Windows 7: Chromesearch.club als Standardsuchmaschine lässt sich nicht abändern

knutole · 12.01.2018, 19:14

Hallo zusammen,

als ich mir vor ein paar Tagen eine Freeware herunterladen wollte, habe ich -- so dumm es klingt -- auf den falschen "Download"-Button gedrückt und in der Hektik auch eine fake.exe ausgeführt. Seitdem spinnt Google Chrome, u.a. kann ich meine Standardsuchmaschine nicht abändern (hier steht immer chromesearch.club) und ich werde durchweg auf Yahoo weitergeleitet.

Gibt es noch Hoffnung für den Rechner oder muss ich das OS komplett deinstallieren und neu draufmachen?

Die beiden Farbar-Logs habe ich im Anhang hinzugefügt.

Danke und beste Grüße,
Carsten

cosinus · 13.01.2018, 00:06

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

knutole · 15.01.2018, 20:28

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
durchgeführt von knutole (Administrator) auf WIN7PC-KNUTOLE (12-01-2018 19:11:08)
Gestartet von C:\Users\knutole\Downloads
Geladene Profile: knutole (Verfügbare Profile: knutole & Carsten)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Spotify Ltd) C:\Users\knutole\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-03-18] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4494848 2014-06-23] (Research In Motion Limited)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\Run: [Spotify Web Helper] => C:\Users\knutole\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-01-06] (Spotify Ltd)
HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\MountPoints2: {089bf005-b802-11e7-8821-0260b05b0901} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\MountPoints2: {0ec2eb30-bf65-11e3-810a-94de80bf376b} - F:\AUTORUN.EXE
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Beschränkung - Chrome <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.129.1
Tcpip\..\Interfaces\{937CDAD7-D77F-4A6F-ACA0-7C152563BE80}: [DhcpNameServer] 192.168.129.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-445157695-282835678-1020329350-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-445157695-282835678-1020329350-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {FB3EFCB0-AEF1-41A2-93F7-0DF3F88550BB} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {FB3EFCB0-AEF1-41A2-93F7-0DF3F88550BB} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-445157695-282835678-1020329350-1000 -> URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2FE19359-328E-405F-92A3-56245A5CDDD7&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-445157695-282835678-1020329350-1000 -> {4BDCAB3B-B48B-42C7-A998-F30C35C89183} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-445157695-282835678-1020329350-1000 -> {FB3EFCB0-AEF1-41A2-93F7-0DF3F88550BB} URL = hxxp://www.sm.de/?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-14] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default [2018-01-12]
FF Homepage: Mozilla\Firefox\Profiles\2broeq90.default -> hxxps://search.yahoo.com/?type=435371&fr=spigot-yhp-ff
hxxp://web.de/
FF Extension: (MEGA) - C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default\Extensions\firefox@mega.co.nz.xpi [2017-08-10] [Legacy]
FF Extension: (Reddit Enhancement Suite) - C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-08-10] [Legacy]
FF SearchPlugin: C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default\searchplugins\qipsearch.xml [2014-01-18]
FF SearchPlugin: C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default\searchplugins\search_engine.xml [2013-12-18]
FF SearchPlugin: C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default\searchplugins\yahoo_ff.xml [2015-10-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-14] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-06-24] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Not-active:"chrome-extension://dgldcllfgcheelimlbmilnkilnamlhbd/newtab.html"
CHR Profile: C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default [2018-01-12]
CHR Extension: (Docs) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Check-Weather for Chrome) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkjncelobloojfkbmendgmfgnfmbla [2018-01-07]
CHR Extension: (YouTube) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Chrome Cleaner Pro) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2018-01-07]
CHR Extension: (Google-Suche) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (All-in-One Office - New Tab) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd [2018-01-07]
CHR Extension: (Google Docs Offline) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Simple EPUB Reader) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2017-03-16]
CHR Extension: (Google Mail) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-13]
CHR Extension: (Chrome Media Router) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-16]
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-03-18] (BlackBerry Limited) [Datei ist nicht signiert]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [382312 2015-10-19] (Digital Wave Ltd.) [Datei ist nicht signiert]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [400656 2017-02-06] (EasyAntiCheat Ltd)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-12-05] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [Datei ist nicht signiert]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [Datei ist nicht signiert]
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2017-02-10] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-29] (The OpenVPN Project)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [Datei ist nicht signiert]
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-06-23] (Apple Inc.) [Datei ist nicht signiert]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1325568 2014-06-23] (Research In Motion Limited) [Datei ist nicht signiert]
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [Datei ist nicht signiert]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [24576 2014-04-15] (BlackBerry)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-09] (Disc Soft Ltd)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [92448 2015-10-21] (<Turtle Entertainment>)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-08-14] ()
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-10] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-01-12 19:05 - 2018-01-12 19:05 - 000051068 _____ C:\Users\knutole\Downloads\Addition.txt
2018-01-12 19:04 - 2018-01-12 19:11 - 000019929 _____ C:\Users\knutole\Downloads\FRST.txt
2018-01-12 19:04 - 2018-01-12 19:11 - 000000000 ____D C:\FRST
2018-01-12 19:04 - 2018-01-12 19:04 - 002393088 _____ (Farbar) C:\Users\knutole\Downloads\FRST64.exe
2018-01-12 18:54 - 2018-01-12 18:54 - 001540104 _____ (CHIP Digital GmbH) C:\Users\knutole\Downloads\HijackThis - CHIP-Installer.exe
2018-01-12 18:42 - 2018-01-12 18:42 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-12 18:42 - 2018-01-12 18:42 - 000002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-12 18:41 - 2018-01-12 18:41 - 000003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-12 18:41 - 2018-01-12 18:41 - 000003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-09 19:23 - 2018-01-09 19:23 - 000399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2018-01-09 18:29 - 2018-01-09 18:29 - 000257570 _____ C:\Users\knutole\AppData\Local\census.cache
2018-01-09 18:29 - 2018-01-09 18:29 - 000119067 _____ C:\Users\knutole\AppData\Local\ars.cache
2018-01-09 18:12 - 2018-01-09 18:12 - 002405664 _____ (Trend Micro Inc.) C:\Users\knutole\Downloads\HousecallLauncher64.exe
2018-01-09 18:12 - 2018-01-09 18:12 - 000000036 _____ C:\Users\knutole\AppData\Local\housecall.guid.cache
2018-01-09 18:10 - 2018-01-09 18:10 - 000532152 _____ C:\Users\knutole\Downloads\install-panda-activescan.exe
2018-01-07 12:34 - 2018-01-07 12:34 - 000001772 __RSH C:\ProgramData\ntuser.pol
2018-01-07 12:10 - 2015-07-18 14:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-01-07 12:09 - 2018-01-07 12:09 - 000000967 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2018-01-07 12:09 - 2018-01-07 12:09 - 000000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2018-01-07 12:08 - 2018-01-07 12:08 - 078077208 _____ (TeamSpeak Systems GmbH) C:\Users\knutole\Downloads\TeamSpeak3-Client-win64-3.1.7.exe
2018-01-07 12:00 - 2018-01-07 12:00 - 000000000 ____D C:\Users\knutole\Desktop\Warkeys-1.21.0.0b
2018-01-07 12:00 - 2018-01-07 12:00 - 000000000 ____D C:\Users\knutole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warkeys
2018-01-07 12:00 - 2018-01-07 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warkeys
2018-01-07 12:00 - 2018-01-07 12:00 - 000000000 ____D C:\Program Files (x86)\Warkeys
2018-01-06 14:33 - 2018-01-06 14:33 - 000000000 ____D C:\Users\Public\Documents\Warcraft III
2018-01-06 14:33 - 2018-01-06 14:33 - 000000000 ____D C:\Users\knutole\AppData\Local\Blizzard
2018-01-06 14:31 - 2018-01-07 12:37 - 000000000 ____D C:\Users\knutole\Documents\Warcraft III
2018-01-06 14:29 - 2018-01-06 14:29 - 000001097 _____ C:\Users\Public\Desktop\Warcraft III.lnk
2018-01-06 14:29 - 2018-01-06 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2018-01-06 14:21 - 2018-01-07 12:35 - 000000000 ____D C:\Program Files (x86)\Warcraft III
2018-01-06 14:18 - 2018-01-06 14:18 - 003382768 _____ (Blizzard Entertainment) C:\Users\knutole\Downloads\Warcraft-III-Setup.exe
2018-01-06 14:18 - 2018-01-06 14:18 - 003382768 _____ (Blizzard Entertainment) C:\Users\knutole\Downloads\Warcraft-III-Setup (1).exe
2017-12-21 21:23 - 2017-12-21 21:23 - 000116719 _____ C:\Users\knutole\Desktop\erstemalversuche.xcf
2017-12-21 21:23 - 2017-12-21 21:23 - 000000853 _____ C:\Users\knutole\AppData\Local\recently-used.xbel
2017-12-21 21:23 - 2017-12-21 21:23 - 000000000 ____D C:\Users\knutole\AppData\Local\gtk-2.0
2017-12-21 21:23 - 2017-12-21 21:23 - 000000000 ____D C:\Users\knutole\.thumbnails
2017-12-21 21:03 - 2017-12-21 21:23 - 000000000 ____D C:\Users\knutole\.gimp-2.8
2017-12-21 21:03 - 2017-12-21 21:03 - 000000000 ____D C:\Users\knutole\AppData\Local\gegl-0.2
2017-12-21 21:03 - 2017-12-21 21:03 - 000000000 ____D C:\Users\knutole\AppData\Local\fontconfig
2017-12-21 21:02 - 2017-12-21 21:02 - 000000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-12-21 21:01 - 2017-12-21 21:01 - 000000000 ____D C:\Program Files\GIMP 2
2017-12-21 20:58 - 2017-12-21 20:58 - 001540104 _____ (CHIP Digital GmbH) C:\Users\knutole\Downloads\gimp-2.8.22-setup - CHIP-Installer.exe
2017-12-21 09:13 - 2017-12-21 09:13 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-12-21 09:13 - 2017-12-21 09:13 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-12-21 09:13 - 2017-12-21 09:13 - 000000000 ____D C:\Program Files (x86)\Adobe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-01-12 18:42 - 2014-04-16 12:14 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-12 18:34 - 2009-07-14 05:45 - 000021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-12 18:34 - 2009-07-14 05:45 - 000021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-12 18:33 - 2017-01-27 18:44 - 000000000 ____D C:\Users\knutole\AppData\Roaming\Wondershare
2018-01-12 18:33 - 2017-01-27 18:44 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-01-12 18:33 - 2017-01-27 18:35 - 000000000 ____D C:\Users\knutole\.android
2018-01-12 18:29 - 2011-04-12 08:43 - 000699416 _____ C:\Windows\system32\perfh007.dat
2018-01-12 18:29 - 2011-04-12 08:43 - 000149556 _____ C:\Windows\system32\perfc007.dat
2018-01-12 18:29 - 2009-07-14 06:13 - 001620612 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-12 18:29 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-12 18:28 - 2015-01-16 12:03 - 000000000 ____D C:\Users\knutole\AppData\Local\LogMeIn Hamachi
2018-01-12 18:23 - 2017-02-06 20:22 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-01-12 18:23 - 2013-12-13 14:17 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-12 18:23 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-09 20:39 - 2016-03-29 13:37 - 000000000 ____D C:\Users\knutole\AppData\Roaming\Spotify
2018-01-09 19:29 - 2016-03-29 13:38 - 000000000 ____D C:\Users\knutole\AppData\Local\Spotify
2018-01-09 18:22 - 2016-10-20 17:05 - 000004520 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-01-09 18:22 - 2013-12-13 14:48 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 18:22 - 2013-12-13 14:48 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 18:22 - 2013-12-13 14:48 - 000004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 18:22 - 2013-12-13 14:48 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-09 18:22 - 2013-12-13 14:48 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-07 19:08 - 2015-10-20 17:39 - 000000000 ____D C:\Users\knutole\AppData\Roaming\TS3Client
2018-01-07 12:34 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-01-07 12:34 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-01-07 12:09 - 2016-10-20 17:20 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-07 12:09 - 2015-10-20 17:17 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2018-01-06 14:33 - 2015-10-12 17:03 - 000000000 ____D C:\Users\knutole\AppData\Roaming\Battle.net
2018-01-06 14:31 - 2014-04-04 10:50 - 000000000 ____D C:\Users\knutole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-12-21 21:23 - 2013-12-13 14:03 - 000000000 ____D C:\Users\knutole
2017-12-21 09:13 - 2014-12-25 19:41 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-21 09:12 - 2013-12-15 12:24 - 000000000 ____D C:\ProgramData\Adobe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2018-01-09 18:29 - 2018-01-09 18:29 - 000119067 _____ () C:\Users\knutole\AppData\Local\ars.cache
2018-01-09 18:29 - 2018-01-09 18:29 - 000257570 _____ () C:\Users\knutole\AppData\Local\census.cache
2018-01-09 18:12 - 2018-01-09 18:12 - 000000036 _____ () C:\Users\knutole\AppData\Local\housecall.guid.cache
2017-12-21 21:23 - 2017-12-21 21:23 - 000000853 _____ () C:\Users\knutole\AppData\Local\recently-used.xbel
2014-12-27 09:12 - 2014-12-27 09:13 - 000000000 _____ () C:\Users\knutole\AppData\Local\{2CE87E26-2871-444A-A0B4-619426918E18}
2014-08-19 12:51 - 2014-08-19 12:51 - 000000000 _____ () C:\Users\knutole\AppData\Local\{41F8012E-B05E-4ECD-BCD6-C32BDC628AD1}
2017-09-10 18:29 - 2017-09-10 18:29 - 000000000 _____ () C:\Users\knutole\AppData\Local\{58E66818-0071-4CEF-AE0D-E6681FD2F758}
2015-10-14 23:28 - 2015-10-14 23:28 - 000000000 _____ () C:\Users\knutole\AppData\Local\{CC0B54BC-00FF-41B0-9EB2-9895A5016B67}
2017-09-13 20:36 - 2017-09-13 20:36 - 000000000 _____ () C:\Users\knutole\AppData\Local\{F567ECC0-142D-45EF-A122-64CF154798C2}
2017-01-11 21:41 - 2017-01-11 21:41 - 000000000 _____ () C:\Users\knutole\AppData\Local\{FCB22DD5-7D23-4523-B676-D2880DFF7049}

Einige Dateien in TEMP:
====================
2014-07-11 11:06 - 2013-04-17 17:01 - 037025440 ____R (Research In Motion Ltd.                                      ) C:\Users\knutole\AppData\Local\Temp\BlackBerryDeviceManager.exe
2013-04-17 17:01 - 2013-04-17 17:01 - 002038440 ____R () C:\Users\knutole\AppData\Local\Temp\BlackBerryLauncher.exe
2017-05-26 15:39 - 2017-05-26 15:39 - 000008720 _____ () C:\Users\knutole\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2015-10-21 17:31 - 2015-10-21 17:31 - 017087392 _____ (Turtle Entertainment GmbH                                   ) C:\Users\knutole\AppData\Local\Temp\EslWireSetup-1.18.0.8101-x64.exe
2015-12-13 21:06 - 2016-01-11 17:54 - 017175184 _____ (Turtle Entertainment GmbH                                   ) C:\Users\knutole\AppData\Local\Temp\EslWireSetup-1.19.0.8185-x64.exe
2013-12-13 14:46 - 2013-12-13 14:47 - 017838984 _____ (Adobe Systems Incorporated) C:\Users\knutole\AppData\Local\Temp\fp_pl_pfs_installer.exe
2014-03-16 21:32 - 2014-03-16 21:32 - 000680520 _____ (                                                            ) C:\Users\knutole\AppData\Local\Temp\ICReinstall_sonicstage-4.3.exe
2016-01-19 22:07 - 2016-01-19 22:07 - 000644704 _____ (Oracle Corporation) C:\Users\knutole\AppData\Local\Temp\jre-8u71-windows-au.exe
2015-08-03 16:56 - 2015-08-03 16:56 - 002407368 _____ (mIRC Co. Ltd.) C:\Users\knutole\AppData\Local\Temp\mirc743.exe
2014-03-03 14:32 - 2014-03-03 14:32 - 000156063 _____ (Conduit) C:\Users\knutole\AppData\Local\Temp\nse2C2A.exe
2014-03-03 14:32 - 2014-03-03 14:32 - 000156063 _____ (Conduit) C:\Users\knutole\AppData\Local\Temp\nsk2E1F.exe
2014-03-03 14:32 - 2014-03-03 14:32 - 000156063 _____ (Conduit) C:\Users\knutole\AppData\Local\Temp\nsp473E.exe
2014-03-03 14:32 - 2014-03-03 14:32 - 000156063 _____ (Conduit) C:\Users\knutole\AppData\Local\Temp\nsz4559.exe
2012-09-06 16:06 - 2012-09-06 16:06 - 000898920 _____ (NVIDIA Corporation) C:\Users\knutole\AppData\Local\Temp\nvSCPAPI.dll
2012-09-06 16:06 - 2012-09-06 16:06 - 000354664 _____ (NVIDIA Corporation) C:\Users\knutole\AppData\Local\Temp\nvStereoApiI.dll
2012-09-06 16:06 - 2012-09-06 16:06 - 000611688 _____ (NVIDIA Corporation) C:\Users\knutole\AppData\Local\Temp\nvStInst.exe
2013-08-04 13:15 - 2013-08-04 13:15 - 000986624 _____ (TODO: <Название компании>) C:\Users\knutole\AppData\Local\Temp\PrefJsonCpp.exe
2014-03-02 21:39 - 2014-03-13 23:13 - 000918016 _____ () C:\Users\knutole\AppData\Local\Temp\Quarantine.exe
2013-12-13 14:56 - 2014-05-20 12:03 - 000192512 _____ () C:\Users\knutole\AppData\Local\Temp\sfamcc00001.dll
2013-12-13 14:56 - 2014-05-20 12:03 - 000158720 _____ () C:\Users\knutole\AppData\Local\Temp\sfareca00001.dll
2012-12-16 10:55 - 2012-12-16 10:55 - 000055296 _____ () C:\Users\knutole\AppData\Local\Temp\sfextra.dll
2013-08-04 13:15 - 2013-08-04 13:15 - 000465408 _____ () C:\Users\knutole\AppData\Local\Temp\sqlite3.exe
2015-10-20 17:17 - 2015-10-20 17:17 - 000065280 _____ () C:\Users\knutole\AppData\Local\Temp\utils.dll
2015-10-21 17:29 - 2015-10-21 17:29 - 005225304 _____ (Microsoft Corporation) C:\Users\knutole\AppData\Local\Temp\vcredist_x64.exe
2012-11-02 10:08 - 2012-11-02 10:08 - 000118784 _____ () C:\Users\knutole\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2018-01-08 18:15

==================== Ende von FRST.txt ============================

Und noch die Additions.txt

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02.01.2018
durchgeführt von knutole (12-01-2018 19:11:27)
Gestartet von C:\Users\knutole\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-12-13 13:03:56)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-445157695-282835678-1020329350-500 - Administrator - Disabled)
Carsten (S-1-5-21-445157695-282835678-1020329350-1004 - Limited - Enabled) => C:\Users\Carsten
Gast (S-1-5-21-445157695-282835678-1020329350-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-445157695-282835678-1020329350-1003 - Limited - Enabled)
knutole (S-1-5-21-445157695-282835678-1020329350-1000 - Administrator - Enabled) => C:\Users\knutole

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
µTorrent (HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoGreen B12.1220.1 (HKLM-x32\...\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) Hidden
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
BitTorrent (HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
BlackBerry Link (HKLM-x32\...\{15AFC3BA-5D41-4616-AD9A-AE5B6F52CA24}) (Version: 1.2.3.56 - BlackBerry Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.3.56 - BlackBerry Ltd.)
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Company of Heroes (HKLM-x32\...\{199E6632-EB28-4F73-AECB-3E192EB92D18}) (Version: 1.0.0.99 - THQ Inc.)
Crashday (HKLM-x32\...\{993EE844-CCD1-4401-875D-5CB9381E7F30}) (Version: 1.00.0000 - ValuSoft)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Easy Tune 6 B13.0323.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
ESL Wire 1.19.0 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
FoneCopy 1.2.30 (HKLM-x32\...\{FCC807F4-EEEC-48a8-AC29-5E1736BCF7EB}_is1) (Version: 1.2.30 - Aiseesoft Studio)
Free Screen Video Recorder (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 3.0.9.1019 - DVDVideoSoft Ltd.)
Frontschweine (HKLM-x32\...\Hogs Of War) (Version: 1.0 - Infogrames)
Ghost Recon (HKLM-x32\...\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}) (Version:  - )
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HMA! Pro VPN 2.8.19.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.19.0 - Privax Ltd)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Mechwarrior 4 Mercenaries MP 3.1 Version 0.93 (HKLM-x32\...\{0BAEFF3B-E265-42A3-ABDE-67BFEBE4E327}_is1) (Version: 0.93 - Shadows Of Empirion)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OF Dragon Rising (HKLM-x32\...\{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}) (Version: 1.00.0000 - Codemasters)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM-x32\...\{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation) Hidden
OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden
QIP 2005 8095 (HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\QIP 2005) (Version: 8095 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Star Wars JK II Jedi Outcast (HKLM-x32\...\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader HD (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.30.0000 - Firefly Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016 (HKLM-x32\...\{664FF9A8-7E44-4E17-AD40-D10E15504C49}) (Version: 1.10.016 - )
Tom Clancy's Rainbow Six 3: Iron Wrath 1.00.000 (HKLM-x32\...\{81521545-BE95-4869-92FA-CC2E276C790E}) (Version: 1.00.000 - )
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412 (HKLM-x32\...\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}) (Version: 1.60.412 - )
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.8 - Tunngle.net GmbH)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Warkeys 1.21.0.0b (HKLM-x32\...\Warkeys) (Version: 1.21.0.0b - )
Windows Phone app for desktop (HKLM-x32\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll [2012-06-18] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-02-09] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {190FCED3-6BEB-4B24-ACC0-FF78035F2816} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-10] (NVIDIA Corporation)
Task: {36A5CED0-CB9E-4D58-BFA5-77D42F3146CB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {3B67E960-B72B-42C8-95F7-E85766C1B407} - System32\Tasks\{CBB01465-5D33-45DF-8A14-82E2D4833668} => C:\Windows\system32\pcalua.exe -a "D:\Downloads\Raven Shield Complete\Raven Shield Complete\Rainbow Six - Raven Shield - Athena Sword\athena_sword_v1.00_to_v1.10_us.exe" -d "D:\Downloads\Raven Shield Complete\Raven Shield Complete\Rainbow Six - Raven Shield - Athena Sword"
Task: {3E35D73D-7675-4C08-A62A-BC3DCC0B5877} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-10] (NVIDIA Corporation)
Task: {43D02C08-32DF-404C-9953-E6E20A048943} - System32\Tasks\{850AB4BF-6DA3-44D0-B2FB-233699ACD16E} => C:\Windows\system32\pcalua.exe -a D:\Downloads\WindowsPhone.exe -d D:\Downloads
Task: {58F03C26-988A-45E0-8C1B-31226E09A3C9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-10] (NVIDIA Corporation)
Task: {820539CE-99E2-4A6E-87CB-C9BE1A2578CE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-10] (NVIDIA Corporation)
Task: {835AE009-C588-4413-ADC7-383D304AF9FC} - System32\Tasks\{98785F13-5366-414D-957B-924B86365C85} => C:\Windows\system32\pcalua.exe -a D:\Downloads\burrrn_package113.exe -d D:\Downloads
Task: {8729EF29-8DCF-4609-869D-C21BB33260F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-12] (Google Inc.)
Task: {96827AAF-DEDF-4D07-8F84-9A70A20D80A6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-10] (NVIDIA Corporation)
Task: {ACD7C5B0-E6CD-44D1-B60D-FAFECB4FF7CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {C786ED90-AD2F-4402-9C3B-623C4675E777} - System32\Tasks\{620B1700-7CF6-4FA1-A372-508B805B3D10} => C:\Windows\system32\pcalua.exe -a C:\Users\knutole\AppData\Local\Temp\dlmF30D.tmp\SonicStageInstaller.exe -d D:\Downloads <==== ACHTUNG
Task: {D309CF8F-28BA-466A-BDD1-935D388583AE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-10] (NVIDIA Corporation)
Task: {DA9BD0E6-638E-400F-A60B-C87A4B6CCA36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-12] (Google Inc.)
Task: {DCE243EB-8AE3-4662-ACA5-2D8F0FBD6B8B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {ED494C7F-0D2E-40EC-A42A-8CFB5DD86B07} - System32\Tasks\{B872D964-AE43-4BA9-A1C0-A01FF70DD883} => C:\Windows\system32\pcalua.exe -a D:\Portable_CS1.6.exe -d D:\

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-12-13 14:17 - 2017-02-09 23:57 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-21 17:31 - 2013-12-05 21:06 - 000663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2015-10-21 17:31 - 2014-10-14 19:33 - 000214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 004489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 000418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-06-24 09:37 - 2014-06-24 09:37 - 000661752 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
2018-01-12 18:42 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-12 18:42 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-09 18:22 - 2018-01-09 18:22 - 031240192 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer64_28_0_0_137.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 000900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 003774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2018-01-12 19:01 - 000000864 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-445157695-282835678-1020329350-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\knutole\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.129.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: BlackBerry Device Manager => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: BlackBerryLink.exe => "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: ESL Wire => "C:\Program Files\EslWire\wire.exe" --tray
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: RIM PeerManager => "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Spotify => "C:\Users\knutole\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\knutole\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{4C9BE8CB-A062-4B94-8366-14811323668D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C10170C9-7600-4E09-A99A-9CC9D97B378A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{F2E6C3FE-CA6C-4CF0-BA53-5E4FE6E1B5B6}C:\program files (x86)\mektek.net\mtx\mtx.exe] => (Allow) C:\program files (x86)\mektek.net\mtx\mtx.exe
FirewallRules: [UDP Query User{4478CE48-E07D-42D1-BAAD-0E1E4617646E}C:\program files (x86)\mektek.net\mtx\mtx.exe] => (Allow) C:\program files (x86)\mektek.net\mtx\mtx.exe
FirewallRules: [TCP Query User{74DB0FED-BB56-4F01-AFCB-77AA61BF539C}D:\downloads\mechwarrior4mercenaries.all.to.51.03.01.0017\base\mw4mercs.exe] => (Allow) D:\downloads\mechwarrior4mercenaries.all.to.51.03.01.0017\base\mw4mercs.exe
FirewallRules: [UDP Query User{572B9EA5-F453-4883-BC5A-FC754B719885}D:\downloads\mechwarrior4mercenaries.all.to.51.03.01.0017\base\mw4mercs.exe] => (Allow) D:\downloads\mechwarrior4mercenaries.all.to.51.03.01.0017\base\mw4mercs.exe
FirewallRules: [TCP Query User{061047A3-6E52-485D-8AE7-90671F9A6DF3}C:\program files (x86)\mechwarrior 4 mercenaries mp 3.1\mw4mercs.exe] => (Allow) C:\program files (x86)\mechwarrior 4 mercenaries mp 3.1\mw4mercs.exe
FirewallRules: [UDP Query User{18D33E71-D28E-48D2-92AD-4BDA991115AD}C:\program files (x86)\mechwarrior 4 mercenaries mp 3.1\mw4mercs.exe] => (Allow) C:\program files (x86)\mechwarrior 4 mercenaries mp 3.1\mw4mercs.exe
FirewallRules: [TCP Query User{3C5E6444-F2B8-4C69-A8AA-AD59B84E5072}C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe] => (Allow) C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe
FirewallRules: [UDP Query User{74630301-5606-4290-BE44-565C265BF462}C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe] => (Allow) C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe
FirewallRules: [{0131D24E-7F07-4026-96BA-66E360244308}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{6BAB17CA-F5F9-4372-9CDB-DA751A290884}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [TCP Query User{1AB1C7E3-B252-41B0-82C9-5B5F17C60CBD}C:\program files (x86)\valusoft\crashday\crashday.exe] => (Allow) C:\program files (x86)\valusoft\crashday\crashday.exe
FirewallRules: [UDP Query User{870025AD-900E-4ABE-993E-1F607D45CC39}C:\program files (x86)\valusoft\crashday\crashday.exe] => (Allow) C:\program files (x86)\valusoft\crashday\crashday.exe
FirewallRules: [TCP Query User{A56080B8-4526-4743-91AB-4BDA7AF7244A}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{2422C2E6-60AF-4A01-825E-99DB686A666B}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{FD61FB09-8358-48C3-A661-72ECF95F0E2E}C:\program files (x86)\red storm entertainment\ravenshield\system\ucc.exe] => (Allow) C:\program files (x86)\red storm entertainment\ravenshield\system\ucc.exe
FirewallRules: [UDP Query User{A25CB4E9-E372-4F50-9A56-524EABB7A83F}C:\program files (x86)\red storm entertainment\ravenshield\system\ucc.exe] => (Allow) C:\program files (x86)\red storm entertainment\ravenshield\system\ucc.exe
FirewallRules: [TCP Query User{BC274844-149D-4B2C-BCD7-ABED857FC7A0}C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe] => (Allow) C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe
FirewallRules: [UDP Query User{89AD32D6-7107-4937-980B-B6ED7C9942D1}C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe] => (Allow) C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe
FirewallRules: [{78AB6718-7B3F-4CE3-AFE1-63E545247E3C}] => (Allow) C:\Program Files (x86)\Codemasters\OF Dragon Rising\OFDR.exe
FirewallRules: [{B8EB37FB-6860-4086-A1E3-6EDA5C0BC3AE}] => (Allow) C:\Program Files (x86)\Codemasters\OF Dragon Rising\OFDR.exe
FirewallRules: [{7B49855E-5D3C-40F0-8755-0FA8441F88C7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FE5FCB73-F1C6-4617-903C-B33B09D7510E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8708900F-DF84-4E36-97BD-3226FCCC26C2}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
FirewallRules: [{07B0CADB-B7E2-43EA-A33A-1F91672369A0}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
FirewallRules: [{05E9B150-35FD-4D47-ADCF-754D05298C63}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
FirewallRules: [{B272F5AD-681D-4DB3-AF0C-13A9763E5BD5}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
FirewallRules: [{7BDF80F0-0574-45F6-A1B1-237BB10F9709}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
FirewallRules: [{3A6232C6-2B47-4096-9370-6A748EF11685}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
FirewallRules: [{D331B52A-C312-446C-8DC5-503510A524CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20313F89-EC5B-43A1-AB2C-B3D6C8ABB548}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2FDE0A04-F9A0-4DB5-87DB-F74C0D0B5724}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe] => (Allow) C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe
FirewallRules: [UDP Query User{91F4C114-1248-454F-8A47-FAAC23869272}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe] => (Allow) C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe
FirewallRules: [TCP Query User{D219A2AF-9667-49DA-9F28-6D6A7DCB08CE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{C07A1555-7290-4E47-9E4D-7631C0D0F45F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{A3495EE0-B161-495E-B658-B7DBE656D154}C:\program files (x86)\codemasters\of dragon rising\ofdr.exe] => (Allow) C:\program files (x86)\codemasters\of dragon rising\ofdr.exe
FirewallRules: [UDP Query User{AD965414-1B64-42A0-B81E-6B6E3A5177FC}C:\program files (x86)\codemasters\of dragon rising\ofdr.exe] => (Allow) C:\program files (x86)\codemasters\of dragon rising\ofdr.exe
FirewallRules: [TCP Query User{FDCF1E5D-92E0-4274-BE94-3239D2EA78F7}F:\warhogs.exe] => (Allow) F:\warhogs.exe
FirewallRules: [UDP Query User{34895D84-A2F7-4CC5-BA98-68AC4CEBDA08}F:\warhogs.exe] => (Allow) F:\warhogs.exe
FirewallRules: [TCP Query User{CAD183E6-1AB1-47D4-BE80-9584BF5FE7B4}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe] => (Allow) C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe
FirewallRules: [UDP Query User{9202B4CE-21E5-4903-90E7-AA996305EC46}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe] => (Allow) C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe
FirewallRules: [TCP Query User{3F79AB65-6703-4BDD-A6A4-EC4C776E3052}C:\users\knutole\appdata\local\temp\rarsfx0\hl.exe] => (Allow) C:\users\knutole\appdata\local\temp\rarsfx0\hl.exe
FirewallRules: [UDP Query User{C7978ED9-E1E9-4800-BB6F-07B8C2DAD08A}C:\users\knutole\appdata\local\temp\rarsfx0\hl.exe] => (Allow) C:\users\knutole\appdata\local\temp\rarsfx0\hl.exe
FirewallRules: [{7F3BC2D4-5E4A-4E22-9F52-97C7D09A9205}] => (Allow) C:\Users\knutole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED76D437-35D8-46E0-9704-D0453E435D09}] => (Allow) C:\Users\knutole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8D248946-204B-4B8F-907B-73EB2E4BB4AD}] => (Allow) C:\Users\knutole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3F54D96-1C55-4329-B4BC-E26F5EA9A040}] => (Allow) C:\Users\knutole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5EF4741-1A15-4993-8485-DD159FC70EC9}] => (Allow) C:\Users\knutole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{041E9733-5CE8-487B-9DC1-F5DCD74690E9}] => (Allow) C:\Users\knutole\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FAA49143-FBD1-4E5A-A059-15FD1720A23A}] => (Allow) C:\Users\knutole\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{73901BAC-BC81-4A15-8E97-6B293E3E2A11}] => (Allow) C:\Users\knutole\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{C84EA2D8-34C9-433D-849F-A57374B3728F}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{DEF782F6-537A-44D0-8671-52E7D34BCF1A}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{2ABB4DFC-2BF3-4F5F-9DE5-588E838DF977}] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{A83E3F30-37C7-4641-B8E7-571AAFA532D0}] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{C8182CC0-D7AE-44EC-8501-9A5A65C09DAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{EDD034DC-1561-4988-AE9E-3A509D717E8A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{782D4165-2359-4764-BC60-45CAF637A636}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{D612C11A-F41D-40B0-98D3-6573AA285B19}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{654A30D0-92EE-4684-9E67-EE4E4F6E7A2F}] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{C7CF0D05-5D67-4486-9520-EE173C3B7754}] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{20772DD3-486A-4D10-9D13-548A353FFEB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F3AFF1EA-BACB-48CA-A588-F43CAA10C4DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E3547D58-D46F-40AF-8033-C644B24C1B1D}] => (Allow) C:\Program Files\EslWire\wire.exe
FirewallRules: [{A7AC9B35-D243-4091-A696-B5184F1B4219}] => (Allow) C:\Program Files\EslWire\wire.exe
FirewallRules: [{20089071-782A-491A-A27A-4FF0663AEF84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2016\fm.exe
FirewallRules: [{BE69453D-BD98-4169-9496-BA4700C18F33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2016\fm.exe
FirewallRules: [TCP Query User{B0BDACBF-615C-4748-89D9-4269734026D2}C:\users\knutole\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\knutole\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{13EFCB00-C2A1-4533-BDF0-B05DCD79B714}C:\users\knutole\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\knutole\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5D3ADE7D-1FEA-4375-9731-85D08FF0C7D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{9FB19420-EABB-4F6F-9005-8FCD4486F537}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{41DBEC1D-2ACF-43B3-BCA0-1A491187FF04}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942\bf1942.exe
FirewallRules: [UDP Query User{11034E75-843E-4253-8F6D-53E16D5ACD4D}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942\bf1942.exe
FirewallRules: [{37C5661D-B202-4301-B4FF-A963F0162881}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7274C195-CB22-4F8F-B945-3D33F64CDE09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C9013E9E-4324-4F40-89FA-048E808E9B03}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{EE7BA8A0-90E9-494C-95E4-ABC0046531FB}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E82B754D-8A37-4F18-8A92-3A18DD40EA61}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{4A1CF26A-BEB4-4741-8933-D89C0F0ED215}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{97C7653C-D279-488B-8C00-D788E59AE279}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{17F0E33B-3EC7-4473-91B7-8038603D3AEE}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{BB06A1BB-E8ED-4617-A73C-32C779C5ADDD}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{343B43BB-FE30-49AA-B009-F68B50E4916E}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{32E06E8D-045B-4D96-958F-4B66DACE7154}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{D36BDCFC-5A1A-419E-8F96-C2D0645AB299}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{AD221300-BB2C-40E4-BDEC-801FACB7E6E5}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{315683CA-DC88-4C58-A742-5B6F847C0CE6}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{D5042CEA-99C7-46C6-A5D1-9D70F77730B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{F7A0AF32-6029-4047-92DA-30C567B21401}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{0CCB4B8B-6D42-4B98-84CB-627F06D74CD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{EA877B19-B11D-4326-A8AD-37993F3DCED1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4642B7AE-6BFE-4EFD-97C9-99D53FE3A928}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{22B283EB-FD87-400D-9834-DD913371AB4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EF2D7C20-16D3-4658-9D78-D724E391DA0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{963EA253-501A-4385-86FA-EB6E3BD3F853}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{281BEB67-6934-4EC5-9743-7BE12DCBAE95}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{19712C30-FA90-4FA4-B1E8-3578AC9B150E}C:\program files (x86)\ea games\battlefield 1942_10\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942_10\bf1942.exe
FirewallRules: [UDP Query User{A00664AE-5D77-4D8C-BBF0-044149870A74}C:\program files (x86)\ea games\battlefield 1942_10\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942_10\bf1942.exe
FirewallRules: [{E44322D2-05CD-457E-A9F5-C47D2A837326}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{08F4E797-3574-4873-9970-9610EF37D6DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{3B145F7A-DC4A-4D3B-A2DF-D0F0B756BD4B}C:\users\knutole\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\knutole\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6E4CBA34-A339-4BB9-9F3C-582482CEEA0A}C:\users\knutole\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\knutole\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BC7B9277-30F8-43A5-B667-7FB5FB8D9D35}C:\program files (x86)\warcraft iii\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [UDP Query User{0E5ADBBA-2AD9-4CA3-97CC-E8834CB9A13E}C:\program files (x86)\warcraft iii\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [{1CB723D2-CF44-403A-A078-9FFF4E1548F0}] => (Block) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [{E1DA2C9C-4B56-4112-9CF1-DB21120C1B27}] => (Block) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [{09063ED3-85BA-4ED0-A4C9-490F02F404A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

27-11-2017 19:11:06 Geplanter Prüfpunkt
04-12-2017 19:49:42 Geplanter Prüfpunkt
14-12-2017 19:41:41 Geplanter Prüfpunkt
03-01-2018 17:46:08 Geplanter Prüfpunkt
07-01-2018 12:09:34 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
07-01-2018 12:10:14 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/12/2018 06:28:05 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_BA81F050A36C1066_B1364E53D8AA58A8._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/12/2018 06:26:55 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_8C871C872C79DFC7_157F4150A47F074D._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/12/2018 06:26:55 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(3e78f260ebcdf1d28c5ddc6d19a1b7._tunnel._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/12/2018 06:25:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (01/11/2018 06:26:13 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_B27FF18F66611730_8E9B42383043DB8D._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/11/2018 06:24:29 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_596DD8B9947E54CF_D2648E2971084ACC._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/11/2018 06:24:29 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(2519755546cffef961f24106cc18ff._tunnel._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/11/2018 06:23:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (01/09/2018 07:29:41 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_79E95E4C31AEE475_6548822EF29767DD._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/09/2018 07:27:28 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_CEFEF54551C402C6_89C336FCC65755D8._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.


Systemfehler:
=============
Error: (01/12/2018 06:24:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wondershare Application Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (01/12/2018 06:24:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Wondershare Application Framework Service erreicht.

Error: (01/12/2018 06:23:24 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (01/11/2018 06:37:49 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Die Abstandserkennung war aufgrund des unbekannten Fehlers "0x80004004" nicht erfolgreich. Die beste erkannte Abstandszeit betrug -1 Millisekunden.

Error: (01/09/2018 06:02:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Wondershare Application Framework Service" wurde nicht richtig gestartet.

Error: (01/08/2018 05:54:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Wondershare Application Framework Service" wurde nicht richtig gestartet.

Error: (01/07/2018 12:42:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎07.‎01.‎2018 um 12:41:22 unerwartet heruntergefahren.

Error: (01/07/2018 10:32:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Wondershare Application Framework Service" wurde nicht richtig gestartet.

Error: (01/06/2018 12:21:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wondershare Application Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (01/06/2018 12:21:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Wondershare Application Framework Service erreicht.


CodeIntegrity:
===================================
  Date: 2012-09-01 08:22:19.032
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 08:17:58.055
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 08:17:57.977
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 08:17:57.914
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 08:17:57.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 07:52:31.774
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 00:18:38.709
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 00:12:10.453
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 00:08:14.294
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 00:01:42.723
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: AMD FX(tm)-6300 Six-Core Processor 
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 8156.66 MB
Verfügbarer physikalischer RAM: 5734.96 MB
Summe virtueller Speicher: 16311.51 MB
Verfügbarer virtueller Speicher: 13729.4 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:439.45 GB) (Free:190.69 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:492.05 GB) (Free:408.74 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 20D820D8)
Partition 1: (Active) - (Size=439.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=492 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

Danke für die Hilfe!

cosinus · 15.01.2018, 22:04

Da muss erstmal alter Schrott bzw unnötiger Krempel weg:

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

7-Zip 9.20 (x64 edition)

µTorrent

Adobe Acrobat Reader DC - Deutsch

Adobe Acrobat Reader DC - Deutsch

BitTorrent

DAEMON Tools Lite

IrfanView (remove only)

Java 8 Update 25

McAfee Security Scan Plus

Mozilla Firefox 41.0.2 (x86 de)

Notepad++

OpenOffice 4.1.3

VLC media player 2.1.2

WinRAR 5.01 (64-bit)
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

knutole · 29.01.2018, 19:11

Hallo,

danke für deine Rückmeldung. Habe wie von dir angewiesen die entsprechenden Programme gelöscht. Anbei die zwei neuen Logs. Wie geht es jetzt weiter?

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
durchgeführt von knutole (Administrator) auf WIN7PC-KNUTOLE (29-01-2018 19:09:44)
Gestartet von C:\Users\knutole\Downloads
Geladene Profile: knutole (Verfügbare Profile: knutole & Carsten)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\knutole\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Spotify Ltd) C:\Users\knutole\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\knutole\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\knutole\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\knutole\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-03-18] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4494848 2014-06-23] (Research In Motion Limited)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\Run: [Spotify Web Helper] => C:\Users\knutole\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-01-29] (Spotify Ltd)
HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\MountPoints2: {089bf005-b802-11e7-8821-0260b05b0901} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\MountPoints2: {0ec2eb30-bf65-11e3-810a-94de80bf376b} - F:\AUTORUN.EXE
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei
GroupPolicy: Beschränkung - Chrome <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.129.1
Tcpip\..\Interfaces\{937CDAD7-D77F-4A6F-ACA0-7C152563BE80}: [DhcpNameServer] 192.168.129.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-445157695-282835678-1020329350-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-445157695-282835678-1020329350-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {FB3EFCB0-AEF1-41A2-93F7-0DF3F88550BB} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {FB3EFCB0-AEF1-41A2-93F7-0DF3F88550BB} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-445157695-282835678-1020329350-1000 -> URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2FE19359-328E-405F-92A3-56245A5CDDD7&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-445157695-282835678-1020329350-1000 -> {4BDCAB3B-B48B-42C7-A998-F30C35C89183} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-445157695-282835678-1020329350-1000 -> {FB3EFCB0-AEF1-41A2-93F7-0DF3F88550BB} URL = hxxp://www.sm.de/?q={searchTerms}

FireFox:
========
FF ProfilePath: C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default [2018-01-25]
FF Homepage: Mozilla\Firefox\Profiles\2broeq90.default -> hxxps://search.yahoo.com/?type=435371&fr=spigot-yhp-ff
hxxp://web.de/
FF Extension: (MEGA) - C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default\Extensions\firefox@mega.co.nz.xpi [2017-08-10] [Legacy]
FF Extension: (Reddit Enhancement Suite) - C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-08-10] [Legacy]
FF SearchPlugin: C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default\searchplugins\qipsearch.xml [2014-01-18]
FF SearchPlugin: C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default\searchplugins\search_engine.xml [2013-12-18]
FF SearchPlugin: C:\Users\knutole\AppData\Roaming\Mozilla\Firefox\Profiles\2broeq90.default\searchplugins\yahoo_ff.xml [2015-10-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-06-24] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-12] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Not-active:"chrome-extension://dgldcllfgcheelimlbmilnkilnamlhbd/newtab.html"
CHR Profile: C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default [2018-01-29]
CHR Extension: (Docs) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Check-Weather for Chrome) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkjncelobloojfkbmendgmfgnfmbla [2018-01-07]
CHR Extension: (YouTube) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Chrome Cleaner Pro) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2018-01-07]
CHR Extension: (Google-Suche) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (All-in-One Office - New Tab) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd [2018-01-07]
CHR Extension: (Google Docs Offline) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Simple EPUB Reader) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2017-03-16]
CHR Extension: (Google Mail) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-13]
CHR Extension: (Chrome Media Router) - C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-16]
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-03-18] (BlackBerry Limited) [Datei ist nicht signiert]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [382312 2015-10-19] (Digital Wave Ltd.) [Datei ist nicht signiert]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [400656 2017-02-06] (EasyAntiCheat Ltd)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-12-05] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [Datei ist nicht signiert]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [Datei ist nicht signiert]
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2017-02-10] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-29] (The OpenVPN Project)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [Datei ist nicht signiert]
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-06-23] (Apple Inc.) [Datei ist nicht signiert]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1325568 2014-06-23] (Research In Motion Limited) [Datei ist nicht signiert]
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [Datei ist nicht signiert]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [24576 2014-04-15] (BlackBerry)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [92448 2015-10-21] (<Turtle Entertainment>)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-08-14] ()
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-10] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-01-29 19:09 - 2018-01-29 19:09 - 000000000 ____D C:\Users\knutole\Downloads\FRST-OlderVersion
2018-01-29 18:57 - 2018-01-29 18:57 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-01-29 18:57 - 2018-01-29 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-01-29 18:57 - 2018-01-29 18:57 - 000000000 ____D C:\Program Files\VS Revo Group
2018-01-29 18:56 - 2018-01-29 18:56 - 007189760 _____ (VS Revo Group ) C:\Users\knutole\Downloads\revo204setup.exe
2018-01-15 20:26 - 2018-01-15 20:26 - 000040219 _____ C:\Users\knutole\Downloads\FRST (1).txt
2018-01-12 19:05 - 2018-01-15 20:28 - 000051070 _____ C:\Users\knutole\Downloads\Addition.txt
2018-01-12 19:04 - 2018-01-29 19:10 - 000018373 _____ C:\Users\knutole\Downloads\FRST.txt
2018-01-12 19:04 - 2018-01-29 19:09 - 002393088 _____ (Farbar) C:\Users\knutole\Downloads\FRST64.exe
2018-01-12 19:04 - 2018-01-29 19:09 - 000000000 ____D C:\FRST
2018-01-12 18:54 - 2018-01-12 18:54 - 001540104 _____ (CHIP Digital GmbH) C:\Users\knutole\Downloads\HijackThis - CHIP-Installer.exe
2018-01-12 18:42 - 2018-01-12 18:42 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-12 18:42 - 2018-01-12 18:42 - 000002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-12 18:41 - 2018-01-12 18:41 - 000003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-12 18:41 - 2018-01-12 18:41 - 000003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-09 19:23 - 2018-01-09 19:23 - 000399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2018-01-09 18:29 - 2018-01-09 18:29 - 000257570 _____ C:\Users\knutole\AppData\Local\census.cache
2018-01-09 18:29 - 2018-01-09 18:29 - 000119067 _____ C:\Users\knutole\AppData\Local\ars.cache
2018-01-09 18:12 - 2018-01-09 18:12 - 002405664 _____ (Trend Micro Inc.) C:\Users\knutole\Downloads\HousecallLauncher64.exe
2018-01-09 18:12 - 2018-01-09 18:12 - 000000036 _____ C:\Users\knutole\AppData\Local\housecall.guid.cache
2018-01-09 18:10 - 2018-01-09 18:10 - 000532152 _____ C:\Users\knutole\Downloads\install-panda-activescan.exe
2018-01-07 12:34 - 2018-01-07 12:34 - 000001772 __RSH C:\ProgramData\ntuser.pol
2018-01-07 12:10 - 2015-07-18 14:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-01-07 12:10 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-01-07 12:09 - 2018-01-07 12:09 - 000000967 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2018-01-07 12:09 - 2018-01-07 12:09 - 000000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2018-01-07 12:08 - 2018-01-07 12:08 - 078077208 _____ (TeamSpeak Systems GmbH) C:\Users\knutole\Downloads\TeamSpeak3-Client-win64-3.1.7.exe
2018-01-07 12:00 - 2018-01-07 12:00 - 000000000 ____D C:\Users\knutole\Desktop\Warkeys-1.21.0.0b
2018-01-07 12:00 - 2018-01-07 12:00 - 000000000 ____D C:\Users\knutole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warkeys
2018-01-07 12:00 - 2018-01-07 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warkeys
2018-01-07 12:00 - 2018-01-07 12:00 - 000000000 ____D C:\Program Files (x86)\Warkeys
2018-01-06 14:33 - 2018-01-06 14:33 - 000000000 ____D C:\Users\Public\Documents\Warcraft III
2018-01-06 14:33 - 2018-01-06 14:33 - 000000000 ____D C:\Users\knutole\AppData\Local\Blizzard
2018-01-06 14:31 - 2018-01-07 12:37 - 000000000 ____D C:\Users\knutole\Documents\Warcraft III
2018-01-06 14:29 - 2018-01-06 14:29 - 000001097 _____ C:\Users\Public\Desktop\Warcraft III.lnk
2018-01-06 14:29 - 2018-01-06 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2018-01-06 14:21 - 2018-01-07 12:35 - 000000000 ____D C:\Program Files (x86)\Warcraft III
2018-01-06 14:18 - 2018-01-06 14:18 - 003382768 _____ (Blizzard Entertainment) C:\Users\knutole\Downloads\Warcraft-III-Setup.exe
2018-01-06 14:18 - 2018-01-06 14:18 - 003382768 _____ (Blizzard Entertainment) C:\Users\knutole\Downloads\Warcraft-III-Setup (1).exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-01-29 19:05 - 2016-03-29 13:37 - 000000000 ____D C:\Users\knutole\AppData\Roaming\Spotify
2018-01-29 19:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-29 18:57 - 2009-07-14 05:45 - 000021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-29 18:57 - 2009-07-14 05:45 - 000021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-29 18:55 - 2011-04-12 08:43 - 000699416 _____ C:\Windows\system32\perfh007.dat
2018-01-29 18:55 - 2011-04-12 08:43 - 000149556 _____ C:\Windows\system32\perfc007.dat
2018-01-29 18:55 - 2009-07-14 06:13 - 001620612 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-29 18:54 - 2016-03-29 13:38 - 000000000 ____D C:\Users\knutole\AppData\Local\Spotify
2018-01-29 18:54 - 2015-01-16 12:03 - 000000000 ____D C:\Users\knutole\AppData\Local\LogMeIn Hamachi
2018-01-29 18:49 - 2017-02-06 20:22 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-01-29 18:49 - 2013-12-13 14:17 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-29 18:49 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-12 19:13 - 2017-03-03 22:35 - 000000000 ____D C:\Users\knutole\AppData\Local\CrashDumps
2018-01-12 19:13 - 2013-12-13 14:47 - 000000000 ____D C:\Users\knutole\AppData\Local\Adobe
2018-01-12 18:42 - 2014-04-16 12:14 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-12 18:33 - 2017-01-27 18:44 - 000000000 ____D C:\Users\knutole\AppData\Roaming\Wondershare
2018-01-12 18:33 - 2017-01-27 18:44 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-01-12 18:33 - 2017-01-27 18:35 - 000000000 ____D C:\Users\knutole\.android
2018-01-09 18:22 - 2016-10-20 17:05 - 000004520 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-01-09 18:22 - 2013-12-13 14:48 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 18:22 - 2013-12-13 14:48 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 18:22 - 2013-12-13 14:48 - 000004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 18:22 - 2013-12-13 14:48 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-09 18:22 - 2013-12-13 14:48 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-07 19:08 - 2015-10-20 17:39 - 000000000 ____D C:\Users\knutole\AppData\Roaming\TS3Client
2018-01-07 12:34 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-01-07 12:34 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-01-07 12:09 - 2016-10-20 17:20 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-07 12:09 - 2015-10-20 17:17 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2018-01-06 14:33 - 2015-10-12 17:03 - 000000000 ____D C:\Users\knutole\AppData\Roaming\Battle.net
2018-01-06 14:31 - 2014-04-04 10:50 - 000000000 ____D C:\Users\knutole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2018-01-09 18:29 - 2018-01-09 18:29 - 000119067 _____ () C:\Users\knutole\AppData\Local\ars.cache
2018-01-09 18:29 - 2018-01-09 18:29 - 000257570 _____ () C:\Users\knutole\AppData\Local\census.cache
2018-01-09 18:12 - 2018-01-09 18:12 - 000000036 _____ () C:\Users\knutole\AppData\Local\housecall.guid.cache
2017-12-21 21:23 - 2017-12-21 21:23 - 000000853 _____ () C:\Users\knutole\AppData\Local\recently-used.xbel
2014-12-27 09:12 - 2014-12-27 09:13 - 000000000 _____ () C:\Users\knutole\AppData\Local\{2CE87E26-2871-444A-A0B4-619426918E18}
2014-08-19 12:51 - 2014-08-19 12:51 - 000000000 _____ () C:\Users\knutole\AppData\Local\{41F8012E-B05E-4ECD-BCD6-C32BDC628AD1}
2017-09-10 18:29 - 2017-09-10 18:29 - 000000000 _____ () C:\Users\knutole\AppData\Local\{58E66818-0071-4CEF-AE0D-E6681FD2F758}
2015-10-14 23:28 - 2015-10-14 23:28 - 000000000 _____ () C:\Users\knutole\AppData\Local\{CC0B54BC-00FF-41B0-9EB2-9895A5016B67}
2017-09-13 20:36 - 2017-09-13 20:36 - 000000000 _____ () C:\Users\knutole\AppData\Local\{F567ECC0-142D-45EF-A122-64CF154798C2}
2017-01-11 21:41 - 2017-01-11 21:41 - 000000000 _____ () C:\Users\knutole\AppData\Local\{FCB22DD5-7D23-4523-B676-D2880DFF7049}

Einige Dateien in TEMP:
====================
2014-07-11 11:06 - 2013-04-17 17:01 - 037025440 ____R (Research In Motion Ltd.                                      ) C:\Users\knutole\AppData\Local\Temp\BlackBerryDeviceManager.exe
2013-04-17 17:01 - 2013-04-17 17:01 - 002038440 ____R () C:\Users\knutole\AppData\Local\Temp\BlackBerryLauncher.exe
2017-05-26 15:39 - 2017-05-26 15:39 - 000008720 _____ () C:\Users\knutole\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2015-10-21 17:31 - 2015-10-21 17:31 - 017087392 _____ (Turtle Entertainment GmbH                                   ) C:\Users\knutole\AppData\Local\Temp\EslWireSetup-1.18.0.8101-x64.exe
2015-12-13 21:06 - 2016-01-11 17:54 - 017175184 _____ (Turtle Entertainment GmbH                                   ) C:\Users\knutole\AppData\Local\Temp\EslWireSetup-1.19.0.8185-x64.exe
2013-12-13 14:46 - 2013-12-13 14:47 - 017838984 _____ (Adobe Systems Incorporated) C:\Users\knutole\AppData\Local\Temp\fp_pl_pfs_installer.exe
2014-03-16 21:32 - 2014-03-16 21:32 - 000680520 _____ (                                                            ) C:\Users\knutole\AppData\Local\Temp\ICReinstall_sonicstage-4.3.exe
2018-01-29 19:03 - 2014-01-14 21:24 - 000038056 _____ (Irfan Skiljan, IrfanView) C:\Users\knutole\AppData\Local\Temp\iv_uninstall.exe
2016-01-19 22:07 - 2016-01-19 22:07 - 000644704 _____ (Oracle Corporation) C:\Users\knutole\AppData\Local\Temp\jre-8u71-windows-au.exe
2015-08-03 16:56 - 2015-08-03 16:56 - 002407368 _____ (mIRC Co. Ltd.) C:\Users\knutole\AppData\Local\Temp\mirc743.exe
2014-03-03 14:32 - 2014-03-03 14:32 - 000156063 _____ (Conduit) C:\Users\knutole\AppData\Local\Temp\nse2C2A.exe
2014-03-03 14:32 - 2014-03-03 14:32 - 000156063 _____ (Conduit) C:\Users\knutole\AppData\Local\Temp\nsk2E1F.exe
2014-03-03 14:32 - 2014-03-03 14:32 - 000156063 _____ (Conduit) C:\Users\knutole\AppData\Local\Temp\nsp473E.exe
2014-03-03 14:32 - 2014-03-03 14:32 - 000156063 _____ (Conduit) C:\Users\knutole\AppData\Local\Temp\nsz4559.exe
2012-09-06 16:06 - 2012-09-06 16:06 - 000898920 _____ (NVIDIA Corporation) C:\Users\knutole\AppData\Local\Temp\nvSCPAPI.dll
2012-09-06 16:06 - 2012-09-06 16:06 - 000354664 _____ (NVIDIA Corporation) C:\Users\knutole\AppData\Local\Temp\nvStereoApiI.dll
2012-09-06 16:06 - 2012-09-06 16:06 - 000611688 _____ (NVIDIA Corporation) C:\Users\knutole\AppData\Local\Temp\nvStInst.exe
2013-08-04 13:15 - 2013-08-04 13:15 - 000986624 _____ (TODO: <Название компании>) C:\Users\knutole\AppData\Local\Temp\PrefJsonCpp.exe
2014-03-02 21:39 - 2014-03-13 23:13 - 000918016 _____ () C:\Users\knutole\AppData\Local\Temp\Quarantine.exe
2013-12-13 14:56 - 2014-05-20 12:03 - 000192512 _____ () C:\Users\knutole\AppData\Local\Temp\sfamcc00001.dll
2013-12-13 14:56 - 2014-05-20 12:03 - 000158720 _____ () C:\Users\knutole\AppData\Local\Temp\sfareca00001.dll
2012-12-16 10:55 - 2012-12-16 10:55 - 000055296 _____ () C:\Users\knutole\AppData\Local\Temp\sfextra.dll
2013-08-04 13:15 - 2013-08-04 13:15 - 000465408 _____ () C:\Users\knutole\AppData\Local\Temp\sqlite3.exe
2015-10-20 17:17 - 2015-10-20 17:17 - 000065280 _____ () C:\Users\knutole\AppData\Local\Temp\utils.dll
2015-10-21 17:29 - 2015-10-21 17:29 - 005225304 _____ (Microsoft Corporation) C:\Users\knutole\AppData\Local\Temp\vcredist_x64.exe
2012-11-02 10:08 - 2012-11-02 10:08 - 000118784 _____ () C:\Users\knutole\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2018-01-28 10:53

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27.01.2018
durchgeführt von knutole (29-01-2018 19:10:18)
Gestartet von C:\Users\knutole\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-12-13 13:03:56)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-445157695-282835678-1020329350-500 - Administrator - Disabled)
Carsten (S-1-5-21-445157695-282835678-1020329350-1004 - Limited - Enabled) => C:\Users\Carsten
Gast (S-1-5-21-445157695-282835678-1020329350-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-445157695-282835678-1020329350-1003 - Limited - Enabled)
knutole (S-1-5-21-445157695-282835678-1020329350-1000 - Administrator - Enabled) => C:\Users\knutole

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoGreen B12.1220.1 (HKLM-x32\...\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) Hidden
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
BlackBerry Link (HKLM-x32\...\{15AFC3BA-5D41-4616-AD9A-AE5B6F52CA24}) (Version: 1.2.3.56 - BlackBerry Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.3.56 - BlackBerry Ltd.)
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Company of Heroes (HKLM-x32\...\{199E6632-EB28-4F73-AECB-3E192EB92D18}) (Version: 1.0.0.99 - THQ Inc.)
Crashday (HKLM-x32\...\{993EE844-CCD1-4401-875D-5CB9381E7F30}) (Version: 1.00.0000 - ValuSoft)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Easy Tune 6 B13.0323.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
ESL Wire 1.19.0 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
FoneCopy 1.2.30 (HKLM-x32\...\{FCC807F4-EEEC-48a8-AC29-5E1736BCF7EB}_is1) (Version: 1.2.30 - Aiseesoft Studio)
Free Screen Video Recorder (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 3.0.9.1019 - DVDVideoSoft Ltd.)
Frontschweine (HKLM-x32\...\Hogs Of War) (Version: 1.0 - Infogrames)
Ghost Recon (HKLM-x32\...\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}) (Version:  - )
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HMA! Pro VPN 2.8.19.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.19.0 - Privax Ltd)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
Mechwarrior 4 Mercenaries MP 3.1 Version 0.93 (HKLM-x32\...\{0BAEFF3B-E265-42A3-ABDE-67BFEBE4E327}_is1) (Version: 0.93 - Shadows Of Empirion)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OF Dragon Rising (HKLM-x32\...\{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}) (Version: 1.00.0000 - Codemasters)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM-x32\...\{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation) Hidden
OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden
QIP 2005 8095 (HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\QIP 2005) (Version: 8095 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-445157695-282835678-1020329350-1000\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB)
Star Wars JK II Jedi Outcast (HKLM-x32\...\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader HD (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.30.0000 - Firefly Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016 (HKLM-x32\...\{664FF9A8-7E44-4E17-AD40-D10E15504C49}) (Version: 1.10.016 - )
Tom Clancy's Rainbow Six 3: Iron Wrath 1.00.000 (HKLM-x32\...\{81521545-BE95-4869-92FA-CC2E276C790E}) (Version: 1.00.000 - )
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412 (HKLM-x32\...\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}) (Version: 1.60.412 - )
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.8 - Tunngle.net GmbH)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Warkeys 1.21.0.0b (HKLM-x32\...\Warkeys) (Version: 1.21.0.0b - )
Windows Phone app for desktop (HKLM-x32\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll -> Keine Datei
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-02-09] (NVIDIA Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {190FCED3-6BEB-4B24-ACC0-FF78035F2816} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-10] (NVIDIA Corporation)
Task: {36A5CED0-CB9E-4D58-BFA5-77D42F3146CB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {3B67E960-B72B-42C8-95F7-E85766C1B407} - System32\Tasks\{CBB01465-5D33-45DF-8A14-82E2D4833668} => C:\Windows\system32\pcalua.exe -a "D:\Downloads\Raven Shield Complete\Raven Shield Complete\Rainbow Six - Raven Shield - Athena Sword\athena_sword_v1.00_to_v1.10_us.exe" -d "D:\Downloads\Raven Shield Complete\Raven Shield Complete\Rainbow Six - Raven Shield - Athena Sword"
Task: {3E35D73D-7675-4C08-A62A-BC3DCC0B5877} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-10] (NVIDIA Corporation)
Task: {43D02C08-32DF-404C-9953-E6E20A048943} - System32\Tasks\{850AB4BF-6DA3-44D0-B2FB-233699ACD16E} => C:\Windows\system32\pcalua.exe -a D:\Downloads\WindowsPhone.exe -d D:\Downloads
Task: {58F03C26-988A-45E0-8C1B-31226E09A3C9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-10] (NVIDIA Corporation)
Task: {820539CE-99E2-4A6E-87CB-C9BE1A2578CE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-10] (NVIDIA Corporation)
Task: {835AE009-C588-4413-ADC7-383D304AF9FC} - System32\Tasks\{98785F13-5366-414D-957B-924B86365C85} => C:\Windows\system32\pcalua.exe -a D:\Downloads\burrrn_package113.exe -d D:\Downloads
Task: {8729EF29-8DCF-4609-869D-C21BB33260F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-12] (Google Inc.)
Task: {96827AAF-DEDF-4D07-8F84-9A70A20D80A6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-10] (NVIDIA Corporation)
Task: {ACD7C5B0-E6CD-44D1-B60D-FAFECB4FF7CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {C786ED90-AD2F-4402-9C3B-623C4675E777} - System32\Tasks\{620B1700-7CF6-4FA1-A372-508B805B3D10} => C:\Windows\system32\pcalua.exe -a C:\Users\knutole\AppData\Local\Temp\dlmF30D.tmp\SonicStageInstaller.exe -d D:\Downloads <==== ACHTUNG
Task: {D309CF8F-28BA-466A-BDD1-935D388583AE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-10] (NVIDIA Corporation)
Task: {DA9BD0E6-638E-400F-A60B-C87A4B6CCA36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-12] (Google Inc.)
Task: {ED494C7F-0D2E-40EC-A42A-8CFB5DD86B07} - System32\Tasks\{B872D964-AE43-4BA9-A1C0-A01FF70DD883} => C:\Windows\system32\pcalua.exe -a D:\Portable_CS1.6.exe -d D:\

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-12-13 14:17 - 2017-02-09 23:57 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-21 17:31 - 2013-12-05 21:06 - 000663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2015-10-21 17:31 - 2014-10-14 19:33 - 000214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 004489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 000418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2014-06-24 09:37 - 2014-06-24 09:37 - 000661752 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
2018-01-12 18:42 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-12 18:42 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2015-10-30 23:46 - 2015-10-19 18:13 - 000044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 000900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-15 20:23 - 2017-02-10 01:52 - 003774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-27 18:44 - 2016-10-08 16:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-01-27 18:44 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-03-29 13:38 - 2018-01-29 18:45 - 068214160 _____ () C:\Users\knutole\AppData\Roaming\Spotify\libcef.dll
2016-03-29 13:38 - 2018-01-29 18:45 - 003112848 _____ () C:\Users\knutole\AppData\Roaming\Spotify\libglesv2.dll
2016-03-29 13:38 - 2018-01-29 18:45 - 000089488 _____ () C:\Users\knutole\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2018-01-12 19:01 - 000000864 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-445157695-282835678-1020329350-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\knutole\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.129.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: BlackBerry Device Manager => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: BlackBerryLink.exe => "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: ESL Wire => "C:\Program Files\EslWire\wire.exe" --tray
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: RIM PeerManager => "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Spotify => "C:\Users\knutole\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\knutole\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{4C9BE8CB-A062-4B94-8366-14811323668D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C10170C9-7600-4E09-A99A-9CC9D97B378A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{F2E6C3FE-CA6C-4CF0-BA53-5E4FE6E1B5B6}C:\program files (x86)\mektek.net\mtx\mtx.exe] => (Allow) C:\program files (x86)\mektek.net\mtx\mtx.exe
FirewallRules: [UDP Query User{4478CE48-E07D-42D1-BAAD-0E1E4617646E}C:\program files (x86)\mektek.net\mtx\mtx.exe] => (Allow) C:\program files (x86)\mektek.net\mtx\mtx.exe
FirewallRules: [TCP Query User{74DB0FED-BB56-4F01-AFCB-77AA61BF539C}D:\downloads\mechwarrior4mercenaries.all.to.51.03.01.0017\base\mw4mercs.exe] => (Allow) D:\downloads\mechwarrior4mercenaries.all.to.51.03.01.0017\base\mw4mercs.exe
FirewallRules: [UDP Query User{572B9EA5-F453-4883-BC5A-FC754B719885}D:\downloads\mechwarrior4mercenaries.all.to.51.03.01.0017\base\mw4mercs.exe] => (Allow) D:\downloads\mechwarrior4mercenaries.all.to.51.03.01.0017\base\mw4mercs.exe
FirewallRules: [TCP Query User{061047A3-6E52-485D-8AE7-90671F9A6DF3}C:\program files (x86)\mechwarrior 4 mercenaries mp 3.1\mw4mercs.exe] => (Allow) C:\program files (x86)\mechwarrior 4 mercenaries mp 3.1\mw4mercs.exe
FirewallRules: [UDP Query User{18D33E71-D28E-48D2-92AD-4BDA991115AD}C:\program files (x86)\mechwarrior 4 mercenaries mp 3.1\mw4mercs.exe] => (Allow) C:\program files (x86)\mechwarrior 4 mercenaries mp 3.1\mw4mercs.exe
FirewallRules: [TCP Query User{3C5E6444-F2B8-4C69-A8AA-AD59B84E5072}C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe] => (Allow) C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe
FirewallRules: [UDP Query User{74630301-5606-4290-BE44-565C265BF462}C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe] => (Allow) C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe
FirewallRules: [{0131D24E-7F07-4026-96BA-66E360244308}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{6BAB17CA-F5F9-4372-9CDB-DA751A290884}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [TCP Query User{1AB1C7E3-B252-41B0-82C9-5B5F17C60CBD}C:\program files (x86)\valusoft\crashday\crashday.exe] => (Allow) C:\program files (x86)\valusoft\crashday\crashday.exe
FirewallRules: [UDP Query User{870025AD-900E-4ABE-993E-1F607D45CC39}C:\program files (x86)\valusoft\crashday\crashday.exe] => (Allow) C:\program files (x86)\valusoft\crashday\crashday.exe
FirewallRules: [TCP Query User{A56080B8-4526-4743-91AB-4BDA7AF7244A}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{2422C2E6-60AF-4A01-825E-99DB686A666B}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{FD61FB09-8358-48C3-A661-72ECF95F0E2E}C:\program files (x86)\red storm entertainment\ravenshield\system\ucc.exe] => (Allow) C:\program files (x86)\red storm entertainment\ravenshield\system\ucc.exe
FirewallRules: [UDP Query User{A25CB4E9-E372-4F50-9A56-524EABB7A83F}C:\program files (x86)\red storm entertainment\ravenshield\system\ucc.exe] => (Allow) C:\program files (x86)\red storm entertainment\ravenshield\system\ucc.exe
FirewallRules: [TCP Query User{BC274844-149D-4B2C-BCD7-ABED857FC7A0}C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe] => (Allow) C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe
FirewallRules: [UDP Query User{89AD32D6-7107-4937-980B-B6ED7C9942D1}C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe] => (Allow) C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe
FirewallRules: [{78AB6718-7B3F-4CE3-AFE1-63E545247E3C}] => (Allow) C:\Program Files (x86)\Codemasters\OF Dragon Rising\OFDR.exe
FirewallRules: [{B8EB37FB-6860-4086-A1E3-6EDA5C0BC3AE}] => (Allow) C:\Program Files (x86)\Codemasters\OF Dragon Rising\OFDR.exe
FirewallRules: [{7B49855E-5D3C-40F0-8755-0FA8441F88C7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FE5FCB73-F1C6-4617-903C-B33B09D7510E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8708900F-DF84-4E36-97BD-3226FCCC26C2}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
FirewallRules: [{07B0CADB-B7E2-43EA-A33A-1F91672369A0}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
FirewallRules: [{05E9B150-35FD-4D47-ADCF-754D05298C63}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
FirewallRules: [{B272F5AD-681D-4DB3-AF0C-13A9763E5BD5}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
FirewallRules: [{7BDF80F0-0574-45F6-A1B1-237BB10F9709}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
FirewallRules: [{3A6232C6-2B47-4096-9370-6A748EF11685}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
FirewallRules: [TCP Query User{2FDE0A04-F9A0-4DB5-87DB-F74C0D0B5724}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe] => (Allow) C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe
FirewallRules: [UDP Query User{91F4C114-1248-454F-8A47-FAAC23869272}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe] => (Allow) C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe
FirewallRules: [TCP Query User{D219A2AF-9667-49DA-9F28-6D6A7DCB08CE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{C07A1555-7290-4E47-9E4D-7631C0D0F45F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{A3495EE0-B161-495E-B658-B7DBE656D154}C:\program files (x86)\codemasters\of dragon rising\ofdr.exe] => (Allow) C:\program files (x86)\codemasters\of dragon rising\ofdr.exe
FirewallRules: [UDP Query User{AD965414-1B64-42A0-B81E-6B6E3A5177FC}C:\program files (x86)\codemasters\of dragon rising\ofdr.exe] => (Allow) C:\program files (x86)\codemasters\of dragon rising\ofdr.exe
FirewallRules: [TCP Query User{FDCF1E5D-92E0-4274-BE94-3239D2EA78F7}F:\warhogs.exe] => (Allow) F:\warhogs.exe
FirewallRules: [UDP Query User{34895D84-A2F7-4CC5-BA98-68AC4CEBDA08}F:\warhogs.exe] => (Allow) F:\warhogs.exe
FirewallRules: [TCP Query User{CAD183E6-1AB1-47D4-BE80-9584BF5FE7B4}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe] => (Allow) C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe
FirewallRules: [UDP Query User{9202B4CE-21E5-4903-90E7-AA996305EC46}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe] => (Allow) C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe
FirewallRules: [TCP Query User{3F79AB65-6703-4BDD-A6A4-EC4C776E3052}C:\users\knutole\appdata\local\temp\rarsfx0\hl.exe] => (Allow) C:\users\knutole\appdata\local\temp\rarsfx0\hl.exe
FirewallRules: [UDP Query User{C7978ED9-E1E9-4800-BB6F-07B8C2DAD08A}C:\users\knutole\appdata\local\temp\rarsfx0\hl.exe] => (Allow) C:\users\knutole\appdata\local\temp\rarsfx0\hl.exe
FirewallRules: [TCP Query User{C84EA2D8-34C9-433D-849F-A57374B3728F}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{DEF782F6-537A-44D0-8671-52E7D34BCF1A}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{2ABB4DFC-2BF3-4F5F-9DE5-588E838DF977}] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{A83E3F30-37C7-4641-B8E7-571AAFA532D0}] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{C8182CC0-D7AE-44EC-8501-9A5A65C09DAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{EDD034DC-1561-4988-AE9E-3A509D717E8A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{782D4165-2359-4764-BC60-45CAF637A636}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{D612C11A-F41D-40B0-98D3-6573AA285B19}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{654A30D0-92EE-4684-9E67-EE4E4F6E7A2F}] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{C7CF0D05-5D67-4486-9520-EE173C3B7754}] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{20772DD3-486A-4D10-9D13-548A353FFEB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F3AFF1EA-BACB-48CA-A588-F43CAA10C4DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E3547D58-D46F-40AF-8033-C644B24C1B1D}] => (Allow) C:\Program Files\EslWire\wire.exe
FirewallRules: [{A7AC9B35-D243-4091-A696-B5184F1B4219}] => (Allow) C:\Program Files\EslWire\wire.exe
FirewallRules: [{20089071-782A-491A-A27A-4FF0663AEF84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2016\fm.exe
FirewallRules: [{BE69453D-BD98-4169-9496-BA4700C18F33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2016\fm.exe
FirewallRules: [TCP Query User{B0BDACBF-615C-4748-89D9-4269734026D2}C:\users\knutole\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\knutole\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{13EFCB00-C2A1-4533-BDF0-B05DCD79B714}C:\users\knutole\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\knutole\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5D3ADE7D-1FEA-4375-9731-85D08FF0C7D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{9FB19420-EABB-4F6F-9005-8FCD4486F537}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{41DBEC1D-2ACF-43B3-BCA0-1A491187FF04}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942\bf1942.exe
FirewallRules: [UDP Query User{11034E75-843E-4253-8F6D-53E16D5ACD4D}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942\bf1942.exe
FirewallRules: [{37C5661D-B202-4301-B4FF-A963F0162881}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7274C195-CB22-4F8F-B945-3D33F64CDE09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C9013E9E-4324-4F40-89FA-048E808E9B03}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{EE7BA8A0-90E9-494C-95E4-ABC0046531FB}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E82B754D-8A37-4F18-8A92-3A18DD40EA61}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{4A1CF26A-BEB4-4741-8933-D89C0F0ED215}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{97C7653C-D279-488B-8C00-D788E59AE279}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{17F0E33B-3EC7-4473-91B7-8038603D3AEE}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{BB06A1BB-E8ED-4617-A73C-32C779C5ADDD}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{343B43BB-FE30-49AA-B009-F68B50E4916E}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{32E06E8D-045B-4D96-958F-4B66DACE7154}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{D36BDCFC-5A1A-419E-8F96-C2D0645AB299}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{AD221300-BB2C-40E4-BDEC-801FACB7E6E5}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{315683CA-DC88-4C58-A742-5B6F847C0CE6}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{D5042CEA-99C7-46C6-A5D1-9D70F77730B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{F7A0AF32-6029-4047-92DA-30C567B21401}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{0CCB4B8B-6D42-4B98-84CB-627F06D74CD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{EA877B19-B11D-4326-A8AD-37993F3DCED1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4642B7AE-6BFE-4EFD-97C9-99D53FE3A928}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{22B283EB-FD87-400D-9834-DD913371AB4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EF2D7C20-16D3-4658-9D78-D724E391DA0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{963EA253-501A-4385-86FA-EB6E3BD3F853}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{281BEB67-6934-4EC5-9743-7BE12DCBAE95}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{19712C30-FA90-4FA4-B1E8-3578AC9B150E}C:\program files (x86)\ea games\battlefield 1942_10\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942_10\bf1942.exe
FirewallRules: [UDP Query User{A00664AE-5D77-4D8C-BBF0-044149870A74}C:\program files (x86)\ea games\battlefield 1942_10\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942_10\bf1942.exe
FirewallRules: [{E44322D2-05CD-457E-A9F5-C47D2A837326}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{08F4E797-3574-4873-9970-9610EF37D6DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{3B145F7A-DC4A-4D3B-A2DF-D0F0B756BD4B}C:\users\knutole\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\knutole\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6E4CBA34-A339-4BB9-9F3C-582482CEEA0A}C:\users\knutole\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\knutole\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BC7B9277-30F8-43A5-B667-7FB5FB8D9D35}C:\program files (x86)\warcraft iii\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [UDP Query User{0E5ADBBA-2AD9-4CA3-97CC-E8834CB9A13E}C:\program files (x86)\warcraft iii\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [{1CB723D2-CF44-403A-A078-9FFF4E1548F0}] => (Block) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [{E1DA2C9C-4B56-4112-9CF1-DB21120C1B27}] => (Block) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [{09063ED3-85BA-4ED0-A4C9-490F02F404A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

21-01-2018 19:28:45 Geplanter Prüfpunkt
29-01-2018 18:57:57 Revo Uninstaller's restore point - µTorrent
29-01-2018 18:59:27 Revo Uninstaller's restore point - 7-Zip 9.20 (x64 edition)
29-01-2018 18:59:58 Revo Uninstaller's restore point - Adobe Acrobat Reader DC - Deutsch
29-01-2018 19:00:08 Removed Adobe Acrobat Reader DC - Deutsch.
29-01-2018 19:01:25 Revo Uninstaller's restore point - BitTorrent
29-01-2018 19:02:14 Revo Uninstaller's restore point - DAEMON Tools Lite
29-01-2018 19:03:00 Revo Uninstaller's restore point - IrfanView (remove only)
29-01-2018 19:03:33 Revo Uninstaller's restore point - McAfee Security Scan Plus
29-01-2018 19:04:07 Revo Uninstaller's restore point - Java 8 Update 25
29-01-2018 19:04:17 Removed Java 8 Update 25
29-01-2018 19:05:07 Revo Uninstaller's restore point - Mozilla Firefox 41.0.2 (x86 de)
29-01-2018 19:05:38 Revo Uninstaller's restore point - Notepad++
29-01-2018 19:06:11 Revo Uninstaller's restore point - OpenOffice 4.1.3
29-01-2018 19:06:19 OpenOffice 4.1.3 wird entfernt
29-01-2018 19:07:18 Revo Uninstaller's restore point - VLC media player 2.1.2
29-01-2018 19:07:50 Revo Uninstaller's restore point - WinRAR 5.01 (64-bit)

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/29/2018 06:57:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {3ffdafb9-7be0-44b0-bd35-c4d83f6ecf94}

Error: (01/29/2018 06:54:11 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_DE5D44EB96CD6580_A06CE789892C21CF._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/29/2018 06:52:28 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_7DB2A8550858733D_EAD45515FCDCA386._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/29/2018 06:52:27 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(241b80d248d437d6921bb8f6d63ed6._tunnel._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/29/2018 06:51:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (01/29/2018 06:48:09 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_D8D436336518765F_C37F6788D7E19FB8._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/29/2018 06:46:38 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_2ADD3938AB2DA383_CA6C0C917ED3419D._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/29/2018 06:46:38 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(0b14fc0d34f5bdb12bf1aa5fc02a6f._tunnel._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/29/2018 06:45:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (01/28/2018 10:37:04 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_2509F27D07A6B98D_FE3C6451CA00404D._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.


Systemfehler:
=============
Error: (01/29/2018 07:05:35 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (01/29/2018 07:05:35 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 70.

Error: (01/29/2018 06:57:34 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (01/29/2018 06:57:33 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 70.

Error: (01/29/2018 06:50:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wondershare Application Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (01/29/2018 06:50:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Wondershare Application Framework Service erreicht.

Error: (01/29/2018 06:44:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wondershare Application Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (01/29/2018 06:44:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Wondershare Application Framework Service erreicht.

Error: (01/28/2018 11:35:05 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (01/28/2018 11:35:05 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 70.


CodeIntegrity:
===================================
  Date: 2012-09-01 08:22:19.032
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 08:17:58.055
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 08:17:57.977
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 08:17:57.914
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 08:17:57.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 07:52:31.774
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 00:18:38.709
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 00:12:10.453
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 00:08:14.294
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-01 00:01:42.723
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: AMD FX(tm)-6300 Six-Core Processor 
Prozentuale Nutzung des RAM: 37%
Installierter physikalischer RAM: 8156.66 MB
Verfügbarer physikalischer RAM: 5128.34 MB
Summe virtueller Speicher: 16311.51 MB
Verfügbarer virtueller Speicher: 12593.41 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:439.45 GB) (Free:194.93 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:492.05 GB) (Free:408.74 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 20D820D8)
Partition 1: (Active) - (Size=439.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=492 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

cosinus · 30.01.2018, 00:04

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

knutole · 31.01.2018, 22:44

Hallo,

anbei die Log des ersten Durchlaufs und die Log des zweiten Durchlaufs (beim zweiten Mal wurde nichts mehr gefunden, das Problem besteht jedoch weiterhin):

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.01.31.05
  rootkit: v2018.01.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
knutole :: WIN7PC-KNUTOLE [administrator]

31.01.2018 16:43:39
mbar-log-2018-01-31 (16-43-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 223150
Time elapsed: 18 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 14
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0 (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\css (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\css\fonts (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\css\fonts\iconmoon (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\js (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\popups (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\templates (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\widgets (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\_metadata (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]

Files Detected: 195
C:\$Recycle.Bin\S-1-5-21-445157695-282835678-1020329350-1000\$RJPZP85.exe (Adware.YoBrowser) -> Delete on reboot. [9120edd7c6f165d1d7d8fa07f1129070]
C:\$Recycle.Bin\S-1-5-21-445157695-282835678-1020329350-1000\$RJEMK2R.exe (Adware.YoBrowser) -> Delete on reboot. [3879e1e3cbece155753ad42d80834bb5]
C:\Users\knutole\AppData\Local\Temp\is-KRO01.tmp\conemaking.dll (Adware.YoBrowser) -> Delete on reboot. [169b0cb8c1f6c670c9f10ffd55aeb54b]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\allinoneoffice_browser_icon-16px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\allinoneoffice_browser_icon-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\allinoneoffice_icon-128px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\allinoneoffice_icon-16px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\allinoneoffice_icon-256px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\allinoneoffice_icon-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\allinoneoffice_icon-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\allinoneoffice_icon-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\manifest.json (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\newtab.html (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\css\style.css (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\css\style.css.map (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\css\style.scss (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\css\_ngdialog.scss (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\css\_reset.scss (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\css\fonts\iconmoon\icomoon.ttf (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\css\fonts\iconmoon\icons.ttf (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\active-grey@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\active@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\arrow-bottom.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\arrow-bottom@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\arrow-top.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\arrow-top@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\checkbox-off.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\checkbox-off@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\checkbox-square-off@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\checkbox-square-on@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\folder@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\humidity@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\pressure@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\radio-off@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\radio-on@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\settings@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\star-off@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\star-on@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\start-timer@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\stop-timer@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\sunrise@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\sunset@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\trash@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\wind_direction@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_instagram@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_amazon@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_booking@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_disk@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_docs@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_ebay@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_facebook@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_gmail@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-docs.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-docs@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-drive.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-drive@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-gmail.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-gmail@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-keep.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-keep@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-sheets.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-sheets@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-slides.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-slides@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-translate.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-translate@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_linkedin@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_maps@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_news@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_photos@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_pinterest@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_play@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_translate@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_twitter@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\app_icons_youtube@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-calendar.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\2x\apps\icon-calendar@2x.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_09n-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_09n-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_10d-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_10d-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_10d-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_10d-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_10n-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_10n-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_10n-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_10n-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_11d-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_11d-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_50d-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_50n-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_50n-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_50n-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_50n-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_701-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_701-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_701-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_701-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_761-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_761-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_761-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_761-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_781-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_781-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_781-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_781-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_01d-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_01d-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_01d-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_01d-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_01n-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_01n-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_01n-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_01n-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_02d-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_02d-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_02d-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_02d-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_02n-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_02n-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_02n-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_02n-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_03d-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_03d-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_03d-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_03d-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_903-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_903-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_903-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_904-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_904-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_904-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_904-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_905-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_905-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_905-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_905-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_906-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_906-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_906-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_906-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_962-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_962-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_962-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_962-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_03n-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_09n-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_11d-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_50d-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_903-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_03n-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_03n-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_03n-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_04d-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_04d-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_04d-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_04d-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_04n-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_04n-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_04n-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_04n-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_09d-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_09d-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_09d-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_09d-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_09n-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_11d-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_11n-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_11n-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_11n-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_11n-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_13d-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_13d-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_13d-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_13d-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_13n-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_13n-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_13n-64px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_13n-96px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_50d-32px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\images\weather\icon_50d-48px.png (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\js\angular-sanitize.min.js (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\js\angular.min.js (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\js\background.js (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\js\main.js (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\js\ngDialog.min.js (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\popups\privacy.html (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\popups\ratePopup.html (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\popups\terms.html (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\popups\thankyouPopup.html (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\popups\weatherPopup.html (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\templates\searchForm.html (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\widgets\weatherWidget.html (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\_metadata\computed_hashes.json (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]
C:\Users\knutole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd\1.0.2_0\_metadata\verified_contents.json (Adware.SearchEngineHijack) -> Delete on reboot. [b8f9566ec0f7979f05a5cd3211f16898]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Zweite Log:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.01.31.06
  rootkit: v2018.01.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
knutole :: WIN7PC-KNUTOLE [administrator]

31.01.2018 21:47:57
mbar-log-2018-01-31 (21-47-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 223179
Time elapsed: 18 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 31.01.2018, 22:55

Lesestoff:
Google Chrome

Offensichtlich nutzt du den Browser Chrome von Google. Ich muss von der Verwendung dieses Browsers aus Datenschutzgründen dringend abraten.

Deinstalliere Google Chrome und verwende stattdessen Mozilla Firefox.

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

adwCleaner v7.x

Downloade Dir bitte

AdwCleaner auf Deinen Desktop (Bebilderte Anleitung).

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Tracing Schlüssel
- Prefetch Dateien
- Proxy
- Winsock
- IE Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Windows 7: Chromesearch.club als Standardsuchmaschine lässt sich nicht abändern

Log-Analyse und Auswertung: Windows 7: Chromesearch.club als Standardsuchmaschine lässt sich nicht abändern