Proxy einstellungen lassen sich nicht ändern

BryanDawg · 18.12.2017, 14:21

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
durchgeführt von fabiw (Administrator) auf DESKTOP-J2934L2 (17-12-2017 23:50:10)
Gestartet von C:\Users\fabiw\Desktop
Geladene Profile: fabiw (Verfügbare Profile: fabiw)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\wallpaperservice32_c.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\wallpaper32.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\webwallpaper32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\webwallpaper32.exe
() C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\webwallpaper32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\LeagueClient.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\LeagueClientUx.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\LeagueClientUxRender.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\LeagueClientUxRender.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-20] (Logitech Inc.)
HKLM\...\Run: [Cm106Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm106.dll,CMICtrlWnd
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1052488 2017-11-26] ()
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [5027008 2017-10-26] (Disc Soft Ltd)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [Spotify Web Helper] => C:\Users\fabiw\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-23] (Spotify Ltd)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [Spotify] => C:\Users\fabiw\AppData\Roaming\Spotify\Spotify.exe [21025392 2017-11-23] (Spotify Ltd)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2031864 2017-11-30] (Wargaming.net)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\25.102.133.409\GoogleDriveFS.exe [22659832 2017-12-10] (Google, Inc.)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\MountPoints2: {010e3a3f-cebc-11e7-a0fc-f0038c216a7a} - "E:\setup.exe" 
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\MountPoints2: {93175153-2489-11e7-a0e9-806e6f6e6963} - "D:\AUTORUN.EXE" 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{664e5d71-033e-40b2-9d9c-79f9db8c22cc}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{b1b2f734-9541-493c-be60-ebf35e976eac}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{bfc26c68-e567-4ebb-a379-57f5be2ec3a1}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3201623140-884167320-1932495159-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D111817-A2D586A4510&form=CONBDF&conlogo=CT3335800&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3201623140-884167320-1932495159-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D111817-A2D586A4510&form=CONBDF&conlogo=CT3335800&q={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-11-16] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-17] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-11-02] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-11-02] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 4mlwhubt.default
FF ProfilePath: C:\Users\fabiw\AppData\Roaming\Mozilla\Firefox\Profiles\4mlwhubt.default [2017-12-17]
FF Homepage: Mozilla\Firefox\Profiles\4mlwhubt.default -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\4mlwhubt.default -> hxxp://www.bing.com/?pc=COSP&ptag=D111817-A2D586A4510&form=CONMHP&conlogo=CT3335800
FF NetworkProxy: Mozilla\Firefox\Profiles\4mlwhubt.default -> type", 0
FF Extension: (Adblock Plus) - C:\Users\fabiw\AppData\Roaming\Mozilla\Firefox\Profiles\4mlwhubt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (Kein Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-11-02] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-17] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-11-02] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-11-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-30] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default [2017-12-15]
CHR Extension: (Docs) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-01]
CHR Extension: (Google Drive) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-04]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-04]
CHR Extension: (Local SWF Player) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmbckedabpbgjagmkgcejooabcdnone [2017-12-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3201623140-884167320-1932495159-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\fabiw\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-12-02]
CHR HKU\S-1-5-21-3201623140-884167320-1932495159-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325600 2016-11-28] (Windows (R) Win 7 DDK provider)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-12-16] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [5680320 2017-10-26] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-10-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [133376 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-12-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [728296 2017-10-24] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\\McCSPServiceHost.exe [2145496 2017-09-27] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-14] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-14] (McAfee LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [466384 2017-09-14] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1622856 2017-10-24] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-12-03] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-12-03] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-11-26] (Overwolf LTD)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (Intel Security, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945264 2017-12-05] (TeamViewer GmbH)
R2 Wallpaper Engine Service; C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\wallpaperservice32_c.exe [21504 2016-12-20] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [162048 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [119320 2016-11-14] (ASUS Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318648 2016-07-26] (Qualcomm Atheros Communications, Inc.)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [608656 2016-11-28] (Qualcomm)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77296 2017-09-15] (McAfee LLC)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2017-11-22] (Disc Soft Ltd)
R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47672 2017-11-22] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
R1 googledrivefs2220; C:\WINDOWS\System32\DRIVERS\googledrivefs2220.sys [88984 2017-11-07] (Google, Inc.)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7394296 2016-10-06] (Intel Corporation)
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45192 2017-10-20] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-20] (Logitech Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [492520 2017-09-15] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [355304 2017-09-15] (McAfee LLC)
U3 mfeavfk01; kein ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84024 2017-09-15] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [505328 2017-09-15] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [936936 2017-09-15] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [505768 2017-11-14] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108456 2017-11-14] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115184 2017-09-15] (McAfee LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252904 2017-09-15] (McAfee LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-01] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S3 USBMULCD; C:\WINDOWS\system32\drivers\CM10664.sys [4135936 2014-01-17] (C-Media Electronics Inc)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-12-17 23:50 - 2017-12-17 23:51 - 000024083 _____ C:\Users\fabiw\Desktop\FRST.txt
2017-12-17 23:50 - 2017-12-17 23:50 - 000000000 ____D C:\Users\fabiw\Desktop\FRST-OlderVersion
2017-12-17 21:49 - 2017-12-17 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-12-17 18:16 - 2017-12-17 21:56 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2017-12-17 17:50 - 2017-12-17 17:50 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\BlackSquad
2017-12-16 17:23 - 2017-12-16 17:23 - 000000222 _____ C:\Users\fabiw\Desktop\Black Squad.url
2017-12-15 22:14 - 2017-12-17 20:46 - 000001654 _____ C:\Users\fabiw\Desktop\World of Tanks (2).lnk
2017-12-15 21:53 - 2017-12-15 21:58 - 000002925 _____ C:\Users\fabiw\Downloads\Fixlog.txt
2017-12-15 21:33 - 2017-12-15 21:33 - 000174791 _____ C:\Users\fabiw\Downloads\crosshairSniper.swf
2017-12-14 20:45 - 2017-12-14 20:45 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7226847E.sys
2017-12-14 20:43 - 2017-12-14 20:43 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-12-14 19:07 - 2017-12-14 19:07 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\A41787E4.sys
2017-12-14 19:07 - 2017-12-14 19:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-14 19:06 - 2017-12-15 21:26 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-14 19:06 - 2017-12-14 22:41 - 000000000 ____D C:\Users\fabiw\Desktop\mbar
2017-12-14 19:06 - 2017-12-14 20:45 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-14 19:02 - 2017-12-14 19:03 - 014178840 _____ (Malwarebytes Corp.) C:\Users\fabiw\Desktop\mbar-1.10.3.1001.exe
2017-12-14 18:59 - 2017-12-14 18:59 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Greenshot
2017-12-14 18:59 - 2017-12-14 18:59 - 000000000 ____D C:\Users\fabiw\AppData\Local\Greenshot
2017-12-14 18:58 - 2017-12-14 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2017-12-14 18:58 - 2017-12-14 18:58 - 000000000 ____D C:\Program Files\Greenshot
2017-12-14 18:51 - 2017-12-14 18:51 - 001783200 _____ (Greenshot ) C:\Users\fabiw\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
2017-12-12 21:45 - 2017-12-13 01:37 - 000000582 _____ C:\Users\fabiw\Desktop\theHunter Call of the Wild.lnk
2017-12-12 21:45 - 2017-12-12 21:45 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Avalanche Studios
2017-12-12 21:45 - 2017-12-12 21:45 - 000000000 ____D C:\Users\fabiw\AppData\Local\CrashRpt
2017-12-12 21:44 - 2017-12-12 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\theHunter Call of the Wild
2017-12-12 21:30 - 2017-12-12 21:30 - 000000000 ____D C:\Users\fabiw\Desktop\CODEX
2017-12-12 17:05 - 2017-12-12 17:05 - 000000000 ____D C:\Users\fabiw\Desktop\theHunter
2017-12-12 16:43 - 2017-12-12 16:43 - 000000000 ____D C:\Users\fabiw\AppData\Local\Adobe
2017-12-11 14:41 - 2017-12-11 14:42 - 000045790 _____ C:\Users\fabiw\Downloads\Addition.txt
2017-12-11 14:38 - 2017-12-17 23:50 - 000000000 ____D C:\FRST
2017-12-11 14:38 - 2017-12-11 14:42 - 000174569 _____ C:\Users\fabiw\Downloads\FRST.txt
2017-12-11 14:37 - 2017-12-17 23:50 - 002392064 _____ (Farbar) C:\Users\fabiw\Desktop\FRST64.exe
2017-12-10 18:39 - 2017-12-10 18:39 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3201623140-884167320-1932495159-1001
2017-12-10 18:27 - 2017-12-10 18:27 - 000116504 _____ (iWin inc.) C:\Users\fabiw\Downloads\deal-or-no-dealSetup.exe
2017-12-10 18:27 - 2017-12-10 18:27 - 000116504 _____ (iWin inc.) C:\Users\fabiw\Downloads\deal-or-no-dealSetup(1).exe
2017-12-09 15:49 - 2017-12-09 15:49 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\Abelssoft Undeleter Vollversion - CHIP-Installer.exe
2017-12-09 15:47 - 2017-12-09 15:54 - 000000000 ____D C:\AdwCleaner
2017-12-09 15:46 - 2017-12-09 15:46 - 008172032 _____ (Malwarebytes) C:\Users\fabiw\Downloads\adwcleaner_7.0.5.0.exe
2017-12-09 13:42 - 2017-12-09 13:42 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Counter-Strike Online
2017-12-09 13:36 - 2017-12-13 16:41 - 000000000 ____D C:\Users\fabiw\AppData\Local\CSO
2017-12-09 13:36 - 2017-12-09 13:36 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Counter-Strike Nexon Zombies
2017-12-09 13:36 - 2017-12-09 13:36 - 000000000 ____D C:\ProgramData\Nexon
2017-12-09 13:35 - 2017-12-09 13:35 - 000000016 _____ C:\ProgramData\mntemp
2017-12-07 20:27 - 2017-12-07 20:27 - 000252787 _____ C:\Users\fabiw\Downloads\Reli1.odp.pptx
2017-12-07 20:27 - 2017-12-07 20:27 - 000206159 _____ C:\Users\fabiw\Downloads\Reli1(1).odp
2017-12-06 18:21 - 2017-12-06 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker FreeOffice 2016
2017-12-06 18:20 - 2017-12-06 18:22 - 000000000 ____D C:\Program Files (x86)\SoftMaker FreeOffice 2016
2017-12-06 18:20 - 2017-12-06 18:21 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\SoftMaker
2017-12-06 18:20 - 2017-12-06 18:21 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\SoftMaker
2017-12-06 18:14 - 2017-12-06 18:16 - 082255696 _____ (SoftMaker Software GmbH) C:\Users\fabiw\Downloads\freeoffice2016.exe
2017-12-06 17:06 - 2017-12-06 17:06 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\FeedbackHub
2017-12-05 19:27 - 2017-12-05 19:27 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\wmd_symbol_cache
2017-12-05 19:27 - 2017-12-05 19:27 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Project CARS
2017-12-05 19:04 - 2017-12-05 19:41 - 000000000 ____D C:\Program Files\Project CARS
2017-12-05 19:04 - 2017-12-05 19:04 - 000000601 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project CARS.lnk
2017-12-04 22:08 - 2017-12-04 22:08 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\EA Games
2017-12-04 20:49 - 2017-12-04 20:49 - 000206159 _____ C:\Users\fabiw\Downloads\Reli1.odp
2017-12-04 19:12 - 2017-12-15 22:45 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E9601D68-CCE7-4706-989E-4231D0C914FF}
2017-12-04 19:10 - 2017-12-04 19:10 - 001792817 _____ C:\Users\fabiw\Downloads\f2fff4eb-36b6-4923-8f24-baabc75ed70a.swf
2017-12-04 19:10 - 2017-12-04 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf2swf
2017-12-04 19:10 - 2017-12-04 19:10 - 000000000 ____D C:\Program Files (x86)\SWFTools
2017-12-04 19:08 - 2017-12-04 19:09 - 014122496 _____ C:\Users\fabiw\Downloads\swftools-0.9.0.exe
2017-12-04 19:07 - 2017-12-12 15:03 - 000004654 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-04 19:07 - 2017-12-04 19:07 - 001792817 _____ C:\Users\fabiw\Downloads\XVMEditor.swf
2017-12-04 19:05 - 2017-12-04 19:07 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-04 19:04 - 2017-12-04 19:05 - 060359953 _____ C:\Users\fabiw\Downloads\FlashPlayer2700187.zip
2017-12-04 18:48 - 2017-12-04 18:48 - 000000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2017-12-04 18:48 - 2017-12-04 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-04 18:48 - 2017-12-04 18:48 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-12-04 18:47 - 2017-12-04 18:47 - 000001447 _____ C:\Users\Public\Desktop\Mirror's Edge.lnk
2017-12-04 18:47 - 2017-12-04 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-12-04 18:43 - 2017-12-04 18:44 - 006654296 _____ (XVM team ) C:\Users\fabiw\Downloads\xvm-7.2.4.exe
2017-12-04 18:24 - 2017-12-04 18:24 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2017-12-04 15:55 - 2017-12-04 15:56 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Mirrors Edge Catalyst
2017-12-04 14:57 - 2017-12-04 15:55 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-12-04 14:28 - 2017-12-04 14:29 - 058818504 _____ (Skype Technologies S.A.) C:\Users\fabiw\Downloads\SkypeSetupFull.exe
2017-12-04 14:12 - 2017-12-04 14:12 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\Skype - CHIP-Installer.exe
2017-12-03 17:57 - 2017-12-04 23:33 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Origin
2017-12-03 17:57 - 2017-12-03 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-12-03 17:57 - 2017-12-03 17:57 - 000000000 ____D C:\Program Files (x86)\Origin
2017-12-03 17:50 - 2017-12-04 14:57 - 000000000 ____D C:\Users\fabiw\AppData\Local\Origin
2017-12-03 17:50 - 2017-12-03 17:50 - 000000000 ____D C:\Users\fabiw\.QtWebEngineProcess
2017-12-03 17:50 - 2017-12-03 17:50 - 000000000 ____D C:\Users\fabiw\.Origin
2017-12-03 17:42 - 2017-12-12 19:27 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\.minecraft
2017-12-03 17:38 - 2017-12-03 17:41 - 062397600 _____ (Electronic Arts) C:\Users\fabiw\Downloads\OriginThinSetup.exe
2017-12-03 17:36 - 2017-12-04 23:33 - 000000000 ____D C:\ProgramData\Origin
2017-12-03 14:18 - 2017-12-03 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirror's Edge™ Catalyst
2017-12-03 13:26 - 2017-12-03 17:43 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-12-03 13:26 - 2017-12-03 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-12-03 12:57 - 2017-12-03 12:57 - 002314240 _____ C:\Users\fabiw\Downloads\MinecraftInstaller.msi
2017-12-03 12:44 - 2017-12-03 12:44 - 001005568 _____ (Microsoft Corporation) C:\Users\fabiw\Downloads\dotNetFx45_Full_setup.exe
2017-12-03 12:33 - 2017-12-03 12:33 - 000000000 ____D C:\ProgramData\Steam
2017-12-03 12:21 - 2017-12-03 12:21 - 000000000 ____D C:\ProgramData\Curse Client
2017-12-03 12:19 - 2017-12-03 12:19 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Curse
2017-12-03 12:10 - 2017-12-03 12:10 - 000000000 ____D C:\ProgramData\Twitch
2017-12-03 11:43 - 2017-12-03 11:43 - 000000960 _____ C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2017-12-03 11:41 - 2017-12-10 20:27 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Twitch
2017-12-03 11:32 - 2017-12-03 11:32 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\Twitch Desktop App ehemals Curse Client - CHIP-Installer.exe
2017-12-03 11:21 - 2017-12-03 11:54 - 000000000 ____D C:\Users\fabiw\Desktop\ProjectCars
2017-12-01 22:32 - 2017-12-07 22:11 - 000000000 ____D C:\Users\fabiw\Desktop\Reli
2017-12-01 19:32 - 2017-12-12 19:17 - 000000000 ____D C:\Users\fabiw\AppData\LocalLow\uTorrent
2017-12-01 18:52 - 2017-12-12 14:06 - 000002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-01 18:50 - 2017-12-01 18:51 - 000000000 ____D C:\Users\fabiw\Desktop\Project CARS
2017-12-01 18:48 - 2017-12-04 16:16 - 000000000 ____D C:\Users\fabiw\Desktop\Mirrors Edge
2017-12-01 18:48 - 2017-12-01 18:48 - 001129816 _____ (Google Inc.) C:\Users\fabiw\Downloads\ChromeSetup.exe
2017-12-01 11:12 - 2017-12-01 11:14 - 000000094 ____H C:\Users\fabiw\Desktop\.~lock.reliii1)-1.odp#
2017-12-01 11:02 - 2017-12-01 11:02 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\LibreOffice
2017-12-01 10:39 - 2017-12-01 10:39 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Benutzerdefinierte Office-Vorlagen
2017-12-01 09:51 - 2017-12-01 09:51 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-11-30 18:20 - 2017-11-30 18:20 - 000000000 ____D C:\Users\fabiw\Desktop\123
2017-11-30 17:56 - 2017-12-12 14:04 - 000001191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive File Stream.lnk
2017-11-30 17:56 - 2017-11-07 15:09 - 000088984 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs2220.sys
2017-11-30 17:55 - 2017-11-30 17:55 - 000000000 ____D C:\Program Files\Google
2017-11-30 17:51 - 2017-11-30 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-11-30 17:48 - 2017-11-30 17:49 - 001064352 _____ (Google Inc.) C:\Users\fabiw\Downloads\googledrivefilestream.exe
2017-11-30 17:47 - 2017-12-04 14:27 - 000000000 ____D C:\Users\fabiw\AppData\Local\Google
2017-11-30 17:47 - 2017-12-01 18:51 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-30 17:47 - 2017-11-30 17:47 - 000003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-30 17:47 - 2017-11-30 17:47 - 000003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-30 17:46 - 2017-11-30 17:46 - 001129816 _____ (Google Inc.) C:\Users\fabiw\Downloads\installbackupandsync.exe
2017-11-30 17:43 - 2017-11-30 17:44 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.4
2017-11-30 17:41 - 2017-11-30 17:42 - 000000000 ____D C:\Program Files\LibreOffice 5
2017-11-30 17:33 - 2017-11-30 17:33 - 000003476 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2017-11-30 17:32 - 2017-11-30 17:35 - 000000000 ____D C:\Users\fabiw\Desktop\Office 2016
2017-11-30 17:13 - 2017-11-30 17:13 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Skype
2017-11-30 17:12 - 2017-11-30 17:12 - 000002543 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-11-30 17:12 - 2017-11-30 17:12 - 000002539 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-11-30 17:12 - 2017-11-30 17:12 - 000002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-11-30 17:12 - 2017-11-30 17:12 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-11-30 17:12 - 2017-11-30 17:12 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-11-30 17:12 - 2017-11-30 17:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-11-30 17:12 - 2017-11-30 17:12 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-11-30 17:12 - 2017-11-30 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-11-30 17:09 - 2017-11-30 17:09 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-11-30 16:44 - 2017-12-12 16:34 - 000000000 ____D C:\Users\fabiw\Desktop\Programme
2017-11-30 16:43 - 2017-11-30 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-11-30 16:43 - 2017-11-30 16:43 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-11-30 16:43 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2017-11-30 16:33 - 2017-11-30 16:33 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\LibreOffice 64 Bit - CHIP-Installer.exe
2017-11-30 16:13 - 2017-11-30 16:16 - 001616580 _____ C:\WINDOWS\Minidump\113017-31703-01.dmp
2017-11-30 16:13 - 2017-11-30 16:13 - 673334043 _____ C:\WINDOWS\MEMORY.DMP
2017-11-30 16:13 - 2017-11-30 16:13 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-28 21:24 - 2017-12-09 14:32 - 000000000 ____D C:\Users\fabiw\AppData\Local\ElevatedDiagnostics
2017-11-28 19:04 - 2017-11-28 19:07 - 000000000 ____D C:\Users\fabiw\Desktop\Plague Inc Evolved
2017-11-28 19:02 - 2017-11-28 19:03 - 452113252 _____ C:\Users\fabiw\Downloads\Plague Inc Evolved.rar
2017-11-28 18:35 - 2017-11-28 18:35 - 000000000 ____D C:\Users\fabiw\AppData\Local\Ndemic Creations
2017-11-28 17:48 - 2017-11-28 17:48 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
2017-11-28 17:45 - 2017-11-28 17:45 - 004227312 _____ (Wargaming.net ) C:\Users\fabiw\Downloads\WoT_internet_install_ct.exe
2017-11-27 19:16 - 2017-11-27 19:25 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Euro Truck Simulator 2
2017-11-25 18:14 - 2017-12-17 20:13 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-11-25 18:12 - 2017-12-15 22:14 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2017-11-25 18:12 - 2017-11-25 18:12 - 000001842 _____ C:\Users\fabiw\Desktop\Game Center.lnk
2017-11-25 17:54 - 2017-11-25 17:54 - 000000000 ____D C:\ProgramData\Wargaming.net
2017-11-25 17:52 - 2017-11-25 17:54 - 006375008 _____ (Wargaming.net (c) 2009-2017 ) C:\Users\fabiw\Downloads\world_of_warships_install_eu_bhcsjcmqdhtq.exe
2017-11-23 22:17 - 2017-11-23 22:24 - 000000000 ____D C:\Users\fabiw\AppData\Local\Spotify
2017-11-23 22:17 - 2017-11-23 22:17 - 000001838 _____ C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-11-23 21:57 - 2017-11-23 22:22 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Spotify
2017-11-23 21:56 - 2017-11-23 21:57 - 000723152 _____ (Spotify Ltd) C:\Users\fabiw\Downloads\SpotifySetup.exe
2017-11-23 19:12 - 2017-11-23 19:12 - 000000000 ____D C:\Users\fabiw\AppData\Local\Notepad++
2017-11-23 19:05 - 2017-11-23 19:31 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Notepad++
2017-11-23 19:05 - 2017-11-23 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-11-23 19:05 - 2017-11-23 19:05 - 000000000 ____D C:\Program Files\Notepad++
2017-11-23 19:02 - 2017-11-23 19:05 - 000000000 ____D C:\Program Files (x86)\Notepad++
2017-11-23 19:00 - 2017-11-23 19:01 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\Notepad - CHIP-Installer.exe
2017-11-23 18:52 - 2017-11-30 18:22 - 000000000 ____D C:\Wallpapers
2017-11-22 22:25 - 2017-11-22 22:25 - 000072298 _____ C:\Users\fabiw\OneDrive\Dokumente\cc_20171122_222515.reg
2017-11-22 22:20 - 2017-11-22 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-22 22:20 - 2017-11-22 22:20 - 000000000 ____D C:\Program Files\CCleaner
2017-11-22 22:19 - 2017-11-22 22:20 - 007855032 _____ (Piriform Ltd) C:\Users\fabiw\Downloads\ccsetup536_slim.exe
2017-11-22 22:13 - 2017-11-22 22:13 - 1337357287 _____ C:\Users\fabiw\Downloads\Wallpaper Engine (Wallpaper Pack).rar
2017-11-22 21:39 - 2017-12-11 20:00 - 000000000 ____D C:\Users\fabiw\Desktop\Games
2017-11-22 21:33 - 2017-11-22 22:14 - 000000000 ____D C:\Users\fabiw\Desktop\Wallpapers
2017-11-22 20:25 - 2017-11-22 20:25 - 000000000 ____D C:\Users\fabiw\Desktop\Wallpaper Engine
2017-11-22 19:31 - 2017-11-22 19:31 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Kalypso Media
2017-11-22 19:31 - 2017-11-22 19:31 - 000000000 ____D C:\Users\fabiw\AppData\LocalLow\Realmforge Studios GmbH
2017-11-22 19:31 - 2017-11-22 19:31 - 000000000 ____D C:\Users\fabiw\AppData\Local\Kalypso Media
2017-11-22 19:28 - 2017-11-22 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeons 3
2017-11-22 19:25 - 2017-11-22 19:28 - 000000000 ____D C:\Program Files (x86)\Dungeons 3
2017-11-22 19:15 - 2017-11-22 19:15 - 000047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtultrausbbus.sys
2017-11-22 19:15 - 2017-11-22 19:15 - 000030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtultrascsibus.sys
2017-11-22 19:15 - 2017-11-22 19:15 - 000000000 ____D C:\Users\fabiw\AppData\Local\Disc_Soft_Ltd
2017-11-22 19:14 - 2017-11-22 19:15 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\DAEMON Tools Ultra
2017-11-22 19:14 - 2017-11-22 19:15 - 000000000 ____D C:\Program Files\DAEMON Tools Ultra
2017-11-22 19:14 - 2017-11-22 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2017-11-22 19:14 - 2017-11-22 19:14 - 000000000 ____D C:\ProgramData\DAEMON Tools Ultra
2017-11-22 19:12 - 2017-11-22 19:13 - 029845128 _____ (Disc Soft Ltd) C:\Users\fabiw\Downloads\DAEMONToolsUltra520-0644.exe
2017-11-22 17:38 - 2017-11-22 17:38 - 000000000 ____D C:\Users\fabiw\Desktop\Dungeons 3
2017-11-18 21:34 - 2017-12-08 16:24 - 000002263 _____ C:\Users\fabiw\Desktop\WhatsApp.lnk
2017-11-18 21:34 - 2017-12-08 16:24 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-11-18 21:33 - 2017-12-17 23:49 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\WhatsApp
2017-11-18 21:33 - 2017-12-08 16:24 - 000000000 ____D C:\Users\fabiw\AppData\Local\WhatsApp
2017-11-18 21:33 - 2017-12-08 16:22 - 000000000 ____D C:\Users\fabiw\AppData\Local\SquirrelTemp
2017-11-18 21:08 - 2017-11-18 21:08 - 000000000 ____D C:\Users\fabiw\AppData\Local\Downloaded Installations
2017-11-18 21:06 - 2017-11-18 21:06 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\WhatsAppSetup68 - CHIP-Installer.exe
2017-11-18 16:04 - 2017-11-23 21:05 - 000000519 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-11-18 14:54 - 2017-11-18 14:54 - 000000270 _____ C:\WINDOWS\Cm106.ini.imi
2017-11-18 14:54 - 2017-11-18 14:54 - 000000219 _____ C:\WINDOWS\system\Cm106.ini
2017-11-18 14:54 - 2017-11-18 14:54 - 000000207 _____ C:\WINDOWS\Cm106.ini.cfl
2017-11-18 14:54 - 2017-11-18 14:54 - 000000125 _____ C:\WINDOWS\system\Dlap.pfx
2017-11-18 14:54 - 2015-10-20 10:08 - 000000599 ____N C:\WINDOWS\cm106.ini
2017-11-18 14:54 - 2015-08-20 13:34 - 000002033 ____N C:\WINDOWS\Cm106.ini.cfg
2017-11-18 14:54 - 2015-08-11 12:50 - 013463552 ____N (C-Media Corporation) C:\WINDOWS\SysWOW64\CM106.dll
2017-11-18 14:54 - 2015-05-06 17:07 - 000834560 ____N C:\WINDOWS\system32\Cmeau106.exe
2017-11-18 14:54 - 2013-10-16 09:55 - 000143360 ____N C:\WINDOWS\Vmix106.dll
2017-11-18 14:54 - 2013-05-16 15:21 - 000307200 ____N C:\WINDOWS\system\cm106eye.exe
2017-11-18 14:54 - 2012-06-04 13:15 - 004533760 ____N C:\WINDOWS\system32\CM106.cpl
2017-11-18 14:54 - 2009-08-20 00:00 - 000359424 ____N C:\WINDOWS\system32\CmiInstallResAll64.dll
2017-11-18 14:54 - 2006-10-06 13:45 - 000524768 _____ (Microsoft Corporation) C:\WINDOWS\difxapi.dll
2017-11-18 14:54 - 2006-09-13 12:08 - 000491520 ____N () C:\WINDOWS\system\cmau106.dll
2017-11-18 14:54 - 2006-09-13 09:21 - 000200704 ____N (C-Media) C:\WINDOWS\SysWOW64\cmpa106.dll
2017-11-18 14:45 - 2017-11-18 14:58 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\SpinTires MudRunner
2017-11-18 14:45 - 2017-11-18 14:45 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\SmartSteamEmu
2017-11-18 14:42 - 2017-11-18 14:42 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\WinRAR
2017-11-18 14:41 - 2017-11-18 14:41 - 000001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2017-11-18 14:41 - 2017-11-18 14:41 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-18 14:41 - 2017-11-18 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-18 14:41 - 2017-11-18 14:41 - 000000000 ____D C:\Program Files\WinRAR
2017-11-18 14:40 - 2017-11-18 14:40 - 002348288 _____ C:\Users\fabiw\Downloads\winrar-x64-550d.exe
2017-11-18 14:32 - 2017-11-18 14:33 - 000000000 ____D C:\Users\fabiw\AppData\Local\TeamViewer
2017-11-18 14:28 - 2017-12-06 16:26 - 000001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2017-11-18 14:27 - 2017-11-18 14:28 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\TeamViewer
2017-11-18 14:27 - 2017-09-18 11:53 - 000035112 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2017-11-18 14:19 - 2017-11-18 14:23 - 019201872 _____ (TeamViewer GmbH) C:\Users\fabiw\Downloads\TeamViewer_Setup.exe
2017-11-18 14:11 - 2017-12-09 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-11-18 14:11 - 2017-11-18 14:11 - 000000000 ____D C:\Users\fabiw\AppData\Local\Lavasoft
2017-11-18 14:10 - 2017-12-09 15:53 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Lavasoft
2017-11-18 14:10 - 2017-12-09 15:53 - 000000000 ____D C:\ProgramData\Lavasoft
2017-11-18 14:10 - 2017-12-09 15:53 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2017-11-18 14:09 - 2017-11-18 14:09 - 000002686 _____ C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-11-18 14:07 - 2017-12-13 23:38 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\uTorrent
2017-11-18 14:06 - 2017-11-18 14:06 - 002403520 _____ (BitTorrent Inc.) C:\Users\fabiw\Downloads\uTorrent350.exe
2017-11-18 12:24 - 2017-11-28 20:25 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-11-18 12:24 - 2017-11-18 12:24 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-11-18 12:23 - 2017-11-18 12:24 - 000000000 ____D C:\ProgramData\Overwolf
2017-11-18 12:22 - 2017-11-22 14:20 - 000000000 ____D C:\Users\fabiw\AppData\Local\Overwolf
2017-11-18 12:21 - 2017-12-17 20:46 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\TS3Client
2017-11-18 12:21 - 2017-12-15 19:02 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-11-18 12:21 - 2017-11-18 12:21 - 000000972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-11-18 12:18 - 2017-11-18 12:20 - 078071056 _____ (TeamSpeak Systems GmbH) C:\Users\fabiw\Downloads\TeamSpeak3-Client-win64-3.1.6.exe
2017-11-18 10:13 - 2017-11-25 18:12 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Wargaming.net
2017-11-18 10:06 - 2017-11-18 10:06 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\My Games
2017-11-18 10:03 - 2017-12-17 18:40 - 000000000 ____D C:\ProgramData\Logishrd
2017-11-18 10:03 - 2017-11-18 10:03 - 000000000 ____D C:\Users\fabiw\AppData\Local\Logitech
2017-11-18 09:56 - 2017-12-17 23:47 - 000000000 ____D C:\Users\fabiw\AppData\LocalLow\Mozilla
2017-11-18 09:56 - 2017-11-18 10:18 - 000000000 ____D C:\Users\fabiw\AppData\Local\Mozilla
2017-11-18 09:56 - 2017-11-18 09:56 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Mozilla
2017-11-18 09:55 - 2017-12-01 09:51 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-11-18 09:55 - 2017-11-18 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-11-18 09:53 - 2017-11-18 09:56 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2017-11-18 09:53 - 2017-11-18 09:53 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-18 09:52 - 2017-11-18 09:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-18 09:52 - 2017-11-18 09:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-18 09:52 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-11-18 09:52 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2017-11-18 09:52 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-11-18 09:52 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2017-11-18 09:52 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-11-18 09:52 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2017-11-18 09:45 - 2017-11-18 09:45 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Logitech
2017-11-18 09:45 - 2017-11-18 09:45 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Logishrd
2017-11-17 16:55 - 2017-12-16 17:23 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-17 16:46 - 2017-11-17 16:47 - 000000000 ____D C:\Users\fabiw\AppData\Local\Steam
2017-11-17 16:42 - 2017-11-18 21:52 - 000000000 ____D C:\Users\fabiw\AppData\Local\Ubisoft Game Launcher
2017-11-17 16:42 - 2017-11-17 16:42 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-11-17 16:42 - 2017-11-17 16:42 - 000000000 ____D C:\Users\fabiw\AppData\Local\DBG
2017-11-17 16:42 - 2017-11-17 16:42 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2017-11-17 16:36 - 2017-12-17 20:13 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-17 16:36 - 2017-11-17 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-12-17 19:23 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-17 19:10 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-17 18:57 - 2017-11-16 00:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-17 18:39 - 2017-11-16 00:54 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-17 18:39 - 2017-11-15 17:53 - 000000000 __SHD C:\Users\fabiw\IntelGraphicsProfiles
2017-12-17 17:56 - 2017-11-16 01:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-17 13:19 - 2017-04-19 00:37 - 000000000 ____D C:\Program Files\Microsoft Office
2017-12-15 22:14 - 2017-11-16 06:35 - 000000000 ____D C:\Games
2017-12-15 22:04 - 2017-11-16 00:57 - 000000000 ____D C:\Users\fabiw
2017-12-15 21:58 - 2017-03-18 12:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-15 21:26 - 2017-04-19 00:30 - 000000000 ____D C:\Program Files\mcafee
2017-12-15 21:26 - 2017-04-19 00:30 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-12-15 21:26 - 2017-04-19 00:30 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-12-14 16:12 - 2016-11-11 09:17 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-12 15:03 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 15:03 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-09 11:48 - 2017-11-16 00:39 - 000503024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-04 19:10 - 2017-11-15 17:54 - 000000000 ____D C:\Users\fabiw\AppData\Local\VirtualStore
2017-12-04 14:18 - 2017-11-15 17:57 - 000000000 ____D C:\Users\fabiw\AppData\Local\Comms
2017-12-04 14:17 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-03 14:18 - 2017-04-19 00:04 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-01 10:02 - 2017-11-15 17:53 - 000000000 ____D C:\Users\fabiw\AppData\Local\ConnectedDevicesPlatform
2017-12-01 09:51 - 2017-04-19 00:30 - 000000000 ____D C:\ProgramData\McAfee
2017-11-30 20:56 - 2017-11-15 17:56 - 000000200 _____ C:\Users\fabiw\AppData\Roaming\sp_data.sys
2017-11-30 17:40 - 2017-11-15 17:54 - 000000000 ____D C:\Users\fabiw\AppData\Local\Packages
2017-11-30 17:39 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-30 17:32 - 2017-11-16 01:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-11-30 17:32 - 2017-11-16 01:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
2017-11-30 17:32 - 2017-11-16 01:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-11-30 17:20 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-30 17:10 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-28 20:59 - 2017-11-16 00:32 - 000000000 ____D C:\Windows.old
2017-11-28 14:18 - 2017-11-16 01:18 - 004456680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-28 14:18 - 2017-11-15 23:40 - 000893238 _____ C:\WINDOWS\system32\perfh00C.dat
2017-11-28 14:18 - 2017-11-15 23:40 - 000213516 _____ C:\WINDOWS\system32\perfc00C.dat
2017-11-28 14:18 - 2017-11-15 23:32 - 000888778 _____ C:\WINDOWS\system32\perfh013.dat
2017-11-28 14:18 - 2017-11-15 23:32 - 000217802 _____ C:\WINDOWS\system32\perfc013.dat
2017-11-28 14:18 - 2017-03-20 05:35 - 001006760 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-28 14:18 - 2017-03-20 05:35 - 000219584 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-23 18:01 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-23 17:36 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-23 17:30 - 2017-11-15 23:14 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-11-23 17:30 - 2017-03-18 12:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Com
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\IME
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Help
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-11-23 17:29 - 2017-03-18 12:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-23 17:29 - 2017-03-18 12:40 - 000000000 ____D C:\WINDOWS\servicing
2017-11-23 17:15 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-11-23 17:14 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-11-22 22:44 - 2017-11-15 18:00 - 000000000 ___RD C:\Users\fabiw\OneDrive
2017-11-22 22:23 - 2017-11-15 21:38 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-22 17:27 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-21 19:46 - 2017-03-18 22:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-11-18 14:54 - 2017-04-19 00:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-18 14:54 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\System
2017-11-17 17:27 - 2017-11-16 09:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-17 17:21 - 2017-11-16 09:44 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-17 17:21 - 2017-11-16 09:44 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-17 16:37 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\appcompat

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-11-15 17:56 - 2017-11-30 20:56 - 000000200 _____ () C:\Users\fabiw\AppData\Roaming\sp_data.sys

Einige Dateien in TEMP:
====================
2017-12-17 15:41 - 2017-12-17 16:55 - 000000000 _____ () C:\Users\fabiw\AppData\Local\Temp\3d51890c7b88e4feeeed777176b46429.dll
2017-12-17 15:41 - 2017-12-17 15:47 - 000000075 _____ () C:\Users\fabiw\AppData\Local\Temp\c5645fa44b80fccd17c66d84cbca405b.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-11-28 20:56

==================== Ende von FRST.txt ============================

--- --- ---

cosinus · 18.12.2017, 14:32

KMSpico und das gecrackte Office ist da immer noch drauf!

Code:

ATTFilter

KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft Office Professional 2016 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 16.0.8625.2139 - Microsoft Corporation)

BryanDawg · 18.12.2017, 18:41

Was soll ich denn machen um das zu deinstallieren? habe wie gesagt alles glöscht was ich gefunden hatte.

cosinus · 19.12.2017, 11:06

Indem man die Programme über die Systemsteuerung deinstalliert!

BryanDawg · 19.12.2017, 14:34

Okay. Habe ich gemacht.

cosinus · 19.12.2017, 14:46

Du hast Office 2016 und Office 365 deinstalliert? Wenn ja dann weiter:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

BryanDawg · 19.12.2017, 15:58

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.12.19.04
  rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.726.15063.0
fabiw :: DESKTOP-J2934L2 [administrator]

19.12.2017 15:05:44
mbar-log-2017-12-19 (15-05-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 207849
Time elapsed: 42 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 19.12.2017, 15:59

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

adwCleaner v7.x

Downloade Dir bitte

AdwCleaner auf Deinen Desktop (Bebilderte Anleitung).

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Tracing Schlüssel
- Prefetch Dateien
- Proxy
- Winsock
- IE Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

BryanDawg · 19.12.2017, 16:34

Code:

ATTFilter

 

# AdwCleaner 7.0.5.0 - Logfile created on Sat Dec 09 14:54:01 2017
# Updated on 2017/29/11 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: WCAssistantService
Deleted: chip1click


***** [ Folders ] *****

Deleted: C:\ProgramData\lavasoft\web companion
Deleted: C:\ProgramData\Application Data\lavasoft\web companion
Deleted: C:\Program Files (x86)\lavasoft\web companion
Deleted: C:\Users\All Users\lavasoft\web companion
Deleted: C:\Users\fabiw\AppData\Roaming\lavasoft\web companion
Deleted: C:\Program Files (x86)\Chip Digital GmbH
Deleted: C:\Windows\\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion


***** [ Files ] *****

Deleted: C:\Users\fabiw\AppData\Roaming\Mozilla\Firefox\Profiles\4mlwhubt.default\searchplugins\bing-lavasoft.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: InstallShield® Update Service Scheduler
Deleted: Optimize Thumbnail Cache Files


***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-3201623140-884167320-1932495159-1001\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Value] - HKU\S-1-5-21-3201623140-884167320-1932495159-1001\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Value] - HKU\S-1-5-21-3201623140-884167320-1932495159-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Chip Digital GmbH\chip1click\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Chip Digital GmbH\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}\


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3777 B] - [2017/12/9 14:53:2]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

cosinus · 19.12.2017, 16:44

Code:

ATTFilter

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

Anleitung bitte richtig lesen und umsetzen. Du hast nicht alleHaken gesetzt in den Optionen.

BryanDawg · 19.12.2017, 17:01

Code:

ATTFilter

# AdwCleaner 7.0.5.0 - Logfile created on Tue Dec 19 15:55:32 2017
# Updated on 2017/29/11 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************



########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

cosinus · 19.12.2017, 20:38

so war es richtig!

Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

BryanDawg · 19.12.2017, 20:51

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
durchgeführt von fabiw (Administrator) auf DESKTOP-J2934L2 (19-12-2017 20:41:10)
Gestartet von C:\Users\fabiw\Desktop
Geladene Profile: fabiw (Verfügbare Profile: fabiw)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\wallpaperservice32_c.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe
() C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\wallpaper32.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\webwallpaper32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Windows\System\cm106eye.exe
() C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\webwallpaper32.exe
() C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\webwallpaper32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\McCSPServiceHost.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-20] (Logitech Inc.)
HKLM\...\Run: [Cm106Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm106.dll,CMICtrlWnd
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1052488 2017-11-26] ()
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [5027008 2017-10-26] (Disc Soft Ltd)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [Spotify Web Helper] => C:\Users\fabiw\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-23] (Spotify Ltd)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [Spotify] => C:\Users\fabiw\AppData\Roaming\Spotify\Spotify.exe [21025392 2017-11-23] (Spotify Ltd)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2031864 2017-11-30] (Wargaming.net)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\25.102.133.409\GoogleDriveFS.exe [22659832 2017-12-10] (Google, Inc.)
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\MountPoints2: {010e3a3f-cebc-11e7-a0fc-f0038c216a7a} - "E:\setup.exe" 
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\MountPoints2: {93175153-2489-11e7-a0e9-806e6f6e6963} - "D:\AUTORUN.EXE" 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{664e5d71-033e-40b2-9d9c-79f9db8c22cc}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{b1b2f734-9541-493c-be60-ebf35e976eac}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{bfc26c68-e567-4ebb-a379-57f5be2ec3a1}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3201623140-884167320-1932495159-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D111817-A2D586A4510&form=CONBDF&conlogo=CT3335800&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3201623140-884167320-1932495159-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D111817-A2D586A4510&form=CONBDF&conlogo=CT3335800&q={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-11-02] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-11-02] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 4mlwhubt.default
FF ProfilePath: C:\Users\fabiw\AppData\Roaming\Mozilla\Firefox\Profiles\4mlwhubt.default [2017-12-19]
FF Homepage: Mozilla\Firefox\Profiles\4mlwhubt.default -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\4mlwhubt.default -> hxxp://www.bing.com/?pc=COSP&ptag=D111817-A2D586A4510&form=CONMHP&conlogo=CT3335800
FF NetworkProxy: Mozilla\Firefox\Profiles\4mlwhubt.default -> type", 0
FF Extension: (Adblock Plus) - C:\Users\fabiw\AppData\Roaming\Mozilla\Firefox\Profiles\4mlwhubt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (Kein Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-11-02] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-11-02] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-30] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default [2017-12-19]
CHR Extension: (Docs) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-01]
CHR Extension: (Google Drive) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-04]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-04]
CHR Extension: (Local SWF Player) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmbckedabpbgjagmkgcejooabcdnone [2017-12-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\fabiw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3201623140-884167320-1932495159-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\fabiw\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-12-02]
CHR HKU\S-1-5-21-3201623140-884167320-1932495159-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325600 2016-11-28] (Windows (R) Win 7 DDK provider)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-12-16] ()
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [5680320 2017-10-26] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-10-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [133376 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-12-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [728296 2017-10-24] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\\McCSPServiceHost.exe [2145496 2017-09-27] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-14] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-14] (McAfee LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [466384 2017-09-14] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1622856 2017-10-24] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-12-03] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-12-03] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-11-26] (Overwolf LTD)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (Intel Security, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945264 2017-12-05] (TeamViewer GmbH)
R2 Wallpaper Engine Service; C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\wallpaperservice32_c.exe [21504 2016-12-20] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [162048 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [119320 2016-11-14] (ASUS Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318648 2016-07-26] (Qualcomm Atheros Communications, Inc.)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [608656 2016-11-28] (Qualcomm)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77296 2017-09-15] (McAfee LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2017-11-22] (Disc Soft Ltd)
R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47672 2017-11-22] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
R1 googledrivefs2220; C:\WINDOWS\System32\DRIVERS\googledrivefs2220.sys [88984 2017-11-07] (Google, Inc.)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7394296 2016-10-06] (Intel Corporation)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45192 2017-10-20] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-20] (Logitech Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [492520 2017-09-15] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [355304 2017-09-15] (McAfee LLC)
U3 mfeavfk01; kein ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84024 2017-09-15] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [505328 2017-09-15] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [936936 2017-09-15] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [505768 2017-11-14] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108456 2017-11-14] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115184 2017-09-15] (McAfee LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252904 2017-09-15] (McAfee LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-01] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
R3 USBMULCD; C:\WINDOWS\system32\drivers\CM10664.sys [4135936 2014-01-17] (C-Media Electronics Inc)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-12-19 20:41 - 2017-12-19 20:45 - 000022337 _____ C:\Users\fabiw\Desktop\FRST.txt
2017-12-19 20:33 - 2017-12-19 20:44 - 000000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2017-12-19 20:17 - 2017-12-19 20:17 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-12-19 20:16 - 2017-12-19 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-12-19 19:46 - 2017-12-19 19:46 - 000000000 ____D C:\Users\fabiw\AppData\Local\iwin
2017-12-19 19:45 - 2017-12-19 19:45 - 000000000 ____D C:\ProgramData\TEMP
2017-12-19 19:45 - 2017-12-19 19:45 - 000000000 ____D C:\ProgramData\iWin Games
2017-12-19 19:39 - 2017-12-19 19:39 - 000000000 ____D C:\Users\fabiw\AppData\Local\UGMgames
2017-12-19 19:38 - 2017-12-19 19:38 - 000002297 _____ C:\Users\fabiw\Desktop\iWin Games.lnk
2017-12-19 19:38 - 2017-12-19 19:38 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin Games
2017-12-19 19:37 - 2017-12-19 20:16 - 000000000 ____D C:\Users\fabiw\AppData\Local\GamesManager_iWin_ugm3
2017-12-19 19:37 - 2017-12-19 19:37 - 000000000 ____D C:\Users\fabiw\AppData\Local\GamesManager
2017-12-19 19:15 - 2017-12-19 19:15 - 000000000 ____D C:\Users\fabiw\AppData\LocalLow\Red Dot Games
2017-12-19 16:19 - 2017-12-19 19:24 - 000000000 ____D C:\Users\fabiw\Desktop\Spiele
2017-12-19 16:11 - 2017-12-19 16:16 - 008187336 _____ (Malwarebytes) C:\Users\fabiw\Desktop\adwcleaner_7.0.5.0.exe
2017-12-19 15:05 - 2017-12-19 15:05 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4671A3BE.sys
2017-12-17 17:50 - 2017-12-17 17:50 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\BlackSquad
2017-12-15 21:53 - 2017-12-15 21:58 - 000002925 _____ C:\Users\fabiw\Downloads\Fixlog.txt
2017-12-15 21:33 - 2017-12-15 21:33 - 000174791 _____ C:\Users\fabiw\Downloads\crosshairSniper.swf
2017-12-14 20:45 - 2017-12-14 20:45 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7226847E.sys
2017-12-14 19:07 - 2017-12-14 19:07 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\A41787E4.sys
2017-12-14 19:07 - 2017-12-14 19:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-14 19:06 - 2017-12-19 15:56 - 000000000 ____D C:\Users\fabiw\Desktop\mbar
2017-12-14 19:06 - 2017-12-19 15:56 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-14 19:06 - 2017-12-19 15:04 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-14 19:02 - 2017-12-14 19:03 - 014178840 _____ (Malwarebytes Corp.) C:\Users\fabiw\Desktop\mbar-1.10.3.1001.exe
2017-12-14 18:59 - 2017-12-14 18:59 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Greenshot
2017-12-14 18:59 - 2017-12-14 18:59 - 000000000 ____D C:\Users\fabiw\AppData\Local\Greenshot
2017-12-14 18:58 - 2017-12-14 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2017-12-14 18:58 - 2017-12-14 18:58 - 000000000 ____D C:\Program Files\Greenshot
2017-12-14 18:51 - 2017-12-14 18:51 - 001783200 _____ (Greenshot ) C:\Users\fabiw\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
2017-12-12 21:45 - 2017-12-12 21:45 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Avalanche Studios
2017-12-12 21:45 - 2017-12-12 21:45 - 000000000 ____D C:\Users\fabiw\AppData\Local\CrashRpt
2017-12-12 21:44 - 2017-12-12 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\theHunter Call of the Wild
2017-12-12 16:43 - 2017-12-12 16:43 - 000000000 ____D C:\Users\fabiw\AppData\Local\Adobe
2017-12-11 14:41 - 2017-12-11 14:42 - 000045790 _____ C:\Users\fabiw\Downloads\Addition.txt
2017-12-11 14:38 - 2017-12-19 20:41 - 000000000 ____D C:\FRST
2017-12-11 14:38 - 2017-12-11 14:42 - 000174569 _____ C:\Users\fabiw\Downloads\FRST.txt
2017-12-11 14:37 - 2017-12-17 23:50 - 002392064 _____ (Farbar) C:\Users\fabiw\Desktop\FRST64.exe
2017-12-10 18:39 - 2017-12-10 18:39 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3201623140-884167320-1932495159-1001
2017-12-10 18:27 - 2017-12-10 18:27 - 000116504 _____ (iWin inc.) C:\Users\fabiw\Downloads\deal-or-no-dealSetup.exe
2017-12-10 18:27 - 2017-12-10 18:27 - 000116504 _____ (iWin inc.) C:\Users\fabiw\Downloads\deal-or-no-dealSetup(1).exe
2017-12-09 15:49 - 2017-12-09 15:49 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\Abelssoft Undeleter Vollversion - CHIP-Installer.exe
2017-12-09 15:47 - 2017-12-19 16:55 - 000000000 ____D C:\AdwCleaner
2017-12-09 15:46 - 2017-12-09 15:46 - 008172032 _____ (Malwarebytes) C:\Users\fabiw\Downloads\adwcleaner_7.0.5.0.exe
2017-12-09 13:42 - 2017-12-09 13:42 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Counter-Strike Online
2017-12-09 13:36 - 2017-12-19 17:16 - 000000000 ____D C:\Users\fabiw\AppData\Local\CSO
2017-12-09 13:36 - 2017-12-09 13:36 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Counter-Strike Nexon Zombies
2017-12-09 13:36 - 2017-12-09 13:36 - 000000000 ____D C:\ProgramData\Nexon
2017-12-09 13:35 - 2017-12-09 13:35 - 000000016 _____ C:\ProgramData\mntemp
2017-12-07 20:27 - 2017-12-07 20:27 - 000252787 _____ C:\Users\fabiw\Downloads\Reli1.odp.pptx
2017-12-07 20:27 - 2017-12-07 20:27 - 000206159 _____ C:\Users\fabiw\Downloads\Reli1(1).odp
2017-12-06 18:21 - 2017-12-06 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker FreeOffice 2016
2017-12-06 18:20 - 2017-12-06 18:22 - 000000000 ____D C:\Program Files (x86)\SoftMaker FreeOffice 2016
2017-12-06 18:20 - 2017-12-06 18:21 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\SoftMaker
2017-12-06 18:20 - 2017-12-06 18:21 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\SoftMaker
2017-12-06 18:14 - 2017-12-06 18:16 - 082255696 _____ (SoftMaker Software GmbH) C:\Users\fabiw\Downloads\freeoffice2016.exe
2017-12-06 17:06 - 2017-12-06 17:06 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\FeedbackHub
2017-12-05 19:27 - 2017-12-05 19:27 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\wmd_symbol_cache
2017-12-05 19:27 - 2017-12-05 19:27 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Project CARS
2017-12-05 19:04 - 2017-12-05 19:41 - 000000000 ____D C:\Program Files\Project CARS
2017-12-05 19:04 - 2017-12-05 19:04 - 000000601 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project CARS.lnk
2017-12-04 22:08 - 2017-12-04 22:08 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\EA Games
2017-12-04 20:49 - 2017-12-04 20:49 - 000206159 _____ C:\Users\fabiw\Downloads\Reli1.odp
2017-12-04 19:12 - 2017-12-19 14:16 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E9601D68-CCE7-4706-989E-4231D0C914FF}
2017-12-04 19:10 - 2017-12-04 19:10 - 001792817 _____ C:\Users\fabiw\Downloads\f2fff4eb-36b6-4923-8f24-baabc75ed70a.swf
2017-12-04 19:10 - 2017-12-04 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf2swf
2017-12-04 19:10 - 2017-12-04 19:10 - 000000000 ____D C:\Program Files (x86)\SWFTools
2017-12-04 19:08 - 2017-12-04 19:09 - 014122496 _____ C:\Users\fabiw\Downloads\swftools-0.9.0.exe
2017-12-04 19:07 - 2017-12-12 15:03 - 000004654 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-04 19:07 - 2017-12-04 19:07 - 001792817 _____ C:\Users\fabiw\Downloads\XVMEditor.swf
2017-12-04 19:05 - 2017-12-04 19:07 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-04 19:04 - 2017-12-04 19:05 - 060359953 _____ C:\Users\fabiw\Downloads\FlashPlayer2700187.zip
2017-12-04 18:48 - 2017-12-04 18:48 - 000000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2017-12-04 18:48 - 2017-12-04 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-04 18:48 - 2017-12-04 18:48 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-12-04 18:47 - 2017-12-04 18:47 - 000001447 _____ C:\Users\Public\Desktop\Mirror's Edge.lnk
2017-12-04 18:47 - 2017-12-04 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-12-04 18:43 - 2017-12-04 18:44 - 006654296 _____ (XVM team ) C:\Users\fabiw\Downloads\xvm-7.2.4.exe
2017-12-04 18:24 - 2017-12-04 18:24 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2017-12-04 15:55 - 2017-12-04 15:56 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Mirrors Edge Catalyst
2017-12-04 14:57 - 2017-12-04 15:55 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-12-04 14:28 - 2017-12-04 14:29 - 058818504 _____ (Skype Technologies S.A.) C:\Users\fabiw\Downloads\SkypeSetupFull.exe
2017-12-04 14:12 - 2017-12-04 14:12 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\Skype - CHIP-Installer.exe
2017-12-03 23:50 - 2017-12-03 23:50 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 17:57 - 2017-12-04 23:33 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Origin
2017-12-03 17:57 - 2017-12-03 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-12-03 17:57 - 2017-12-03 17:57 - 000000000 ____D C:\Program Files (x86)\Origin
2017-12-03 17:50 - 2017-12-04 14:57 - 000000000 ____D C:\Users\fabiw\AppData\Local\Origin
2017-12-03 17:50 - 2017-12-03 17:50 - 000000000 ____D C:\Users\fabiw\.QtWebEngineProcess
2017-12-03 17:50 - 2017-12-03 17:50 - 000000000 ____D C:\Users\fabiw\.Origin
2017-12-03 17:42 - 2017-12-19 18:54 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\.minecraft
2017-12-03 17:38 - 2017-12-03 17:41 - 062397600 _____ (Electronic Arts) C:\Users\fabiw\Downloads\OriginThinSetup.exe
2017-12-03 17:36 - 2017-12-04 23:33 - 000000000 ____D C:\ProgramData\Origin
2017-12-03 14:18 - 2017-12-03 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirror's Edge™ Catalyst
2017-12-03 13:26 - 2017-12-03 17:43 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-12-03 13:26 - 2017-12-03 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-12-03 12:57 - 2017-12-03 12:57 - 002314240 _____ C:\Users\fabiw\Downloads\MinecraftInstaller.msi
2017-12-03 12:44 - 2017-12-03 12:44 - 001005568 _____ (Microsoft Corporation) C:\Users\fabiw\Downloads\dotNetFx45_Full_setup.exe
2017-12-03 12:33 - 2017-12-03 12:33 - 000000000 ____D C:\ProgramData\Steam
2017-12-03 12:21 - 2017-12-03 12:21 - 000000000 ____D C:\ProgramData\Curse Client
2017-12-03 12:19 - 2017-12-03 12:19 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Curse
2017-12-03 12:10 - 2017-12-03 12:10 - 000000000 ____D C:\ProgramData\Twitch
2017-12-03 11:43 - 2017-12-03 11:43 - 000000960 _____ C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2017-12-03 11:41 - 2017-12-10 20:27 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Twitch
2017-12-03 11:32 - 2017-12-03 11:32 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\Twitch Desktop App ehemals Curse Client - CHIP-Installer.exe
2017-12-01 22:32 - 2017-12-07 22:11 - 000000000 ____D C:\Users\fabiw\Desktop\Reli
2017-12-01 19:32 - 2017-12-12 19:17 - 000000000 ____D C:\Users\fabiw\AppData\LocalLow\uTorrent
2017-12-01 18:52 - 2017-12-12 14:06 - 000002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-01 18:48 - 2017-12-01 18:48 - 001129816 _____ (Google Inc.) C:\Users\fabiw\Downloads\ChromeSetup.exe
2017-12-01 11:12 - 2017-12-01 11:14 - 000000094 ____H C:\Users\fabiw\Desktop\.~lock.reliii1)-1.odp#
2017-12-01 11:02 - 2017-12-01 11:02 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\LibreOffice
2017-12-01 10:39 - 2017-12-01 10:39 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Benutzerdefinierte Office-Vorlagen
2017-12-01 09:51 - 2017-12-01 09:51 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-11-30 17:56 - 2017-12-12 14:04 - 000001191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive File Stream.lnk
2017-11-30 17:56 - 2017-11-07 15:09 - 000088984 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs2220.sys
2017-11-30 17:55 - 2017-11-30 17:55 - 000000000 ____D C:\Program Files\Google
2017-11-30 17:51 - 2017-11-30 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-11-30 17:48 - 2017-11-30 17:49 - 001064352 _____ (Google Inc.) C:\Users\fabiw\Downloads\googledrivefilestream.exe
2017-11-30 17:47 - 2017-12-04 14:27 - 000000000 ____D C:\Users\fabiw\AppData\Local\Google
2017-11-30 17:47 - 2017-12-01 18:51 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-30 17:47 - 2017-11-30 17:47 - 000003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-30 17:47 - 2017-11-30 17:47 - 000003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-30 17:46 - 2017-11-30 17:46 - 001129816 _____ (Google Inc.) C:\Users\fabiw\Downloads\installbackupandsync.exe
2017-11-30 17:43 - 2017-11-30 17:44 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.4
2017-11-30 17:41 - 2017-11-30 17:42 - 000000000 ____D C:\Program Files\LibreOffice 5
2017-11-30 17:13 - 2017-11-30 17:13 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Skype
2017-11-30 16:44 - 2017-12-19 19:25 - 000000000 ____D C:\Users\fabiw\Desktop\Programme
2017-11-30 16:43 - 2017-11-30 16:43 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-11-30 16:43 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2017-11-30 16:33 - 2017-11-30 16:33 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\LibreOffice 64 Bit - CHIP-Installer.exe
2017-11-30 16:13 - 2017-12-19 20:18 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-28 21:24 - 2017-12-09 14:32 - 000000000 ____D C:\Users\fabiw\AppData\Local\ElevatedDiagnostics
2017-11-28 19:02 - 2017-11-28 19:03 - 452113252 _____ C:\Users\fabiw\Downloads\Plague Inc Evolved.rar
2017-11-28 18:35 - 2017-11-28 18:35 - 000000000 ____D C:\Users\fabiw\AppData\Local\Ndemic Creations
2017-11-28 17:48 - 2017-11-28 17:48 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
2017-11-28 17:45 - 2017-11-28 17:45 - 004227312 _____ (Wargaming.net ) C:\Users\fabiw\Downloads\WoT_internet_install_ct.exe
2017-11-27 19:16 - 2017-11-27 19:25 - 000000000 ____D C:\Users\fabiw\OneDrive\Dokumente\Euro Truck Simulator 2
2017-11-25 18:14 - 2017-12-18 14:55 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-11-25 18:12 - 2017-12-15 22:14 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2017-11-25 18:12 - 2017-11-25 18:12 - 000001842 _____ C:\Users\fabiw\Desktop\Game Center.lnk
2017-11-25 17:54 - 2017-11-25 17:54 - 000000000 ____D C:\ProgramData\Wargaming.net
2017-11-25 17:52 - 2017-11-25 17:54 - 006375008 _____ (Wargaming.net (c) 2009-2017 ) C:\Users\fabiw\Downloads\world_of_warships_install_eu_bhcsjcmqdhtq.exe
2017-11-23 22:17 - 2017-11-23 22:24 - 000000000 ____D C:\Users\fabiw\AppData\Local\Spotify
2017-11-23 22:17 - 2017-11-23 22:17 - 000001838 _____ C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-11-23 21:57 - 2017-11-23 22:22 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Spotify
2017-11-23 21:56 - 2017-11-23 21:57 - 000723152 _____ (Spotify Ltd) C:\Users\fabiw\Downloads\SpotifySetup.exe
2017-11-23 19:12 - 2017-11-23 19:12 - 000000000 ____D C:\Users\fabiw\AppData\Local\Notepad++
2017-11-23 19:05 - 2017-11-23 19:31 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Notepad++
2017-11-23 19:05 - 2017-11-23 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-11-23 19:05 - 2017-11-23 19:05 - 000000000 ____D C:\Program Files\Notepad++
2017-11-23 19:02 - 2017-11-23 19:05 - 000000000 ____D C:\Program Files (x86)\Notepad++
2017-11-23 19:00 - 2017-11-23 19:01 - 001533960 _____ (CHIP Digital GmbH) C:\Users\fabiw\Downloads\Notepad - CHIP-Installer.exe
2017-11-23 18:52 - 2017-11-30 18:22 - 000000000 ____D C:\Wallpapers
2017-11-22 22:25 - 2017-11-22 22:25 - 000072298 _____ C:\Users\fabiw\OneDrive\Dokumente\cc_20171122_222515.reg
2017-11-22 22:20 - 2017-11-22 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-22 22:20 - 2017-11-22 22:20 - 000000000 ____D C:\Program Files\CCleaner
2017-11-22 22:19 - 2017-11-22 22:20 - 007855032 _____ (Piriform Ltd) C:\Users\fabiw\Downloads\ccsetup536_slim.exe
2017-11-22 22:13 - 2017-11-22 22:13 - 1337357287 _____ C:\Users\fabiw\Downloads\Wallpaper Engine (Wallpaper Pack).rar
2017-11-22 21:39 - 2017-12-19 20:12 - 000000000 ____D C:\Users\fabiw\Desktop\Games
2017-11-22 21:33 - 2017-11-22 22:14 - 000000000 ____D C:\Users\fabiw\Desktop\Wallpapers
2017-11-22 20:25 - 2017-11-22 20:25 - 000000000 ____D C:\Users\fabiw\Desktop\Wallpaper Engine
2017-11-22 19:31 - 2017-11-22 19:31 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Kalypso Media
2017-11-22 19:31 - 2017-11-22 19:31 - 000000000 ____D C:\Users\fabiw\AppData\LocalLow\Realmforge Studios GmbH
2017-11-22 19:31 - 2017-11-22 19:31 - 000000000 ____D C:\Users\fabiw\AppData\Local\Kalypso Media
2017-11-22 19:28 - 2017-11-22 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeons 3
2017-11-22 19:25 - 2017-11-22 19:28 - 000000000 ____D C:\Program Files (x86)\Dungeons 3
2017-11-22 19:15 - 2017-11-22 19:15 - 000047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtultrausbbus.sys
2017-11-22 19:15 - 2017-11-22 19:15 - 000030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtultrascsibus.sys
2017-11-22 19:15 - 2017-11-22 19:15 - 000000000 ____D C:\Users\fabiw\AppData\Local\Disc_Soft_Ltd
2017-11-22 19:14 - 2017-11-22 19:15 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\DAEMON Tools Ultra
2017-11-22 19:14 - 2017-11-22 19:15 - 000000000 ____D C:\Program Files\DAEMON Tools Ultra
2017-11-22 19:14 - 2017-11-22 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2017-11-22 19:14 - 2017-11-22 19:14 - 000000000 ____D C:\ProgramData\DAEMON Tools Ultra
2017-11-22 19:12 - 2017-11-22 19:13 - 029845128 _____ (Disc Soft Ltd) C:\Users\fabiw\Downloads\DAEMONToolsUltra520-0644.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-12-19 20:19 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-19 20:16 - 2017-11-16 06:35 - 000000000 ____D C:\Games
2017-12-19 19:15 - 2017-11-17 16:36 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-19 18:19 - 2017-11-16 00:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-19 18:10 - 2017-11-17 16:55 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-19 18:05 - 2017-11-18 09:56 - 000000000 ____D C:\Users\fabiw\AppData\LocalLow\Mozilla
2017-12-19 17:07 - 2017-11-16 00:57 - 000000000 ____D C:\Users\fabiw
2017-12-19 16:57 - 2017-11-16 00:54 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-19 16:57 - 2017-11-15 17:53 - 000000000 __SHD C:\Users\fabiw\IntelGraphicsProfiles
2017-12-19 16:56 - 2017-11-16 01:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-19 16:56 - 2017-03-18 12:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-19 14:41 - 2017-04-19 00:37 - 000000000 ____D C:\Program Files\Microsoft Office
2017-12-19 14:39 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 14:39 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-19 14:11 - 2017-11-18 10:03 - 000000000 ____D C:\ProgramData\Logishrd
2017-12-19 14:09 - 2017-11-16 00:39 - 000502928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-18 20:30 - 2017-11-18 12:21 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\TS3Client
2017-12-18 18:49 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-18 18:48 - 2017-11-15 17:54 - 000000000 ____D C:\Users\fabiw\AppData\Local\Packages
2017-12-18 18:48 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-17 23:49 - 2017-11-18 21:33 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\WhatsApp
2017-12-17 19:10 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-15 21:26 - 2017-04-19 00:30 - 000000000 ____D C:\Program Files\mcafee
2017-12-15 21:26 - 2017-04-19 00:30 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-12-15 21:26 - 2017-04-19 00:30 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-12-15 19:02 - 2017-11-18 12:21 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-12-14 16:12 - 2016-11-11 09:17 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-13 23:38 - 2017-11-18 14:07 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\uTorrent
2017-12-12 15:03 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 15:03 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-09 15:53 - 2017-11-18 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-12-09 15:53 - 2017-11-18 14:10 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Lavasoft
2017-12-09 15:53 - 2017-11-18 14:10 - 000000000 ____D C:\ProgramData\Lavasoft
2017-12-09 15:53 - 2017-11-18 14:10 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2017-12-08 16:24 - 2017-11-18 21:34 - 000002263 _____ C:\Users\fabiw\Desktop\WhatsApp.lnk
2017-12-08 16:24 - 2017-11-18 21:34 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-12-08 16:24 - 2017-11-18 21:33 - 000000000 ____D C:\Users\fabiw\AppData\Local\WhatsApp
2017-12-08 16:22 - 2017-11-18 21:33 - 000000000 ____D C:\Users\fabiw\AppData\Local\SquirrelTemp
2017-12-06 16:26 - 2017-11-18 14:28 - 000001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2017-12-04 19:10 - 2017-11-15 17:54 - 000000000 ____D C:\Users\fabiw\AppData\Local\VirtualStore
2017-12-04 14:18 - 2017-11-15 17:57 - 000000000 ____D C:\Users\fabiw\AppData\Local\Comms
2017-12-03 14:18 - 2017-04-19 00:04 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-01 10:02 - 2017-11-15 17:53 - 000000000 ____D C:\Users\fabiw\AppData\Local\ConnectedDevicesPlatform
2017-12-01 09:51 - 2017-11-18 09:55 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-12-01 09:51 - 2017-04-19 00:30 - 000000000 ____D C:\ProgramData\McAfee
2017-11-30 20:56 - 2017-11-15 17:56 - 000000200 _____ C:\Users\fabiw\AppData\Roaming\sp_data.sys
2017-11-30 17:32 - 2017-11-16 01:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-11-30 17:32 - 2017-11-16 01:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
2017-11-30 17:32 - 2017-11-16 01:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-11-28 20:59 - 2017-11-16 00:32 - 000000000 ____D C:\Windows.old
2017-11-28 20:25 - 2017-11-18 12:24 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-11-28 14:18 - 2017-11-16 01:18 - 004456680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-28 14:18 - 2017-11-15 23:40 - 000893238 _____ C:\WINDOWS\system32\perfh00C.dat
2017-11-28 14:18 - 2017-11-15 23:40 - 000213516 _____ C:\WINDOWS\system32\perfc00C.dat
2017-11-28 14:18 - 2017-11-15 23:32 - 000888778 _____ C:\WINDOWS\system32\perfh013.dat
2017-11-28 14:18 - 2017-11-15 23:32 - 000217802 _____ C:\WINDOWS\system32\perfc013.dat
2017-11-28 14:18 - 2017-03-20 05:35 - 001006760 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-28 14:18 - 2017-03-20 05:35 - 000219584 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-25 18:12 - 2017-11-18 10:13 - 000000000 ____D C:\Users\fabiw\AppData\Roaming\Wargaming.net
2017-11-23 21:05 - 2017-11-18 16:04 - 000000519 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-11-23 18:01 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-23 17:36 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-23 17:30 - 2017-11-15 23:14 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-11-23 17:30 - 2017-03-20 05:35 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-11-23 17:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-11-23 17:30 - 2017-03-18 12:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Com
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\IME
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Help
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-23 17:29 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-11-23 17:29 - 2017-03-18 12:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-23 17:29 - 2017-03-18 12:40 - 000000000 ____D C:\WINDOWS\servicing
2017-11-23 17:15 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-11-23 17:14 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-11-22 22:44 - 2017-11-15 18:00 - 000000000 ___RD C:\Users\fabiw\OneDrive
2017-11-22 22:23 - 2017-11-15 21:38 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-22 17:27 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-22 14:20 - 2017-11-18 12:22 - 000000000 ____D C:\Users\fabiw\AppData\Local\Overwolf
2017-11-21 19:46 - 2017-03-18 22:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-11-15 17:56 - 2017-11-30 20:56 - 000000200 _____ () C:\Users\fabiw\AppData\Roaming\sp_data.sys

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-11-28 20:56

==================== Ende von FRST.txt ============================

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-12-2017
durchgeführt von fabiw (19-12-2017 20:47:50)
Gestartet von C:\Users\fabiw\Desktop
Windows 10 Home Version 1703 15063.726 (X64) (2017-11-16 05:24:55)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3201623140-884167320-1932495159-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3201623140-884167320-1932495159-503 - Limited - Disabled)
fabiw (S-1-5-21-3201623140-884167320-1932495159-1001 - Administrator - Enabled) => C:\Users\fabiw
Gast (S-1-5-21-3201623140-884167320-1932495159-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.6.5 - ASUSTek Computer Inc)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.17 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.2.0 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0043 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.140 - ICEpower a/s)
Backup and Sync from Google (HKLM-x32\...\{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Version: 3.38.7642.3857 - Google, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 5.2.0.0644 - Disc Soft Ltd)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Dungeons 3 (HKLM-x32\...\Dungeons 3_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 25.102.133.409 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Intel Security Software Manager (HKLM\...\Intel Security Software Manager) (Version: 1.1.107.0 - Intel Security)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iWin Games (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\iWin Games) (Version: 3.3.2.377 - iWin Inc.)
League of Legends (HKLM-x32\...\{C56877FD-6BEB-4717-81B3-1254FA1FD7FC}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
LibreOffice 5.4.3.2 (HKLM\...\{5FFD3D4F-8AA0-4C6F-8B3C-AB0D8CD297C9}) (Version: 5.4.3.2 - The Document Foundation)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
McAfee LiveSafe   (HKLM-x32\...\MSC) (Version: 16.0.5 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.148 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mirror's Edge (HKLM-x32\...\Mirror's Edge_is1) (Version:  - )
Mirror's Edge™ Catalyst (HKLM-x32\...\{12228a0d-f6ad-4691-82af-d2c643424468}) (Version: 1.0.3.47248 - Electronic Arts)
Mozilla Firefox 57.0 (x64 de) (HKLM\...\Mozilla Firefox 57.0 (x64 de)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.6.6235 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.108.34.0 - Overwolf Ltd.)
Project CARS Game Of The Year Edition (HKLM\...\cHJvamVjdGNhcnM_is1) (Version: 1 - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.13 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
SoftMaker FreeOffice 2016 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 1.0.3835 - SoftMaker Software GmbH)
Spotify (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Spotify) (Version: 1.0.67.582.g19436fa3 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.5640 - TeamViewer)
Twitch (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 44.0 - Ubisoft)
USB Multi-Channel Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006206}) (Version: 1.00.0019 - C-Media Electronics, Inc.)
Wargaming.net Game Center (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\Wargaming.net Game Center) (Version: 17.9.0.6629 - Wargaming.net)
WhatsApp (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\WhatsApp) (Version: 0.2.7315 - WhatsApp)
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusTP) Mouse  (11/14/2016 1.0.0.296) (HKLM\...\65B9910720028F522F77F51D9993E7846B2E60D2) (Version: 11/14/2016 1.0.0.296 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WinRAR 5.50 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks - Common Test (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812ct}_is1) (Version:  - Wargaming.net)
World of Tanks (2) (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\WOT.EU.PRODUCTION(2)) (Version:  - Wargaming.net)
World of Tanks EU (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\WOT.EU.PRODUCTION) (Version:  - Wargaming.net)
World of Warships EU (HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\WOWS.EU.PRODUCTION) (Version:  - Wargaming.net)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveCloudOverlayIconHandler] -> {7CB4D2F7-77AE-4A08-9BDF-21370FF8D6BD} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [  GoogleDrivePinnedOverlayIconHandler] -> {C9F7D7A1-D13F-4C72-9AB0-06FDC65AA931} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [  GoogleDriveProgressOverlayIconHandler] -> {96836CC1-31EA-4F1C-A7F4-D67863D5D4FD} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-11-02] (McAfee, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-10-06] (Intel Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-11-02] (McAfee, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3201623140-884167320-1932495159-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} =>  -> Keine Datei
ContextMenuHandlers4_S-1-5-21-3201623140-884167320-1932495159-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} =>  -> Keine Datei
ContextMenuHandlers5_S-1-5-21-3201623140-884167320-1932495159-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} =>  -> Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {5594714D-087D-40DB-ADD8-F1E427F448ED} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {8D2816A8-ABEC-4B28-94ED-1605F31BA3EF} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {90DEB99B-55B9-4043-B5E4-1C334BA745A5} - System32\Tasks\S-1-5-21-3201623140-884167320-1932495159-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-11-16] (Microsoft Corporation)
Task: {9BE347F8-93D4-4874-9903-466C978E8891} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {AE532852-784E-45FF-A651-257C20A6706B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {B07DCE42-8578-41B9-96C5-B8B513E01CB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-30] (Google Inc.)
Task: {DB66067B-C788-48AE-B1DA-D4F9F3DBC9D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-30] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


ShortcutWithArgument: C:\Users\fabiw\Desktop\iWin Games.lnk -> C:\Users\fabiw\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe (iWin Inc) -> -config.channel=20000006 -config.uri=hxxps://www.iwin.com/
ShortcutWithArgument: C:\Users\fabiw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin Games\iWin Games.lnk -> C:\Users\fabiw\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe (iWin Inc) -> -config.channel=20000006 -config.uri=hxxps://www.iwin.com/

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-11-21 19:49 - 2017-11-02 15:00 - 001173968 _____ () C:\Program Files\McAfee\MSC\CSPEnrollmentHandler.dll
2017-11-21 19:49 - 2017-11-02 15:00 - 001191040 _____ () C:\Program Files\McAfee\MSC\CultureChangeHandler.dll
2017-11-21 19:49 - 2017-11-02 15:00 - 002277760 _____ () C:\Program Files\McAfee\MSC\CultureLookUpHandler.dll
2017-11-22 22:16 - 2016-12-20 19:15 - 000021504 _____ () C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\wallpaperservice32_c.exe
2017-11-16 11:35 - 2017-11-15 09:44 - 000587256 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-11-16 11:35 - 2017-11-15 09:44 - 000574352 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2017-11-22 20:26 - 2016-12-20 19:15 - 000646144 _____ () C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\wallpaper32.exe
2017-08-29 01:43 - 2017-08-29 01:43 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2016-12-13 04:54 - 2016-10-06 14:17 - 000384496 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-11-22 20:25 - 2016-12-20 19:15 - 000305152 _____ () C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\webwallpaper32.exe
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-20 04:29 - 2017-10-20 04:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-20 04:29 - 2017-10-20 04:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-11-18 14:54 - 2013-05-16 15:21 - 000307200 ____N () C:\WINDOWS\system\Cm106eye.exe
2017-10-20 04:02 - 2017-10-20 04:02 - 000077824 _____ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
2017-10-20 04:02 - 2017-10-20 04:02 - 000144896 _____ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
2017-11-30 16:24 - 2017-11-30 16:26 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-30 16:24 - 2017-11-30 16:26 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-18 17:19 - 2017-10-18 17:19 - 000090376 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-11-22 20:25 - 2016-12-20 19:15 - 051768832 _____ () C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\libcef.dll
2017-11-18 14:54 - 2006-09-13 12:08 - 000491520 ____N () C:\WINDOWS\system\CmAu106.dll
2017-11-22 20:25 - 2016-12-20 19:15 - 001796608 _____ () C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\libglesv2.dll
2017-11-22 20:25 - 2016-12-20 19:15 - 000078848 _____ () C:\Users\fabiw\Desktop\Wallpaper Engine\Wallpaper Engine\bin\libegl.dll
2017-11-17 16:42 - 2017-11-29 06:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-11-17 16:42 - 2017-12-15 20:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-15 22:09 - 2017-11-04 02:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-15 22:09 - 2017-11-04 02:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-15 22:09 - 2017-11-04 02:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-15 22:09 - 2017-11-04 02:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-15 22:09 - 2017-11-04 02:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-11-17 16:42 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-11-17 16:42 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-11-17 16:42 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-11-17 16:42 - 2017-12-15 20:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-11-17 16:42 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-11-17 16:44 - 2017-09-07 03:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-11-17 16:44 - 2017-10-31 05:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-11-17 16:42 - 2015-09-25 00:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-11-17 16:45 - 2017-10-31 05:44 - 002020128 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-11-17 16:44 - 2017-10-31 05:44 - 000114464 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ:1 [882]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3201623140-884167320-1932495159-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\fabiw\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\league_of_legends___sivir_wallpaper_by_soinnes-d86q5ph.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3201623140-884167320-1932495159-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{9A3D6922-AC71-4797-B3AC-278E09D9F29E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B181FC74-6B2B-43A3-8C9F-5D26C2088844}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8354D7DE-F9E7-4178-8ADB-B3D4A7529C8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{330795B2-535F-4A6E-81A3-514B70F3AFF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{90839865-C252-423B-9462-8FF039173977}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AF1235DC-78E9-4B17-BDA7-7CB10610DBF4}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{5AB407C3-4AAD-40F3-957B-95F7D328114D}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{73E6CFE2-815E-4AA5-9715-33613C507454}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{C32DA48A-395A-4AEA-AEE6-C339EC9E9118}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{5E6FCE8B-55A8-4229-B1FE-34F132122790}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5833060C-670F-4735-9C26-01E3346A5BD0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B7306C62-E30F-411B-B5C4-0F65EFA87DC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E2C924E2-3436-442B-A3CF-AB90AC4ED525}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{696360C3-51F6-434E-8BE1-7E4D8F6FFB86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{ED42A64B-491C-447D-8CE8-476F05E3FF4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{518EED95-ACF1-4DEA-9CBB-5EED49300370}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{F5991EAA-8D13-4AB9-9C5E-C1A677D16A48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{A3E2F857-BB7C-4155-A87A-BC8CA478F0D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{430BBB63-3A5B-407B-978D-3922F0D7333C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BE9E83A0-2995-4813-89A7-D6BD2546ED45}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{B5A3EC2A-E742-45E7-9DCE-1D62E5C15B92}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{02C146A5-0B29-4913-91AD-A9C73BC77252}] => (Allow) C:\Users\fabiw\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAA40B15-7FFD-4FD1-8CEE-D7A9527130F6}] => (Allow) C:\Users\fabiw\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7A90BB39-DE02-4A03-B42C-486A74C0C279}] => (Allow) C:\Users\fabiw\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6E500235-15A8-4890-9D53-CB609EC521EE}] => (Allow) C:\Users\fabiw\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3ACE0131-0B40-4448-A3B2-834F42D4933B}] => (Allow) C:\Users\fabiw\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36DC2E8D-13D1-4E26-BE8E-EFD19F0DD13A}] => (Allow) C:\Users\fabiw\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9FB25150-2736-44AB-9A5B-99DC441DEB40}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B5D986AA-0747-4C48-8CE4-B6353B3CB021}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D7444728-55AA-4C7A-A09B-3FCED4BAE4AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{533846F7-1698-44F0-97D0-BEE30B7DDC29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E6D2B8AF-49DE-421D-BF48-A92301D13C54}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{F07B7E7B-9E19-4146-8B4F-4619D09EB1DB}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{8F0BAEEF-4243-41FA-8598-4D09E5C583BC}C:\users\fabiw\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\fabiw\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DE53E188-92DC-4D00-AA32-73A260014652}C:\users\fabiw\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\fabiw\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6F414816-1EA2-47D0-AF38-F658A1466AA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{13D8FBDC-7988-4757-BD94-283BFFABD083}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{E8C034BE-B820-4144-95F3-4C86427C0791}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{39FFCD15-8B6F-410C-9F4B-88C49BE011F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{4CCB9C7B-3DD4-4A2A-B9FC-B2D97796033F}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
FirewallRules: [{A0A9FD7F-60BA-43EE-B245-4CED65DDC810}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
FirewallRules: [{2023240B-AD64-4AC4-BE70-FC19F5C7F714}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
FirewallRules: [{1BE628CE-59B7-4224-8DEE-35E236974BA6}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
FirewallRules: [TCP Query User{4F0105B0-3111-40BD-BA4C-41FF0679886B}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{70C93B2C-95E3-4450-AC6E-B02B6C557277}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{7B2B60C9-1ABE-4129-8DC4-36F830E2C66D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{B12EF888-0A62-4210-BE25-42E09328034E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [TCP Query User{561996E5-C12F-49F6-B12F-865582A0A2B5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3A3272FB-6EBD-4399-B895-E1D1AFA2A381}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{781595C9-2CF6-4391-8988-6C7F47083B52}C:\users\fabiw\onedrive\dokumente\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\fabiw\onedrive\dokumente\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1F4CA654-CF1D-4D30-857F-1E1550449570}C:\users\fabiw\onedrive\dokumente\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\fabiw\onedrive\dokumente\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F14EE131-53EA-4832-B0AF-6153598867C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{45801AE4-61F8-4FA0-AD74-329994B546AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5FDC6F5A-B213-477E-9E6B-D5E875C278C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{26C26C49-5465-4EE3-A959-EF5B1E6456B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E6498C20-8F2F-412A-965D-917A2C8C8B10}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{73BAB98B-EB0C-4589-8744-3811A2D247A9}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
FirewallRules: [{CFD6B5D1-F20A-47C7-BE1C-5726AE82EAB3}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
FirewallRules: [{CEDAA159-5302-4FAD-9145-1680046ED79A}] => (Allow) C:\Games\World_of_Tanks\WorldOfTanks.exe
FirewallRules: [{B881114E-41B5-4AE2-8BC7-7DA4425588F6}] => (Allow) C:\Games\World_of_Tanks\WorldOfTanks.exe
FirewallRules: [{D593CAAF-97E2-4903-B312-10B73240EB56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{ED33E44E-507D-4236-9BDD-C01E434AEC13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{04C37360-3664-4690-B806-55FD167B8BA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2DD63585-B7E6-43D7-8F52-90B550D8C915}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C3183336-1075-4589-870B-18753BF12B37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{00A2BCDC-3377-447D-9D2F-C85289E22517}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{6361617A-5A61-4AE7-B96C-2EFBBCA7AD55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe
FirewallRules: [{1C44DD62-8379-4755-99C8-AFF76CF02688}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe

==================== Wiederherstellungspunkte =========================

17-12-2017 19:22:19 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/19/2017 08:50:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2018-01-01T22:59:20Z. Fehlercode: 0x80070002.

Error: (12/19/2017 08:49:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2018-01-01T22:58:50Z. Fehlercode: 0x80070002.

Error: (12/19/2017 08:49:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2018-01-01T22:59:20Z. Fehlercode: 0x80070002.

Error: (12/19/2017 08:48:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2018-01-01T22:58:50Z. Fehlercode: 0x80070002.

Error: (12/19/2017 08:48:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2018-01-01T22:59:20Z. Fehlercode: 0x80070002.

Error: (12/19/2017 08:47:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2018-01-01T22:58:50Z. Fehlercode: 0x80070002.

Error: (12/19/2017 08:47:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2018-01-01T22:59:20Z. Fehlercode: 0x80070002.

Error: (12/19/2017 08:46:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2018-01-01T22:58:50Z. Fehlercode: 0x80070002.

Error: (12/19/2017 08:46:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2018-01-01T22:59:20Z. Fehlercode: 0x80070002.

Error: (12/19/2017 08:45:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2018-01-01T22:58:50Z. Fehlercode: 0x80070002.


Systemfehler:
=============
Error: (12/19/2017 05:28:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
Unzulässige Funktion.

Error: (12/19/2017 05:06:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "xhunter1" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die digitale Signatur dieser Datei kann nicht überprüft werden. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um böswillige Software aus einer unbekannten Quelle handelt, installiert.

Error: (12/19/2017 04:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/19/2017 04:57:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (12/19/2017 04:56:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/19/2017 04:56:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/19/2017 04:56:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Kingsoft_WPS_UpdateService" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/19/2017 04:56:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Kingsoft_WPS_UpdateService erreicht.

Error: (12/19/2017 04:56:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (12/19/2017 04:55:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2017-12-19 17:06:30.865
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-19 14:52:01.875
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-18 14:24:19.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-17 15:47:17.797
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-17 15:41:19.967
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-15 17:10:28.874
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-13 15:06:20.179
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-13 15:03:23.381
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-12 14:44:13.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-11 19:14:22.458
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) CPU N3710 @ 1.60GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 8098.15 MB
Verfügbarer physikalischer RAM: 3493.52 MB
Summe virtueller Speicher: 9378.15 MB
Verfügbarer virtueller Speicher: 3991.19 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:929.62 GB) (Free:607.22 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (UA0099) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E078C42F)

Partition: GPT.

==================== Ende von Addition.txt ============================

--- --- ---

cosinus · 19.12.2017, 21:50

Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:

1. Schritt: Malwarebytes Version 3

Downloade Dir bitte Malwarebytes Anti-Malware 3

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

2. Schritt: ESET

Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)

Starte die Installationsdatei.
Akzeptiere die Nutzungsbedingungen.
Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.
Drücke bitte die Tastenkombination WIN+R zum Ausführen und kopiere folgenden Text in die Zeile und drücke im Anschluss auf OK:
Code:
ATTFilter
```
notepad "%tmp%\log.txt"
         
```
Kopiere den gesamten Text mittels STRG+A und STRG+C hier in deine Antwort in CODE-Tags

3. Schritt: SecurityCheck

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

BryanDawg · 20.12.2017, 13:59

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 19.12.17
Scan-Zeit: 22:03
Protokolldatei: 0881b15a-e500-11e7-98f5-704d7b4aec16.json
Administrator: Ja

-Softwaredaten-
Version: 3.3.1.2183
Komponentenversion: 1.0.262
Version des Aktualisierungspakets: 1.0.3522
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 15063.726)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-J2934L2\fabiw

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 290169
Erkannte Bedrohungen: 6
In die Quarantäne verschobene Bedrohungen: 6
Abgelaufene Zeit: 7 Min., 8 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [533], [236865],1.0.3522
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [533], [236865],1.0.3522
PUP.Optional.Conduit, HKU\S-1-5-21-3201623140-884167320-1932495159-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, [533], [236865],1.0.3522

Registrierungswert: 2
PUP.Optional.Conduit, HKU\S-1-5-21-3201623140-884167320-1932495159-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, [533], [236865],1.0.3522
PUP.Optional.Conduit, HKU\S-1-5-21-3201623140-884167320-1932495159-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, In Quarantäne, [533], [236865],1.0.3522

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUP.Optional.Conduit, C:\USERS\FABIW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4MLWHUBT.DEFAULT\PREFS.JS, Ersetzt, [533], [301520],1.0.3522

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

22:02:06 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=
# end=init
# utc_time=2017-12-19 21:02:04
# local_time=2017-12-19 22:02:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=10.0.15063 NT 
22:02:16 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=d6edf0080402f84a9190d84738a11444
# end=init
# utc_time=2017-12-19 21:02:16
# local_time=2017-12-19 22:02:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=10.0.15063 NT 
22:13:20 Updating
22:13:20 Update Init
22:13:24 Update Download
22:15:26 esets_scanner_update returned -1 esets_gle=12
22:15:26 Update Finalize
22:15:26 Call m_esets_charon_send
22:15:26 Call m_esets_charon_destroy
22:15:26 Retrying Update
22:15:26 Updating
22:15:26 Update Init
22:15:34 Update Download
22:21:51 esets_scanner_reload returned 0
22:21:51 g_uiModuleBuild: 35789
22:21:51 Update Finalize
22:21:51 Call m_esets_charon_send
22:21:51 Call m_esets_charon_destroy
22:21:51 Updated modules version: 35789
22:22:06 Call m_esets_charon_setup_create
22:22:06 Call m_esets_charon_create
22:22:06 m_esets_charon_create OK
22:22:06 Call m_esets_charon_start_send_thread
22:22:06 Call m_esets_charon_setup_set
22:22:06 m_esets_charon_setup_set OK
22:22:06 Scanner engine: 35789
02:47:13 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=d6edf0080402f84a9190d84738a11444
# engine=35789
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-12-20 01:47:13
# local_time=2017-12-20 02:47:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=10.0.15063 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2283472 23867429 0 0
# scanned=2
# found=11
# cleaned=0
# scan_time=15920
sh=9340D2B871B0A90B1D2E23248A22527D43BFE4EB ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\RYwTiizs2t\Application\Lavasoft.Utils.dll"
sh=63A15EA9570081814D6F824AE73CEB3651AD25FA ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\RYwTiizs2t\Application\Lavasoft.WCAssistant.WinService.exe"
sh=C6755182372EDB23F55857B9C48CB8647428AA66 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\RYwTiizs2t\Application\WebCompanion.exe"
sh=FE8B5A7286505C82D986E124B50D22482364DB06 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\RYwTiizs2t\Application\WebCompanionInstaller.exe"
sh=8A3EB6BD86DD2E3B0B13DC53F0704202A1517202 ft=1 fh=0000000000000000 vn="Variante von Win32/KingSoft.D eventuell unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdate.exe"
sh=D85BA5538B8871F3B085F9C0FA2F4A88C4080232 ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\fabiw\Downloads\Abelssoft Undeleter Vollversion - CHIP-Installer.exe"
sh=DBF460D7C59D98E33531F581FF00C9B201CD6007 ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\fabiw\Downloads\LibreOffice 64 Bit - CHIP-Installer.exe"
sh=AB8BB565A341BEAA24BC67431327C5B190BEC50E ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\fabiw\Downloads\Notepad - CHIP-Installer.exe"
sh=F2F211556DDC63EE58D01A1B51CAEB87385E01D9 ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\fabiw\Downloads\Skype - CHIP-Installer.exe"
sh=0CDCF3111008D40BE90891664B5C8BD14D536DF2 ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\fabiw\Downloads\Twitch Desktop App ehemals Curse Client - CHIP-Installer.exe"
sh=7D8DD40D339285CFB639D243C71CFA15329CA102 ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\fabiw\Downloads\WhatsAppSetup68 - CHIP-Installer.exe"
13:52:41 Call m_esets_charon_send
13:52:41 Call m_esets_charon_destroy
13:52:42 RecursiveRemoveDirectoryAndAllFiles: C:\Users\fabiw\AppData\Local\ESET\ESETOnlineScanner\Quarantine\

Code:

ATTFilter

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
Malwarebytes       
McAfee VirusScan   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	28.0.0.126  
 Google Chrome (63.0.3239.84) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

19.12.2017, 11:06	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Proxy einstellungen lassen sich nicht ändern Indem man die Programme über die Systemsteuerung deinstalliert! __________________ Logfiles bitte immer in CODE-Tags posten

19.12.2017, 16:44	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Proxy einstellungen lassen sich nicht ändern Code: ATTFilter *********************** ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ********************* Anleitung bitte richtig lesen und umsetzen. Du hast nicht alleHaken gesetzt in den Optionen. __________________ Logfiles bitte immer in CODE-Tags posten**

19.12.2017, 20:38	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Proxy einstellungen lassen sich nicht ändern so war es richtig! Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken. __________________ Logfiles bitte immer in CODE-Tags posten

Proxy einstellungen lassen sich nicht ändern

Plagegeister aller Art und deren Bekämpfung: Proxy einstellungen lassen sich nicht ändern