [207864 2017-06-18] (Sophos Limited)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2017-02-21]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-12-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2017-02-13]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [2016-01-19]
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk [2017-06-18]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 141.13.240.33 141.13.240.2
Tcpip\..\Interfaces\{77320BAC-9ED2-49D0-94BF-EFDEC023C0D3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BACB4E71-C30B-4C4C-BBF0-9BD809C398B8}: [DhcpNameServer] 141.13.240.33 141.13.240.2
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.twitch.tv/rocketbeanstv
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-1742589508-3326327189-3140255072-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com/
HKU\S-1-5-21-1742589508-3326327189-3140255072-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1742589508-3326327189-3140255072-1001 -> {7E2AEA9D-3F84-4E82-ACD1-2BCC4963AB36} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-06] (Microsoft Corporation)
BHO: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation)
BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2016-02-18] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2017-05-30]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2017-05-05] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-12] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-05-05] (Malwarebytes Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-03] (Softex Inc.) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [229664 2017-06-18] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2017-06-18] (Sophos Limited)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [901248 2016-04-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [761696 2017-06-18] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2017-06-18] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2499872 2017-02-02] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2017-06-18] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3644368 2017-06-18] (Sophos Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7552760 2015-08-15] (Broadcom Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77440 2017-05-05] ()
S3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [199552 2017-06-18] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2017-06-18] (Sophos Limited)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated)
R2 sntp; C:\Windows\system32\DRIVERS\sntp.sys [116144 2016-04-14] (Sophos Limited)
R0 Sophos Endpoint Defense; C:\Windows\System32\DRIVERS\SophosED.sys [200760 2017-06-18] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [45840 2017-06-18] (Sophos Limited)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [47760 2017-06-18] (Sophos Limited)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)
S3 ALSysIO; \??\C:\Users\Bine_2\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-20 12:17 - 2017-06-20 12:17 - 00000000 ____D C:\Users\Bine\Downloads\FRST-OlderVersion
2017-06-18 10:08 - 2017-06-18 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-06-18 10:08 - 2017-06-18 08:29 - 00047760 _____ (Sophos Limited) C:\Windows\system32\Drivers\swi_callout.sys
2017-06-18 10:08 - 2017-06-18 08:28 - 00044304 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2017-06-18 08:30 - 2017-06-18 08:30 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2017-06-18 08:29 - 2017-06-18 08:29 - 00199552 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2017-06-18 08:28 - 2017-06-18 08:28 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2017-06-18 08:27 - 2017-06-18 08:27 - 00045840 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2017-06-18 02:06 - 2017-06-18 08:11 - 00000544 _____ C:\Users\Bine_2\Desktop\JRT.txt
2017-06-18 01:56 - 2017-06-18 02:40 - 00000000 ____D C:\AdwCleaner
2017-06-18 01:47 - 2017-06-18 01:47 - 01663672 _____ (Malwarebytes) C:\Users\Bine\Desktop\JRT.exe
2017-06-18 01:46 - 2017-06-18 01:46 - 04110280 _____ C:\Users\Bine\Desktop\AdwCleaner_6.047.exe
2017-06-17 12:09 - 2017-06-17 12:09 - 00000000 ____D C:\Users\Bine\Documents\Protokolle
2017-06-17 11:50 - 2017-06-20 12:22 - 00054119 _____ C:\Users\Bine\Downloads\Addition.txt
2017-06-17 11:48 - 2017-06-20 12:23 - 00028625 _____ C:\Users\Bine\Downloads\FRST.txt
2017-06-17 11:48 - 2017-06-20 12:23 - 00000000 ____D C:\FRST
2017-06-17 11:47 - 2017-06-20 12:17 - 02439680 _____ (Farbar) C:\Users\Bine\Downloads\FRST64.exe
2017-06-17 10:45 - 2017-06-17 12:21 - 00000000 ____D C:\Users\Bine_2\Desktop\mbar
2017-06-17 10:30 - 2017-06-17 10:31 - 04110280 _____ C:\Users\Bine_2\Downloads\adwcleaner_6.047.exe
2017-06-17 10:04 - 2017-04-21 23:53 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-06-17 10:04 - 2017-04-21 23:50 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-06-17 10:03 - 2017-04-21 23:50 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-06-17 10:03 - 2017-04-11 20:27 - 00485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-06-17 10:03 - 2017-03-15 20:15 - 00690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-06-17 10:02 - 2017-04-21 23:53 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-06-17 10:01 - 2017-04-11 20:27 - 00987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-06-17 10:01 - 2017-03-15 20:15 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-06-14 23:19 - 2017-06-14 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-14 18:27 - 2017-06-03 04:31 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-14 18:27 - 2017-06-03 04:31 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-14 00:12 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 00:12 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-14 00:11 - 2017-06-02 14:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 00:11 - 2017-06-02 14:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-14 00:11 - 2017-06-02 14:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-14 00:11 - 2017-06-02 14:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 00:11 - 2017-06-02 14:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-14 00:11 - 2017-06-02 13:30 - 03635200 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 00:11 - 2017-06-02 13:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 00:11 - 2017-06-02 12:58 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 00:11 - 2017-06-02 12:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-14 00:11 - 2017-06-02 12:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-14 00:11 - 2017-06-02 12:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-14 00:11 - 2017-06-02 12:02 - 02751488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-14 00:11 - 2017-06-02 11:43 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-14 00:11 - 2017-06-02 11:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-14 00:11 - 2017-05-15 21:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-14 00:11 - 2017-05-14 22:44 - 04170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 00:11 - 2017-05-14 22:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 00:11 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 00:11 - 2017-05-14 22:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 00:11 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 00:11 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 00:11 - 2017-05-14 21:32 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-06-14 00:11 - 2017-05-14 21:31 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-06-14 00:11 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-14 00:11 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 00:11 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-14 00:11 - 2017-05-14 21:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 00:11 - 2017-05-14 21:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 00:11 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 00:11 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 00:11 - 2017-05-14 20:48 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-06-14 00:11 - 2017-05-14 20:46 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-06-14 00:11 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-14 00:11 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-14 00:11 - 2017-05-14 20:38 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-14 00:11 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 00:11 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-14 00:11 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 00:11 - 2017-05-14 20:16 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 00:11 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-14 00:11 - 2017-05-14 20:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 00:11 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-14 00:11 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-14 00:11 - 2017-05-14 20:06 - 07441240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 00:11 - 2017-05-14 20:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 00:11 - 2017-05-14 20:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-14 00:11 - 2017-05-12 19:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 00:11 - 2017-05-12 18:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-14 00:11 - 2017-05-12 18:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 00:11 - 2017-05-12 17:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-14 00:11 - 2017-05-12 17:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-14 00:11 - 2017-05-12 17:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-14 00:11 - 2017-05-12 17:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-14 00:11 - 2017-05-12 06:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 00:11 - 2017-05-12 04:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 00:11 - 2017-05-12 04:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 00:11 - 2017-05-12 04:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 00:11 - 2017-05-12 04:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 00:11 - 2017-05-12 04:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 00:11 - 2017-05-12 04:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-06-14 00:11 - 2017-05-12 04:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 00:11 - 2017-05-12 04:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 00:11 - 2017-05-12 04:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 00:11 - 2017-05-12 01:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 00:11 - 2017-05-12 01:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 00:11 - 2017-05-10 20:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 00:11 - 2017-05-06 18:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 00:11 - 2017-05-06 18:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 00:11 - 2017-04-06 19:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-14 00:11 - 2017-04-06 19:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-06-14 00:11 - 2017-04-06 18:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 00:11 - 2017-04-06 18:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 00:11 - 2017-04-06 18:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-14 00:11 - 2017-04-06 18:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-06-14 00:11 - 2017-04-06 18:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-14 00:11 - 2017-04-06 17:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-06-14 00:11 - 2017-04-02 16:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-14 00:11 - 2017-04-02 15:40 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-06-12 13:55 - 2017-06-12 13:55 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-06-09 13:57 - 2017-06-09 13:57 - 00000000 ____D C:\Users\Bine\Desktop\chocolate-doom-2.3.0-win32
2017-06-02 09:54 - 2017-06-02 09:54 - 10120511 _____ C:\Users\Bine\Documents\Scan.pdf
2017-05-31 14:12 - 2017-05-31 14:12 - 00000000 ____D C:\Users\Bine\Documents\Ergebnisse
2017-05-30 19:07 - 2017-05-30 19:07 - 00000000 ____D C:\Users\Bine_2\AppData\Local\Downloaded Installations
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-20 12:15 - 2016-11-16 10:11 - 00000000 ____D C:\Users\Bine\AppData\LocalLow\Mozilla
2017-06-20 12:14 - 2015-10-24 16:39 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-06-20 07:14 - 2015-10-24 16:39 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-06-20 06:13 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-06-19 23:00 - 2016-10-01 12:29 - 00000000 ____D C:\Users\Bine\AppData\Roaming\TS3Client
2017-06-19 16:04 - 2017-04-25 08:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-19 16:04 - 2015-11-23 16:05 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-06-19 16:04 - 2015-11-16 00:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-19 13:50 - 2014-10-31 20:23 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-19 13:49 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-06-18 10:53 - 2015-11-02 15:20 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-06-18 10:33 - 2015-10-22 00:47 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1742589508-3326327189-3140255072-1001
2017-06-18 10:09 - 2015-11-02 15:20 - 00000000 ____D C:\ProgramData\Sophos
2017-06-18 10:07 - 2015-10-24 10:30 - 00000000 ____D C:\Users\Bine\OneDrive
2017-06-18 08:31 - 2017-02-02 17:11 - 00200760 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosED.sys
2017-06-18 08:21 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-18 08:20 - 2015-10-22 07:26 - 00000000 ____D C:\Users\Bine\Documents\Psychologie
2017-06-18 07:25 - 2015-11-01 21:53 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-18 07:06 - 2017-02-02 17:11 - 00200760 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosED_9551ad26-f321-4601-a021-edef9c4bcedd
2017-06-18 06:50 - 2015-10-22 00:41 - 00000000 ____D C:\Users\Bine\AppData\Local\Packages
2017-06-18 02:06 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-18 01:50 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-06-17 23:22 - 2016-04-10 08:36 - 00003150 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBine
2017-06-17 23:22 - 2016-03-27 10:16 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForBine.job
2017-06-17 19:45 - 2017-01-15 12:02 - 00000000 ____D C:\Users\Bine\AppData\Roaming\StardewValley
2017-06-17 19:45 - 2015-10-22 00:49 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-17 16:11 - 2016-11-03 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-17 16:11 - 2016-11-03 16:37 - 00000000 ____D C:\Users\Bine\Desktop\mbar
2017-06-17 15:03 - 2015-11-01 21:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-17 13:13 - 2014-10-31 10:33 - 00802890 _____ C:\Windows\system32\perfh007.dat
2017-06-17 13:13 - 2014-10-31 10:33 - 00175332 _____ C:\Windows\system32\perfc007.dat
2017-06-17 13:13 - 2014-03-18 11:53 - 01927320 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-17 12:35 - 2015-12-26 01:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1742589508-3326327189-3140255072-1007
2017-06-17 12:21 - 2015-12-26 01:14 - 00000000 ____D C:\Users\Bine_2\AppData\Local\NVIDIA Corporation
2017-06-17 10:45 - 2016-11-03 16:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Bine\Downloads\mbar-1.09.3.1001.exe
2017-06-17 10:17 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-06-15 18:59 - 2015-10-25 19:13 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Swiss Academic Software
2017-06-15 17:28 - 2016-01-07 01:04 - 00000000 ____D C:\Users\Bine\AppData\Local\CrashDumps
2017-06-15 08:00 - 2015-10-22 07:26 - 00000000 ____D C:\Users\Bine\Documents\Citavi 5
2017-06-15 05:10 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-06-14 23:19 - 2014-10-31 03:21 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-14 18:36 - 2015-11-02 16:51 - 00003864 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1446475865
2017-06-14 18:36 - 2015-11-02 16:51 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-06-14 18:36 - 2015-10-22 00:47 - 00000000 ____D C:\Program Files (x86)\Opera
2017-06-14 18:25 - 2016-03-14 14:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 18:25 - 2016-03-14 14:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 18:25 - 2013-08-22 16:44 - 00517664 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-14 18:18 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-06-14 12:18 - 2015-10-23 08:10 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 12:06 - 2015-10-23 08:10 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-14 10:45 - 2016-03-14 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 23:53 - 2017-04-12 21:16 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-13 23:53 - 2017-04-12 21:16 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-13 23:51 - 2017-04-12 21:16 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-12 12:35 - 2016-04-23 15:51 - 00000000 ___RD C:\Users\Bine\OneDrive for Business
2017-06-10 23:18 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing
2017-06-10 16:48 - 2016-03-14 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2017-06-06 08:43 - 2017-02-18 13:34 - 00000000 ____D C:\Users\Bine\AppData\Roaming\vlc
2017-06-04 17:49 - 2017-02-18 13:34 - 00000000 ____D C:\Users\Bine\AppData\Roaming\dvdcss
2017-05-30 22:45 - 2017-05-02 18:53 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-30 19:58 - 2015-10-25 19:13 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2017-05-30 19:58 - 2015-10-25 19:12 - 00001944 _____ C:\Users\Public\Desktop\Citavi 5.lnk
2017-05-30 19:58 - 2015-10-25 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2017-05-24 15:50 - 2015-10-22 00:40 - 00000000 ____D C:\Users\Bine
2017-05-23 10:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\spool
2017-05-23 08:44 - 2015-12-26 01:14 - 00000000 ____D C:\Users\Bine_2
2017-05-22 22:29 - 2017-05-16 23:48 - 00319886 _____ C:\Users\Bine\Documents\Dimensionen.xlsx
2017-05-22 21:10 - 2015-10-28 11:38 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Skype
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-11-15 17:38 - 2015-11-15 17:38 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-01-08 15:01 - 2017-01-19 21:06 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-08 15:01 - 2017-01-19 20:52 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Einige Dateien in TEMP:
====================
2015-10-25 12:48 - 2015-12-09 21:35 - 22299288 _____ (AVAST Software ) C:\Users\Bine\AppData\Local\Temp\avast_secureline_setup.exe
2016-01-03 01:09 - 2016-01-03 01:09 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\Bine\AppData\Local\Temp\COMAP.EXE
2017-02-21 00:52 - 2010-03-23 14:15 - 0016505 _____ () C:\Users\Bine\AppData\Local\Temp\DelayInst.exe
2015-10-28 14:04 - 2015-10-28 14:04 - 0071168 _____ () C:\Users\Bine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdjlpox.dll
2015-10-23 08:11 - 2013-06-04 11:30 - 0050432 ____R () C:\Users\Bine\AppData\Local\Temp\Extract.exe
2017-02-27 21:45 - 2014-07-17 12:23 - 6739008 _____ (Foxit Corporation) C:\Users\Bine\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
2016-11-04 10:39 - 2016-09-26 12:27 - 11579432 _____ (SurfRight B.V.) C:\Users\Bine\AppData\Local\Temp\HitmanPro.exe
2017-02-21 00:52 - 2010-03-23 14:16 - 0221315 _____ () C:\Users\Bine\AppData\Local\Temp\installservice.exe
2016-03-28 11:22 - 2016-03-28 11:22 - 0736320 _____ (Oracle Corporation) C:\Users\Bine\AppData\Local\Temp\jre-8u77-windows-au.exe
2015-09-01 13:11 - 2015-09-01 13:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Bine\AppData\Local\Temp\McCSPInstall.dll
2015-11-02 15:14 - 2015-09-01 13:11 - 0162120 _____ (McAfee Inc.) C:\Users\Bine\AppData\Local\Temp\mccspuninstall.exe
2016-11-23 22:44 - 2016-11-17 15:42 - 1135552 _____ (NVIDIA Corporation) C:\Users\Bine\AppData\Local\Temp\NvTelemetry.dll
2016-11-23 22:44 - 2017-01-06 03:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Bine\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-11-23 22:44 - 2017-01-06 03:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Bine\AppData\Local\Temp\NvTelemetryAPI64.dll
2017-02-21 00:13 - 2010-09-09 13:50 - 0093802 _____ () C:\Users\Bine\AppData\Local\Temp\Profiles.exe
2015-11-24 20:51 - 2016-12-29 21:35 - 0192512 _____ () C:\Users\Bine\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 _____ () C:\Users\Bine\AppData\Local\Temp\sfextra.dll
2017-04-02 18:40 - 2017-04-02 18:41 - 57547224 _____ (Skype Technologies S.A.) C:\Users\Bine\AppData\Local\Temp\SkypeSetup.exe
2015-10-16 09:54 - 2015-10-16 09:54 - 3358520 _____ (Hewlett-Packard Company ) C:\Users\Bine\AppData\Local\Temp\SP71716.exe
2017-02-21 00:13 - 2010-03-23 14:30 - 0056832 _____ () C:\Users\Bine\AppData\Local\Temp\vpnclient_setup.exe
2017-04-18 08:46 - 2014-07-17 12:23 - 6739008 _____ (Foxit Corporation) C:\Users\Bine_2\AppData\Local\Temp\FoxitUpdater.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-06-18 06:01
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-06-2017 01
durchgeführt von Bine_2 (20-06-2017 12:24:51)
Gestartet von C:\Users\Bine\Downloads
Windows 8.1 (Update) (X64) (2015-10-21 22:39:59)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1742589508-3326327189-3140255072-500 - Administrator - Disabled)
Bine (S-1-5-21-1742589508-3326327189-3140255072-1001 - Limited - Enabled) => C:\Users\Bine
Bine_2 (S-1-5-21-1742589508-3326327189-3140255072-1007 - Administrator - Enabled) => C:\Users\Bine_2
Gast (S-1-5-21-1742589508-3326327189-3140255072-501 - Limited - Disabled)
SophosSAULALELU0 (S-1-5-21-1742589508-3326327189-3140255072-1025 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Sophos Anti-Virus (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)
Anki (HKLM-x32\...\Anki) (Version: - )
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
Between Me and The Night (HKLM\...\Steam App 285070) (Version: - RainDance LX)
BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM\...\Steam App 8870) (Version: - Irrational Games)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation)
Bullzip PDF Printer 10.24.0.2543 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.24.0.2543 - Bullzip)
calibre 64bit (HKLM\...\{32019BE2-E62F-48CF-B274-2521588B83D8}) (Version: 2.54.0 - Kovid Goyal)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.5.0.1 - Swiss Academic Software)
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version: - Vertigo Gaming Inc.)
Core Temp 1.0 RC9 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Deaktivierungs-Add-on für Browser von Google Analytics (HKLM\...\{9F540EA8-086E-4D53-B845-A06E6903DED6}) (Version: 0.9.6.0 - Google Inc.)
Deponia Doomsday (HKLM\...\Steam App 421050) (Version: - Daedalic Entertainment)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist (HKLM-x32\...\Steam App 409160) (Version: - Crows Crows Crows)
Dropbox (HKLM-x32\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Emily is Away (HKLM-x32\...\Steam App 417860) (Version: - Kyle Seeley)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Exif Tag Remover 2.0 (HKLM-x32\...\Exif Tag Remover_is1) (Version: - RL Vision)
Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.)
Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.3.15 - Open source)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive®)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C203E224-E4BE-4210-9D30-EB6571ACA1F9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{A38E954F-9043-42BD-9DE9-246ED183791D}) (Version: 12.5.32.203 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.46 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.21 - Intel(R) Corporation) Hidden
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Malwarebytes Anti-Exploit version 1.9.1.1403 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1403 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvin's Mittens (HKLM-x32\...\Steam App 333260) (Version: - Breakfall)
Memoria (HKLM-x32\...\Steam App 243200) (Version: - Daedalic Entertainment)
Message Quest (HKLM\...\Steam App 408280) (Version: - Royal Troupe)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7369.2130 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Move or Die (HKLM\...\Steam App 323850) (Version: - Those Awesome Guys)
Mozilla Firefox 54.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 de)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Update 23.23.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 23.23.30.0 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Opera Stable 45.0.2552.898 (HKLM-x32\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version: - Moon Studios GmbH)
Ori and the Blind Forest: Definitive Edition (HKLM\...\Steam App 387290) (Version: - Moon Studios GmbH)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
Reflections (HKLM-x32\...\Steam App 352360) (Version: - Broken Window Studios)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Sophos Anti-Virus (HKLM-x32\...\{788B9788-7F03-4A2B-8258-3445C0278C33}) (Version: 10.7.2.49 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.7.220 - Sophos Limited)
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 1.0.0.265 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.1 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{F2D2C705-91CE-4F28-9FC2-A51C29137B54}) (Version: 6.1.6.0 - Husdawg, LLC)
Tabletop Simulator (HKLM\...\Steam App 286160) (Version: - Berserk Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
The Banner Saga 2 (HKLM\...\Steam App 281640) (Version: - Stoic)
The Beginner's Guide (HKLM-x32\...\Steam App 303210) (Version: - Everything Unlimited Ltd.)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version: - Daedalic Entertainment)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
The Silent Age (HKLM-x32\...\Steam App 352520) (Version: - House On Fire)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version: - Galactic Cafe)
The Whispered World Special Edition (HKLM-x32\...\Steam App 268540) (Version: - Daedalic Entertainment)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios)
TomTom MyDrive Connect 4.1.4.3031 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.4.3031 - TomTom)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1742589508-3326327189-3140255072-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Bine\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {22E32BF0-6034-4DC4-AE0C-A69EF72D4406} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-03] (Hewlett-Packard)
Task: {24CC58E2-7A32-4115-AAA0-5BFBAE75D777} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {292153DC-77F1-4C49-B225-24A7939093A6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {3D72558E-3D43-4291-86D1-3A6A9B2361E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {4C9DE15B-E29F-4F7C-AB9F-2DAD2ACAA735} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {5BF19F85-73FA-4F43-A760-7487EBF90C2F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-05] (Microsoft Corporation)
Task: {5E0DC481-88A7-4A79-9626-1522A9643F10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-25] (Google Inc.)
Task: {616EAEF9-E5E4-4724-9490-174380C210B4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {67553B5A-E72C-4956-9003-E31C73FEBFDC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {6A91EBF7-0D51-4274-89F2-8D15872E9412} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {6B6BC213-BC60-4CD5-8DE1-46A1D4F5ABBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {77F28D09-6153-4657-A7E3-CCC1AA27F45D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {7DE92715-915B-488C-B41B-CCF662321D1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-06] (Microsoft Corporation)
Task: {8F99EC5E-72FB-465D-8E0C-4A76FC71FC3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {95915F08-32D4-4708-9B12-0ECEE1886FD8} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-03] (Hewlett-Packard)
Task: {9B60FC4B-18C0-4AB5-829B-276A29020665} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-03] (Hewlett-Packard)
Task: {A14B0FA4-82D9-49A4-AEC8-EF65DD847A33} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Bine_2\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A7076D8C-231A-4FD4-AC3A-8862E48D9997} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {ABA1BE19-FF43-48B6-894A-919759799F90} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-06] (Microsoft Corporation)
Task: {AD8E20C4-7169-45BA-8016-E583014B52C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-05] (Microsoft Corporation)
Task: {B9F2269F-0ABB-48A3-A8F5-FE66C1D19EB2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1742589508-3326327189-3140255072-1001 => C:\Users\Bine_2\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Task: {BA383543-2A3F-4375-9C03-C980EF3418B8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-12] (Dropbox, Inc.)
Task: {BE402C19-F4B4-45E5-A4DA-A07A32734816} - System32\Tasks\HPCeeScheduleForBine => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C87B9343-9127-493E-9281-03A4759E9488} - System32\Tasks\Opera scheduled Autoupdate 1446475865 => C:\Program Files (x86)\Opera\launcher.exe [2017-06-12] (Opera Software)
Task: {CBC240AE-7773-4AB2-A10E-5CE653A797E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {CE8155F0-8937-4283-B013-EAD9DF58EE55} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-12] (Dropbox, Inc.)
Task: {D9B45590-E2A4-4F35-84DB-35ADC8A6DF28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {DE76CC50-AB0B-404B-9AF2-866A0F6F830A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-06] (Microsoft Corporation)
Task: {E6B7D025-7391-426D-B661-37E978A3AFC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-25] (Google Inc.)
Task: {E6CD4BBC-912A-4EBE-8DD9-7B9C1659D206} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {EF7EFCDD-A190-4E58-A9BE-B88DE9EB3319} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {F76CCED9-67C2-479C-850B-6740DBF973E7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {FE5D39EF-1383-4A5F-B891-80721076E6FA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {FF99402E-4725-4DE1-B8CF-090FBEBDC0FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBine.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-11-23 22:44 - 2017-02-23 20:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-23 22:44 - 2017-02-23 20:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-10-31 20:23 - 2017-02-10 00:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-14 15:29 - 2016-04-14 15:29 - 00233608 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2016-04-14 15:29 - 2016-04-14 15:29 - 00140696 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2016-04-14 15:29 - 2016-04-14 15:29 - 00119344 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2016-04-14 15:29 - 2016-04-14 15:29 - 00076704 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2016-04-14 15:29 - 2016-04-14 15:29 - 00165000 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2016-04-14 15:29 - 2016-04-14 15:29 - 00148440 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-09-03 12:03 - 2014-09-03 12:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-11-23 22:44 - 2017-01-20 20:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-23 22:44 - 2017-02-23 20:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-23 22:44 - 2017-02-23 20:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-23 22:44 - 2017-01-20 15:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-11-23 22:44 - 2017-01-20 15:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-11-23 22:44 - 2017-01-20 15:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-11-23 22:44 - 2017-01-20 15:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-11-23 22:44 - 2017-01-20 15:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-11-23 22:44 - 2017-01-20 15:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-11-23 22:44 - 2017-01-20 15:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-08 15:01 - 2017-01-20 15:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\sharepoint.com -> hxxps://unibamberg.sharepoint.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bine\Downloads\skarnland_by_frankatt-d91ogk6 (1).jpg
HKU\S-1-5-21-1742589508-3326327189-3140255072-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 141.13.240.33 - 141.13.240.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1742589508-3326327189-3140255072-1001\...\StartupApproved\Run: => "HP Officejet 6600 (NET)"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{0A85439C-29F0-4453-81A5-F10AFE261DCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{754C0A5E-24FD-4FFF-8D05-F08A52B10861}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7787E021-FF9F-4280-AB81-F5141EE1B111}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0ADE10F1-65EB-4B81-92F8-D260578F2D7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4594148-0C37-4397-9B02-BD0395F1B515}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2BFF083F-02A7-4992-92BB-7EF8A65ACC66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D3313493-3F10-4BDA-BEDB-9435434680CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2A13A4AC-9C73-468B-9CCE-13007B574A05}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AFF68898-0154-4BCC-8693-423CA7EA7E80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvin's Mittens\Jumpman.exe
FirewallRules: [{2987CD3E-3DF9-43D2-B7ED-D2A6E7F6164F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvin's Mittens\Jumpman.exe
FirewallRules: [{C94F582E-3376-436D-BD46-B112BC2B6200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe
FirewallRules: [{A0CBE047-06E0-425D-99C2-D0093619F3F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe
FirewallRules: [{F9E53D3D-38E5-4CD6-9088-7AC797960C90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{B62D8181-CD6B-4049-A4BB-141D317FBD69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{097F4FE2-F9E5-4337-8386-A219CCF550BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{67CEFBF6-5174-489D-A9BC-9519F18F9E9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{F6205133-9C97-4861-8B11-70C623720560}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{728C89D2-B04F-49F4-BAF4-4379F5A862D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{6E594FB4-E8C3-44BA-9EE8-9B0089C37E6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{77E1E50B-6D83-4370-A874-252B7342EF90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{A9CE1712-343B-40AC-A747-97BE54574D14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{F462141D-5703-4183-B4EB-161090E1691B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{B996FBFD-4C17-42C3-8023-60E70609872F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{F6A1EFC3-7EFF-4764-8EEA-92C16978D441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [TCP Query User{3008B0A9-9107-490C-9EF1-EEB99924F9E7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BA9F0E96-E3C2-4625-86E4-AA5B7324D839}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6FA04FAE-EB59-4115-B6D9-37FAFC2516DA}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F2CFB0ED-0A0B-4FF9-9B58-C31BA5F9ACE6}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{55B56DF0-7BDB-41D7-9B64-84F5973A9889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{BA6B412D-2986-4FCA-B33C-5B61143E9401}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{39326E4F-E05C-4DEE-8165-2EFBD1BD430C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\twwse.exe
FirewallRules: [{56FAD213-ECF4-48ED-A667-F8954F841F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\twwse.exe
FirewallRules: [{AF8660FB-27A0-4599-AE6E-E4582450CD5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\VisionaireConfigurationTool.exe
FirewallRules: [{8D800F6D-5335-43AC-87BB-7734EACBD375}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Whispered World Special Edition\VisionaireConfigurationTool.exe
FirewallRules: [{71896BF5-F20F-4196-A996-6410DD92F1A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe
FirewallRules: [{F8A2B8C2-D5DF-4830-9A8F-99242113985B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe
FirewallRules: [{77DC00A5-4753-4AC2-8D0E-2C4BA251E061}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{8E187E6E-42A9-429B-A19D-721A4A4B718E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{A5B99823-634A-4545-9CFE-5E1F4629BFA4}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{0C69D586-AF72-4376-8B0D-FDD1861A1D6F}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{07E17082-15FC-476E-BBEA-AE1F86FF680B}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{36451B88-3CD2-4AEF-B384-6DAC67BE2BC8}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{F95CB163-2259-4693-A340-1D0D836588E4}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A728ED5F-57F7-469C-A3AC-A096E6F54954}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{35EF2309-E73E-4F47-97DA-D0478560ED0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D9578EA-971A-411F-A118-9D2858B4D7F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F822C852-7638-42ED-8EC4-26A3DC16B9B8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1EC76916-F579-4D97-93FC-972E348296AC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{CB1A8617-23A9-48A5-BF34-88D3C85FCAC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{ADEE20DC-28FC-42FA-839D-5D49E77AF1EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{6C39532E-3F89-40C7-90A8-A60D7A621C66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{F3230D40-5A68-4805-95B7-5B5923D57C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{28786C85-79E7-4C8F-83B1-766D5FF7E29D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{1E7A28E6-0589-48A6-A199-4F6E7B5837A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{EFF129A8-D2A4-4D5E-BC27-06DCCE61B8B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{078BE467-829A-4E8D-92D7-E49F20EDB828}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF60D578-9659-4F62-9143-D665D6257740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{28BE2BCE-F5BB-4A2F-A609-D74B927BD3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{0D36B12D-C7E4-4A34-8446-BF57A30864F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{663E89A0-59EE-47CC-9F22-164E95774D6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{1E0D946F-A398-4E15-8880-7DB7E32DFE26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Silent Age\TheSilentAge.exe
FirewallRules: [{4C81C78B-1B6A-4A4B-8821-5817CC9DB4C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Silent Age\TheSilentAge.exe
FirewallRules: [{904D59C3-7596-4D34-90EA-C779F615C218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections.exe
FirewallRules: [{9F713D10-48CB-468F-BFD0-243483461EA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections.exe
FirewallRules: [{C6D82283-8B24-4014-BA9A-706EA69981D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections_DirectToRift.exe
FirewallRules: [{F1E7280D-DD55-4304-8FBF-8FCA820912DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reflections\Reflections_DirectToRift.exe
FirewallRules: [{A9A1F441-8C27-49BA-89AF-138463AD5D08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{CAD340C1-962C-4273-8719-EEDF90BA9BC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{0B42F004-C798-4A45-B324-92B65E50E63D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Beginners Guide\beginnersguide.exe
FirewallRules: [{CE2FD8BF-48DA-4C7D-BA95-F3FE506D5E98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Beginners Guide\beginnersguide.exe
FirewallRules: [{8B87BE7B-9838-4892-A175-8AEF076C1B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{0F3EF25E-0204-4179-8567-77F3C51BA45E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{8B74166C-9FA9-4353-B832-1DA81EC6367A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{D8FD9B12-80AA-4262-A6B7-4E184BE1B7A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{91237FED-85BA-43EA-A84C-E78F5C9130D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{6472CDA6-3618-4B22-8993-A950BCEA7C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{0E553460-FC44-44CF-961E-5A7F574EA836}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{B5F658B6-E5A5-47A9-820C-48AA072002B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{734F871C-B994-4E89-8DAB-C4B86ADE95EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{92A401F4-E5FD-4052-9F1D-B28C33BEA9DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{930DA6B0-9674-48F1-989C-231E662416AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{8280618D-CBE2-486D-989A-D01118120A51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{2A917A50-905D-494B-AF65-4791806C0074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\deponia4.exe
FirewallRules: [{62D8B494-0658-4D76-BFD6-4EBA7AD7449F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\deponia4.exe
FirewallRules: [{1877BC99-BA9C-41FC-87F5-1635CC3AE096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\VisionaireConfigurationTool.exe
FirewallRules: [{4375FB80-0379-4DB6-B4F8-FB2387AA61CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia Doomsday\VisionaireConfigurationTool.exe
FirewallRules: [{C4B682D9-F5EC-4931-9256-D1CA9AD9D95D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{59AB3187-8CA4-4453-82FC-EC5C738E4E9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{419912A1-3A9C-463E-ACDF-2DD3DA5581F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{9FFA9A1B-111F-48B6-BA2F-64C0AE3FF281}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{CC89EAA1-CFCD-4A8D-80E1-A0840EC0D57E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{03FDA1A0-B7D9-46C3-8C00-85A2A6FD7C4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{300FDE5E-029A-4505-83E3-120F78B98667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{DC78782C-2C7D-4D0C-A750-8C940E755F25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{3DFECC3D-424D-4734-B8B0-D6D034F6A16D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{3F560055-7815-489E-BC38-5D4EA055A636}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{03A4AE59-388D-4897-8748-B06FABCE0923}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E5FEBBA5-F044-4CFF-9173-FEFEB5E9B099}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{15C72515-73C8-4C9B-A0BC-CE631B678185}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{05657337-4BA2-48A3-B576-B0A3884AF61B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{ABEE3210-D66A-4A54-A6C5-933E1D97030C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1F42357A-0C7B-4894-AE6C-18970F3C3943}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe
FirewallRules: [{C57DF365-90B7-4CF8-9F86-BAA00D94C1DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe
FirewallRules: [{0E051C72-7CA5-4FF5-8C32-71DBE11BEC88}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{A21754A3-1854-4CA6-92AC-8A6AC18E0BE5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{820BE837-D242-4D40-B947-68FB7021FECF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{1A009EAE-9AAD-46A4-8311-0019C073210D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{ABA076FE-B164-418C-AB94-F2484D52DB36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{30E70866-3297-4211-8728-6D8B919BB0C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{ADF92A03-0F98-478F-B514-42D46D71CF8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{927E4D44-E313-4C84-9304-F2268BBD8063}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3651CB60-E07E-498C-894A-C5825BD593F4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7382C300-51FE-489A-BBEF-8BCF3F73F954}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0B53A447-4615-4AF3-BF0C-BBF888278A14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{9E0E4EB1-E07F-4E90-926B-6E6B2C100FC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{5912145E-2CFB-45C3-87B9-80B8CFF8237F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{C91E546A-75C3-4C9A-BC96-CA46B6B9A80E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{7DD7ACEF-06F1-456F-9329-CCCD16D3094A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{1935CE8C-171C-4B3A-BBAB-52CA12F8AFB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{094BA965-86AD-48CF-9A94-38B68023E67D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{555DAB97-6791-4717-A7FF-0A633BDD40ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{1A1B3C1B-1FC8-4E8D-9D22-E90163C03B17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DE2DCEB6-6B20-4B09-A1ED-FB156A044B71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{6CB896C4-7D84-46EB-959B-64846E381F98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{2DFDF32B-1876-47D3-A384-B7C9533C445D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{BE85670D-B13C-4D8C-ADF7-1F7D19E0980D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MessageQuest\mq.exe
FirewallRules: [{0781A8A5-53EF-498D-8E74-7CB59A3D71D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MessageQuest\mq.exe
FirewallRules: [{08B35E78-7B21-49C1-A71D-8826D0E179F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between me and The Night\Between Me and The Night.exe
FirewallRules: [{D444EBAA-770B-460A-8F7C-1C7C4BFF0B85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between me and The Night\Between Me and The Night.exe
FirewallRules: [{E8A13532-C15B-41B5-AAAB-7428D3A39458}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BFE1A522-B88C-4FB5-A8CC-84C1A6119B5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{96941D47-6876-455B-A047-97924C142629}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{6AB3A930-2D92-4E70-B0BE-B80F3761A534}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{42E7E9A7-AE63-44D6-A7F0-A74A6EF3E50D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{11345983-F9E4-4067-B410-9B27B1F74CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{42596B2C-5FA8-4625-8674-953601C681F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{51ECA7B7-D0B2-4CB4-94F2-800E89475CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{3FE81569-999C-4132-8CE3-754D0E1AA9FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{171A23BD-5FAF-4E95-9EF4-FF0D3890585C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{68E9C562-DFBC-4C56-8E20-1BE6A70B4E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{BD301DA8-6DCE-4412-9FE1-C167869E0FCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{BC43E574-2483-45DF-A9EA-851FB8D8D410}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
FirewallRules: [{6C184B67-EAC9-4E5C-BF4C-792F124717D9}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.898\opera.exe
FirewallRules: [{24C8F3D6-A54B-4F14-8F9B-4052DB3B6973}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Wiederherstellungspunkte =========================
01-06-2017 23:24:02 Geplanter Prüfpunkt
10-06-2017 16:47:20 Windows Update
14-06-2017 09:29:13 Windows Update
17-06-2017 09:59:48 Windows Update
18-06-2017 02:02:53 JRT Pre-Junkware Removal
18-06-2017 02:45:43 JRT Pre-Junkware Removal
18-06-2017 08:08:35 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/20/2017 06:06:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (06/20/2017 06:01:33 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/19/2017 06:05:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/19/2017 12:50:51 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (06/18/2017 12:50:49 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (06/18/2017 12:30:27 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/17/2017 01:17:56 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/17/2017 12:50:49 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (06/16/2017 05:26:24 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/16/2017 05:22:59 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Systemfehler:
=============
Error: (06/19/2017 08:45:41 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "DESKTOP-C7Q5G2O",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BACB4E71-C30B-4C4C-BBF0-9BD809C398B8}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (06/18/2017 10:06:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.
Error: (06/18/2017 10:06:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.
Error: (06/18/2017 10:06:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.
Error: (06/18/2017 08:17:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.
Error: (06/18/2017 08:17:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.
Error: (06/18/2017 08:17:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.
Error: (06/18/2017 08:17:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
Unzulässige Funktion.
Error: (06/18/2017 08:10:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/18/2017 08:07:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sophos Anti-Virus Statusreporter" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-01-24 10:05:57.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 11:45:14.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 11:45:14.274
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 11:44:28.042
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:50:06.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:50:06.203
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:42:02.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:42:01.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 05:41:28.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-22 01:53:32.631
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 12210.27 MB
Verfügbarer physikalischer RAM: 9429.38 MB
Summe virtueller Speicher: 14066.27 MB
Verfügbarer virtueller Speicher: 11400.75 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:906.35 GB) (Free:601.35 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:24.14 GB) (Free:2.66 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (SCRUBSPAL_S4D4 ) (CDROM) (Total:7.78 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0FCE0AD9)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
20.06.2017, 12:00
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Malware Bytes findet ChinAD FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [] => [X]
S3 ALSysIO; \??\C:\Users\Bine_2\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2017, 12:28
| #13 |
| | Windows 8.1: Malware Bytes findet ChinAD Hier der Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-06-2017 01
durchgeführt von Bine_2 (20-06-2017 13:18:10) Run:1
Gestartet von C:\Users\Bine\Downloads
Geladene Profile: Bine & Bine_2 (Verfügbare Profile: Bine & Bine_2)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
HKLM-x32\...\Run: [] => [X]
S3 ALSysIO; \??\C:\Users\Bine_2\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
emptytemp:
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\ALSysIO => Schlüssel erfolgreich entfernt
ALSysIO => Dienst erfolgreich entfernt
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6338294 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1569957901 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 288249 B
systemprofile32 => 128 B
LocalService => 4704548 B
NetworkService => 0 B
Bine => 3476228786 B
Bine_2 => 286591781 B
RecycleBin => 1530 B
EmptyTemp: => 5 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 13:20:58 ====
|
|
20.06.2017, 12:30
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Malware Bytes findet ChinAD Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: Malwarebytes Version 3 Downloade Dir bitte Malwarebytes Anti-Malware 3
2. Schritt: ESET ESET Online Scanner
3. Schritt: SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2017, 08:31
| #15 |
| | Windows 8.1: Malware Bytes findet ChinAD Hier die Logs: MBAM Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 20.06.17
Scan-Zeit: 18:11
Protokolldatei: mbam.txt
Administrator: Nein
-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.141
Version des Aktualisierungspakets: 1.0.2193
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: LALELU\Bine
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 391638
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 1
Abgelaufene Zeit: 11 Min., 26 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 1
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.4\STANDALONEPHASE1.DAT, In Quarantäne, [580], [393793],1.0.2193
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f61f9e3d8be65a4c805d3bbfb5db1d21
# end=init
# utc_time=2017-06-21 01:33:11
# local_time=2017-06-21 03:33:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 33791
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f61f9e3d8be65a4c805d3bbfb5db1d21
# end=updated
# utc_time=2017-06-21 01:36:50
# local_time=2017-06-21 03:36:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f61f9e3d8be65a4c805d3bbfb5db1d21
# engine=33791
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-06-21 06:56:47
# local_time=2017-06-21 08:56:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 261561 13791930 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 33844 46934019 0 0
# scanned=406845
# found=0
# cleaned=0
# scan_time=19197
Code:
ATTFilter Results of screen317's Security Check version 1.009 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Sophos Anti-Virus Windows Defender Malwarebytes Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Mozilla Firefox (54.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus Web Control swc_service.exe Sophos Sophos Anti-Virus Web Intelligence swi_filter.exe Sophos Sophos Anti-Virus Web Intelligence swi_service.exe Sophos Sophos Anti-Virus Web Intelligence swi_lspdiag.exe Malwarebytes Anti-Malware mbamtray.exe Sophos Sophos Network Threat Protection bin SntpService.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
| Themen zu Windows 8.1: Malware Bytes findet ChinAD |
| adw-cleaner, ahnung, allgemeine, allgemeinen, bereits, bytes, china, device driver, google analytics, heute, malware, malware bytes, nichts, node.js, office 365, pc-sicherheit, relativ, schonmal, suchlauf, treffer, troja, trojanerboard, unterstützung, weiteres, wenig, wenig ahnung, windows, windows 8.1, windowsapps, wirklich |
Linear-Darstellung
