Hallo Ich habe mir irgendwie den Nova.rumbler.ru eingefangen und bräuchte eure Hilfe ihn wieder loszuwerden. ich weis nicht wie es passiert da, ich
Malwarebytes preium habe aber als ich es gemerkt habe das ich den Virus haben war komischerweise
Malwarebytes deinstalliert ich weis aber nicht wie das passiert sein los. Evt könnt ihr mir helfen.
Code:
Alles auswählen Aufklappen ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2154380bae41a344b4a1cc136461f2a9
# end=init
# utc_time=2017-12-21 01:39:59
# local_time=2017-12-21 02:39:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 35809
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2154380bae41a344b4a1cc136461f2a9
# end=updated
# utc_time=2017-12-21 01:45:26
# local_time=2017-12-21 02:45:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2154380bae41a344b4a1cc136461f2a9
# engine=35809
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-12-21 04:28:19
# local_time=2017-12-21 05:28:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 33423100 136857693 0 0
# scanned=491955
# found=12
# cleaned=0
# scan_time=9773
sh=8D914C57C3C5D24CB1CE03329A860C1ECB74AE50 ft=1 fh=c3f75091d1a56ae1 vn="Variante von Win32/FusionCore.I eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe"
sh=C365C82FC6EBDFBED37115D9E5E84DBB9644D7BE ft=1 fh=3a470ae20b00fdf7 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\7 Zip 32 Bit - CHIP-Installer.exe"
sh=3310942AD3113DCA9907FEFDA1CB5D2BD0AFC621 ft=1 fh=2c1519e9295840d4 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\BlueStacks App Player - CHIP-Installer.exe"
sh=88E940F1A26F3B0011A57C23243C2D5BDCC4F622 ft=1 fh=409d8f5ff2e10c0e vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\Free Dailymotion Download - CHIP-Installer.exe"
sh=6419A562DB955AC30E08B015C9F9FC741809262C ft=1 fh=5b83dfa74ace40e2 vn="Variante von Win32/FusionCore.I eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\FreeStudio_6.6.29.1027_o.exe"
sh=0E3961BE26A5DB2439028A981C6D364B3A612409 ft=1 fh=a0ad1b2d31087374 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\inSSIDer Home letzte Freeware Version - CHIP-Installer.exe"
sh=7AB14BD072C2D69E745B94F1E068A0812EF88391 ft=1 fh=ce64a503fee99a7f vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\MotioninJoy - CHIP-Installer.exe"
sh=B531A814775D3EBB74A0FC07B4A163E627E6F721 ft=1 fh=a508425708cbaae0 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\Samsung Android USB Composite Device Treiber - CHIP-Installer (1).exe"
sh=638E412FF1CE902CF65044E9ADA685E6F000073C ft=1 fh=5280043e44f88085 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\Samsung Android USB Composite Device Treiber - CHIP-Installer.exe"
sh=FDA9FB48B380D1DC479A2941403EF35362F9A00F ft=1 fh=e566065cbbe6b141 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\SiSoft Sandra Lite - CHIP-Installer.exe"
sh=6FD12F3C33DF3B34DEF1614CCC1C33B2785F2C54 ft=1 fh=db69c2937b6c25c5 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\SiSoft Sandra Lite 2015 - CHIP-Installer.exe"
sh=0AB9E9D4E6B69225E7DC91533705328DBDA23D08 ft=1 fh=b92845aba4850b74 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Chris\Downloads\Steam - CHIP-Installer.exe"
frst datei
Code:
Alles auswählen Aufklappen ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
durchgeführt von Chris (Administrator) auf CHRIS (21-12-2017 17:51:49)
Gestartet von C:\Users\Chris\Downloads
Geladene Profile: Chris (Verfügbare Profile: Chris)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\ASRock Utility\APP Shop\AsrAPPShop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Gira Giersiepen GmbH & Co. KG) C:\Program Files (x86)\Gira\Gira Project Assistant\Gira Project Assistant Service\Service.WindowsService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(SAP SE or an SAP affiliate company) C:\Program Files (x86)\SQL Anywhere 16\Bin32\dbsrv16.exe
( Rsupport Corporation) C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe
() C:\Program Files (x86)\Mono\Service\MonoService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Rsupport corporation) C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenTray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Hager Controls S.A.S) C:\Program Files\hager\domovea\Bin\Server\domovea_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mobo, Inc.) C:\Program Files (x86)\Mobo\Service\MoboDeviceService.exe
(Mobo) C:\Program Files (x86)\Mobo\Service\MoboDeviceProxy.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [298776 2015-11-20] (Intel Corporation)
HKU\S-1-5-21-3970870825-992797359-547389470-1000\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-3970870825-992797359-547389470-1000\...\MountPoints2: {633ed949-5bbc-11e4-b27f-806e6f6e6963} - D:\atisetup.exe
IFEO\playstv_launcher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
GroupPolicy: Beschränkung - Chrome <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{79EDD3B5-D4DF-449C-B8F3-256F53AA4DC6}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3970870825-992797359-547389470-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-3970870825-992797359-547389470-1000 -> {39732D9B-E0FE-4C25-9E85-56B9519936E9} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=chr-yset_ie_syc_oracle&type=orcl_default
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-09-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-30] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll => Keine Datei
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll => Keine Datei
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-3970870825-992797359-547389470-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 2h12vpl9.default
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2h12vpl9.default [2017-04-02]
FF Extension: (Firefox Hotfix) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2h12vpl9.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-20] [Legacy]
FF Extension: (O2 Service Suite) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2h12vpl9.default\Extensions\{95E05177-EA09-4386-8B79-FEB1EAC063E6} [2016-08-20] [Legacy] [ist nicht signiert]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2h12vpl9.default\features\{ccf88ff0-7e4d-4bcd-aaf3-8925d95744c1}\malware-remediation@mozilla.org.xpi [2016-10-20] [Legacy]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-08-14] [Legacy] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-26] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-11-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3970870825-992797359-547389470-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Chris\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1401100-0-npoctoshape.dll [2014-01-10] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-04-14] (Octoshape ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2017-12-21]
CHR Extension: (BetterTTV) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-20]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Adobe Acrobat) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-07]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-12-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2017-08-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-18]
CHR HKU\S-1-5-21-3970870825-992797359-547389470-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Chris\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-17]
CHR HKU\S-1-5-21-3970870825-992797359-547389470-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-12-21 17:51 - 2017-12-21 17:51 - 000020160 _____ C:\Users\Chris\Downloads\FRST.txt
2017-12-21 17:51 - 2017-12-21 17:51 - 000000000 ____D C:\FRST
2017-12-21 17:46 - 2017-12-21 17:46 - 002392064 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2017-12-21 14:39 - 2017-12-21 14:39 - 000000000 ____D C:\Program Files (x86)\ESET
2017-12-21 14:37 - 2017-12-21 14:37 - 002870984 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_deu.exe
2017-12-21 13:55 - 2017-12-21 13:55 - 003927160 _____ (Google) C:\Users\Chris\Downloads\chrome_cleanup_tool.exe
2017-12-20 14:07 - 2017-12-21 15:40 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-20 14:07 - 2017-12-21 06:26 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-20 14:07 - 2017-12-21 06:26 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-20 14:07 - 2017-12-21 06:26 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-20 14:07 - 2017-12-20 14:07 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-19 19:28 - 2017-12-19 19:28 - 000002809 _____ C:\ProgramData\Microsoft\Windows\Start Menu\easySoft-Basic 6.lnk
2017-12-19 19:28 - 2017-12-19 19:28 - 000002785 _____ C:\Users\Public\Desktop\easySoft-Basic 6.lnk
2017-12-19 19:28 - 2017-12-19 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eaton
2017-12-19 19:28 - 2017-12-19 19:28 - 000000000 ____D C:\ProgramData\Eaton
2017-12-19 19:28 - 2017-12-19 19:28 - 000000000 ____D C:\Program Files (x86)\Eaton
2017-12-19 15:04 - 2017-12-19 15:04 - 000112018 _____ C:\Users\Chris\Downloads\RE632900220171219.pdf
2017-12-19 14:04 - 2017-12-21 06:26 - 000002960 _____ C:\Windows\System32\Tasks\AsrSP.exe
2017-12-18 18:12 - 2017-12-18 18:12 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-18 18:12 - 2017-12-18 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-18 18:12 - 2017-12-18 18:12 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-18 18:12 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-18 18:09 - 2017-12-18 18:09 - 000000000 ____D C:\ProgramData\MB2Migration
2017-12-18 18:04 - 2017-12-18 18:12 - 000000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2017-12-18 18:01 - 2017-12-18 18:01 - 000571738 _____ ( ) C:\Users\Chris\Downloads\moeller_easy_soft_pro_6_22_full_rar (1).exe
2017-12-18 18:01 - 2017-12-18 18:01 - 000001756 __RSH C:\ProgramData\ntuser.pol
2017-12-18 18:00 - 2017-12-18 18:00 - 007123657 _____ C:\Users\Chris\Downloads\easySoft-Pro_V695_SP1.zip
2017-12-18 18:00 - 2017-12-18 18:00 - 000571738 _____ ( ) C:\Users\Chris\Downloads\moeller_easy_soft_pro_6_22_full_rar.exe
2017-12-18 17:58 - 2017-12-18 17:59 - 067776496 _____ C:\Users\Chris\Downloads\EASY-SOFT_696_ProD.exe
2017-12-18 17:58 - 2017-12-18 17:58 - 054666976 _____ C:\Users\Chris\Downloads\EASY-SOFT_696_BasicD.exe
2017-12-18 17:57 - 2017-12-18 17:57 - 069260248 _____ C:\Users\Chris\Downloads\EASY-SOFT_694_ProD.exe
2017-12-17 09:58 - 2017-12-17 09:58 - 000112055 _____ C:\Users\Chris\Downloads\RE632649620171212.pdf
2017-12-17 09:57 - 2017-12-17 09:57 - 000112053 _____ C:\Users\Chris\Downloads\RE632415120171205.pdf
2017-12-17 09:48 - 2017-12-17 09:48 - 000530747 _____ C:\Users\Chris\Downloads\Flyer_QC-Camera.pdf
2017-12-16 19:19 - 2017-12-16 19:19 - 054573840 _____ ( ) C:\Users\Chris\Downloads\stellarium_0_11_2_win32.exe
2017-12-16 19:19 - 2017-12-16 19:19 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Stellarium
2017-12-14 21:30 - 2017-12-14 21:30 - 000044873 _____ C:\Users\Chris\Downloads\Kontoauszug_0413777200_20171201_213016.pdf
2017-12-13 15:25 - 2017-12-13 15:25 - 000088263 _____ C:\Users\Chris\Downloads\Auswertung Finanzbuchhaltung Oktober 2017 (1).zip
2017-12-13 15:20 - 2017-12-13 15:20 - 000088263 _____ C:\Users\Chris\Downloads\Auswertung Finanzbuchhaltung Oktober 2017.zip
2017-12-13 10:41 - 2017-11-17 05:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-13 10:41 - 2017-11-15 02:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-13 10:41 - 2017-11-15 01:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-13 10:41 - 2017-11-14 04:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-13 10:41 - 2017-11-14 04:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-13 10:41 - 2017-11-14 04:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-13 10:41 - 2017-11-14 04:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-13 10:41 - 2017-11-14 04:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-13 10:41 - 2017-11-14 04:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-13 10:41 - 2017-11-14 04:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-13 10:41 - 2017-11-14 04:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-13 10:41 - 2017-11-14 04:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-13 10:41 - 2017-11-14 04:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-13 10:41 - 2017-11-14 04:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-13 10:41 - 2017-11-14 04:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-13 10:41 - 2017-11-14 04:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-13 10:41 - 2017-11-14 04:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-13 10:41 - 2017-11-14 04:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-13 10:41 - 2017-11-14 04:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-13 10:41 - 2017-11-14 04:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-13 10:41 - 2017-11-14 04:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-13 10:41 - 2017-11-14 04:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-13 10:41 - 2017-11-14 04:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-13 10:41 - 2017-11-14 04:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-13 10:41 - 2017-11-14 04:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-13 10:41 - 2017-11-14 04:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-13 10:41 - 2017-11-14 04:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-13 10:41 - 2017-11-14 04:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-13 10:41 - 2017-11-14 03:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-13 10:41 - 2017-11-14 03:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-13 10:41 - 2017-11-14 03:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-13 10:41 - 2017-11-14 03:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-13 10:41 - 2017-11-14 03:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-13 10:41 - 2017-11-14 03:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-13 10:41 - 2017-11-14 03:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-13 10:41 - 2017-11-14 03:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-13 10:41 - 2017-11-14 03:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-13 10:41 - 2017-11-14 03:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-13 10:41 - 2017-11-14 02:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-13 10:41 - 2017-11-14 02:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-13 10:41 - 2017-11-14 02:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-13 10:41 - 2017-11-14 02:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-13 10:41 - 2017-11-14 02:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-13 10:41 - 2017-11-14 01:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-13 10:41 - 2017-11-14 01:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-13 10:41 - 2017-11-07 21:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-13 10:41 - 2017-11-07 21:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-13 10:41 - 2017-11-07 21:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-13 10:41 - 2017-11-07 21:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-13 10:41 - 2017-11-07 21:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-13 10:41 - 2017-11-07 21:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-13 10:41 - 2017-11-07 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-13 10:41 - 2017-11-07 21:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-13 10:41 - 2017-11-07 21:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-13 10:41 - 2017-11-07 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-13 10:41 - 2017-11-07 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-13 10:41 - 2017-11-07 21:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-13 10:41 - 2017-11-07 21:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-13 10:41 - 2017-11-07 21:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-13 10:41 - 2017-11-07 21:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-13 10:41 - 2017-11-07 21:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-13 10:41 - 2017-11-07 21:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-13 10:41 - 2017-11-07 21:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-13 10:41 - 2017-11-07 21:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-13 10:41 - 2017-11-07 21:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-13 10:41 - 2017-11-07 21:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-13 10:41 - 2017-11-07 21:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-13 10:41 - 2017-11-07 21:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-13 10:41 - 2017-11-07 20:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-13 10:41 - 2017-11-07 17:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-13 10:41 - 2017-11-07 17:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-13 10:41 - 2017-11-04 16:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-13 10:41 - 2017-11-04 16:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-13 10:41 - 2017-11-04 16:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-13 10:41 - 2017-11-04 16:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-13 10:41 - 2017-11-02 17:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-13 10:41 - 2017-11-02 17:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-13 10:41 - 2017-11-02 17:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-13 10:41 - 2017-11-02 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-13 10:41 - 2017-11-02 16:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-13 10:41 - 2017-11-02 16:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-13 10:41 - 2017-11-02 16:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-13 10:41 - 2017-11-02 15:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-13 10:41 - 2017-10-17 00:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-13 10:41 - 2017-10-16 23:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-13 10:41 - 2017-10-12 01:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-11 21:30 - 2017-12-11 21:30 - 000000000 ____D C:\Users\Chris\Desktop\Mercedes AAchen1
2017-12-11 10:16 - 2017-12-11 10:16 - 000000000 ____D C:\Users\Chris\Desktop\Musik Dezember 2017
2017-12-09 00:01 - 2017-12-09 00:01 - 000000997 _____ C:\Users\Chris\Desktop\Origin.lnk
2017-12-08 23:27 - 2017-12-08 23:27 - 000000000 ____D C:\Users\Chris\Documents\Electronic Arts
2017-12-08 23:03 - 2017-12-12 19:10 - 000000799 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2017-12-08 23:03 - 2017-12-08 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2017-12-08 23:03 - 2014-09-16 18:45 - 000447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2017-12-08 22:16 - 2017-12-08 22:16 - 000000000 ____D C:\Users\Chris\.Origin
2017-12-07 21:15 - 2017-12-07 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-06 19:22 - 2017-12-06 19:23 - 001928944 _____ (Haufe-Lexware GmbH & Co.KG) C:\Users\Chris\Downloads\Financial_Office_Plus_Setup (2).exe
2017-12-06 19:22 - 2017-12-06 19:22 - 001928944 _____ (Haufe-Lexware GmbH & Co.KG) C:\Users\Chris\Downloads\Financial_Office_Plus_Setup (3).exe
2017-12-05 02:06 - 2017-12-05 02:06 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-12-05 02:06 - 2017-12-05 02:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-12-03 15:45 - 2017-12-03 15:45 - 000024854 _____ C:\Users\Chris\Downloads\rechnung_AR20171108A0576358 (1).pdf
2017-12-03 15:43 - 2017-12-03 15:43 - 000024854 _____ C:\Users\Chris\Downloads\rechnung_AR20171108A0576358.pdf
2017-12-03 15:40 - 2017-12-03 15:40 - 000111741 _____ C:\Users\Chris\Downloads\RE630474620171018 (1).pdf
2017-12-03 15:25 - 2017-12-03 15:25 - 000361136 _____ C:\Users\Chris\Downloads\RA_14735_1330618.pdf
2017-12-03 15:23 - 2017-12-03 15:23 - 000359533 _____ C:\Users\Chris\Downloads\RA_14735_1327762 (1).pdf
2017-12-03 15:12 - 2017-12-03 15:12 - 000060896 _____ C:\Users\Chris\Downloads\Umsaetze_KtoNr850747700_EUR_03-12-2017_1512.pdf
2017-12-01 17:28 - 2017-12-01 17:28 - 000044873 _____ C:\Users\Chris\Downloads\Kontoauszug_0413777200_20171201_172836.pdf
2017-11-30 15:28 - 2017-11-30 15:28 - 000000935 _____ C:\Users\Chris\Desktop\Open Broadcaster Software.lnk
2017-11-30 14:35 - 2017-11-30 14:36 - 189764565 _____ C:\Users\Chris\Downloads\Update_G1_V2.0.442.zip
2017-11-30 13:43 - 2017-11-30 13:43 - 005849639 _____ C:\Users\Chris\Downloads\20679400.zip
2017-11-30 12:20 - 2017-11-30 12:20 - 000002254 _____ C:\Users\Public\Desktop\Gira Projekt Assistent 2.3.lnk
2017-11-30 12:20 - 2017-11-30 12:20 - 000000000 ____D C:\Users\Chris\AppData\Local\Gira_Giersiepen_GmbH_&_Co
2017-11-30 12:20 - 2017-11-30 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gira
2017-11-30 12:19 - 2017-11-30 12:19 - 000000000 ____D C:\ProgramData\Gira
2017-11-30 12:19 - 2017-11-30 12:19 - 000000000 ____D C:\Program Files (x86)\Gira
2017-11-30 12:17 - 2017-11-30 12:18 - 264625920 _____ C:\Users\Chris\Downloads\Gira_Project_Assistant_2.3_Setup.zip
2017-11-29 17:15 - 2017-11-29 17:15 - 000113258 _____ C:\Users\Chris\Downloads\RE632154620171129.pdf
2017-11-28 21:30 - 2017-11-28 21:30 - 000253964 _____ C:\Users\Chris\Downloads\OB-Berief-20170612-V07.viactp
2017-11-28 18:51 - 2017-11-28 20:13 - 000000000 ____D C:\Users\Chris\Desktop\Musik November 2017
2017-11-22 18:16 - 2017-11-22 18:17 - 068582904 _____ (obsproject.com) C:\Users\Chris\Downloads\OBS_0_659b_With_Browser_Installer.exe
2017-11-22 17:03 - 2017-11-22 17:03 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-11-22 17:03 - 2017-11-22 17:03 - 000002483 _____ C:\Users\Public\Desktop\Bonjour-Druckerassistent.lnk
2017-11-22 17:03 - 2017-11-22 17:03 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-11-22 17:03 - 2017-11-22 17:03 - 000000000 ____D C:\Users\Chris\AppData\Local\Apple
2017-11-22 17:03 - 2017-11-22 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2017-11-22 17:03 - 2017-11-22 17:03 - 000000000 ____D C:\ProgramData\Apple
2017-11-22 17:03 - 2017-11-22 17:03 - 000000000 ____D C:\Program Files\Bonjour Print Services
2017-11-22 17:03 - 2017-11-22 17:03 - 000000000 ____D C:\Program Files\Bonjour
2017-11-22 17:03 - 2017-11-22 17:03 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-11-22 17:03 - 2017-11-22 17:03 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-11-22 17:02 - 2017-11-22 17:02 - 000001978 _____ C:\Users\Public\Desktop\Mobizen.lnk
2017-11-22 17:02 - 2017-11-22 17:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSUPPORT
2017-11-22 17:02 - 2017-11-22 17:02 - 000000000 ____D C:\Program Files (x86)\RSUPPORT
2017-11-22 17:01 - 2017-11-22 17:02 - 050042536 _____ (RSUPPORT ) C:\Users\Chris\Downloads\mobizen (1).exe
2017-11-22 15:40 - 2017-11-22 15:40 - 000106800 _____ C:\Users\Chris\Downloads\GS76402620171122.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-12-21 17:46 - 2014-10-25 21:31 - 000000000 ____D C:\Users\Chris\AppData\Roaming\TS3Client
2017-12-21 17:08 - 2016-06-29 11:19 - 000001212 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-12-21 08:42 - 2009-07-14 05:45 - 000022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-21 08:42 - 2009-07-14 05:45 - 000022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-21 08:28 - 2017-01-10 21:32 - 000013405 _____ C:\Windows\BRRBCOM.INI
2017-12-21 08:13 - 2017-01-04 20:20 - 000000000 ____D C:\Users\Chris\Desktop\Lexware pdf
2017-12-21 08:12 - 2016-12-05 00:24 - 000000000 ____D C:\ProgramData\Lexware
2017-12-21 08:11 - 2015-02-22 14:02 - 000000000 ____D C:\Program Files (x86)\Origin
2017-12-21 06:36 - 2014-10-26 10:01 - 000000000 ____D C:\Users\Chris\AppData\Local\Adobe
2017-12-21 06:33 - 2015-01-13 17:30 - 000000000 _____ C:\Windows\system32\RzMaelstromVADAudioDeviceManager_log.txt
2017-12-21 06:31 - 2011-04-12 08:43 - 000699092 _____ C:\Windows\system32\perfh007.dat
2017-12-21 06:31 - 2011-04-12 08:43 - 000149232 _____ C:\Windows\system32\perfc007.dat
2017-12-21 06:31 - 2009-07-14 06:13 - 001619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-21 06:31 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-12-21 06:30 - 2016-02-13 14:14 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-12-21 06:30 - 2015-02-22 14:03 - 000000000 ____D C:\Users\Chris\AppData\Local\Origin
2017-12-21 06:30 - 2015-02-22 14:02 - 000000000 ____D C:\ProgramData\Origin
2017-12-21 06:26 - 2017-11-12 02:18 - 000002962 _____ C:\Windows\System32\Tasks\AsrAPPShop
2017-12-21 06:25 - 2016-08-15 17:55 - 000000262 _____ C:\Windows\Tasks\SetGoIoPackageUpdater.job
2017-12-21 06:25 - 2016-06-29 11:19 - 000001208 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-12-21 06:25 - 2014-10-26 17:21 - 000000000 ____D C:\ProgramData\Kodak
2017-12-21 06:25 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-20 22:48 - 2014-10-24 21:52 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-12-20 20:11 - 2014-10-25 19:11 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-12-20 18:31 - 2015-02-22 14:03 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Origin
2017-12-18 18:01 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-12-18 18:01 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-12-18 17:59 - 2016-08-09 18:55 - 000000000 ____D C:\Users\Chris\AppData\Local\Downloaded Installations
2017-12-18 17:45 - 2014-10-25 21:20 - 000000000 ____D C:\Users\Chris\AppData\Local\Battle.net
2017-12-18 16:25 - 2014-10-25 21:20 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-12-17 10:42 - 2014-11-04 20:34 - 000007639 _____ C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2017-12-17 07:10 - 2014-10-26 10:10 - 000000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2017-12-16 01:15 - 2014-10-25 19:10 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-12-15 16:19 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-12-14 20:48 - 2014-10-24 21:35 - 000002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-14 20:37 - 2017-11-08 15:48 - 000000000 ____D C:\Users\Chris\AppData\Local\Amazon Music
2017-12-14 20:36 - 2009-07-14 05:45 - 000455032 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-14 20:36 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-14 20:36 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-14 00:19 - 2014-10-25 23:47 - 000000000 ____D C:\Windows\system32\MRT
2017-12-14 00:17 - 2017-10-10 22:07 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-14 00:17 - 2014-10-25 23:47 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-13 23:06 - 2017-11-08 15:49 - 000001183 _____ C:\Users\Chris\Desktop\Amazon Music.lnk
2017-12-13 12:08 - 2017-10-20 18:29 - 000000000 ____D C:\Users\Chris\Desktop\Mercedes AAchen
2017-12-13 10:31 - 2017-04-06 18:41 - 000000000 ____D C:\Users\Chris\Desktop\steuer
2017-12-12 17:07 - 2014-11-09 18:28 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-12 17:07 - 2014-11-09 18:28 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-12 17:07 - 2014-11-09 18:28 - 000004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-12 17:07 - 2014-11-09 18:28 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-12 17:07 - 2014-11-09 18:28 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-10 18:55 - 2017-01-03 18:13 - 000000000 ____D C:\Users\Chris\Desktop\Selbstständigkeit
2017-12-08 23:03 - 2015-02-22 14:04 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-12-08 23:03 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-08 22:18 - 2015-11-26 17:29 - 000000000 ___RD C:\Users\Chris\OneDrive
2017-12-08 22:16 - 2014-10-24 21:19 - 000000000 ____D C:\Users\Chris
2017-12-07 21:15 - 2016-06-29 11:19 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-11-30 22:13 - 2016-11-12 21:08 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 15:52 - 2017-10-30 16:21 - 000000000 ____D C:\Users\Chris\AppData\Roaming\obs-studio
2017-11-30 15:33 - 2014-10-26 17:42 - 000000000 ____D C:\Users\Chris\AppData\Roaming\OBS
2017-11-30 15:33 - 2014-10-26 17:42 - 000000000 ____D C:\Program Files (x86)\OBS
2017-11-30 15:28 - 2014-10-26 17:42 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2017-11-30 15:28 - 2014-10-26 17:42 - 000000000 ____D C:\Program Files\OBS
2017-11-30 12:19 - 2014-10-24 21:31 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-30 12:06 - 2017-09-08 05:42 - 000000000 ____D C:\Users\Chris\Desktop\datenbank ets
2017-11-22 17:02 - 2016-03-19 07:41 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Rsupport
2017-11-22 17:02 - 2016-02-28 15:21 - 000000000 ____D C:\Users\Chris\.android
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-01-08 16:48 - 2017-01-08 21:22 - 000000033 _____ () C:\Users\Chris\AppData\Roaming\AdobeWLCMCache.dat
2015-08-10 16:52 - 2015-05-12 17:11 - 000000034 _____ () C:\Users\Chris\AppData\Roaming\pdfdrawcodec.dll
2017-11-12 02:16 - 2017-11-12 02:17 - 000000064 _____ () C:\Users\Chris\AppData\Roaming\Sandra.ldb
2017-11-12 02:16 - 2016-02-17 23:30 - 015384576 _____ () C:\Users\Chris\AppData\Roaming\Sandra.mdb
2016-11-02 20:10 - 2016-11-02 20:10 - 000000036 ____H () C:\Users\Chris\AppData\Roaming\swk.ini
2016-08-20 22:49 - 2016-08-20 23:33 - 000002018 _____ () C:\Users\Chris\AppData\Local\installer.log
2014-10-26 17:24 - 2015-08-05 15:08 - 000000236 _____ () C:\Users\Chris\AppData\Local\LaunchHomeCenter.log
2014-11-04 20:34 - 2017-12-17 10:42 - 000007639 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
Einige Dateien in TEMP:
====================
2017-02-17 23:11 - 2017-02-17 23:13 - 429088496 _____ (AMD Inc.) C:\Users\Chris\AppData\Local\Temp\tmpBB33.exe
2017-10-30 23:16 - 2016-02-21 14:32 - 000892720 _____ () C:\Users\Chris\AppData\Local\Temp\UninstallAndyTemp.exe
2017-07-23 15:50 - 2017-07-23 15:50 - 015301888 _____ (Microsoft Corporation) C:\Users\Chris\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-12-20 19:46
==================== Ende von FRST.txt ============================
21.12.2017, 17:54
Baum-Darstellung