Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.01.2016, 18:01   #1
BlueRavenHD
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Guten Tag, ich hoffe ihr könnt mir bei meinem Problem helfen.

Wie man am Titel erkennt habe ich mir scheinbar einen Virus geladen. Dieser läd irgendwelche Programme auf meinen Pc. Wenn ich die Internetverbindung kappe und die Programme deinstalliere, sind diese nur kurzzeitig weg. Manchmal lässt er mich auch nicht auf alle Websites, da steht dann nur "Forbidden404" Browser öffnet in unregelmäßigen Abständen irgendwelche Tabs, auch wenn ich auf Links klicke werden Tabs geöffnet.

Danke schonmal im Vorraus.

Code:
ATTFilter
usätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
durchgeführt von Nico (2016-01-13 17:55:23)
Gestartet von C:\Users\Nico\Downloads
Windows 10 Pro (X64) (2015-08-08 12:25:10)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-390326861-221582735-3363938159-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-390326861-221582735-3363938159-503 - Limited - Disabled)
Gast (S-1-5-21-390326861-221582735-3363938159-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-390326861-221582735-3363938159-1009 - Limited - Enabled)
Nico (S-1-5-21-390326861-221582735-3363938159-1001 - Administrator - Enabled) => C:\Users\Nico

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Black Desert (HKLM-x32\...\{4BD65630-3A19-4fc2-8AD8-2CF729DB6608}.30000000000) (Version: 1.0 - Global Gamers Solutions Ltd. ©)
Blade and Soul (HKLM-x32\...\{CEF766E5-6E15-441F-B14A-C44CB168DBE7}) (Version: 1.0.0 - PlayBns.com)
Blender (HKLM\...\{D593042C-8739-488D-93B8-E6B202013E57}) (Version: 2.76.1 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Desktop-play 000.009030206 (HKLM-x32\...\dply_en_009030206_is1) (Version:  - DESKTOPPLAY) <==== ACHTUNG
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DRAGON BALL XENOVERSE (HKLM-x32\...\Steam App 323470) (Version:  - DIMPS)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
F300 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version:  - SQUARE ENIX)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.3.6.2 (HKLM-x32\...\{9F410B70-8A45-4F28-985E-F9731219BCBC}) (Version: 4.3.6.2 - The Document Foundation)
MagicYUV Lossless Video Codec Trial version 1.2rev0 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.2rev0 - INNOMAGIC Bt.)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
My.com Game Center (HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\MyComGames) (Version: 3.165 - My.com B.V.)
MyFreeCodec (HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\MyFreeCodec) (Version:  - )
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Rainbow Six Siege - Open Beta (HKLM-x32\...\Uplay Install 1001) (Version:  - Ubisoft)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
ROCCAT Ryos Keyboard Driver (HKLM-x32\...\{70F3EF93-44F4-446A-90B8-33DAB2799AF1}) (Version: 1.29.0006 - Roccat GmbH)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.5.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.5.0 - SteelSeries ApS)
TeamSpeak 3 Client (HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.2.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-43CC95F1E486}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nico\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0701EA5D-874F-4217-8D7A-F53986B382E4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0E94E16D-1263-4900-BBD7-9983C618D2DB} - System32\Tasks\crash_service => C:\Users\Nico\AppData\Local\BoBrowser\Application\crash_service.exe <==== ACHTUNG
Task: {17930800-9D3E-469C-9FAC-750DB1ED7880} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {1D8D3A9E-29BF-4407-BEDE-73679474C84C} - System32\Tasks\GameNet => C:\Program Files (x86)\QGNA\qGNA.exe
Task: {2B5EF131-A26D-44E9-BFF3-68078B2D3356} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-darkravenhd@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {3BEC77FC-2CFE-4B13-A62A-E2B893B3F19F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {5B564401-A737-467C-BEC5-35FCFAF5CE65} - System32\Tasks\XIDJAIAHXKLUQLEU => C:\ProgramData\Service1104\Service1104.exe [2016-01-12] () <==== ACHTUNG
Task: {5F62C94C-267B-4631-A9B2-3129D02488FC} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {6EEBDDA1-942E-47B0-8A2D-AD7215A7DB15} - System32\Tasks\updateTask => c:\task.vbs [2016-01-12] ()
Task: {99E9D2B1-33E0-4A39-8D80-D31E10274C01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {9EA1B318-AC6F-4417-A942-AE8AD5AAEF3B} - System32\Tasks\runTask => C:\Users\Nico\AppData\Local\Temp/Updater.exe
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A242B510-44CF-422B-8D05-30B171AE4D4A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {CFB97A37-4BCC-44B5-A38A-2D07C35E4155} - System32\Tasks\Run_Bobby_Browser => C:\Users\Nico\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ACHTUNG
Task: {E3BCDA42-3149-4CFE-8F0E-27872950264B} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ACHTUNG
Task: {F31DD1F0-6CA9-4E78-A685-FC706511BACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {F833C75A-4500-4269-93DD-C11AB3AB4A5C} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\WebReg HP Deskjet F300 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe
Task: C:\WINDOWS\Tasks\XIDJAIAHXKLUQLEU.job => C:\ProgramData\Service1104\Service1104.exe <==== ACHTUNG

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1452618963&a=1040936&src=sh&uuid=6a6d1d7e-d66a-4bf8-bfa9-f09be30a3324"
ShortcutWithArgument: C:\Users\Nico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1452618963&a=1040936&src=sh&uuid=6a6d1d7e-d66a-4bf8-bfa9-f09be30a3324"

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-10 12:00 - 2015-07-10 12:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-08 13:57 - 2015-08-08 13:57 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-19 15:21 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2016-01-13 12:06 - 2016-01-13 12:06 - 00186880 _____ () C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\knsf1DD1.tmp
2016-01-12 18:17 - 2016-01-12 18:17 - 00307712 _____ () C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\jnse9D8.tmp
2016-01-12 18:17 - 2016-01-12 18:17 - 00416256 _____ () C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\hnsn20BD.tmp
2015-10-01 14:29 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 14:29 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-11 19:02 - 2015-09-11 19:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-01 14:29 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-06-25 16:39 - 2015-06-25 16:39 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-01-13 14:57 - 2016-01-13 11:02 - 04005552 _____ () C:\Program Files (x86)\dply_en_009030206\dply_en_009030206.exe
2016-01-08 18:46 - 2016-01-08 18:47 - 09737216 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.15.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-12-10 16:54 - 2015-12-10 16:55 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 16:54 - 2015-12-10 16:55 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 21:09 - 2015-11-19 21:10 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-09 15:16 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 15:15 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 15:15 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 14:29 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-08 17:23 - 2015-04-24 16:40 - 00043520 _____ () C:\Users\Nico\AppData\Local\THORN\QtSolutions_Service-head.dll
2016-01-08 17:23 - 2014-08-28 10:36 - 00732160 _____ () C:\Users\Nico\AppData\Local\THORN\libGLESv2.dll
2016-01-08 17:23 - 2014-08-28 10:41 - 00856576 _____ () C:\Users\Nico\AppData\Local\THORN\platforms\qwindows.dll
2016-01-08 17:23 - 2014-08-28 10:36 - 00047104 _____ () C:\Users\Nico\AppData\Local\THORN\libEGL.dll
2015-10-07 22:20 - 2010-05-29 13:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
2015-04-14 15:49 - 2015-11-10 20:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-14 15:49 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-14 15:49 - 2015-12-14 21:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-14 15:49 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-14 15:49 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-14 15:49 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-14 15:49 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-14 15:49 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-14 15:49 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-14 15:49 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-14 15:49 - 2015-12-14 21:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 11:07 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-04-14 15:49 - 2015-11-17 01:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-14 15:49 - 2015-09-25 00:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-04-14 16:03 - 2015-12-24 11:47 - 50679920 _____ () C:\Users\Nico\AppData\Roaming\Spotify\libcef.dll
2015-04-14 16:03 - 2015-12-24 11:47 - 01882224 _____ () C:\Users\Nico\AppData\Roaming\Spotify\libglesv2.dll
2015-04-14 16:03 - 2015-12-24 11:47 - 00082544 _____ () C:\Users\Nico\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\com -> hxxp://*.Wondershare.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2016-01-12 18:16 - 00001110 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-390326861-221582735-3363938159-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nico\Desktop\faze-backgda21.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "dply_en_009030206"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "CrashService"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "MyComGames"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A22B3A6D-7924-4763-97C6-C3CC87B0A0E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{62E5A8BD-F3DF-41D1-9151-7E50B543F39F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [UDP Query User{EFACFB75-A677-4F94-9B73-743B4BA9D768}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{B7BF3ADA-375D-4F33-9FDE-5D1B32D60EB8}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{0427E741-5E5C-4BD8-9814-0237E1964CC6}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{551E20CA-5B73-4C48-9DAA-9E8E0084ED80}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [{85392265-6C8E-4718-868B-86F336EFAFF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{A6A330F9-A60C-41D6-8E57-4B6E09599891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{7E00ACB1-FA3E-4BCF-98D3-DEAAD9F3CD58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{B43EF214-845F-4B6F-84C6-58B9D647288E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [UDP Query User{4DE62E97-D42F-4462-B1AE-574BE8161E98}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E4EC5EDF-52FB-4B67-9016-F3684A3A3111}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6D41EA7E-DEEB-4EF6-A989-4A7798093831}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BBE93B6C-F671-4DB9-9957-6EC793460A7C}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [{62338E9B-66CF-48AA-B4A9-6CCAD1F22D11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse\DBXV.exe
FirewallRules: [{E8574E8C-C55D-40CA-A183-4BD3C0D9F460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse\DBXV.exe
FirewallRules: [UDP Query User{83789CBB-6AD7-46F1-B915-85B7109F0015}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{7CF7CC2D-59AB-414A-BCB7-26D56E3340C9}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{72494A97-BD6A-421D-B34F-5C1A762F47D6}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5567EB66-EE60-4E7E-BDFC-49FE5E60CC07}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7735A50C-1BDF-4068-B5F4-A5D71530778C}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{7FC897F6-2876-4256-A5F2-1790E78D0B8B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8FB313F0-488B-469D-A970-70A8E990DC1E}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D401F11E-274A-4D2C-BB95-9F1671233B79}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{B279BD0B-6E53-4823-A32D-D08A44CF5B03}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7DA813D8-6936-4E3D-9064-8733E1728C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{345C46CB-B8CF-4AEC-90D9-6428D51A118F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E239265D-6359-48C0-BD8B-90248C22238A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{DB9AE537-09CB-4E9E-AD60-4C6733CE7DEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BB1FECD9-4580-442F-8924-5C5B1919DB1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{D96D63F4-1525-480B-8D1C-679A76AE8959}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{4861ABD4-052E-419F-98EB-E7D6CBDBD5C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{94310E4C-25E4-4B21-9C51-156C2DEEE197}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{8B099E2F-CF90-42B5-AEFC-D2C53001845F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{4E82DCCC-6EAD-4DAE-9736-980ABA886F69}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7CD43DFA-70BD-45E3-B2E1-5AAC5765158C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{494E49C1-9348-4045-9A5F-3CE31DEC5D09}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{DACAEFE3-5368-45B4-ACB1-98551DBE9EC4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{849C3FF8-9077-4A97-B40C-AC05218A924D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8A68DD50-0E93-4A6D-B8D3-2723A02BB241}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{BE15EDAE-CF91-42A4-93FF-7414DFFE638F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{A34DE4A3-78BB-449A-8F1B-416186F5700F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{175133BA-3A0D-44AC-BA75-66AEFCA9B9DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{7BD1E93C-54F9-4C99-8DD0-88ADB7938831}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9D16849D-51E9-4886-9C47-BE94846333F6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FCB64F93-38BF-4452-8BE6-CF986B3A77FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E7A98DEA-2F32-4DB7-B6E1-3F94FA36F704}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5C5BD0A5-BFCC-4BC5-B8D9-0EE950D5DCED}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A0F80382-2902-4511-81E8-E2DE5EA2942F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8522CED1-4C3D-44E9-8641-4F96C1FAA311}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5B2D2225-751A-4F16-A257-E59A48537304}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C98ED621-3F5A-466A-8A19-30C62EC881BE}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AC07BEF5-EBC6-4942-B30A-D46DCA2E2761}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{78445581-2B8C-4D1F-89B2-773A3AFCE6A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{D8CEC2C1-9689-43F8-96B2-306C3BD7C7E8}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{579B5D01-49B2-4034-A22C-7BBBD6876E92}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{00654931-AB31-4CDB-A9FB-D5BE7F353A2A}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{710AD1CD-F1AB-4B04-8A5C-33BE93258438}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C84871E6-6369-47ED-8531-1B13242C52E4}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F570D22D-BC2D-4300-AB24-D36D0643248A}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0A531268-64FA-4D3F-B0F5-089714CA264D}C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E62E82FC-622B-4C77-AE98-48F64919D9FB}C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [{E51830C3-4F9A-4F13-8D1E-E0862526B3DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FA3B63D-443B-493C-A934-1F3F416A115A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D4FD331-B4F8-416F-B3BB-FFDD006DD146}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D08355AE-93E4-433A-969E-59799CC7D11F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8E3A5292-3238-4DD0-9E2A-6828115CB2EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{CC862ED2-F94F-4744-9383-CE0F07805233}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [TCP Query User{C0750D98-84AE-4DBD-9F16-D1CBC46050A0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{ABB768B0-926B-4231-8B77-6AB82097EAF8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{D657C096-730D-4818-AB3F-CE410804CAC6}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{93A4FD8B-49D0-493C-8B2C-B1708BEFB07C}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [{8353D005-8BAE-4FDA-9111-4B1869A7938C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7A057CB1-578A-41D0-9FE2-46168E01C43B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2B74267A-3025-4675-8466-E5888D52327A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E6050361-4091-4ECD-ABA4-3EA32462C48E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B7BD1A22-ABAB-4479-808D-005C393E4F0E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DD86E8E9-15E2-4561-9999-13182C1D1FA5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{04B25235-305F-4F5E-989C-E776E2084621}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{34D301BD-03A0-45B9-A0BD-60CA0C2F5AAD}C:\users\nico\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\nico\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{9CFC4963-0EFA-4E2B-8661-2817F9130382}C:\users\nico\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\nico\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{460D93BF-DB37-4666-A744-DEFAFB0E231D}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2787BDDD-A8D0-4388-95EE-DDA74A9BAE66}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF6A0B01-47E4-4C11-880B-60950FFA179B}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B06FA57-DEC3-415C-B0B5-A7261FC24212}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{48A9DFEC-0960-4958-BECD-700DDE6863F2}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{761B3A65-5C31-47E2-AEF9-D9302B8B7FF7}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{25CA49F0-D0C6-490B-B632-C7EF3B51D2BC}] => (Allow) C:\Program Files (x86)\PlayBns.com\Blade and Soul\bin\Client.exe
FirewallRules: [{8BC26C80-3AE7-4583-AD57-3FC528D0C873}] => (Allow) C:\Users\Nico\Downloads\PlayBlackDesert.exe
FirewallRules: [{EE844952-2A3B-4EB4-B73E-D8794C3E623D}] => (Allow) C:\Users\Nico\Downloads\PlayBlackDesert.exe
FirewallRules: [{0F43F983-AA19-441F-B8A5-00782063148B}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe
FirewallRules: [{A2AC6A7F-DBE3-4B7C-AE42-B2548172477D}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe
FirewallRules: [{938EF0C9-7A77-42D5-8C94-C5F2DDC9970F}] => (Allow) C:\Users\Nico\AppData\Local\Temp\is-JCSFP.tmp\setup6879.tmp
FirewallRules: [{74AFC2BF-6055-414B-8C98-C8FC0070A9AD}] => (Allow) C:\Users\Nico\AppData\Local\Temp\is-JCSFP.tmp\setup6879.tmp
FirewallRules: [TCP Query User{912FFECD-DE87-4F79-AE77-9929148FE734}C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{B9C5FABF-3471-4EFD-909B-9CD78CA6E493}C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe
FirewallRules: [{CB724CF0-B343-4816-993F-868A8B38A94F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CBF178EE-4530-4F1F-869A-7F667457D83A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{88F15CB0-A7FE-4B86-B1DB-18C95E4878F0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{437E7BED-E866-4C4B-AD78-8BD4731D772C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

==================== Wiederherstellungspunkte =========================

28-12-2015 12:47:37 Geplanter Prüfpunkt
31-12-2015 14:52:20 Windows Update
04-01-2016 18:57:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
08-01-2016 23:10:13 DirectX wurde installiert
12-01-2016 20:28:54 Installed Blender

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/13/2016 05:32:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGGO)
Description: Bei der Aktivierung der App „Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/13/2016 03:27:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Adobe CEF Helper.exe, Version: 3.3.0.149, Zeitstempel: 0x55f82d39
Name des fehlerhaften Moduls: libcef.dll, Version: 3.2171.2069.0, Zeitstempel: 0x551bdc44
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00444106
ID des fehlerhaften Prozesses: 0x19d0
Startzeit der fehlerhaften Anwendung: 0xAdobe CEF Helper.exe0
Pfad der fehlerhaften Anwendung: Adobe CEF Helper.exe1
Pfad des fehlerhaften Moduls: Adobe CEF Helper.exe2
Berichtskennung: Adobe CEF Helper.exe3
Vollständiger Name des fehlerhaften Pakets: Adobe CEF Helper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Adobe CEF Helper.exe5

Error: (01/13/2016 03:24:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.

Error: (01/13/2016 03:24:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.

Error: (01/13/2016 02:57:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updply_en_009030206.exe, Version: 1.0.0.1, Zeitstempel: 0x56961807
Name des fehlerhaften Moduls: updply_en_009030206.exe, Version: 1.0.0.1, Zeitstempel: 0x56961807
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001f3a34
ID des fehlerhaften Prozesses: 0x1660
Startzeit der fehlerhaften Anwendung: 0xupdply_en_009030206.exe0
Pfad der fehlerhaften Anwendung: updply_en_009030206.exe1
Pfad des fehlerhaften Moduls: updply_en_009030206.exe2
Berichtskennung: updply_en_009030206.exe3
Vollständiger Name des fehlerhaften Pakets: updply_en_009030206.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: updply_en_009030206.exe5

Error: (01/13/2016 02:39:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGGO)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/13/2016 02:39:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGGO)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/13/2016 01:20:59 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (2604) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (01/13/2016 01:20:59 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (2604) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (01/13/2016 01:20:48 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (2604) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.


Systemfehler:
=============
Error: (01/13/2016 03:27:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AdobeUpdateService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/13/2016 03:20:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Oasis Space" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/13/2016 03:20:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Util Oasis Space" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2016 03:04:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Xbox Live Authentifizierungs-Manager" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%0

Error: (01/13/2016 02:57:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/13/2016 02:57:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/13/2016 02:57:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/13/2016 02:57:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/13/2016 02:57:51 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/13/2016 02:57:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


CodeIntegrity:
===================================
  Date: 2016-01-12 20:25:23.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 20:25:23.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 20:25:22.636
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 20:25:22.602
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 18:47:20.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:39:05.836
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:31:29.714
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:30:41.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:29:32.742
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 18:29:32.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz
Prozentuale Nutzung des RAM: 36%
Installierter physikalischer RAM: 8136.63 MB
Verfügbarer physikalischer RAM: 5188.56 MB
Summe virtueller Speicher: 9416.63 MB
Verfügbarer virtueller Speicher: 5961.7 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:521.9 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8F36E99A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== Ende von Addition.txt ============================
         



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
durchgeführt von Nico (Administrator) auf NIGGO (13-01-2016 17:54:40)
Gestartet von C:\Users\Nico\Downloads
Geladene Profile: Nico (Verfügbare Profile: Nico)
Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\knsf1DD1.tmp
() C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\jnse9D8.tmp
(GGS) C:\Users\Nico\AppData\Local\THORN\Thorn.exe
() C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\hnsn20BD.tmp
(GGS) C:\Users\Nico\AppData\Local\THORN\ThornHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(ROCCAT GmbH Co., Ltd.) C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
() C:\Program Files (x86)\dply_en_009030206\dply_en_009030206.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.15.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [rec_en_77] => [X]
HKLM-x32\...\Run: [gmsd_de_005010205] => [X]
HKLM-x32\...\Run: [dply_en_009030206] => C:\Program Files (x86)\dply_en_009030206\dply_en_009030206.exe [4005552 2016-01-13] ()
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Spotify Web Helper] => C:\Users\Nico\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-24] (Spotify Ltd)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Spotify] => C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe [8316528 2015-12-24] (Spotify Ltd)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [CrashService] => "C:\Users\Nico\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [MyComGames] => C:\Users\Nico\AppData\Local\MyComGames\MyComGames.exe [4741064 2016-01-06] (MY.COM B.V.)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\RunOnce: [DeleteMarkAny] => C:\WINDOWS\SysWOW64\MASetupCleaner.exe [24576 2013-12-30] ((주)마크애니)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-04-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ryos Driver.lnk [2015-05-11]
ShortcutTarget: Ryos Driver.lnk -> C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe (ROCCAT GmbH Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-10-01]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49906;https=127.0.0.1:49906
AutoConfigURL: [S-1-5-21-390326861-221582735-3363938159-1001] => hxxp://unstopp.me/wpad.dat?6f74407fe41b9e160f4ce25a30f772c94184588
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{86e8fef8-cb05-4326-8613-64daf9ebae85}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9f5add42-1940-4ef9-8e34-a8a541f51131}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-390326861-221582735-3363938159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130970964332846577&GUID=2A5B3A7C-4F70-4517-8D2A-659442E30697
SearchScopes: HKU\S-1-5-21-390326861-221582735-3363938159-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll => Keine Datei
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  Keine Datei
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1452619661&z=39222bed3a31dfba8bfea8agfz2w8oeq6g4tbqfmcg&from=cmi&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F014988649886

FireFox:
========
FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default
FF NewTab: hxxp://www.istartpageing.com/newtab/?type=nt&ts=1452619661&z=39222bed3a31dfba8bfea8agfz2w8oeq6g4tbqfmcg&from=cmi&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F014988649886
FF Homepage: hxxps://www.youtube.com/channel/UCZWyra-j8XbrfPHLUtcyvkg
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-390326861-221582735-3363938159-1001: @my.com/Games -> C:\Users\Nico\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-04] (My.com, Inc)
FF user.js: detected! => C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\user.js [2016-01-13]
FF Extension: Oasis Space 1.0.1 - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\Extensions\{7912fe62-268c-49c6-b007-1f4e47c522de}.xpi [2016-01-11] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\extensions\deskCutv2@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\extensions\yahooprotected@gmail.com => nicht gefunden

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1128448 2015-08-08] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 qyvobypuzbt; C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\knsf1DD1.tmp [186880 2016-01-13] () [Datei ist nicht signiert]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 Thorn; C:\Users\Nico\AppData\Local\THORN\Thorn.exe [56824 2015-10-01] (GGS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 wucotusy; C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\hnsn20BD.tmp [416256 2016-01-12] () [Datei ist nicht signiert]
R2 zutuzuni; C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\jnse9D8.tmp [307712 2016-01-12] () [Datei ist nicht signiert]
S2 Util Oasis Space; "C:\Program Files (x86)\Oasis Space\bin\utilOasisSpace.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 KovaPlusFltr; C:\Windows\system32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3772632 2015-07-10] (Realtek Semiconductor Corporation                           )
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
R1 swsedrvr_vw_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vw_1_10_0_25.sys [57720 2015-09-22] (SS)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-09-13] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-13 17:54 - 2016-01-13 17:55 - 00017560 _____ C:\Users\Nico\Downloads\FRST.txt
2016-01-13 17:54 - 2016-01-13 17:54 - 00000000 ____D C:\FRST
2016-01-13 17:52 - 2016-01-13 17:54 - 02370560 _____ (Farbar) C:\Users\Nico\Downloads\FRST64.exe
2016-01-13 17:29 - 2016-01-13 17:29 - 00016148 _____ C:\WINDOWS\system32\NIGGO_Nico_HistoryPrediction.bin
2016-01-13 14:57 - 2016-01-13 14:57 - 00000000 ____D C:\Users\Nico\AppData\Local\dply_en_009030206
2016-01-13 14:57 - 2016-01-13 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY
2016-01-13 14:57 - 2016-01-13 14:57 - 00000000 ____D C:\Program Files (x86)\dply_en_009030206
2016-01-12 22:36 - 2016-01-12 22:36 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-12 22:36 - 2016-01-12 22:36 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-12 22:36 - 2016-01-12 22:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-12 22:36 - 2016-01-12 22:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-12 22:34 - 2016-01-12 22:34 - 00248736 _____ C:\Users\Nico\Downloads\Firefox Setup Stub 43.0.4.exe
2016-01-12 20:32 - 2016-01-12 20:32 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Blender Foundation
2016-01-12 20:32 - 2016-01-12 20:32 - 00000000 ____D C:\Users\Nico\.thumbnails
2016-01-12 20:30 - 2016-01-12 20:30 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2016-01-12 20:29 - 2016-01-12 20:29 - 00000000 ____D C:\Program Files\Blender Foundation
2016-01-12 20:24 - 2016-01-12 20:28 - 83674076 _____ C:\Users\Nico\Downloads\blender-2.76b-windows64.msi
2016-01-12 19:23 - 2016-01-13 11:59 - 00000000 ____D C:\Users\Nico\Desktop\YT
2016-01-12 19:04 - 2016-01-12 19:04 - 00752281 _____ C:\Users\Nico\Downloads\Crack.rar
2016-01-12 18:36 - 2016-01-12 18:38 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Opera Software
2016-01-12 18:36 - 2016-01-12 18:38 - 00000000 ____D C:\Users\Nico\AppData\Local\Opera Software
2016-01-12 18:36 - 2016-01-12 18:36 - 00003292 _____ C:\WINDOWS\System32\Tasks\runTask
2016-01-12 18:36 - 2016-01-12 18:36 - 00003202 _____ C:\WINDOWS\System32\Tasks\updateTask
2016-01-12 18:36 - 2016-01-12 18:36 - 00000296 _____ C:\task.vbs
2016-01-12 18:28 - 2016-01-13 15:33 - 00000352 ____H C:\WINDOWS\Tasks\XIDJAIAHXKLUQLEU.job
2016-01-12 18:28 - 2016-01-12 18:38 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-12 18:28 - 2016-01-12 18:28 - 00003426 _____ C:\WINDOWS\System32\Tasks\XIDJAIAHXKLUQLEU
2016-01-12 18:28 - 2016-01-12 18:28 - 00000000 ____D C:\ProgramData\Service1104
2016-01-12 18:28 - 2016-01-12 18:28 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2016-01-12 18:27 - 2016-01-12 19:20 - 00004320 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2016-01-12 18:27 - 2016-01-12 19:20 - 00004290 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2016-01-12 18:18 - 2016-01-12 18:23 - 00000000 ____D C:\Users\Nico\AppData\Local\03DE0294-1452622702-05AC-5806-600700080009
2016-01-12 18:17 - 2016-01-13 16:55 - 00000000 ____D C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009
2016-01-12 18:17 - 2016-01-12 18:17 - 00000000 ____D C:\Program Files (x86)\03DE0294-1452619053-05AC-5806-600700080009
2016-01-12 18:17 - 2016-01-12 18:16 - 00001110 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-12 15:39 - 2016-01-12 15:39 - 00001616 _____ C:\Users\Nico\Desktop\Sony Vegas Pro.lnk
2016-01-12 15:29 - 2016-01-12 15:29 - 11188477 _____ C:\Users\Nico\Downloads\FaZeWallpapers.zip
2016-01-10 18:38 - 2016-01-10 21:48 - 00000000 ____D C:\Users\Nico\AppData\Roaming\OBS
2016-01-10 18:38 - 2016-01-10 18:38 - 00001004 _____ C:\Users\Nico\Desktop\Open Broadcaster Software.lnk
2016-01-10 18:38 - 2016-01-10 18:38 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-01-10 18:38 - 2016-01-10 18:38 - 00000000 ____D C:\Program Files\OBS
2016-01-10 18:38 - 2016-01-10 18:38 - 00000000 ____D C:\Program Files (x86)\OBS
2016-01-09 23:32 - 2016-01-09 23:32 - 00000000 ____D C:\Users\Nico\Documents\Elder Scrolls Online
2016-01-09 23:32 - 2016-01-09 23:32 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2016-01-08 23:11 - 2016-01-09 23:32 - 00001320 _____ C:\Users\Nico\Desktop\The Elder Scrolls Online.lnk
2016-01-08 23:11 - 2016-01-08 23:11 - 00000000 ____D C:\WINDOWS\jre
2016-01-08 23:11 - 2016-01-08 23:11 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2016-01-08 23:10 - 2016-01-08 23:13 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2016-01-08 23:10 - 2016-01-08 23:11 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2016-01-08 23:10 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-01-08 23:09 - 2016-01-08 23:09 - 00000000 ___HD C:\Users\Nico\InstallAnywhere
2016-01-08 17:23 - 2016-01-13 14:55 - 00000000 ____D C:\Users\Nico\AppData\Local\THORN
2016-01-08 17:22 - 2016-01-12 12:59 - 00004346 _____ C:\WINDOWS\System32\Tasks\GameNet
2016-01-08 17:22 - 2016-01-08 17:22 - 00000000 ____D C:\Users\Nico\AppData\Local\Vebanaul
2016-01-08 16:48 - 2016-01-08 16:48 - 00001066 _____ C:\Users\Nico\Desktop\Glyph.lnk
2016-01-08 16:48 - 2016-01-08 16:48 - 00000000 ____D C:\Program Files (x86)\Glyph
2016-01-08 06:43 - 2016-01-09 23:58 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Awesomium
2016-01-08 06:42 - 2016-01-08 06:42 - 00000000 ____D C:\Users\Nico\Documents\BnS
2016-01-08 06:21 - 2016-01-08 06:21 - 00000000 ____D C:\Users\Nico\AppData\Local\BNSUpdater
2016-01-08 06:20 - 2016-01-08 06:20 - 00001199 _____ C:\Users\Public\Desktop\Blade and Soul.lnk
2016-01-08 06:14 - 2016-01-08 06:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blade and Soul
2016-01-08 06:14 - 2016-01-08 06:14 - 00000000 ____D C:\Program Files (x86)\PlayBns.com
2016-01-07 21:14 - 2016-01-07 21:16 - 00000000 ____D C:\Users\Nico\Downloads\Playbns_client_xp
2016-01-07 21:13 - 2016-01-08 06:11 - 00000000 ____D C:\Users\Nico\AppData\LocalLow\uTorrent
2016-01-07 21:12 - 2016-01-08 06:11 - 00000000 ____D C:\Users\Nico\AppData\Roaming\uTorrent
2016-01-05 12:58 - 2016-01-08 16:52 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2016-01-04 19:16 - 2016-01-12 12:21 - 00000000 ____D C:\Users\Nico\AppData\Local\MyComGames
2016-01-04 19:16 - 2016-01-08 16:52 - 00000000 ____D C:\MyGames
2016-01-04 19:16 - 2016-01-04 19:16 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2016-01-04 18:58 - 2016-01-04 18:58 - 00000000 ____D C:\Users\Nico\AppData\Roaming\AlbionOnline
2016-01-04 18:58 - 2016-01-04 18:58 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Albion
2016-01-04 18:56 - 2016-01-08 16:51 - 00000000 ____D C:\Program Files (x86)\AlbionOnline
2015-12-31 14:32 - 2015-12-31 14:32 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2015-12-31 14:32 - 2015-12-31 14:32 - 00000000 ____D C:\Users\Nico\AppData\Roaming\library_dir
2015-12-31 14:32 - 2015-12-31 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-12-31 14:30 - 2015-12-31 14:30 - 00001243 _____ C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2015-12-31 14:30 - 2015-12-31 14:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-31 14:30 - 2015-12-31 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-31 14:25 - 2016-01-13 14:58 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Raptr
2015-12-31 14:25 - 2015-12-31 14:32 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-12-31 14:25 - 2015-12-31 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2015-12-24 15:16 - 2015-12-24 15:16 - 00001762 _____ C:\Users\Nico\Desktop\League of Legends.lnk
2015-12-20 22:46 - 2015-12-20 22:46 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-12-20 22:45 - 2016-01-13 15:22 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Samsung
2015-12-20 22:45 - 2015-12-20 22:45 - 00000000 ____D C:\Users\Nico\Documents\samsung
2015-12-20 22:45 - 2015-12-20 22:45 - 00000000 ____D C:\Users\Nico\AppData\Local\Samsung
2015-12-20 22:42 - 2015-12-20 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-12-20 22:42 - 2015-12-20 22:42 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2015-12-18 14:23 - 2015-12-18 14:23 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-12-18 14:23 - 2015-12-18 14:23 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-12-18 14:23 - 2015-12-18 14:23 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-12-18 14:23 - 2015-12-18 14:23 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-12-16 20:45 - 2015-12-16 20:45 - 10919104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 09158496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 09105552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 08168856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 00112392 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 08426376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00471344 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00130616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00151968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00128568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00120200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00874000 _____ (AMD) C:\WINDOWS\system32\coinst_15.30.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00243728 _____ C:\WINDOWS\system32\clinfo.exe
2015-12-16 20:41 - 2015-12-16 20:41 - 00232464 _____ C:\WINDOWS\system32\dgtrayicon.exe
2015-12-16 20:41 - 2015-12-16 20:41 - 00203792 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00183312 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00136208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00122384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00104976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 25848848 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 00199696 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 00089616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-12-16 20:35 - 2015-12-16 20:35 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-12-16 20:34 - 2015-12-16 20:34 - 31385616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-12-16 20:34 - 2015-12-16 20:34 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-12-16 20:32 - 2015-12-16 20:32 - 00040464 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00561168 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-12-16 20:29 - 2015-12-16 20:29 - 00254992 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-12-16 20:29 - 2015-12-16 20:29 - 00166416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00084504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-12-16 20:28 - 2015-12-16 20:28 - 00451088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-12-16 20:28 - 2015-12-16 20:28 - 00171032 _____ C:\WINDOWS\system32\atieah64.exe
2015-12-16 20:28 - 2015-12-16 20:28 - 00154128 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-12-16 20:28 - 2015-12-16 20:28 - 00071184 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-12-16 20:28 - 2015-12-16 20:28 - 00060944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-12-16 20:27 - 2015-12-16 20:27 - 15720464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-12-16 20:27 - 2015-12-16 20:27 - 14310928 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-12-16 20:26 - 2015-12-16 20:26 - 00375824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-12-16 20:26 - 2015-12-16 20:26 - 00064528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-12-16 20:26 - 2015-12-16 20:26 - 00057872 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 49992720 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 01281552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 00950288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 00950288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 00052240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-12-16 20:22 - 2015-12-16 20:22 - 27605008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-12-16 20:21 - 2015-12-16 20:21 - 22357008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-12-16 20:20 - 2015-12-16 20:20 - 41519120 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-12-16 20:19 - 2015-12-16 20:19 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-12-16 20:19 - 2015-12-16 20:19 - 00048144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-12-16 20:17 - 2015-12-16 20:17 - 06651920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-12-16 20:16 - 2015-12-16 20:16 - 05232656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-12-16 20:15 - 2015-12-16 20:15 - 00686608 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-12-16 20:15 - 2015-12-16 20:15 - 00571408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00305392 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2015-12-16 20:13 - 2015-12-16 20:13 - 00213520 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00198672 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00143376 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00132112 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00073744 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00068112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-12-16 19:07 - 2015-12-16 19:07 - 10339016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-12-16 10:11 - 2015-12-16 10:11 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-12-16 10:11 - 2015-12-16 10:11 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-12-16 10:11 - 2015-12-16 10:11 - 00323588 _____ C:\WINDOWS\system32\ativvaxy_el.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00322740 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00321072 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00320992 _____ C:\WINDOWS\system32\ativvaxy_el_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00261920 _____ C:\WINDOWS\system32\ativvaxy_stn_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00258464 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00252628 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00249680 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00234292 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00232624 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00177344 _____ C:\WINDOWS\system32\ativce03.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00100832 _____ C:\WINDOWS\system32\ativce02.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00843639 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00683968 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-12-16 10:09 - 2015-12-16 10:09 - 00683968 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-12-16 10:09 - 2015-12-16 10:09 - 00175648 _____ C:\WINDOWS\system32\amde31a.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00166560 _____ C:\WINDOWS\system32\amde34a.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00007112 _____ C:\WINDOWS\system32\AMDKernelEvents.man

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-13 17:54 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2016-01-13 17:54 - 2015-04-14 16:02 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Spotify
2016-01-13 17:36 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-13 17:35 - 2015-04-14 16:03 - 00000000 ____D C:\Users\Nico\AppData\Local\Spotify
2016-01-13 15:26 - 2015-11-24 21:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-13 15:26 - 2015-11-24 21:57 - 00000000 ____D C:\Program Files\Adobe
2016-01-13 15:26 - 2015-04-14 15:28 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Adobe
2016-01-13 15:22 - 2015-10-19 20:55 - 00000000 ____D C:\ProgramData\Samsung
2016-01-13 15:22 - 2015-10-19 20:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-01-13 15:22 - 2015-10-07 22:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-13 15:21 - 2015-09-13 21:06 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-01-13 15:21 - 2015-09-13 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-01-13 15:21 - 2015-09-13 21:06 - 00000000 ____D C:\Program Files\VB
2016-01-13 15:21 - 2015-04-27 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-01-13 15:21 - 2015-04-27 20:09 - 00000000 ____D C:\Program Files (x86)\Hp
2016-01-13 15:21 - 2015-04-18 22:04 - 00000000 ____D C:\Program Files (x86)\URUSoft
2016-01-13 15:20 - 2015-05-27 17:25 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-13 15:19 - 2015-04-14 15:41 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-13 14:58 - 2015-11-24 21:27 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-13 14:55 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-13 14:39 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-13 12:06 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-13 12:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-13 12:02 - 2015-09-12 11:05 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C0004CDA-3DAE-43B4-82C6-19FADF2E20E5}
2016-01-13 12:01 - 2015-04-18 22:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Adobe
2016-01-12 22:44 - 2015-04-14 15:50 - 00000000 ____D C:\Users\Nico\AppData\Local\Battle.net
2016-01-12 22:33 - 2015-04-14 15:50 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-12 22:32 - 2015-08-08 13:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-12 21:43 - 2015-04-18 23:51 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc
2016-01-12 20:55 - 2015-08-14 17:07 - 00000008 _____ C:\END
2016-01-12 20:53 - 2015-09-27 15:57 - 00000000 ____D C:\Users\Nico\AppData\Local\Google
2016-01-12 20:53 - 2015-09-27 15:57 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-12 20:32 - 2015-08-08 13:06 - 00000000 ____D C:\Users\Nico
2016-01-12 19:24 - 2015-04-17 16:05 - 01949184 ___SH C:\Users\Nico\Desktop\Thumbs.db
2016-01-12 18:30 - 2015-10-28 21:35 - 00000000 ____D C:\Users\Nico\AppData\Local\Deployment
2016-01-12 17:56 - 2015-05-13 12:04 - 00708096 ___SH C:\Users\Nico\Documents\Thumbs.db
2016-01-12 12:25 - 2015-08-08 13:19 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-12 12:25 - 2015-07-10 17:34 - 00771100 _____ C:\WINDOWS\system32\perfh007.dat
2016-01-12 12:25 - 2015-07-10 17:34 - 00153964 _____ C:\WINDOWS\system32\perfc007.dat
2016-01-12 12:25 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2016-01-10 18:35 - 2015-09-20 00:41 - 00000226 _____ C:\Users\Nico\Desktop\Schulden.txt
2016-01-08 17:37 - 2015-07-03 15:52 - 00000000 ____D C:\Games
2016-01-08 17:09 - 2015-09-30 19:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Glyph
2016-01-08 16:48 - 2015-09-30 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2016-01-08 16:48 - 2015-09-30 19:14 - 00000000 ____D C:\ProgramData\Glyph
2016-01-06 13:48 - 2015-04-14 15:52 - 00000000 ____D C:\Users\Nico\AppData\Local\Steam
2016-01-05 11:00 - 2015-04-14 15:54 - 00000000 ____D C:\AMD
2016-01-03 02:40 - 2015-07-10 12:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-31 15:19 - 2015-04-14 15:45 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Skype
2015-12-31 14:35 - 2015-08-17 09:56 - 00000000 ____D C:\Users\Nico\Documents\DayZ
2015-12-31 14:30 - 2015-04-14 15:45 - 00000000 ____D C:\Users\Nico\AppData\Local\Skype
2015-12-31 14:30 - 2015-04-14 15:44 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-31 14:30 - 2015-04-14 15:44 - 00000000 ____D C:\ProgramData\Skype
2015-12-31 14:25 - 2015-10-24 19:27 - 00000000 ____D C:\Users\Nico\AppData\Local\AMD
2015-12-31 14:25 - 2015-07-13 14:48 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-31 14:24 - 2015-08-08 13:03 - 00000000 ____D C:\Program Files\AMD
2015-12-18 14:26 - 2015-08-08 13:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-18 14:23 - 2015-07-16 00:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-12-16 20:45 - 2015-10-07 18:18 - 00143080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-12-16 20:45 - 2015-07-16 01:12 - 00162784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-12-16 20:44 - 2015-10-07 18:18 - 11011560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-12-16 20:44 - 2015-07-16 01:11 - 13313544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-12-16 20:44 - 2015-07-16 01:11 - 01519232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-12-16 20:44 - 2015-07-16 01:11 - 01249664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-12-16 20:31 - 2015-07-16 01:06 - 23969808 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-12-16 20:31 - 2015-07-16 00:13 - 00679952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-13 21:29 - 2015-09-13 21:29 - 0002853 _____ () C:\Users\Nico\AppData\Roaming\VoiceMeeterDefault.xml
2015-09-19 23:41 - 2015-09-19 23:41 - 0005219 _____ () C:\Users\Nico\AppData\Local\recently-used.xbel
2015-08-08 13:04 - 2015-08-08 13:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-27 20:35 - 2016-01-13 15:21 - 0002816 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\Nico\AppData\Local\Temp\aJ9yxJYQGd.exe
C:\Users\Nico\AppData\Local\Temp\amisetup7701__15940.exe
C:\Users\Nico\AppData\Local\Temp\amisetup8131__15940.exe
C:\Users\Nico\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Nico\AppData\Local\Temp\BRSVC_1936515_hlp.exe
C:\Users\Nico\AppData\Local\Temp\byHPCpnsMC.exe
C:\Users\Nico\AppData\Local\Temp\goGKuA3iaj.exe
C:\Users\Nico\AppData\Local\Temp\Gw2.exe
C:\Users\Nico\AppData\Local\Temp\raptrpatch.exe
C:\Users\Nico\AppData\Local\Temp\raptr_stub.exe
C:\Users\Nico\AppData\Local\Temp\setup6879.exe
C:\Users\Nico\AppData\Local\Temp\tmpB7E2.exe
C:\Users\Nico\AppData\Local\Temp\UninstallModule.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-01-08 14:36

==================== Ende von FRST.txt ============================
         
Edit: Nach einem Neustart ist es noch um einiges schlimmer mit dem Browser. Unendlich viele Ads von SwiftSearch. Bei jedem klick den ich mache, wird mein derzeitig offenes Tab geschlossen und neu geladen. Daraufhin öffnet sich noch Werbung......Ich weiß echt nicht mehr weiter..

Ich war leider auf nicht so vertrauenswürdigen Internetseiten unterwegs......(was sicherlich nicht so schnell wieder passieren wird). Ich weiß das ihr euch bei solchen Dingen lieber raushaltet aber ich brauche wirklich eure Hilfe. Mein Browser stürzt dauernd ab, läd Programme wie Piesearch runter....Ich kann im Minutentakt neue Programme die ich noch nie zuvor gesehem habe deinstallieren...Wäre toll wenn ihr mir helfen könntet.

Danke

Alt 14.01.2016, 09:26   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Zitat:
C:\Users\Nico\Downloads\Crack.rar
Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________

__________________

Alt 14.01.2016, 15:20   #3
BlueRavenHD
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Okay, ich lösche das alles. Ich will damit nichts zu tun haben.
Ich dachte nur, dass ich erstmal nichts löschen soll weil ich das hier im Forum irgendwo gelesen hatte. ( Nichts ohne zustimmung Löschen bzw. Deinstallieren )

Soll ich nach dem Löschen neue Logs posten? Und kann ich zwecks Datensicherung die großen Pakete an Spiele mit teilweise über 40GB auf eine externe Festplatte ziehen? Oder könnten dort auch Viren sein?

Ich hab schon im Selbstversuch ( Tutorial um Firefox zu säubern ), Piesearch entfernt. Mithilfe des Malwarebytes Anit-Malware.
Hat über 200 gefährdete Programme? gefunden.
__________________

Alt 14.01.2016, 16:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Bitte alle Logs mit Funden posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logs bitte immer in CODE-Tags posten

Alt 14.01.2016, 20:04   #5
BlueRavenHD
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Die MBAM Logs habe ich leider nicht mehr, schon deinstalliert.

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
durchgeführt von Nico (Administrator) auf NIGGO (14-01-2016 20:00:35)
Gestartet von C:\Users\Nico\Downloads
Geladene Profile: Nico (Verfügbare Profile: Nico)
Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(GGS) C:\Users\Nico\AppData\Local\THORN\Thorn.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(GGS) C:\Users\Nico\AppData\Local\THORN\ThornHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe
(ROCCAT GmbH Co., Ltd.) C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.15.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(NCSOFT Corporation) C:\Program Files (x86)\NCWest\NCLauncher\NCLauncherR.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Spotify Web Helper] => C:\Users\Nico\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-24] (Spotify Ltd)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Spotify] => C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe [8316528 2015-12-24] (Spotify Ltd)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [CrashService] => "C:\Users\Nico\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [MyComGames] => "C:\Users\Nico\AppData\Local\MyComGames\MyComGames.exe" -autostart
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-13]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ryos Driver.lnk [2016-01-13]
ShortcutTarget: Ryos Driver.lnk -> C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe (ROCCAT GmbH Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-01-13]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49906;https=127.0.0.1:49906
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{86e8fef8-cb05-4326-8613-64daf9ebae85}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9f5add42-1940-4ef9-8e34-a8a541f51131}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-390326861-221582735-3363938159-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-390326861-221582735-3363938159-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll => Keine Datei
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  Keine Datei
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAxAeApdVg4QDAwRcg0VVVhDEhgaIw8ATA1DEA1CIV0KWAkQExNBNARaB0tXUUEeJl9NER8fHGZGJXRXE1wjREZWLE1LKUwT
FF SelectedSearchEngine: Default
FF Homepage: hxxp://youtube.com/
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQBbWQoUFgJCbQAKUw1cFVQRcxQBAg9JDAERcQFZAF1DGAVCch9aFQQTR0cFME0FB18EURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-13]
StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1128448 2015-08-08] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-11] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 Thorn; C:\Users\Nico\AppData\Local\THORN\Thorn.exe [56824 2015-10-01] (GGS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 FastCompress; C:\Program Files (x86)\FastCompress-Zip\Fast_Support.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 KovaPlusFltr; C:\Windows\system32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3772632 2015-07-10] (Realtek Semiconductor Corporation                           )
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-09-13] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-14 20:00 - 2016-01-14 20:00 - 00014896 _____ C:\Users\Nico\Downloads\FRST.txt
2016-01-14 19:59 - 2016-01-14 20:00 - 02370560 _____ (Farbar) C:\Users\Nico\Downloads\FRST64.exe
2016-01-14 19:50 - 2016-01-14 19:50 - 00016148 _____ C:\WINDOWS\system32\NIGGO_Nico_HistoryPrediction.bin
2016-01-14 16:03 - 2016-01-14 16:03 - 00002303 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-01-14 16:03 - 2016-01-14 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-01-14 16:02 - 2016-01-14 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-01-14 16:02 - 2016-01-14 16:02 - 00000000 ____D C:\Program Files (x86)\NCWest
2016-01-14 15:47 - 2016-01-14 16:02 - 224976152 _____ (NC Interactive, LLC ) C:\Users\Nico\Downloads\BnS_Lite_Installer.exe
2016-01-13 21:55 - 2016-01-13 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-13 21:40 - 2016-01-13 21:55 - 22908888 _____ (Malwarebytes ) C:\Users\Nico\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-13 20:38 - 2016-01-13 22:12 - 00000000 ____D C:\Users\Nico\AppData\LocalLow\Company
2016-01-13 20:38 - 2016-01-13 20:38 - 00003400 _____ C:\WINDOWS\System32\Tasks\Foosgasz
2016-01-13 17:54 - 2016-01-14 20:00 - 00000000 ____D C:\FRST
2016-01-13 17:45 - 2016-01-05 04:07 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 17:45 - 2016-01-05 04:07 - 00377592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-13 17:45 - 2016-01-05 04:06 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 17:45 - 2016-01-05 04:06 - 01991120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-13 17:45 - 2016-01-05 04:06 - 01270104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 17:45 - 2016-01-05 04:06 - 01063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-13 17:45 - 2016-01-05 04:06 - 00119800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 01591848 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00862056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00787720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00779928 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00751992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 00667856 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 00249464 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 00233992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-13 17:45 - 2016-01-05 03:59 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-13 17:45 - 2016-01-05 03:52 - 00441696 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 17:45 - 2016-01-05 03:50 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 17:45 - 2016-01-05 03:50 - 00345080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-13 17:45 - 2016-01-05 03:50 - 00251544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-13 17:45 - 2016-01-05 03:50 - 00205072 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-13 17:45 - 2016-01-05 03:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-13 17:45 - 2016-01-05 03:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-13 17:45 - 2016-01-05 03:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 17:45 - 2016-01-05 03:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 17:45 - 2016-01-05 03:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-13 17:45 - 2016-01-05 03:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-13 17:45 - 2016-01-05 03:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 17:45 - 2016-01-05 03:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 17:45 - 2016-01-05 03:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-13 17:45 - 2016-01-05 03:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 17:45 - 2016-01-05 03:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-13 17:45 - 2016-01-05 03:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-13 17:45 - 2016-01-05 03:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-13 17:45 - 2016-01-05 03:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-13 17:45 - 2016-01-05 03:18 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 17:45 - 2016-01-05 03:15 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-13 17:45 - 2016-01-05 03:15 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-13 17:45 - 2016-01-05 03:15 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 17:45 - 2016-01-05 03:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2016-01-13 17:45 - 2016-01-05 03:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-13 17:45 - 2016-01-05 03:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-13 17:45 - 2016-01-05 03:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-13 17:45 - 2016-01-05 03:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 17:45 - 2016-01-05 03:02 - 01672192 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 17:45 - 2016-01-05 03:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 17:45 - 2016-01-05 03:02 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 17:45 - 2016-01-05 03:01 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 17:45 - 2016-01-05 02:57 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 17:45 - 2016-01-05 02:57 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 17:45 - 2016-01-05 02:57 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 17:45 - 2016-01-05 02:56 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 17:45 - 2016-01-05 02:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 17:45 - 2016-01-05 02:51 - 01009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 17:45 - 2016-01-05 02:51 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-13 17:45 - 2016-01-05 02:51 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-13 17:45 - 2016-01-05 02:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-13 17:45 - 2016-01-05 02:43 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-13 17:45 - 2016-01-05 02:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 17:45 - 2016-01-05 02:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-01-13 17:45 - 2016-01-05 02:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 17:45 - 2016-01-05 02:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 17:45 - 2016-01-05 02:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 17:45 - 2016-01-05 02:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 17:45 - 2016-01-05 02:30 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 17:45 - 2016-01-05 02:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 17:45 - 2016-01-05 02:24 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 17:45 - 2016-01-05 02:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 17:45 - 2016-01-05 02:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 17:45 - 2016-01-05 02:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-13 17:45 - 2016-01-05 02:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-13 17:45 - 2016-01-05 02:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-13 17:44 - 2016-01-05 04:04 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 17:44 - 2016-01-05 03:50 - 01817064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 17:44 - 2016-01-05 03:50 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 17:44 - 2016-01-05 03:31 - 01365576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 17:44 - 2016-01-05 03:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 17:44 - 2016-01-05 03:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 17:44 - 2016-01-05 03:09 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 17:44 - 2016-01-05 03:00 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-13 17:44 - 2016-01-05 03:00 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 17:44 - 2016-01-05 02:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 17:44 - 2016-01-05 02:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 17:44 - 2016-01-05 02:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 17:44 - 2016-01-05 02:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-13 17:44 - 2016-01-05 02:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 22:36 - 2016-01-13 22:30 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-12 22:36 - 2016-01-13 22:18 - 00001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-12 22:36 - 2016-01-12 22:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-12 22:36 - 2016-01-12 22:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-12 20:32 - 2016-01-12 20:32 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Blender Foundation
2016-01-12 20:32 - 2016-01-12 20:32 - 00000000 ____D C:\Users\Nico\.thumbnails
2016-01-12 20:30 - 2016-01-12 20:30 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2016-01-12 20:29 - 2016-01-12 20:29 - 00000000 ____D C:\Program Files\Blender Foundation
2016-01-12 18:36 - 2016-01-12 18:38 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Opera Software
2016-01-12 18:36 - 2016-01-12 18:38 - 00000000 ____D C:\Users\Nico\AppData\Local\Opera Software
2016-01-12 18:36 - 2016-01-12 18:36 - 00003292 _____ C:\WINDOWS\System32\Tasks\runTask
2016-01-12 18:36 - 2016-01-12 18:36 - 00003202 _____ C:\WINDOWS\System32\Tasks\updateTask
2016-01-12 18:28 - 2016-01-14 18:33 - 00000352 ____H C:\WINDOWS\Tasks\XIDJAIAHXKLUQLEU.job
2016-01-12 18:28 - 2016-01-12 18:38 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-12 18:28 - 2016-01-12 18:28 - 00003426 _____ C:\WINDOWS\System32\Tasks\XIDJAIAHXKLUQLEU
2016-01-12 18:28 - 2016-01-12 18:28 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2016-01-12 18:17 - 2016-01-12 18:16 - 00001110 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-12 15:39 - 2016-01-13 22:17 - 00001616 _____ C:\Users\Nico\Desktop\Sony Vegas Pro.lnk
2016-01-10 18:38 - 2016-01-13 22:17 - 00001004 _____ C:\Users\Nico\Desktop\Open Broadcaster Software.lnk
2016-01-10 18:38 - 2016-01-10 21:48 - 00000000 ____D C:\Users\Nico\AppData\Roaming\OBS
2016-01-10 18:38 - 2016-01-10 18:38 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-01-10 18:38 - 2016-01-10 18:38 - 00000000 ____D C:\Program Files\OBS
2016-01-10 18:38 - 2016-01-10 18:38 - 00000000 ____D C:\Program Files (x86)\OBS
2016-01-09 23:32 - 2016-01-09 23:32 - 00000000 ____D C:\Users\Nico\Documents\Elder Scrolls Online
2016-01-09 23:32 - 2016-01-09 23:32 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2016-01-08 23:11 - 2016-01-13 22:17 - 00001320 _____ C:\Users\Nico\Desktop\The Elder Scrolls Online.lnk
2016-01-08 23:11 - 2016-01-08 23:11 - 00000000 ____D C:\WINDOWS\jre
2016-01-08 23:11 - 2016-01-08 23:11 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2016-01-08 23:10 - 2016-01-08 23:13 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2016-01-08 23:10 - 2016-01-08 23:11 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2016-01-08 23:10 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-01-08 23:09 - 2016-01-08 23:09 - 00000000 ___HD C:\Users\Nico\InstallAnywhere
2016-01-08 17:23 - 2016-01-13 22:19 - 00000000 ____D C:\Users\Nico\AppData\Local\THORN
2016-01-08 17:22 - 2016-01-12 12:59 - 00004346 _____ C:\WINDOWS\System32\Tasks\GameNet
2016-01-08 17:22 - 2016-01-08 17:22 - 00000000 ____D C:\Users\Nico\AppData\Local\Vebanaul
2016-01-08 16:48 - 2016-01-13 22:17 - 00001066 _____ C:\Users\Nico\Desktop\Glyph.lnk
2016-01-08 16:48 - 2016-01-08 16:48 - 00000000 ____D C:\Program Files (x86)\Glyph
2016-01-08 06:43 - 2016-01-09 23:58 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Awesomium
2016-01-08 06:42 - 2016-01-08 06:42 - 00000000 ____D C:\Users\Nico\Documents\BnS
2016-01-08 06:21 - 2016-01-08 06:21 - 00000000 ____D C:\Users\Nico\AppData\Local\BNSUpdater
2016-01-08 06:14 - 2016-01-08 06:14 - 00000000 ____D C:\Program Files (x86)\PlayBns.com
2016-01-07 21:13 - 2016-01-08 06:11 - 00000000 ____D C:\Users\Nico\AppData\LocalLow\uTorrent
2016-01-07 21:12 - 2016-01-08 06:11 - 00000000 ____D C:\Users\Nico\AppData\Roaming\uTorrent
2016-01-05 12:58 - 2016-01-08 16:52 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2016-01-04 18:58 - 2016-01-04 18:58 - 00000000 ____D C:\Users\Nico\AppData\Roaming\AlbionOnline
2016-01-04 18:58 - 2016-01-04 18:58 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Albion
2016-01-04 18:56 - 2016-01-08 16:51 - 00000000 ____D C:\Program Files (x86)\AlbionOnline
2015-12-31 14:32 - 2015-12-31 14:32 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2015-12-31 14:32 - 2015-12-31 14:32 - 00000000 ____D C:\Users\Nico\AppData\Roaming\library_dir
2015-12-31 14:30 - 2016-01-13 22:17 - 00001243 _____ C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2015-12-31 14:30 - 2015-12-31 14:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-31 14:30 - 2015-12-31 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-31 14:25 - 2016-01-13 20:37 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-12-31 14:25 - 2015-12-31 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2015-12-24 15:16 - 2016-01-13 22:17 - 00001762 _____ C:\Users\Nico\Desktop\League of Legends.lnk
2015-12-20 22:46 - 2015-12-20 22:46 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-12-20 22:45 - 2016-01-13 15:22 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Samsung
2015-12-20 22:45 - 2015-12-20 22:45 - 00000000 ____D C:\Users\Nico\Documents\samsung
2015-12-20 22:45 - 2015-12-20 22:45 - 00000000 ____D C:\Users\Nico\AppData\Local\Samsung
2015-12-20 22:42 - 2016-01-13 22:16 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2015-12-18 14:23 - 2015-12-18 14:23 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-12-18 14:23 - 2015-12-18 14:23 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-12-18 14:23 - 2015-12-18 14:23 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-12-18 14:23 - 2015-12-18 14:23 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-12-16 20:45 - 2015-12-16 20:45 - 10919104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 09158496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 09105552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 08168856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 00112392 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 08426376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00471344 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00130616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00151968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00128568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00120200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00874000 _____ (AMD) C:\WINDOWS\system32\coinst_15.30.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00243728 _____ C:\WINDOWS\system32\clinfo.exe
2015-12-16 20:41 - 2015-12-16 20:41 - 00232464 _____ C:\WINDOWS\system32\dgtrayicon.exe
2015-12-16 20:41 - 2015-12-16 20:41 - 00203792 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00183312 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00136208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00122384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00104976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 25848848 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 00199696 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 00089616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-12-16 20:35 - 2015-12-16 20:35 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-12-16 20:34 - 2015-12-16 20:34 - 31385616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-12-16 20:34 - 2015-12-16 20:34 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-12-16 20:32 - 2015-12-16 20:32 - 00040464 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00561168 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-12-16 20:29 - 2015-12-16 20:29 - 00254992 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-12-16 20:29 - 2015-12-16 20:29 - 00166416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00084504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-12-16 20:28 - 2015-12-16 20:28 - 00451088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-12-16 20:28 - 2015-12-16 20:28 - 00171032 _____ C:\WINDOWS\system32\atieah64.exe
2015-12-16 20:28 - 2015-12-16 20:28 - 00154128 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-12-16 20:28 - 2015-12-16 20:28 - 00071184 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-12-16 20:28 - 2015-12-16 20:28 - 00060944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-12-16 20:27 - 2015-12-16 20:27 - 15720464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-12-16 20:27 - 2015-12-16 20:27 - 14310928 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-12-16 20:26 - 2015-12-16 20:26 - 00375824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-12-16 20:26 - 2015-12-16 20:26 - 00064528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-12-16 20:26 - 2015-12-16 20:26 - 00057872 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 49992720 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 01281552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 00950288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 00950288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 00052240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-12-16 20:22 - 2015-12-16 20:22 - 27605008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-12-16 20:21 - 2015-12-16 20:21 - 22357008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-12-16 20:20 - 2015-12-16 20:20 - 41519120 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-12-16 20:19 - 2015-12-16 20:19 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-12-16 20:19 - 2015-12-16 20:19 - 00048144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-12-16 20:17 - 2015-12-16 20:17 - 06651920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-12-16 20:16 - 2015-12-16 20:16 - 05232656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-12-16 20:15 - 2015-12-16 20:15 - 00686608 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-12-16 20:15 - 2015-12-16 20:15 - 00571408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00305392 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2015-12-16 20:13 - 2015-12-16 20:13 - 00213520 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00198672 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00143376 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00132112 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00073744 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00068112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-12-16 19:07 - 2015-12-16 19:07 - 10339016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-12-16 10:11 - 2015-12-16 10:11 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-12-16 10:11 - 2015-12-16 10:11 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-12-16 10:11 - 2015-12-16 10:11 - 00323588 _____ C:\WINDOWS\system32\ativvaxy_el.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00322740 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00321072 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00320992 _____ C:\WINDOWS\system32\ativvaxy_el_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00261920 _____ C:\WINDOWS\system32\ativvaxy_stn_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00258464 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00252628 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00249680 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00234292 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00232624 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00177344 _____ C:\WINDOWS\system32\ativce03.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00100832 _____ C:\WINDOWS\system32\ativce02.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00843639 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00683968 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-12-16 10:09 - 2015-12-16 10:09 - 00683968 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-12-16 10:09 - 2015-12-16 10:09 - 00175648 _____ C:\WINDOWS\system32\amde31a.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00166560 _____ C:\WINDOWS\system32\amde34a.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00007112 _____ C:\WINDOWS\system32\AMDKernelEvents.man

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-14 20:01 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-14 19:55 - 2015-11-24 21:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-14 19:55 - 2015-11-24 21:25 - 00000000 ____D C:\ProgramData\Adobe
2016-01-14 19:55 - 2015-11-24 21:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-14 19:51 - 2015-04-14 15:41 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-14 18:05 - 2015-04-14 16:02 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Spotify
2016-01-14 16:03 - 2015-10-14 10:16 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2016-01-14 16:03 - 2015-10-07 22:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-14 15:15 - 2015-04-14 16:03 - 00000000 ____D C:\Users\Nico\AppData\Local\Spotify
2016-01-13 22:19 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-13 22:18 - 2015-12-07 18:11 - 00001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-13 22:18 - 2015-11-24 21:26 - 00001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-01-13 22:18 - 2015-09-24 13:33 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-13 22:18 - 2015-09-19 11:19 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-01-13 22:18 - 2015-09-10 15:22 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-01-13 22:18 - 2015-09-10 15:22 - 00001070 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-01-13 22:18 - 2015-08-08 13:10 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-13 22:18 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-13 22:18 - 2015-04-18 23:51 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-01-13 22:18 - 2015-04-18 22:18 - 00001462 _____ C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2016-01-13 22:18 - 2015-04-17 16:05 - 01949184 ___SH C:\Users\Nico\Desktop\Thumbs.db
2016-01-13 22:18 - 2015-04-14 15:53 - 00000973 _____ C:\Users\Public\Desktop\Origin.lnk
2016-01-13 22:18 - 2015-04-14 15:50 - 00001112 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-01-13 22:18 - 2015-04-14 15:44 - 00002636 _____ C:\Users\Public\Desktop\Skype.lnk
2016-01-13 22:18 - 2015-04-14 15:41 - 00000957 _____ C:\Users\Public\Desktop\Steam.lnk
2016-01-13 22:17 - 2015-11-24 14:44 - 00001274 _____ C:\Users\Nico\Desktop\Uplay.lnk
2016-01-13 22:17 - 2015-08-08 13:31 - 00002415 _____ C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-13 22:17 - 2015-04-30 13:51 - 00001247 _____ C:\Users\Nico\Desktop\TeamSpeak 3 Client.lnk
2016-01-13 22:17 - 2015-04-27 20:55 - 00001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-01-13 22:17 - 2015-04-18 23:50 - 00001180 _____ C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
2016-01-13 22:17 - 2015-04-14 16:03 - 00001797 _____ C:\Users\Nico\Desktop\Spotify.lnk
2016-01-13 22:17 - 2015-04-14 16:03 - 00001783 _____ C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-01-13 22:13 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-13 20:36 - 2015-08-08 13:04 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-13 20:11 - 2015-08-08 13:19 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-13 20:11 - 2015-07-10 17:34 - 00771100 _____ C:\WINDOWS\system32\perfh007.dat
2016-01-13 20:11 - 2015-07-10 17:34 - 00153964 _____ C:\WINDOWS\system32\perfc007.dat
2016-01-13 20:11 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2016-01-13 19:08 - 2015-09-20 00:41 - 00000237 _____ C:\Users\Nico\Desktop\Schulden.txt
2016-01-13 18:39 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-13 18:37 - 2015-09-12 11:05 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C0004CDA-3DAE-43B4-82C6-19FADF2E20E5}
2016-01-13 18:37 - 2015-04-15 17:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 18:34 - 2015-08-08 13:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-13 18:33 - 2015-04-15 17:41 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 17:55 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2016-01-13 15:26 - 2015-04-14 15:28 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Adobe
2016-01-13 15:22 - 2015-10-19 20:55 - 00000000 ____D C:\ProgramData\Samsung
2016-01-13 15:22 - 2015-10-19 20:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-01-13 15:21 - 2015-09-13 21:06 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-01-13 15:21 - 2015-09-13 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-01-13 15:21 - 2015-09-13 21:06 - 00000000 ____D C:\Program Files\VB
2016-01-13 15:21 - 2015-04-27 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-01-13 15:21 - 2015-04-27 20:09 - 00000000 ____D C:\Program Files (x86)\Hp
2016-01-13 15:21 - 2015-04-18 22:04 - 00000000 ____D C:\Program Files (x86)\URUSoft
2016-01-13 15:20 - 2015-05-27 17:25 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-13 14:58 - 2015-11-24 21:27 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-13 12:06 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-13 12:01 - 2015-04-18 22:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Adobe
2016-01-12 22:44 - 2015-04-14 15:50 - 00000000 ____D C:\Users\Nico\AppData\Local\Battle.net
2016-01-12 22:33 - 2015-04-14 15:50 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-12 21:43 - 2015-04-18 23:51 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc
2016-01-12 20:55 - 2015-08-14 17:07 - 00000008 _____ C:\END
2016-01-12 20:53 - 2015-09-27 15:57 - 00000000 ____D C:\Users\Nico\AppData\Local\Google
2016-01-12 20:53 - 2015-09-27 15:57 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-12 20:32 - 2015-08-08 13:06 - 00000000 ____D C:\Users\Nico
2016-01-12 18:30 - 2015-10-28 21:35 - 00000000 ____D C:\Users\Nico\AppData\Local\Deployment
2016-01-12 17:56 - 2015-05-13 12:04 - 00708096 ___SH C:\Users\Nico\Documents\Thumbs.db
2016-01-08 17:37 - 2015-07-03 15:52 - 00000000 ____D C:\Games
2016-01-08 17:09 - 2015-09-30 19:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Glyph
2016-01-08 16:48 - 2015-09-30 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2016-01-08 16:48 - 2015-09-30 19:14 - 00000000 ____D C:\ProgramData\Glyph
2016-01-06 13:48 - 2015-04-14 15:52 - 00000000 ____D C:\Users\Nico\AppData\Local\Steam
2016-01-05 11:00 - 2015-04-14 15:54 - 00000000 ____D C:\AMD
2016-01-03 02:40 - 2015-07-10 12:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-31 15:19 - 2015-04-14 15:45 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Skype
2015-12-31 14:35 - 2015-08-17 09:56 - 00000000 ____D C:\Users\Nico\Documents\DayZ
2015-12-31 14:30 - 2015-04-14 15:45 - 00000000 ____D C:\Users\Nico\AppData\Local\Skype
2015-12-31 14:30 - 2015-04-14 15:44 - 00000000 ____D C:\ProgramData\Skype
2015-12-31 14:25 - 2015-10-24 19:27 - 00000000 ____D C:\Users\Nico\AppData\Local\AMD
2015-12-31 14:25 - 2015-07-13 14:48 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-31 14:24 - 2015-08-08 13:03 - 00000000 ____D C:\Program Files\AMD
2015-12-18 14:23 - 2015-07-16 00:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-12-16 20:45 - 2015-10-07 18:18 - 00143080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-12-16 20:45 - 2015-07-16 01:12 - 00162784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-12-16 20:44 - 2015-10-07 18:18 - 11011560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-12-16 20:44 - 2015-07-16 01:11 - 13313544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-12-16 20:44 - 2015-07-16 01:11 - 01519232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-12-16 20:44 - 2015-07-16 01:11 - 01249664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-12-16 20:31 - 2015-07-16 01:06 - 23969808 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-12-16 20:31 - 2015-07-16 00:13 - 00679952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-13 21:29 - 2015-09-13 21:29 - 0002853 _____ () C:\Users\Nico\AppData\Roaming\VoiceMeeterDefault.xml
2015-09-19 23:41 - 2015-09-19 23:41 - 0005219 _____ () C:\Users\Nico\AppData\Local\recently-used.xbel
2015-08-08 13:04 - 2015-08-08 13:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-27 20:35 - 2016-01-13 15:21 - 0002816 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\Nico\AppData\Local\Temp\1452706703tmp.exe
C:\Users\Nico\AppData\Local\Temp\aJ9yxJYQGd.exe
C:\Users\Nico\AppData\Local\Temp\BRSVC_1936515_hlp.exe
C:\Users\Nico\AppData\Local\Temp\byHPCpnsMC.exe
C:\Users\Nico\AppData\Local\Temp\goGKuA3iaj.exe
C:\Users\Nico\AppData\Local\Temp\Gw2.exe
C:\Users\Nico\AppData\Local\Temp\raptrpatch.exe
C:\Users\Nico\AppData\Local\Temp\raptr_stub.exe
C:\Users\Nico\AppData\Local\Temp\setup6879.exe
C:\Users\Nico\AppData\Local\Temp\tmpB7E2.exe
C:\Users\Nico\AppData\Local\Temp\UninstallModule.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-01-08 14:36

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
durchgeführt von Nico (2016-01-14 20:01:53)
Gestartet von C:\Users\Nico\Downloads
Windows 10 Pro (X64) (2015-08-08 12:25:10)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-390326861-221582735-3363938159-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-390326861-221582735-3363938159-503 - Limited - Disabled)
Gast (S-1-5-21-390326861-221582735-3363938159-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-390326861-221582735-3363938159-1009 - Limited - Enabled)
Nico (S-1-5-21-390326861-221582735-3363938159-1001 - Administrator - Enabled) => C:\Users\Nico

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Black Desert (HKLM-x32\...\{4BD65630-3A19-4fc2-8AD8-2CF729DB6608}.30000000000) (Version: 1.0 - Global Gamers Solutions Ltd. ©)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.60.197 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.60.197 - NC Interactive, LLC) Hidden
Blender (HKLM\...\{D593042C-8739-488D-93B8-E6B202013E57}) (Version: 2.76.1 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DRAGON BALL XENOVERSE (HKLM-x32\...\Steam App 323470) (Version:  - DIMPS)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
F300 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version:  - SQUARE ENIX)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.3.6.2 (HKLM-x32\...\{9F410B70-8A45-4F28-985E-F9731219BCBC}) (Version: 4.3.6.2 - The Document Foundation)
MagicYUV Lossless Video Codec Trial version 1.2rev0 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.2rev0 - INNOMAGIC Bt.)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Rainbow Six Siege - Open Beta (HKLM-x32\...\Uplay Install 1001) (Version:  - Ubisoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
ROCCAT Ryos Keyboard Driver (HKLM-x32\...\{70F3EF93-44F4-446A-90B8-33DAB2799AF1}) (Version: 1.29.0006 - Roccat GmbH)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.5.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.5.0 - SteelSeries ApS)
TeamSpeak 3 Client (HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.2.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-43CC95F1E486}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nico\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0701EA5D-874F-4217-8D7A-F53986B382E4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0E94E16D-1263-4900-BBD7-9983C618D2DB} - \crash_service -> Keine Datei <==== ACHTUNG
Task: {17930800-9D3E-469C-9FAC-750DB1ED7880} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {1D8D3A9E-29BF-4407-BEDE-73679474C84C} - System32\Tasks\GameNet => C:\Program Files (x86)\QGNA\qGNA.exe
Task: {5B564401-A737-467C-BEC5-35FCFAF5CE65} - System32\Tasks\XIDJAIAHXKLUQLEU => C:\ProgramData\Service1104\Service1104.exe <==== ACHTUNG
Task: {5F62C94C-267B-4631-A9B2-3129D02488FC} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {6EEBDDA1-942E-47B0-8A2D-AD7215A7DB15} - System32\Tasks\updateTask => c:\task.vbs
Task: {99E9D2B1-33E0-4A39-8D80-D31E10274C01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {9EA1B318-AC6F-4417-A942-AE8AD5AAEF3B} - System32\Tasks\runTask => C:\Users\Nico\AppData\Local\Temp/Updater.exe
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A242B510-44CF-422B-8D05-30B171AE4D4A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {A65E1846-5CF0-44F4-B38B-FB95784EA51F} - System32\Tasks\Foosgasz => C:\PROGRA~1\SHOPPE~1\Qaucne.bat
Task: {B896026B-3CE7-4E56-A817-E68D09AA590A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {CFB97A37-4BCC-44B5-A38A-2D07C35E4155} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {E3BCDA42-3149-4CFE-8F0E-27872950264B} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> Keine Datei <==== ACHTUNG
Task: {F31DD1F0-6CA9-4E78-A685-FC706511BACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {F833C75A-4500-4269-93DD-C11AB3AB4A5C} - \SwiftSearch Auto Updater 1.10.0.25 Core -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\WebReg HP Deskjet F300 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe
Task: C:\WINDOWS\Tasks\XIDJAIAHXKLUQLEU.job => C:\ProgramData\Service1104\Service1104.exe <==== ACHTUNG

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-10 12:00 - 2015-07-10 12:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-08 13:57 - 2015-08-08 13:57 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 15:21 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-01 14:29 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 14:29 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-11 19:02 - 2015-09-11 19:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-01 14:29 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 15:16 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 15:15 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 15:15 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 14:29 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 17:43 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-01-08 18:46 - 2016-01-08 18:47 - 09737216 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.15.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-12-10 16:54 - 2015-12-10 16:55 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 16:54 - 2015-12-10 16:55 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 21:09 - 2015-11-19 21:10 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-08 17:23 - 2015-04-24 16:40 - 00043520 _____ () C:\Users\Nico\AppData\Local\THORN\QtSolutions_Service-head.dll
2016-01-08 17:23 - 2014-08-28 10:36 - 00732160 _____ () C:\Users\Nico\AppData\Local\THORN\libGLESv2.dll
2016-01-08 17:23 - 2014-08-28 10:41 - 00856576 _____ () C:\Users\Nico\AppData\Local\THORN\platforms\qwindows.dll
2016-01-08 17:23 - 2014-08-28 10:36 - 00047104 _____ () C:\Users\Nico\AppData\Local\THORN\libEGL.dll
2015-04-14 16:03 - 2015-12-24 11:47 - 50679920 _____ () C:\Users\Nico\AppData\Roaming\Spotify\libcef.dll
2015-10-07 22:20 - 2010-05-29 13:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
2015-04-14 16:03 - 2015-12-24 11:47 - 01882224 _____ () C:\Users\Nico\AppData\Roaming\Spotify\libglesv2.dll
2015-04-14 16:03 - 2015-12-24 11:47 - 00082544 _____ () C:\Users\Nico\AppData\Roaming\Spotify\libegl.dll
2015-04-14 15:49 - 2015-11-10 20:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-14 15:49 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-14 15:49 - 2015-12-14 21:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-14 15:49 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-14 15:49 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-14 15:49 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-14 15:49 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-14 15:49 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-14 15:49 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-14 15:49 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-14 15:49 - 2015-12-14 21:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 11:07 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-04-14 15:49 - 2015-11-17 01:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-14 15:49 - 2015-09-25 00:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\com -> hxxp://*.Wondershare.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2016-01-12 18:16 - 00001110 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-390326861-221582735-3363938159-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nico\Desktop\faze-backgda21.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "dply_en_009030206"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "CrashService"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "MyComGames"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A22B3A6D-7924-4763-97C6-C3CC87B0A0E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{62E5A8BD-F3DF-41D1-9151-7E50B543F39F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [UDP Query User{EFACFB75-A677-4F94-9B73-743B4BA9D768}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{B7BF3ADA-375D-4F33-9FDE-5D1B32D60EB8}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{0427E741-5E5C-4BD8-9814-0237E1964CC6}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{551E20CA-5B73-4C48-9DAA-9E8E0084ED80}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [{85392265-6C8E-4718-868B-86F336EFAFF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{A6A330F9-A60C-41D6-8E57-4B6E09599891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{7E00ACB1-FA3E-4BCF-98D3-DEAAD9F3CD58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{B43EF214-845F-4B6F-84C6-58B9D647288E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [UDP Query User{4DE62E97-D42F-4462-B1AE-574BE8161E98}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E4EC5EDF-52FB-4B67-9016-F3684A3A3111}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6D41EA7E-DEEB-4EF6-A989-4A7798093831}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BBE93B6C-F671-4DB9-9957-6EC793460A7C}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [{62338E9B-66CF-48AA-B4A9-6CCAD1F22D11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse\DBXV.exe
FirewallRules: [{E8574E8C-C55D-40CA-A183-4BD3C0D9F460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse\DBXV.exe
FirewallRules: [UDP Query User{83789CBB-6AD7-46F1-B915-85B7109F0015}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{7CF7CC2D-59AB-414A-BCB7-26D56E3340C9}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{72494A97-BD6A-421D-B34F-5C1A762F47D6}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5567EB66-EE60-4E7E-BDFC-49FE5E60CC07}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7735A50C-1BDF-4068-B5F4-A5D71530778C}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{7FC897F6-2876-4256-A5F2-1790E78D0B8B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8FB313F0-488B-469D-A970-70A8E990DC1E}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D401F11E-274A-4D2C-BB95-9F1671233B79}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{B279BD0B-6E53-4823-A32D-D08A44CF5B03}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7DA813D8-6936-4E3D-9064-8733E1728C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{345C46CB-B8CF-4AEC-90D9-6428D51A118F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E239265D-6359-48C0-BD8B-90248C22238A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{DB9AE537-09CB-4E9E-AD60-4C6733CE7DEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BB1FECD9-4580-442F-8924-5C5B1919DB1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{D96D63F4-1525-480B-8D1C-679A76AE8959}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{4861ABD4-052E-419F-98EB-E7D6CBDBD5C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{94310E4C-25E4-4B21-9C51-156C2DEEE197}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{8B099E2F-CF90-42B5-AEFC-D2C53001845F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{4E82DCCC-6EAD-4DAE-9736-980ABA886F69}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7CD43DFA-70BD-45E3-B2E1-5AAC5765158C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{494E49C1-9348-4045-9A5F-3CE31DEC5D09}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{DACAEFE3-5368-45B4-ACB1-98551DBE9EC4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{849C3FF8-9077-4A97-B40C-AC05218A924D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8A68DD50-0E93-4A6D-B8D3-2723A02BB241}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{BE15EDAE-CF91-42A4-93FF-7414DFFE638F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{A34DE4A3-78BB-449A-8F1B-416186F5700F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{175133BA-3A0D-44AC-BA75-66AEFCA9B9DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{7BD1E93C-54F9-4C99-8DD0-88ADB7938831}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9D16849D-51E9-4886-9C47-BE94846333F6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FCB64F93-38BF-4452-8BE6-CF986B3A77FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E7A98DEA-2F32-4DB7-B6E1-3F94FA36F704}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5C5BD0A5-BFCC-4BC5-B8D9-0EE950D5DCED}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A0F80382-2902-4511-81E8-E2DE5EA2942F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8522CED1-4C3D-44E9-8641-4F96C1FAA311}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5B2D2225-751A-4F16-A257-E59A48537304}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C98ED621-3F5A-466A-8A19-30C62EC881BE}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AC07BEF5-EBC6-4942-B30A-D46DCA2E2761}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{78445581-2B8C-4D1F-89B2-773A3AFCE6A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{D8CEC2C1-9689-43F8-96B2-306C3BD7C7E8}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{579B5D01-49B2-4034-A22C-7BBBD6876E92}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{00654931-AB31-4CDB-A9FB-D5BE7F353A2A}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{710AD1CD-F1AB-4B04-8A5C-33BE93258438}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C84871E6-6369-47ED-8531-1B13242C52E4}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F570D22D-BC2D-4300-AB24-D36D0643248A}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0A531268-64FA-4D3F-B0F5-089714CA264D}C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E62E82FC-622B-4C77-AE98-48F64919D9FB}C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [{E51830C3-4F9A-4F13-8D1E-E0862526B3DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FA3B63D-443B-493C-A934-1F3F416A115A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D4FD331-B4F8-416F-B3BB-FFDD006DD146}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D08355AE-93E4-433A-969E-59799CC7D11F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8E3A5292-3238-4DD0-9E2A-6828115CB2EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{CC862ED2-F94F-4744-9383-CE0F07805233}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [TCP Query User{C0750D98-84AE-4DBD-9F16-D1CBC46050A0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{ABB768B0-926B-4231-8B77-6AB82097EAF8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{D657C096-730D-4818-AB3F-CE410804CAC6}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{93A4FD8B-49D0-493C-8B2C-B1708BEFB07C}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [{8353D005-8BAE-4FDA-9111-4B1869A7938C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7A057CB1-578A-41D0-9FE2-46168E01C43B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2B74267A-3025-4675-8466-E5888D52327A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E6050361-4091-4ECD-ABA4-3EA32462C48E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B7BD1A22-ABAB-4479-808D-005C393E4F0E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DD86E8E9-15E2-4561-9999-13182C1D1FA5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{04B25235-305F-4F5E-989C-E776E2084621}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{34D301BD-03A0-45B9-A0BD-60CA0C2F5AAD}C:\users\nico\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\nico\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{9CFC4963-0EFA-4E2B-8661-2817F9130382}C:\users\nico\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\nico\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{460D93BF-DB37-4666-A744-DEFAFB0E231D}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2787BDDD-A8D0-4388-95EE-DDA74A9BAE66}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF6A0B01-47E4-4C11-880B-60950FFA179B}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B06FA57-DEC3-415C-B0B5-A7261FC24212}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{48A9DFEC-0960-4958-BECD-700DDE6863F2}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{761B3A65-5C31-47E2-AEF9-D9302B8B7FF7}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8BC26C80-3AE7-4583-AD57-3FC528D0C873}] => (Allow) C:\Users\Nico\Downloads\PlayBlackDesert.exe
FirewallRules: [{EE844952-2A3B-4EB4-B73E-D8794C3E623D}] => (Allow) C:\Users\Nico\Downloads\PlayBlackDesert.exe
FirewallRules: [{0F43F983-AA19-441F-B8A5-00782063148B}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe
FirewallRules: [{A2AC6A7F-DBE3-4B7C-AE42-B2548172477D}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe
FirewallRules: [{938EF0C9-7A77-42D5-8C94-C5F2DDC9970F}] => (Allow) C:\Users\Nico\AppData\Local\Temp\is-JCSFP.tmp\setup6879.tmp
FirewallRules: [{74AFC2BF-6055-414B-8C98-C8FC0070A9AD}] => (Allow) C:\Users\Nico\AppData\Local\Temp\is-JCSFP.tmp\setup6879.tmp
FirewallRules: [TCP Query User{912FFECD-DE87-4F79-AE77-9929148FE734}C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{B9C5FABF-3471-4EFD-909B-9CD78CA6E493}C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe
FirewallRules: [{CB724CF0-B343-4816-993F-868A8B38A94F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CBF178EE-4530-4F1F-869A-7F667457D83A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{88F15CB0-A7FE-4B86-B1DB-18C95E4878F0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{437E7BED-E866-4C4B-AD78-8BD4731D772C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

==================== Wiederherstellungspunkte =========================

31-12-2015 14:52:20 Windows Update
04-01-2016 18:57:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
08-01-2016 23:10:13 DirectX wurde installiert
12-01-2016 20:28:54 Installed Blender
14-01-2016 16:03:14 Installiert Blade & Soul

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/14/2016 04:03:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (01/14/2016 03:31:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGGO)
Description: Bei der Aktivierung der App „Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/14/2016 03:31:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGGO)
Description: Bei der Aktivierung der App „Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/13/2016 10:31:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Bethesda.net_Launcher.exe, Version 3.6.5.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b24

Startzeit: 01d14e496ace1368

Beendigungszeit: 5

Anwendungspfad: C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe

Berichts-ID: 03d671e1-ba3d-11e5-bed1-801f02a76539

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (01/13/2016 10:18:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGGO)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/13/2016 10:18:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SearchUI.exe, Version 10.0.10240.16603 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15f4

Startzeit: 01d14e4766b93cd7

Beendigungszeit: 4294967295

Anwendungspfad: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Berichts-ID: 2bcaf854-ba3b-11e5-bed0-94de80ac5860

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Auf das fehlerhafte Paket bezogene Anwendungs-ID: CortanaUI

Error: (01/13/2016 10:18:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: NIGGO)
Description: Das Paket „Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (01/13/2016 09:28:54 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (9064) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (01/13/2016 09:28:54 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (9064) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (01/13/2016 09:28:44 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (9064) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.


Systemfehler:
=============
Error: (01/13/2016 10:32:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2016 10:32:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2016 10:32:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2016 10:32:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2016 10:27:48 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Xbox Live Authentifizierungs-Manager" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%0

Error: (01/13/2016 10:19:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "FastCompress" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/13/2016 10:18:26 PM) (Source: DCOM) (EventID: 10010) (User: NIGGO)
Description: CortanaUI

Error: (01/13/2016 10:18:25 PM) (Source: DCOM) (EventID: 10010) (User: NIGGO)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/13/2016 10:18:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2016 10:18:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-01-12 20:25:23.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 20:25:23.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 20:25:22.636
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 20:25:22.602
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 18:47:20.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:39:05.836
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:31:29.714
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:30:41.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:29:32.742
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 18:29:32.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 8136.63 MB
Verfügbarer physikalischer RAM: 5629.86 MB
Summe virtueller Speicher: 9416.63 MB
Verfügbarer virtueller Speicher: 6293.31 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:542.18 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8F36E99A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== Ende von Addition.txt ============================
         
Falls du dort noch unerwünschte Software findest, würde ich die sofort Löschen.

Danke dir, schonmal


Alt 14.01.2016, 22:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Die Log sind nicht weg. Schau bitte nach unter C:\ProgramData\Malwarebytes\Logs
__________________
--> Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%

Alt 14.01.2016, 22:47   #7
BlueRavenHD
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/01/13 21:56:58 +0100</date>
<logfile>mbam-log-2016-01-13 (21-56-55).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.0.1024</version>
<malware-database>v2016.01.13.06</malware-database>
<rootkit-database>v2016.01.09.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>NIGGO</hostname>
<ip>192.168.1.4</ip>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>Nico</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>422383</objects>
<time>888</time>
<processes>3</processes>
<modules>0</modules>
<keys>80</keys>
<values>30</values>
<datas>6</datas>
<folders>14</folders>
<files>74</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\hnsn20BD.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>delete-on-reboot</action><pid>2820</pid><hash>3af0e2578f0af3431de84506ef1313ed</hash></process>
<process><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\knss8E42.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>delete-on-reboot</action><pid>2848</pid><hash>32f8ea4f1b7e61d59dc1f2e2897845bb</hash></process>
<process><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\jnse9D8.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>delete-on-reboot</action><pid>1940</pid><hash>ed3d24150b8e3501e522420931d10000</hash></process>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wucotusy</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>3af0e2578f0af3431de84506ef1313ed</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rugomycyzbt</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>32f8ea4f1b7e61d59dc1f2e2897845bb</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zutuzuni</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>ed3d24150b8e3501e522420931d10000</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bsdriver</path><vendor>Rootkit.Komodia.PUA</vendor><action>success</action><hash>b674e4555346b1850cc77c384bb6837d</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya</path><vendor>PUP.Optional.Cherimoya</vendor><action>success</action><hash>f733e653aaefe94d89cb834f37cd768a</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\swsedrvr_vw_1_10_0_25</path><vendor>PUP.Optional.SwiftSearch</vendor><action>success</action><hash>7ab00a2fc7d2e05666e29a391be9a45c</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>3feb85b4346571c5248cc986cd3559a7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>3feb85b4346571c5248cc986cd3559a7</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>3feb85b4346571c5248cc986cd3559a7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>a7835fdacacf70c6bef5bc93e31f9a66</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>f6343603861300363da6400f0ef4e51b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>f6343603861300363da6400f0ef4e51b</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}</path><vendor>PUP.Optional.TaskRNDM</vendor><action>success</action><hash>37f34eeb9504b086038ea3d710f255ab</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\APPDATALOW\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}</path><vendor>PUP.Optional.TaskRNDM</vendor><action>success</action><hash>37f34eeb9504b086038ea3d710f255ab</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya</path><vendor>Rootkit.Agent.A</vendor><action>success</action><hash>f6347bbe88119f9724f4b71d7f83e719</hash></key>
<key><path>HKLM\SOFTWARE\{9E6892AE-EDB8-490A-9FDD-5A9770E7909E}</path><vendor>PUP.Optional.CouponMarvel</vendor><action>success</action><hash>c7632e0b1b7eb482c395d54ab84c9967</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>6ac081b85b3e0a2c692ebd2e2bd8b34d</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi</path><vendor>PUP.Optional.AmiUpdater</vendor><action>delete-on-reboot</action><hash>98924eeb2b6e80b6a3e1861ec0432ad6</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\crash_service</path><vendor>PUP.Optional.BoBrowser</vendor><action>delete-on-reboot</action><hash>1c0e2811a0f99f9702d20a13db29f30d</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Run_Bobby_Browser</path><vendor>PUP.Optional.BoBrowser</vendor><action>delete-on-reboot</action><hash>92985bde8e0bff3785caf5b2ee15916f</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SwiftSearch Auto Updater 1.10.0.25 Core</path><vendor>PUP.Optional.SwiftSearch</vendor><action>delete-on-reboot</action><hash>7bafae8b9cfd7abca23237b5c0431de3</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SwiftSearch Auto Updater 1.10.0.25 Pending Update</path><vendor>PUP.Optional.SwiftSearch</vendor><action>delete-on-reboot</action><hash>73b786b38b0e82b4676de10b2cd7e917</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\FFPluginHp</path><vendor>PUP.Optional.FFPluginHp</vendor><action>success</action><hash>0228201931687db9545c4374010221df</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\istartpageingSoftware</path><vendor>PUP.Optional.IStartPageing.ChrPRST</vendor><action>success</action><hash>d357b6830a8f44f2fe64bf656d977e82</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SpaceSondPro</path><vendor>PUP.Optional.SpaceSoundPro</vendor><action>success</action><hash>1e0c62d7217861d5ec7c4395e61dfe02</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SwiftSearch_1.10.0.25</path><vendor>PUP.Optional.SwiftSearch</vendor><action>success</action><hash>5ad0c376f5a479bdb7a0d506b2515ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}</path><vendor>PUP.Optional.CouponMarvel</vendor><action>success</action><hash>c664c277d6c39e986ec5836a1fe4c13f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\{9E6892AE-EDB8-490A-9FDD-5A9770E7909E}</path><vendor>PUP.Optional.CouponMarvel</vendor><action>success</action><hash>32f807324257d2640058190658ac748c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASAPI32</path><vendor>PUP.Optional.PCSpeedUp</vendor><action>success</action><hash>c36772c7e5b49c9a47d06e7ebe45e51b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASMANCS</path><vendor>PUP.Optional.PCSpeedUp</vendor><action>success</action><hash>69c144f5029780b69a7d3bb132d18779</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SwiftSearchAutoUpdateClient_RASAPI32</path><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><hash>08225edb9702ea4ce7eeffed9f64e818</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SwiftSearchAutoUpdateClient_RASMANCS</path><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><hash>c56578c1712831056b6a707c0cf7fc04</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage</path><vendor>PUP.Optional.VOPackage</vendor><action>success</action><hash>8c9e8aaff2a760d6f6afb0301ae9718f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\TUTORIALS</path><vendor>PUP.Optional.Tuto4PC</vendor><action>success</action><hash>8c9e0e2b2376999d3f4e21bd3bc8be42</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Oasis Space</path><vendor>PUP.Optional.OasisSpace</vendor><action>success</action><hash>bf6b2910e7b276c0e7972d9d08fb53ad</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util Oasis Space</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>191171c8b1e87cba97e3ce558282649c</hash></key>
<key><path>HKU\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-18\SOFTWARE\shopperz130120161957</path><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><hash>66c4cd6cb1e8ee48bcec07202bd931cf</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\{0982610B-8F29-4219-A516-311B275B2B3D}</path><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><hash>191156e3c8d1c670adfe881908fb44bc</hash></key>
<key><path>HKU\S-1-5-19\SOFTWARE\{0982610B-8F29-4219-A516-311B275B2B3D}</path><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><hash>0a20d6633d5c4fe7901bbbe611f205fb</hash></key>
<key><path>HKU\S-1-5-20\SOFTWARE\{0982610B-8F29-4219-A516-311B275B2B3D}</path><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><hash>8e9ce65354456fc7dfcccbd656adfe02</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\BoBrowser</path><vendor>PUP.Optional.BoBrowser</vendor><action>success</action><hash>74b65cddbedbfb3b37152582e91aa858</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\TutoTag</path><vendor>PUP.Optional.Tuto4PC</vendor><action>success</action><hash>ec3e1a1f6d2c072fb3d6c915e023d12f</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\INSTALLPATH\STATUS</path><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><hash>b2784feab4e5280e988cef3ad430f40c</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>b872da5f455445f1d3c3eefdd82b49b7</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\MOZILLA\EXTENDS</path><vendor>PUP.Optional.DeskCut</vendor><action>success</action><hash>b37744f55e3b64d2c3d0466d12f115eb</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\OB</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>ad7dd069cbce5ed89025daf1eb18be42</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\{0982610B-8F29-4219-A516-311B275B2B3D}</path><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><hash>31f987b295044cea8823f1b0ba49f50b</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\re-markit.co</path><vendor>PUP.Optional.Revizer</vendor><action>success</action><hash>65c5c87179206ec8348d5a6f1ae833cd</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\static.re-markit00.re-markit.co</path><vendor>PUP.Optional.Revizer</vendor><action>success</action><hash>e347ad8cc3d6e155873a5a6f09f98c74</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\re-markit.co</path><vendor>PUP.Optional.Revizer</vendor><action>success</action><hash>ad7df643475244f24a789435ea18d030</hash></key>
<key><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\static.re-markit00.re-markit.co</path><vendor>PUP.Optional.Revizer</vendor><action>success</action><hash>bb6f63d67e1b3bfb4b771baef80a17e9</hash></key>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DoNotAskAgain</valuename><vendor>PUP.Optional.Yontoo</vendor><action>success</action><valuedata>searchinterneat-a.akamaihd.net</valuedata><hash>e644c0790495bf778fed1cd149ba7a86</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>URL</valuename><vendor>PUP.Optional.Yontoo</vendor><action>success</action><valuedata>hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQBbWQoUFgJCbQAKUw1cFVQRcxQBAg9JDAERcQFZAF1DGAVCch9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&amp;q={searchTerms}</valuedata><hash>6ac081b85b3e0a2c692ebd2e2bd8b34d</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>SpaceSoundPro</valuename><vendor>PUP.Optional.SpaceSoundPro</vendor><action>success</action><valuedata>&quot;C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe&quot;</valuedata><hash>67c3c970742595a178ee4c8c39cab848</hash></value>
<value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>{724AE5DF-9FDD-4633-8895-340A14170E65}</valuename><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><valuedata>C:\Program Files\shopperz130120161957\Firefox\{724AE5DF-9FDD-4633-8895-340A14170E65}.xpi</valuedata><hash>032772c79900181e12b4a6fb24df51af</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>rec_en_77</valuename><vendor>PUP.Optional.Recover</vendor><action>success</action><valuedata></valuedata><hash>82a843f6dcbd4ee827c24d83fa09728e</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>gmsd_de_005010205</valuename><vendor>PUP.Optional.GamesDesktop</vendor><action>success</action><valuedata></valuedata><hash>b97101380198c571bc053d7c50b39e62</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>dply_en_009030206</valuename><vendor>PUP.Optional.DeskTopPlay</vendor><action>success</action><valuedata></valuedata><hash>7caef7421881270fc567bb2b56ad5ea2</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE</path><valuename>Update</valuename><vendor>PUP.Optional.Package</vendor><action>success</action><valuedata>C:\Users\Nico\AppData\Roaming\ASPackage\ASPackage.exe /runonce</valuedata><hash>f733bb7ee2b746f0636db912cb387090</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>deskCutv2@gmail.com</valuename><vendor>PUP.Optional.DeskCut</vendor><action>success</action><valuedata>C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\extensions\deskCutv2@gmail.com</valuedata><hash>2a002514b8e1dc5ac6ce6a496d966e92</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>yahooprotected@gmail.com</valuename><vendor>PUP.Optional.WinYahoo</vendor><action>success</action><valuedata>C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\extensions\yahooprotected@gmail.com</valuedata><hash>59d1f643a8f170c6751be8e3e71b1ce4</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>{724AE5DF-9FDD-4633-8895-340A14170E65}</valuename><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><valuedata>C:\Program Files\shopperz130120161957\Firefox\{724AE5DF-9FDD-4633-8895-340A14170E65}.xpi</valuedata><hash>65c5ac8df9a05fd7c9fdaaf735ce40c0</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\TUTORIALS</path><valuename>HostGUID</valuename><vendor>PUP.Optional.Tuto4PC</vendor><action>success</action><valuedata>D3E75201-1007-4422-BE37-88EDA58C14B3</valuedata><hash>8c9e0e2b2376999d3f4e21bd3bc8be42</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\swsedrvr_vw_1_10_0_25</path><valuename>ImagePath</valuename><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><valuedata>system32\drivers\swsedrvr_vw_1_10_0_25.sys</valuedata><hash>33f724150f8ae254b83c2e9e99699a66</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wucotusy</path><valuename>ImagePath</valuename><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><valuedata>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\hnsn20BD.tmp</valuedata><hash>48e2b88168313df9d1ec983059aabb45</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zutuzuni</path><valuename>ImagePath</valuename><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><valuedata>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\jnse9D8.tmp</valuedata><hash>9892bc7dbedb300618a4a424cc37fa06</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BSDRIVER</path><valuename>DisplayName</valuename><vendor>Rootkit.Komodia.PUA</vendor><action>success</action><valuedata>bsdriver</valuedata><hash>4edca5941d7cc86e12e7e63b4fb56f91</hash></value>
<value><path>HKU\S-1-5-18\SOFTWARE\{0982610B-8F29-4219-a516-311B275B2B3D}</path><valuename>Name</valuename><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><valuedata>C:\Program Files\shopperz130120161957\Alumiqoi.exe</valuedata><hash>191156e3c8d1c670adfe881908fb44bc</hash></value>
<value><path>HKU\S-1-5-19\SOFTWARE\{0982610B-8F29-4219-a516-311B275B2B3D}</path><valuename>Name</valuename><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><valuedata>C:\Program Files\shopperz130120161957\Alumiqoi.exe</valuedata><hash>0a20d6633d5c4fe7901bbbe611f205fb</hash></value>
<value><path>HKU\S-1-5-20\SOFTWARE\{0982610B-8F29-4219-a516-311B275B2B3D}</path><valuename>Name</valuename><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><valuedata>C:\Program Files\shopperz130120161957\Alumiqoi.exe</valuedata><hash>8e9ce65354456fc7dfcccbd656adfe02</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\INSTALLPATH\STATUS</path><valuename>SwiftSearch</valuename><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><valuedata>I</valuedata><hash>b2784feab4e5280e988cef3ad430f40c</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\INSTALLPATH\STATUS</path><valuename>FlowsurfCB</valuename><vendor>PUP.Optional.Komodia</vendor><action>success</action><valuedata>S</valuedata><hash>26043dfcbbde4cea59bb02278f7505fb</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DoNotAskAgain</valuename><vendor>PUP.Optional.Yontoo</vendor><action>success</action><valuedata>searchinterneat-a.akamaihd.net</valuedata><hash>75b5a09955446cca44724ba1fd0633cd</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>URL</valuename><vendor>PUP.Optional.Yontoo</vendor><action>success</action><valuedata>hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQBbWQoUFgJCbQAKUw1cFVQRcxQBAg9JDAERcQFZAF1DGAVCch9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&amp;q={searchTerms}</valuedata><hash>b872da5f455445f1d3c3eefdd82b49b7</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path><valuename>AutoConfigUrl</valuename><vendor>Hijack.AutoConfigURL.ShrtCln</vendor><action>success</action><valuedata>hxxp://unstopp.me/wpad.dat?6f74407fe41b9e160f4ce25a30f772c94184588</valuedata><hash>1d0d70c91386e353bc84071fb94b847c</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\MOZILLA\EXTENDS</path><valuename>appid</valuename><vendor>PUP.Optional.DeskCut</vendor><action>success</action><valuedata>deskCutv2@gmail.com</valuedata><hash>b37744f55e3b64d2c3d0466d12f115eb</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\OB</path><valuename>monitype15</valuename><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><valuedata>11/24/15 22:53:42</valuedata><hash>ad7dd069cbce5ed89025daf1eb18be42</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\OB</path><valuename>monitype4</valuename><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><valuedata>11/24/15 22:54:47</valuedata><hash>65c561d80d8cb284eacb656612f1c23e</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\OB</path><valuename>monitype21</valuename><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><valuedata>11/24/15 22:54:47</valuedata><hash>949685b49ffa77bf1d9887448b78669a</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\OB</path><valuename>monitype26</valuename><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><valuedata>11/24/15 22:54:47</valuedata><hash>0f1bc079257431056550e5e616edb34d</hash></value>
<value><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\{0982610B-8F29-4219-a516-311B275B2B3D}</path><valuename>Name</valuename><vendor>PUP.Optional.Shopperz.BrwsrFlsh</vendor><action>success</action><valuedata>C:\Program Files\shopperz130120161957\Alumiqoi.exe</valuedata><hash>31f987b295044cea8823f1b0ba49f50b</hash></value>
<data><path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.PieSearch.ShrtCln</vendor><action>replaced</action><valuedata>&quot;C:\Program Files (x86)\Mozilla Firefox\firefox.exe&quot; hxxp://www.piesearch.com/?type=ll&amp;uid=8dc2e0d8-7497-4940-a489-4822dcba9f63&amp;ts=1452706770&amp;pid=bpma</valuedata><baddata>&quot;C:\Program Files (x86)\Mozilla Firefox\firefox.exe&quot; hxxp://www.piesearch.com/?type=ll&amp;uid=8dc2e0d8-7497-4940-a489-4822dcba9f63&amp;ts=1452706770&amp;pid=bpma</baddata><gooddata>firefox.exe</gooddata><hash>af7bd267f1a8c86e210401a522e26c94</hash></data>
<data><path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.IStartPageing.ShrtCln</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&amp;ts=1452619661&amp;z=39222bed3a31dfba8bfea8agfz2w8oeq6g4tbqfmcg&amp;from=cmi&amp;uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F014988649886</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&amp;ts=1452619661&amp;z=39222bed3a31dfba8bfea8agfz2w8oeq6g4tbqfmcg&amp;from=cmi&amp;uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F014988649886</baddata><gooddata>iexplore.exe</gooddata><hash>a48657e20a8f6ec80a17347210f405fb</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.Yontoo</vendor><action>replaced</action><valuedata>hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggaIwELBA5GQBgacgsMTA0QEwYOeVoOWRRFEwQbIVhcUwBBQAcFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==</valuedata><baddata>hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggaIwELBA5GQBgacgsMTA0QEwYOeVoOWRRFEwQbIVhcUwBBQAcFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==</baddata><gooddata>www.google.com</gooddata><hash>6bbfe851b4e53afc9744753bd13301ff</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.PieSearch.ShrtCln</vendor><action>replaced</action><valuedata>&quot;C:\Program Files (x86)\Mozilla Firefox\firefox.exe&quot; hxxp://www.piesearch.com/?type=ll&amp;uid=8dc2e0d8-7497-4940-a489-4822dcba9f63&amp;ts=1452706770&amp;pid=bpma</valuedata><baddata>&quot;C:\Program Files (x86)\Mozilla Firefox\firefox.exe&quot; hxxp://www.piesearch.com/?type=ll&amp;uid=8dc2e0d8-7497-4940-a489-4822dcba9f63&amp;ts=1452706770&amp;pid=bpma</baddata><gooddata>firefox.exe</gooddata><hash>c2687dbca8f12511f431277f8a7a8c74</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.IStartPageing.ShrtCln</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&amp;ts=1452619661&amp;z=39222bed3a31dfba8bfea8agfz2w8oeq6g4tbqfmcg&amp;from=cmi&amp;uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F014988649886</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&amp;ts=1452619661&amp;z=39222bed3a31dfba8bfea8agfz2w8oeq6g4tbqfmcg&amp;from=cmi&amp;uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F014988649886</baddata><gooddata>iexplore.exe</gooddata><hash>ff2bc079edac39fde041b9ed1aea9e62</hash></data>
<data><path>HKU\S-1-5-21-390326861-221582735-3363938159-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.Yontoo</vendor><action>replaced</action><valuedata>hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggaIwELBA5GQBgacgsMTA0QEwYOeVoOWRRFEwQbIVhcUwBBQAcFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==</valuedata><baddata>hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggaIwELBA5GQBgacgsMTA0QEwYOeVoOWRRFEwQbIVhcUwBBQAcFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==</baddata><gooddata>www.google.com</gooddata><hash>0c1e0732abee043220c0d4dc80843ec2</hash></data>
<folder><path>C:\Users\Nico\AppData\Local\03DE0294-1452622702-05AC-5806-600700080009</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>38f22e0babeecf67f1136d418e7502fe</hash></folder>
<folder><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009</path><vendor>PUP.Optional.MultiPlug</vendor><action>delete-on-reboot</action><hash>ad7dba7fdebb53e3f49eecdc05fe619f</hash></folder>
<folder><path>C:\Program Files (x86)\03DE0294-1452619053-05AC-5806-600700080009</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>25058eabdfba300650422c9c679c41bf</hash></folder>
<folder><path>C:\ProgramData\Service1104</path><vendor>PUP.Optional.WombatService</vendor><action>success</action><hash>1614d96092079d991b69c221d62d50b0</hash></folder>
<folder><path>C:\Users\Nico\AppData\LocalLow\Company\Product\1.0</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>5ad053e63e5b54e2caa609e617ec1ae6</hash></folder>
<folder><path>C:\Users\Nico\AppData\LocalLow\Company\Product</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>5ad053e63e5b54e2caa609e617ec1ae6</hash></folder>
<folder><path>C:\Users\Nico\AppData\Local\Temp\Oasis Space</path><vendor>PUP.Optional.OasisSpace</vendor><action>success</action><hash>ce5c5bdee2b78da9d13b5064976b619f</hash></folder>
<folder><path>C:\Users\Nico\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>ed3d3aff0a8fb5811ecc744e72907c84</hash></folder>
<folder><path>C:\Users\Nico\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>ed3d3aff0a8fb5811ecc744e72907c84</hash></folder>
<folder><path>C:\Users\Nico\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>ed3d3aff0a8fb5811ecc744e72907c84</hash></folder>
<folder><path>C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}</path><vendor>PUP.Optional.VBates.WnskRST</vendor><action>success</action><hash>cd5d54e5fb9e251111bcb212c042758b</hash></folder>
<folder><path>C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}</path><vendor>PUP.Optional.VBates.WnskRST</vendor><action>success</action><hash>cd5d54e5fb9e251111bcb212c042758b</hash></folder>
<folder><path>C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5</path><vendor>PUP.Optional.VBates.WnskRST</vendor><action>success</action><hash>cd5d54e5fb9e251111bcb212c042758b</hash></folder>
<folder><path>C:\uninst</path><vendor>Adware.LaSuperba</vendor><action>success</action><hash>101a9e9bb7e261d53db2efebb05448b8</hash></folder>
<file><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\hnsn20BD.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>delete-on-reboot</action><hash>3af0e2578f0af3431de84506ef1313ed</hash></file>
<file><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\knss8E42.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>delete-on-reboot</action><hash>32f8ea4f1b7e61d59dc1f2e2897845bb</hash></file>
<file><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\jnse9D8.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>delete-on-reboot</action><hash>ed3d24150b8e3501e522420931d10000</hash></file>
<file><path>C:\Windows\System32\drivers\bsdriver.sys</path><vendor>Rootkit.Komodia.PUA</vendor><action>delete-on-reboot</action><hash>b674e4555346b1850cc77c384bb6837d</hash></file>
<file><path>C:\Windows\System32\drivers\cherimoya.sys</path><vendor>PUP.Optional.Cherimoya</vendor><action>delete-on-reboot</action><hash>f733e653aaefe94d89cb834f37cd768a</hash></file>
<file><path>C:\Windows\System32\drivers\swsedrvr_vw_1_10_0_25.sys</path><vendor>PUP.Optional.SwiftSearch</vendor><action>delete-on-reboot</action><hash>7ab00a2fc7d2e05666e29a391be9a45c</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\msF755.tmp.exe</path><vendor>PUP.Optional.DNSUnlocker.BrwsrFlsh</vendor><action>success</action><hash>c66412271f7acd6940feed40ff02ae52</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\921d-8f13-9ade-a15d.exe</path><vendor>PUP.Optional.PennyBee</vendor><action>success</action><hash>c367b7828811e15561b6704ef908a45c</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\97cc-6eb4-7c2c-5f1b.exe</path><vendor>PUP.Optional.PCSpeedUp</vendor><action>success</action><hash>7dad0e2bd6c347ef4840ff3544bd5da3</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\amisetup7701__15940.exe</path><vendor>PUP.Optional.Amonetize</vendor><action>success</action><hash>200a1821920789ad99fdb122c140ea16</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\amisetup8131__15940.exe</path><vendor>PUP.Optional.Amonetize</vendor><action>success</action><hash>9b8f14257c1da393a6f0587b9d64669a</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsv5646.tmp</path><vendor>PUP.Optional.Amonetize</vendor><action>success</action><hash>d55564d51d7c2f073902d3f355ac26da</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsk68F5.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>ac7ee653455482b4608a428de31ee31d</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsl2938.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>c664a891dfba40f647a3d2fd2ad740c0</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nso5630.tmp</path><vendor>PUP.Optional.QualityChecker</vendor><action>success</action><hash>69c1c673d9c0be78c387f5d7f20f4ab6</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsu16DA.tmp</path><vendor>PUP.Optional.CheckOffer</vendor><action>success</action><hash>6dbd09308415c670b744a7630af707f9</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\f1e4-5f9e-09f4-b068.exe</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>002a0f2a1485a195ef1461e7728fb749</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsa526F.tmp</path><vendor>PUP.Optional.Amonetize</vendor><action>success</action><hash>240646f3edac3501ec0074cc29d8847c</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsa6AB9.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>1911d4652673e452d6136d62d1305fa1</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsaEB33.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>c06a47f2a4f501356980389771908878</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsdA3BF.tmp</path><vendor>Adware.EoRezo</vendor><action>success</action><hash>a98159e0c7d2c67009054089d52ce51b</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nseA8FB.tmp</path><vendor>PUP.Optional.Amonetize</vendor><action>success</action><hash>8d9dc0792a6f8aacfbf1a0a02cd5ff01</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsf2E90.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>1317b3863c5dc274de0bede2c43d6799</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsg927F.tmp</path><vendor>PUP.Optional.Amonetize</vendor><action>success</action><hash>cc5ea792b4e5b48277c4972f15ec956b</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsh45B5.tmp</path><vendor>PUP.Optional.QualityChecker</vendor><action>success</action><hash>5dcd5fda2574261060ea18b4ba478c74</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsx7D96.tmp</path><vendor>PUP.Optional.CouponMarvel</vendor><action>success</action><hash>ca60ab8e6e2bd363ef54464a54ad7f81</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsy98C1.tmp</path><vendor>PUP.Optional.CheckOffer</vendor><action>success</action><hash>5cce0336cacfdc5a12e933d706fbbe42</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsy9BD5.tmp</path><vendor>PUP.Optional.IStartPageing.ChrPRST</vendor><action>success</action><hash>f73344f5772264d2b18a349d5ea626da</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\XXFXVWT3UBKP\newversion.exe</path><vendor>PUP.Optional.MaxDriverUpdater</vendor><action>success</action><hash>70ba43f65a3f2f076ef5ea6459a89070</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\XXFXVWT3UBKP\SVH.exe</path><vendor>PUP.Optional.Tuto4PC</vendor><action>success</action><hash>0921b782a9f01f172e5c6acf659bae52</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\81448401860\T09FME9PTw==29316.exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>bb6fda5f9dfc78bebae36343af529b65</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\HYDB3F0.tmp.1452197528\HTA\install.1452197528.zip</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>92986acfd1c8cf67e5e250d8709259a7</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\HYDB3F0.tmp.1452197528\HTA\3rdparty\OCComSDK.dll</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>9793ad8c8d0c48ee1fa8131514ee3bc5</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\~nsu.tmp\Au_.exe</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>4ae0d762a4f5f0467192fc4cce33b34d</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\nsh56D5.tmp\amisid.exe</path><vendor>PUP.Optional.Amonetize</vendor><action>success</action><hash>8c9e96a3e9b0c670e804af911de4966a</hash></file>
<file><path>C:\Windows\System32\drivers\cherimoya.sys</path><vendor>Rootkit.Agent.A</vendor><action>delete-on-reboot</action><hash>f6347bbe88119f9724f4b71d7f83e719</hash></file>
<file><path>C:\Windows\System32\Tasks\Run_Bobby_Browser</path><vendor>PUP.Optional.BoBrowser</vendor><action>success</action><hash>49e13306dabfdb5bde6cf1b690731ce4</hash></file>
<file><path>C:\Users\Nico\AppData\Local\03DE0294-1452622702-05AC-5806-600700080009\Uninstall.exe</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>38f22e0babeecf67f1136d418e7502fe</hash></file>
<file><path>C:\Users\Nico\AppData\Local\03DE0294-1452622702-05AC-5806-600700080009\49C7.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>38f22e0babeecf67f1136d418e7502fe</hash></file>
<file><path>C:\Users\Nico\AppData\Local\03DE0294-1452622702-05AC-5806-600700080009\onstA05F.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>38f22e0babeecf67f1136d418e7502fe</hash></file>
<file><path>C:\Users\Nico\AppData\Local\03DE0294-1452622702-05AC-5806-600700080009\pnstA060.exe</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>38f22e0babeecf67f1136d418e7502fe</hash></file>
<file><path>C:\Users\Nico\AppData\Local\03DE0294-1452622702-05AC-5806-600700080009\rnstA05E.exe</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>38f22e0babeecf67f1136d418e7502fe</hash></file>
<file><path>C:\Users\Nico\AppData\Local\03DE0294-1452622702-05AC-5806-600700080009\snstA05D.tmp</path><vendor>PUP.Optional.ConvertAd</vendor><action>success</action><hash>38f22e0babeecf67f1136d418e7502fe</hash></file>
<file><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\knst6D05.tmp</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ad7dba7fdebb53e3f49eecdc05fe619f</hash></file>
<file><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\rnsi5FC.exe</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ad7dba7fdebb53e3f49eecdc05fe619f</hash></file>
<file><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\Uninstall.exe</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ad7dba7fdebb53e3f49eecdc05fe619f</hash></file>
<file><path>C:\Program Files (x86)\03DE0294-1452619049-05AC-5806-600700080009\vnsgCE20.tmp</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>ad7dba7fdebb53e3f49eecdc05fe619f</hash></file>
<file><path>C:\Program Files (x86)\03DE0294-1452619053-05AC-5806-600700080009\vnscDE5E.tmp</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>25058eabdfba300650422c9c679c41bf</hash></file>
<file><path>C:\Program Files (x86)\03DE0294-1452619053-05AC-5806-600700080009\Uninstall.exe</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>25058eabdfba300650422c9c679c41bf</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001</path><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><hash>7fabc574cccd47efe39c5888bf44639d</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\vitruvian-installer-install-v0003</path><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><hash>8b9f053459405ed82d521ec2768dad53</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\vitruvian-installer-processes-v0002</path><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><hash>0d1d5cdd732677bfe6999a46ff0454ac</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001</path><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><hash>4cdef0498a0ff343601f6e725da640c0</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002</path><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><hash>9b8f64d557423006641bf9e721e26b95</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\vitruvian-installer-uninstall-v0002</path><vendor>PUP.Optional.Vitruvian</vendor><action>success</action><hash>0129e059d2c7dd59502f459bf013fe02</hash></file>
<file><path>C:\ProgramData\Service1104\Service1104.exe</path><vendor>PUP.Optional.WombatService</vendor><action>success</action><hash>1614d96092079d991b69c221d62d50b0</hash></file>
<file><path>C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core</path><vendor>PUP.Optional.SwiftSearch</vendor><action>success</action><hash>949662d7c9d03ff71ab849a3ab58c838</hash></file>
<file><path>C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update</path><vendor>PUP.Optional.SwiftSearch</vendor><action>success</action><hash>e7430e2b36635fd717bb5e8e13f0aa56</hash></file>
<file><path>C:\Users\Nico\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>5ad053e63e5b54e2caa609e617ec1ae6</hash></file>
<file><path>C:\Users\Nico\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>5ad053e63e5b54e2caa609e617ec1ae6</hash></file>
<file><path>C:\Users\Nico\AppData\Local\Temp\shopperz130120161957_installer_1452713931.txt</path><vendor>PUP.Optional.VBates.WnskRST</vendor><action>success</action><hash>2ffbc574b4e52c0a8e74908ca262ae52</hash></file>
<file><path>C:\Windows\System32\Tasks\crash_service</path><vendor>PUP.Optional.BoBrowser</vendor><action>success</action><hash>dc4e06332d6c6bcbcd03b9645ca8df21</hash></file>
<file><path>C:\Users\Nico\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>ed3d3aff0a8fb5811ecc744e72907c84</hash></file>
<file><path>C:\Users\Nico\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>ed3d3aff0a8fb5811ecc744e72907c84</hash></file>
<file><path>C:\Users\Nico\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js</path><vendor>PUP.Optional.VBates</vendor><action>success</action><hash>ed3d3aff0a8fb5811ecc744e72907c84</hash></file>
<file><path>C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js</path><vendor>PUP.Optional.VBates.WnskRST</vendor><action>success</action><hash>cd5d54e5fb9e251111bcb212c042758b</hash></file>
<file><path>C:\task.vbs</path><vendor>PUP.Optional.VBSLoader</vendor><action>success</action><hash>7fab0039326788ae3ef415c50afaf907</hash></file>
<file><path>C:\uninst\uninstall.html</path><vendor>Adware.LaSuperba</vendor><action>success</action><hash>101a9e9bb7e261d53db2efebb05448b8</hash></file>
<file><path>C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\prefs.js</path><vendor>PUP.Optional.Yontoo</vendor><action>replaced</action><baddata>user_pref(&quot;browser.newtab.url&quot;, &quot;hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAxAeApdVg4QDAwRcg0VVVhDEhgaIw8ATA1DEA1CIV0KWAkQExNBNARaB0tXUUEeJl9NER8fHGZGJXRXE1wjREZWLE1LKUwT&quot;);</baddata><gooddata></gooddata><hash>25051821950468cef18fe2f4a262768a</hash></file>
<file><path>C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\prefs.js</path><vendor>PUP.Optional.Yontoo</vendor><action>replaced</action><baddata>user_pref(&quot;keyword.URL&quot;, &quot;hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQBbWQoUFgJCbQAKUw1cFVQRcxQBAg9JDAERcQFZAF1DGAVCch9aFQQTR0cFME0FB18EURNNfWpdBHQeU1BxJUpNDU0CaUBB&amp;q={searchTerms}&quot;);</baddata><gooddata></gooddata><hash>bf6b4aef3e5b2610246172647b89a060</hash></file>
<file><path>C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\prefs.js</path><vendor>PUP.Optional.IStartPageing.ChrPRST</vendor><action>replaced</action><baddata>istartpageing</baddata><gooddata></gooddata><hash>d05ab6830e8bd561a0d1ac31f80cfa06</hash></file>
<file><path>C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\searchplugins\default.xml</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>042685b4396072c4e506d8029074659b</hash></file>
<file><path>C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\searchplugins\yahoo.xml</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>cb5f6acfc3d663d39e4f37a31be9b947</hash></file>
<file><path>C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\user.js</path><vendor>PUM.Optional.FireFoxSearchOverride</vendor><action>success</action><hash>9496ed4c7d1cff372911e3f82ed60af6</hash></file>
</items>
</mbam-log>
         
Code:
ATTFilter
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="1" datetime="2016-01-13T21:56:30.887597+01:00" source="Manual" type="Update" username="SYSTEM" systemname="NIGGO" fromVersion="2015.9.16.1" last_modified_tag="4410a843-5092-42f6-8a3d-0b55f6011992" name="Remediation Database" toVersion="2016.1.8.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-01-13T21:56:31.062337+01:00" source="Manual" type="Update" username="SYSTEM" systemname="NIGGO" fromVersion="2015.9.18.1" last_modified_tag="8eb9db9f-95e8-4f56-b4b6-b5f1a79bef54" name="Rootkit Database" toVersion="2016.1.9.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-01-13T21:56:31.417066+01:00" source="Manual" type="Update" username="SYSTEM" systemname="NIGGO" fromVersion="2015.9.21.2" last_modified_tag="4477c677-2eff-4439-9b92-942cd4c7f1f2" name="IP Database" toVersion="2016.1.13.2"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-01-13T21:56:32.964454+01:00" source="Manual" type="Update" username="SYSTEM" systemname="NIGGO" fromVersion="2015.9.22.3" last_modified_tag="81948069-9e71-482a-87c1-f5316ef205f6" name="Domain Database" toVersion="2016.1.13.4"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-01-13T21:56:47.568768+01:00" source="Manual" type="Update" username="SYSTEM" systemname="NIGGO" fromVersion="2015.9.22.5" last_modified_tag="70094b21-f41a-483a-b1f7-1375a5807f2e" name="Malware Database" toVersion="2016.1.13.6"></record>
   <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2016-01-13T21:56:58+01:00" datetime="2016-01-13T22:13:11.227543+01:00" source="Manual" type="Scan" username="SYSTEM" systemname="NIGGO" last_modified_tag="69c66a9d-6b28-4131-a336-414e8b0febaa" duration="888" malwaredetections="9" nonmalwaredetections="198" scanresult="completed"></record>
   <record severity="debug" LoggingEventType="4" datetime="2016-01-13T22:14:22.344317+01:00" source="Protection" type="Error" username="SYSTEM" systemname="NIGGO" code="13" last_modified_tag="3257b23f-ecae-4e7c-b3fa-f64b553ec68e" message="IsLicensed"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-01-13T22:14:22.359942+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="NIGGO" last_modified_tag="c874e5c9-c835-4670-9222-83f0276549c9" result="Stopping" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-01-13T22:14:22.359942+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="NIGGO" last_modified_tag="c070d5cb-e42b-40be-a26f-d675a6e0656a" result="Stopped" subtype="Malware Protection"></record>
</logs>
         

Alt 14.01.2016, 22:49   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logs bitte immer in CODE-Tags posten

Alt 14.01.2016, 23:12   #9
BlueRavenHD
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.01.14.07
  rootkit: v2016.01.09.01

Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16644
Nico :: NIGGO [administrator]

14.01.2016 22:53:16
mbar-log-2016-01-14 (22-53-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 422245
Time elapsed: 18 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 14.01.2016, 23:13   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logs bitte immer in CODE-Tags posten

Alt 14.01.2016, 23:23   #11
BlueRavenHD
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Code:
ATTFilter
# AdwCleaner v5.029 - Bericht erstellt am 14/01/2016 um 23:17:09
# Aktualisiert am 11/01/2016 von Xplode
# Datenbank : 2016-01-14.1 [Server]
# Betriebssystem : Windows 10 Pro  (x64)
# Benutzername : Nico - NIGGO
# Gestartet von : C:\Users\Nico\Downloads\AdwCleaner_5.029.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****

[-] Dienst Gelöscht : FastCompress

***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\ftb
[-] Ordner Gelöscht : C:\Program Files (x86)\myfree codec

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\END
[-] Datei Gelöscht : C:\Users\Nico\AppData\Local\Temp\task.vbs
[-] Datei Gelöscht : C:\Users\Nico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Nico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Nico\Favorites\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Nico\Favorites\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Nico\Favorites\Links\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Nico\Favorites\Links\Startfenster.lnk

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****

[-] Geplante Aufgabe Gelöscht : runTask
[-] Geplante Aufgabe Gelöscht : updateTask
[-] Geplante Aufgabe Gelöscht : XIDJAIAHXKLUQLEU

***** [ Registrierungsdatenbank ] *****

[-] Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [CrashService]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AFC20917-EFE2-431C-8F00-BAE44171B886}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKCU\Software\DAILYPCCLEAN
[-] Schlüssel Gelöscht : HKCU\Software\FastCompress-Zip
[-] Schlüssel Gelöscht : HKCU\Software\tstamptoken
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Tinstalls
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\FastCompress-Zip
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU

***** [ Internetbrowser ] *****

[-] [C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\prefs.js] [Preference] Gelöscht : user_pref("browser.newtab.url", "hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAxAeApdVg4QDAwRcg0VVVhDEhgaIw8ATA1DEA1CIV0KWAkQExNBNARaB0tXUUEeJl9NER8fHGZGJXRXE1wjREZWLE1LKUwT");
[-] [C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\prefs.js] [Preference] Gelöscht : user_pref("keyword.URL", "hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQBbWQoUFgJCbQAKUw1cFVQRcxQBAg9JDAERcQFZAF1DGAVCch9aFQQTR0cFME0FB18EURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}");

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3666 Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Pro x64 
Ran by Nico (Administrator) on 14.01.2016 at 23:21:10,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2 

Successfully deleted: C:\ProgramData\19a87fa1ec024bbcbb41931263354405 (Folder) 
Successfully deleted: C:\Users\Nico\Appdata\LocalLow\company (Folder) 

Deleted the following from C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\prefs.js
user_pref(browser.search.searchengine.alias, istartpageing);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://istartpageing.com/favicon.ico);
user_pref(browser.search.searchengine.name, istartpageing);
user_pref(browser.search.searchengine.ptid, cmi);
user_pref(browser.search.searchengine.uid, WDCXWD10EZEX-00BN5A0_WD-WCC3F014988649886);
user_pref(browser.search.searchengine.url, hxxp://istartpageing.com/web?type=ds&ts=1452619661&z=39222bed3a31dfba8bfea8agfz2w8oeq6g4tbqfmcg&from=cmi&uid=WDCXWD10EZEX-00BN5A0



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.01.2016 at 23:23:03,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
durchgeführt von Nico (Administrator) auf NIGGO (14-01-2016 23:25:07)
Gestartet von C:\Users\Nico\Downloads
Geladene Profile: Nico (Verfügbare Profile: Nico)
Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(GGS) C:\Users\Nico\AppData\Local\THORN\Thorn.exe
(GGS) C:\Users\Nico\AppData\Local\THORN\ThornHelper.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Nico\Downloads\FRST64(1).exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Spotify Web Helper] => C:\Users\Nico\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-24] (Spotify Ltd)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Spotify] => C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe [8316528 2015-12-24] (Spotify Ltd)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Run: [MyComGames] => "C:\Users\Nico\AppData\Local\MyComGames\MyComGames.exe" -autostart
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-13]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ryos Driver.lnk [2016-01-13]
ShortcutTarget: Ryos Driver.lnk -> C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe (ROCCAT GmbH Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-01-13]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{86e8fef8-cb05-4326-8613-64daf9ebae85}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9f5add42-1940-4ef9-8e34-a8a541f51131}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-390326861-221582735-3363938159-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-390326861-221582735-3363938159-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll => Keine Datei
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  Keine Datei
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default
FF SelectedSearchEngine: Default
FF Homepage: hxxp://youtube.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\zcnarbvo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-13]
StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1128448 2015-08-08] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 Thorn; C:\Users\Nico\AppData\Local\THORN\Thorn.exe [56824 2015-10-01] (GGS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 KovaPlusFltr; C:\Windows\system32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3772632 2015-07-10] (Realtek Semiconductor Corporation                           )
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-09-13] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-14 23:24 - 2016-01-14 23:25 - 02370560 _____ (Farbar) C:\Users\Nico\Downloads\FRST64(1).exe
2016-01-14 23:23 - 2016-01-14 23:23 - 00001417 _____ C:\Users\Nico\Desktop\JRT.txt
2016-01-14 23:20 - 2016-01-14 23:21 - 01600184 _____ (Malwarebytes) C:\Users\Nico\Downloads\JRT.exe
2016-01-14 23:18 - 2016-01-14 23:18 - 00016148 _____ C:\WINDOWS\system32\NIGGO_Nico_HistoryPrediction.bin
2016-01-14 23:16 - 2016-01-14 23:17 - 00000000 ____D C:\AdwCleaner
2016-01-14 23:15 - 2016-01-14 23:15 - 01754112 _____ C:\Users\Nico\Downloads\AdwCleaner_5.029.exe
2016-01-14 22:53 - 2016-01-14 23:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-14 22:53 - 2016-01-14 22:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-14 22:52 - 2016-01-14 23:11 - 00000000 ____D C:\Users\Nico\Desktop\mbar
2016-01-14 22:52 - 2016-01-14 22:52 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-14 22:51 - 2016-01-14 22:52 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Nico\Downloads\mbar-1.09.3.1001.exe
2016-01-14 20:01 - 2016-01-14 20:02 - 00054417 _____ C:\Users\Nico\Downloads\Addition.txt
2016-01-14 20:00 - 2016-01-14 23:25 - 00012871 _____ C:\Users\Nico\Downloads\FRST.txt
2016-01-14 19:59 - 2016-01-14 20:00 - 02370560 _____ (Farbar) C:\Users\Nico\Downloads\FRST64.exe
2016-01-14 16:03 - 2016-01-14 16:03 - 00002303 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-01-14 16:03 - 2016-01-14 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-01-14 16:02 - 2016-01-14 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-01-14 16:02 - 2016-01-14 16:02 - 00000000 ____D C:\Program Files (x86)\NCWest
2016-01-14 15:47 - 2016-01-14 16:02 - 224976152 _____ (NC Interactive, LLC ) C:\Users\Nico\Downloads\BnS_Lite_Installer.exe
2016-01-13 21:55 - 2016-01-14 22:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-13 21:40 - 2016-01-13 21:55 - 22908888 _____ (Malwarebytes ) C:\Users\Nico\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-13 20:38 - 2016-01-13 20:38 - 00003400 _____ C:\WINDOWS\System32\Tasks\Foosgasz
2016-01-13 17:54 - 2016-01-14 23:25 - 00000000 ____D C:\FRST
2016-01-13 17:45 - 2016-01-05 04:07 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 17:45 - 2016-01-05 04:07 - 00377592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-13 17:45 - 2016-01-05 04:06 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 17:45 - 2016-01-05 04:06 - 01991120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-13 17:45 - 2016-01-05 04:06 - 01270104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 17:45 - 2016-01-05 04:06 - 01063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-13 17:45 - 2016-01-05 04:06 - 00119800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 01591848 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00862056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00787720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00779928 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00751992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 00667856 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 00249464 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 00233992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-13 17:45 - 2016-01-05 04:04 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-13 17:45 - 2016-01-05 04:04 - 00083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-13 17:45 - 2016-01-05 03:59 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-13 17:45 - 2016-01-05 03:52 - 00441696 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 17:45 - 2016-01-05 03:50 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 17:45 - 2016-01-05 03:50 - 00345080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-13 17:45 - 2016-01-05 03:50 - 00251544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-13 17:45 - 2016-01-05 03:50 - 00205072 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-13 17:45 - 2016-01-05 03:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-13 17:45 - 2016-01-05 03:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-13 17:45 - 2016-01-05 03:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 17:45 - 2016-01-05 03:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 17:45 - 2016-01-05 03:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-13 17:45 - 2016-01-05 03:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-13 17:45 - 2016-01-05 03:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 17:45 - 2016-01-05 03:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 17:45 - 2016-01-05 03:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-13 17:45 - 2016-01-05 03:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 17:45 - 2016-01-05 03:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-13 17:45 - 2016-01-05 03:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-13 17:45 - 2016-01-05 03:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-13 17:45 - 2016-01-05 03:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-13 17:45 - 2016-01-05 03:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-13 17:45 - 2016-01-05 03:18 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 17:45 - 2016-01-05 03:15 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-13 17:45 - 2016-01-05 03:15 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-13 17:45 - 2016-01-05 03:15 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 17:45 - 2016-01-05 03:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2016-01-13 17:45 - 2016-01-05 03:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-13 17:45 - 2016-01-05 03:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-13 17:45 - 2016-01-05 03:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-13 17:45 - 2016-01-05 03:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 17:45 - 2016-01-05 03:02 - 01672192 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 17:45 - 2016-01-05 03:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 17:45 - 2016-01-05 03:02 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 17:45 - 2016-01-05 03:01 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 17:45 - 2016-01-05 02:57 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 17:45 - 2016-01-05 02:57 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 17:45 - 2016-01-05 02:57 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 17:45 - 2016-01-05 02:56 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 17:45 - 2016-01-05 02:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 17:45 - 2016-01-05 02:51 - 01009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 17:45 - 2016-01-05 02:51 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-13 17:45 - 2016-01-05 02:51 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-13 17:45 - 2016-01-05 02:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-13 17:45 - 2016-01-05 02:43 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-13 17:45 - 2016-01-05 02:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 17:45 - 2016-01-05 02:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-01-13 17:45 - 2016-01-05 02:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 17:45 - 2016-01-05 02:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 17:45 - 2016-01-05 02:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 17:45 - 2016-01-05 02:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 17:45 - 2016-01-05 02:30 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 17:45 - 2016-01-05 02:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 17:45 - 2016-01-05 02:24 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 17:45 - 2016-01-05 02:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 17:45 - 2016-01-05 02:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 17:45 - 2016-01-05 02:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-13 17:45 - 2016-01-05 02:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-13 17:45 - 2016-01-05 02:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-13 17:44 - 2016-01-05 04:04 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 17:44 - 2016-01-05 03:50 - 01817064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 17:44 - 2016-01-05 03:50 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 17:44 - 2016-01-05 03:31 - 01365576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 17:44 - 2016-01-05 03:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 17:44 - 2016-01-05 03:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 17:44 - 2016-01-05 03:09 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 17:44 - 2016-01-05 03:00 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-13 17:44 - 2016-01-05 03:00 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 17:44 - 2016-01-05 02:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 17:44 - 2016-01-05 02:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 17:44 - 2016-01-05 02:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 17:44 - 2016-01-05 02:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-13 17:44 - 2016-01-05 02:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 22:36 - 2016-01-13 22:30 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-12 22:36 - 2016-01-13 22:18 - 00001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-12 22:36 - 2016-01-12 22:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-12 22:36 - 2016-01-12 22:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-12 20:32 - 2016-01-12 20:32 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Blender Foundation
2016-01-12 20:32 - 2016-01-12 20:32 - 00000000 ____D C:\Users\Nico\.thumbnails
2016-01-12 20:30 - 2016-01-12 20:30 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2016-01-12 20:29 - 2016-01-12 20:29 - 00000000 ____D C:\Program Files\Blender Foundation
2016-01-12 18:36 - 2016-01-12 18:38 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Opera Software
2016-01-12 18:36 - 2016-01-12 18:38 - 00000000 ____D C:\Users\Nico\AppData\Local\Opera Software
2016-01-12 18:28 - 2016-01-12 18:38 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-12 18:17 - 2016-01-12 18:16 - 00001110 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-12 15:39 - 2016-01-13 22:17 - 00001616 _____ C:\Users\Nico\Desktop\Sony Vegas Pro.lnk
2016-01-10 18:38 - 2016-01-13 22:17 - 00001004 _____ C:\Users\Nico\Desktop\Open Broadcaster Software.lnk
2016-01-10 18:38 - 2016-01-10 21:48 - 00000000 ____D C:\Users\Nico\AppData\Roaming\OBS
2016-01-10 18:38 - 2016-01-10 18:38 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-01-10 18:38 - 2016-01-10 18:38 - 00000000 ____D C:\Program Files\OBS
2016-01-10 18:38 - 2016-01-10 18:38 - 00000000 ____D C:\Program Files (x86)\OBS
2016-01-09 23:32 - 2016-01-09 23:32 - 00000000 ____D C:\Users\Nico\Documents\Elder Scrolls Online
2016-01-09 23:32 - 2016-01-09 23:32 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2016-01-08 23:11 - 2016-01-13 22:17 - 00001320 _____ C:\Users\Nico\Desktop\The Elder Scrolls Online.lnk
2016-01-08 23:11 - 2016-01-08 23:11 - 00000000 ____D C:\WINDOWS\jre
2016-01-08 23:11 - 2016-01-08 23:11 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2016-01-08 23:10 - 2016-01-08 23:13 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2016-01-08 23:10 - 2016-01-08 23:11 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2016-01-08 23:10 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-01-08 23:10 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-01-08 23:10 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-01-08 23:09 - 2016-01-08 23:09 - 00000000 ___HD C:\Users\Nico\InstallAnywhere
2016-01-08 17:23 - 2016-01-14 23:18 - 00000000 ____D C:\Users\Nico\AppData\Local\THORN
2016-01-08 17:22 - 2016-01-12 12:59 - 00004346 _____ C:\WINDOWS\System32\Tasks\GameNet
2016-01-08 17:22 - 2016-01-08 17:22 - 00000000 ____D C:\Users\Nico\AppData\Local\Vebanaul
2016-01-08 16:48 - 2016-01-13 22:17 - 00001066 _____ C:\Users\Nico\Desktop\Glyph.lnk
2016-01-08 16:48 - 2016-01-08 16:48 - 00000000 ____D C:\Program Files (x86)\Glyph
2016-01-08 06:43 - 2016-01-09 23:58 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Awesomium
2016-01-08 06:42 - 2016-01-08 06:42 - 00000000 ____D C:\Users\Nico\Documents\BnS
2016-01-08 06:21 - 2016-01-08 06:21 - 00000000 ____D C:\Users\Nico\AppData\Local\BNSUpdater
2016-01-08 06:14 - 2016-01-08 06:14 - 00000000 ____D C:\Program Files (x86)\PlayBns.com
2016-01-07 21:13 - 2016-01-08 06:11 - 00000000 ____D C:\Users\Nico\AppData\LocalLow\uTorrent
2016-01-07 21:12 - 2016-01-08 06:11 - 00000000 ____D C:\Users\Nico\AppData\Roaming\uTorrent
2016-01-05 12:58 - 2016-01-08 16:52 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2016-01-04 18:58 - 2016-01-04 18:58 - 00000000 ____D C:\Users\Nico\AppData\Roaming\AlbionOnline
2016-01-04 18:58 - 2016-01-04 18:58 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Albion
2016-01-04 18:56 - 2016-01-08 16:51 - 00000000 ____D C:\Program Files (x86)\AlbionOnline
2015-12-31 14:32 - 2015-12-31 14:32 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2015-12-31 14:32 - 2015-12-31 14:32 - 00000000 ____D C:\Users\Nico\AppData\Roaming\library_dir
2015-12-31 14:30 - 2016-01-13 22:17 - 00001243 _____ C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2015-12-31 14:30 - 2015-12-31 14:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-31 14:30 - 2015-12-31 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-31 14:25 - 2016-01-13 20:37 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-12-31 14:25 - 2015-12-31 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2015-12-24 15:16 - 2016-01-13 22:17 - 00001762 _____ C:\Users\Nico\Desktop\League of Legends.lnk
2015-12-20 22:46 - 2015-12-20 22:46 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-12-20 22:45 - 2016-01-13 15:22 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Samsung
2015-12-20 22:45 - 2015-12-20 22:45 - 00000000 ____D C:\Users\Nico\Documents\samsung
2015-12-20 22:45 - 2015-12-20 22:45 - 00000000 ____D C:\Users\Nico\AppData\Local\Samsung
2015-12-18 14:23 - 2015-12-18 14:23 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-12-18 14:23 - 2015-12-18 14:23 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-12-18 14:23 - 2015-12-18 14:23 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-12-18 14:23 - 2015-12-18 14:23 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-12-16 20:45 - 2015-12-16 20:45 - 10919104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 09158496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 09105552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 08168856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-12-16 20:45 - 2015-12-16 20:45 - 00112392 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 08426376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00471344 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00130616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-12-16 20:44 - 2015-12-16 20:44 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00151968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00128568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-12-16 20:43 - 2015-12-16 20:43 - 00120200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00874000 _____ (AMD) C:\WINDOWS\system32\coinst_15.30.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00243728 _____ C:\WINDOWS\system32\clinfo.exe
2015-12-16 20:41 - 2015-12-16 20:41 - 00232464 _____ C:\WINDOWS\system32\dgtrayicon.exe
2015-12-16 20:41 - 2015-12-16 20:41 - 00203792 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00183312 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00136208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00122384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00104976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-12-16 20:41 - 2015-12-16 20:41 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 25848848 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 00199696 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-12-16 20:37 - 2015-12-16 20:37 - 00089616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-12-16 20:35 - 2015-12-16 20:35 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-12-16 20:34 - 2015-12-16 20:34 - 31385616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-12-16 20:34 - 2015-12-16 20:34 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-12-16 20:32 - 2015-12-16 20:32 - 00040464 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00561168 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-12-16 20:29 - 2015-12-16 20:29 - 00254992 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-12-16 20:29 - 2015-12-16 20:29 - 00166416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00084504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-12-16 20:29 - 2015-12-16 20:29 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-12-16 20:28 - 2015-12-16 20:28 - 00451088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-12-16 20:28 - 2015-12-16 20:28 - 00171032 _____ C:\WINDOWS\system32\atieah64.exe
2015-12-16 20:28 - 2015-12-16 20:28 - 00154128 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-12-16 20:28 - 2015-12-16 20:28 - 00071184 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-12-16 20:28 - 2015-12-16 20:28 - 00060944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-12-16 20:27 - 2015-12-16 20:27 - 15720464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-12-16 20:27 - 2015-12-16 20:27 - 14310928 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-12-16 20:26 - 2015-12-16 20:26 - 00375824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-12-16 20:26 - 2015-12-16 20:26 - 00064528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-12-16 20:26 - 2015-12-16 20:26 - 00057872 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 49992720 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 01281552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 00950288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 00950288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-12-16 20:25 - 2015-12-16 20:25 - 00052240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-12-16 20:22 - 2015-12-16 20:22 - 27605008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-12-16 20:21 - 2015-12-16 20:21 - 22357008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-12-16 20:20 - 2015-12-16 20:20 - 41519120 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-12-16 20:19 - 2015-12-16 20:19 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-12-16 20:19 - 2015-12-16 20:19 - 00048144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-12-16 20:17 - 2015-12-16 20:17 - 06651920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-12-16 20:16 - 2015-12-16 20:16 - 05232656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-12-16 20:15 - 2015-12-16 20:15 - 00686608 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-12-16 20:15 - 2015-12-16 20:15 - 00571408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00305392 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2015-12-16 20:13 - 2015-12-16 20:13 - 00213520 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00198672 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00143376 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00132112 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00073744 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-12-16 20:13 - 2015-12-16 20:13 - 00068112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-12-16 19:07 - 2015-12-16 19:07 - 10339016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-12-16 10:11 - 2015-12-16 10:11 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-12-16 10:11 - 2015-12-16 10:11 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-12-16 10:11 - 2015-12-16 10:11 - 00323588 _____ C:\WINDOWS\system32\ativvaxy_el.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00322740 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00321072 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00320992 _____ C:\WINDOWS\system32\ativvaxy_el_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00261920 _____ C:\WINDOWS\system32\ativvaxy_stn_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00258464 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00252628 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00249680 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00234292 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00232624 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00177344 _____ C:\WINDOWS\system32\ativce03.dat
2015-12-16 10:11 - 2015-12-16 10:11 - 00100832 _____ C:\WINDOWS\system32\ativce02.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00843639 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00683968 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-12-16 10:09 - 2015-12-16 10:09 - 00683968 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-12-16 10:09 - 2015-12-16 10:09 - 00175648 _____ C:\WINDOWS\system32\amde31a.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00166560 _____ C:\WINDOWS\system32\amde34a.dat
2015-12-16 10:09 - 2015-12-16 10:09 - 00007112 _____ C:\WINDOWS\system32\AMDKernelEvents.man

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-14 23:24 - 2015-09-12 11:05 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C0004CDA-3DAE-43B4-82C6-19FADF2E20E5}
2016-01-14 23:20 - 2015-04-14 16:03 - 00000000 ____D C:\Users\Nico\AppData\Local\Spotify
2016-01-14 23:20 - 2015-04-14 16:02 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Spotify
2016-01-14 23:20 - 2015-04-14 15:41 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-14 23:18 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-14 23:18 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-14 20:02 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2016-01-14 20:01 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-14 19:55 - 2015-11-24 21:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-14 19:55 - 2015-11-24 21:25 - 00000000 ____D C:\ProgramData\Adobe
2016-01-14 19:55 - 2015-11-24 21:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-14 16:03 - 2015-10-14 10:16 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2016-01-14 16:03 - 2015-10-07 22:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-13 22:18 - 2015-12-07 18:11 - 00001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-13 22:18 - 2015-11-24 21:26 - 00001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-01-13 22:18 - 2015-09-24 13:33 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-13 22:18 - 2015-09-19 11:19 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-01-13 22:18 - 2015-09-10 15:22 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-01-13 22:18 - 2015-09-10 15:22 - 00001070 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-01-13 22:18 - 2015-08-08 13:10 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-13 22:18 - 2015-04-18 23:51 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-01-13 22:18 - 2015-04-18 22:18 - 00001462 _____ C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2016-01-13 22:18 - 2015-04-17 16:05 - 01949184 ___SH C:\Users\Nico\Desktop\Thumbs.db
2016-01-13 22:18 - 2015-04-14 15:53 - 00000973 _____ C:\Users\Public\Desktop\Origin.lnk
2016-01-13 22:18 - 2015-04-14 15:50 - 00001112 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-01-13 22:18 - 2015-04-14 15:44 - 00002636 _____ C:\Users\Public\Desktop\Skype.lnk
2016-01-13 22:18 - 2015-04-14 15:41 - 00000957 _____ C:\Users\Public\Desktop\Steam.lnk
2016-01-13 22:17 - 2015-11-24 14:44 - 00001274 _____ C:\Users\Nico\Desktop\Uplay.lnk
2016-01-13 22:17 - 2015-08-08 13:31 - 00002415 _____ C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-13 22:17 - 2015-04-30 13:51 - 00001247 _____ C:\Users\Nico\Desktop\TeamSpeak 3 Client.lnk
2016-01-13 22:17 - 2015-04-27 20:55 - 00001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-01-13 22:17 - 2015-04-14 16:03 - 00001797 _____ C:\Users\Nico\Desktop\Spotify.lnk
2016-01-13 22:17 - 2015-04-14 16:03 - 00001783 _____ C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-01-13 22:13 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-13 20:36 - 2015-08-08 13:04 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-13 20:11 - 2015-08-08 13:19 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-13 20:11 - 2015-07-10 17:34 - 00771100 _____ C:\WINDOWS\system32\perfh007.dat
2016-01-13 20:11 - 2015-07-10 17:34 - 00153964 _____ C:\WINDOWS\system32\perfc007.dat
2016-01-13 20:11 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2016-01-13 19:08 - 2015-09-20 00:41 - 00000237 _____ C:\Users\Nico\Desktop\Schulden.txt
2016-01-13 18:39 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-13 18:37 - 2015-04-15 17:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 18:34 - 2015-08-08 13:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-13 18:33 - 2015-04-15 17:41 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 15:26 - 2015-04-14 15:28 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Adobe
2016-01-13 15:22 - 2015-10-19 20:55 - 00000000 ____D C:\ProgramData\Samsung
2016-01-13 15:22 - 2015-10-19 20:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-01-13 15:21 - 2015-09-13 21:06 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-01-13 15:21 - 2015-09-13 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-01-13 15:21 - 2015-09-13 21:06 - 00000000 ____D C:\Program Files\VB
2016-01-13 15:21 - 2015-04-27 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-01-13 15:21 - 2015-04-27 20:09 - 00000000 ____D C:\Program Files (x86)\Hp
2016-01-13 15:21 - 2015-04-18 22:04 - 00000000 ____D C:\Program Files (x86)\URUSoft
2016-01-13 15:20 - 2015-05-27 17:25 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-13 14:58 - 2015-11-24 21:27 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-13 12:06 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-13 12:01 - 2015-04-18 22:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Adobe
2016-01-12 22:44 - 2015-04-14 15:50 - 00000000 ____D C:\Users\Nico\AppData\Local\Battle.net
2016-01-12 22:33 - 2015-04-14 15:50 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-12 21:43 - 2015-04-18 23:51 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc
2016-01-12 20:53 - 2015-09-27 15:57 - 00000000 ____D C:\Users\Nico\AppData\Local\Google
2016-01-12 20:53 - 2015-09-27 15:57 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-12 20:32 - 2015-08-08 13:06 - 00000000 ____D C:\Users\Nico
2016-01-12 18:30 - 2015-10-28 21:35 - 00000000 ____D C:\Users\Nico\AppData\Local\Deployment
2016-01-12 17:56 - 2015-05-13 12:04 - 00708096 ___SH C:\Users\Nico\Documents\Thumbs.db
2016-01-08 17:37 - 2015-07-03 15:52 - 00000000 ____D C:\Games
2016-01-08 17:09 - 2015-09-30 19:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Glyph
2016-01-08 16:48 - 2015-09-30 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2016-01-08 16:48 - 2015-09-30 19:14 - 00000000 ____D C:\ProgramData\Glyph
2016-01-06 13:48 - 2015-04-14 15:52 - 00000000 ____D C:\Users\Nico\AppData\Local\Steam
2016-01-05 11:00 - 2015-04-14 15:54 - 00000000 ____D C:\AMD
2016-01-03 02:40 - 2015-07-10 12:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-31 15:19 - 2015-04-14 15:45 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Skype
2015-12-31 14:35 - 2015-08-17 09:56 - 00000000 ____D C:\Users\Nico\Documents\DayZ
2015-12-31 14:30 - 2015-04-14 15:45 - 00000000 ____D C:\Users\Nico\AppData\Local\Skype
2015-12-31 14:30 - 2015-04-14 15:44 - 00000000 ____D C:\ProgramData\Skype
2015-12-31 14:25 - 2015-10-24 19:27 - 00000000 ____D C:\Users\Nico\AppData\Local\AMD
2015-12-31 14:25 - 2015-07-13 14:48 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-31 14:24 - 2015-08-08 13:03 - 00000000 ____D C:\Program Files\AMD
2015-12-18 14:23 - 2015-07-16 00:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-12-16 20:45 - 2015-10-07 18:18 - 00143080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-12-16 20:45 - 2015-07-16 01:12 - 00162784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-12-16 20:44 - 2015-10-07 18:18 - 11011560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-12-16 20:44 - 2015-07-16 01:11 - 13313544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-12-16 20:44 - 2015-07-16 01:11 - 01519232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-12-16 20:44 - 2015-07-16 01:11 - 01249664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-12-16 20:31 - 2015-07-16 01:06 - 23969808 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-12-16 20:31 - 2015-07-16 00:13 - 00679952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-13 21:29 - 2015-09-13 21:29 - 0002853 _____ () C:\Users\Nico\AppData\Roaming\VoiceMeeterDefault.xml
2015-09-19 23:41 - 2015-09-19 23:41 - 0005219 _____ () C:\Users\Nico\AppData\Local\recently-used.xbel
2015-08-08 13:04 - 2015-08-08 13:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-27 20:35 - 2016-01-13 15:21 - 0002816 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\Nico\AppData\Local\Temp\1452706703tmp.exe
C:\Users\Nico\AppData\Local\Temp\aJ9yxJYQGd.exe
C:\Users\Nico\AppData\Local\Temp\BRSVC_1936515_hlp.exe
C:\Users\Nico\AppData\Local\Temp\byHPCpnsMC.exe
C:\Users\Nico\AppData\Local\Temp\goGKuA3iaj.exe
C:\Users\Nico\AppData\Local\Temp\Gw2.exe
C:\Users\Nico\AppData\Local\Temp\raptrpatch.exe
C:\Users\Nico\AppData\Local\Temp\raptr_stub.exe
C:\Users\Nico\AppData\Local\Temp\setup6879.exe
C:\Users\Nico\AppData\Local\Temp\sqlite3.dll
C:\Users\Nico\AppData\Local\Temp\tmpB7E2.exe
C:\Users\Nico\AppData\Local\Temp\UninstallModule.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-01-08 14:36

==================== Ende von FRST.txt ============================
         

Alt 14.01.2016, 23:29   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Untersuchen klicken.

__________________
Logs bitte immer in CODE-Tags posten

Alt 14.01.2016, 23:30   #13
BlueRavenHD
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
durchgeführt von Nico (2016-01-14 23:30:16)
Gestartet von C:\Users\Nico\Downloads
Windows 10 Pro (X64) (2015-08-08 12:25:10)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-390326861-221582735-3363938159-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-390326861-221582735-3363938159-503 - Limited - Disabled)
Gast (S-1-5-21-390326861-221582735-3363938159-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-390326861-221582735-3363938159-1009 - Limited - Enabled)
Nico (S-1-5-21-390326861-221582735-3363938159-1001 - Administrator - Enabled) => C:\Users\Nico

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Black Desert (HKLM-x32\...\{4BD65630-3A19-4fc2-8AD8-2CF729DB6608}.30000000000) (Version: 1.0 - Global Gamers Solutions Ltd. ©)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.60.197 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.60.197 - NC Interactive, LLC) Hidden
Blender (HKLM\...\{D593042C-8739-488D-93B8-E6B202013E57}) (Version: 2.76.1 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DRAGON BALL XENOVERSE (HKLM-x32\...\Steam App 323470) (Version:  - DIMPS)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
F300 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version:  - SQUARE ENIX)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.3.6.2 (HKLM-x32\...\{9F410B70-8A45-4F28-985E-F9731219BCBC}) (Version: 4.3.6.2 - The Document Foundation)
MagicYUV Lossless Video Codec Trial version 1.2rev0 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.2rev0 - INNOMAGIC Bt.)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Rainbow Six Siege - Open Beta (HKLM-x32\...\Uplay Install 1001) (Version:  - Ubisoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
ROCCAT Ryos Keyboard Driver (HKLM-x32\...\{70F3EF93-44F4-446A-90B8-33DAB2799AF1}) (Version: 1.29.0006 - Roccat GmbH)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.5.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.5.0 - SteelSeries ApS)
TeamSpeak 3 Client (HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.2.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-43CC95F1E486}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nico\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-390326861-221582735-3363938159-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0701EA5D-874F-4217-8D7A-F53986B382E4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0E94E16D-1263-4900-BBD7-9983C618D2DB} - \crash_service -> Keine Datei <==== ACHTUNG
Task: {17930800-9D3E-469C-9FAC-750DB1ED7880} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {1D8D3A9E-29BF-4407-BEDE-73679474C84C} - System32\Tasks\GameNet => C:\Program Files (x86)\QGNA\qGNA.exe
Task: {5F62C94C-267B-4631-A9B2-3129D02488FC} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {7026FA9B-887E-4680-ACF5-3E2D7631BC80} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {99E9D2B1-33E0-4A39-8D80-D31E10274C01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A242B510-44CF-422B-8D05-30B171AE4D4A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {A65E1846-5CF0-44F4-B38B-FB95784EA51F} - System32\Tasks\Foosgasz => C:\PROGRA~1\SHOPPE~1\Qaucne.bat
Task: {CFB97A37-4BCC-44B5-A38A-2D07C35E4155} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {E3BCDA42-3149-4CFE-8F0E-27872950264B} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> Keine Datei <==== ACHTUNG
Task: {F31DD1F0-6CA9-4E78-A685-FC706511BACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {F833C75A-4500-4269-93DD-C11AB3AB4A5C} - \SwiftSearch Auto Updater 1.10.0.25 Core -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\WebReg HP Deskjet F300 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-10 12:00 - 2015-07-10 12:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-08 13:57 - 2015-08-08 13:57 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-19 15:21 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-01 14:29 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 14:29 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-11 19:02 - 2015-09-11 19:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-01 14:29 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 15:16 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 15:15 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 15:15 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 14:29 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-08 17:23 - 2015-04-24 16:40 - 00043520 _____ () C:\Users\Nico\AppData\Local\THORN\QtSolutions_Service-head.dll
2016-01-08 17:23 - 2014-08-28 10:36 - 00732160 _____ () C:\Users\Nico\AppData\Local\THORN\libGLESv2.dll
2016-01-08 17:23 - 2014-08-28 10:41 - 00856576 _____ () C:\Users\Nico\AppData\Local\THORN\platforms\qwindows.dll
2016-01-08 17:23 - 2014-08-28 10:36 - 00047104 _____ () C:\Users\Nico\AppData\Local\THORN\libEGL.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\com -> hxxp://*.Wondershare.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2016-01-12 18:16 - 00001110 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-390326861-221582735-3363938159-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nico\Desktop\faze-backgda21.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "dply_en_009030206"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "CrashService"
HKU\S-1-5-21-390326861-221582735-3363938159-1001\...\StartupApproved\Run: => "MyComGames"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A22B3A6D-7924-4763-97C6-C3CC87B0A0E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{62E5A8BD-F3DF-41D1-9151-7E50B543F39F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [UDP Query User{EFACFB75-A677-4F94-9B73-743B4BA9D768}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{B7BF3ADA-375D-4F33-9FDE-5D1B32D60EB8}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{0427E741-5E5C-4BD8-9814-0237E1964CC6}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{551E20CA-5B73-4C48-9DAA-9E8E0084ED80}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [{85392265-6C8E-4718-868B-86F336EFAFF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{A6A330F9-A60C-41D6-8E57-4B6E09599891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{7E00ACB1-FA3E-4BCF-98D3-DEAAD9F3CD58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{B43EF214-845F-4B6F-84C6-58B9D647288E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [UDP Query User{4DE62E97-D42F-4462-B1AE-574BE8161E98}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E4EC5EDF-52FB-4B67-9016-F3684A3A3111}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6D41EA7E-DEEB-4EF6-A989-4A7798093831}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BBE93B6C-F671-4DB9-9957-6EC793460A7C}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [{62338E9B-66CF-48AA-B4A9-6CCAD1F22D11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse\DBXV.exe
FirewallRules: [{E8574E8C-C55D-40CA-A183-4BD3C0D9F460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse\DBXV.exe
FirewallRules: [UDP Query User{83789CBB-6AD7-46F1-B915-85B7109F0015}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{7CF7CC2D-59AB-414A-BCB7-26D56E3340C9}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{72494A97-BD6A-421D-B34F-5C1A762F47D6}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5567EB66-EE60-4E7E-BDFC-49FE5E60CC07}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7735A50C-1BDF-4068-B5F4-A5D71530778C}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{7FC897F6-2876-4256-A5F2-1790E78D0B8B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8FB313F0-488B-469D-A970-70A8E990DC1E}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D401F11E-274A-4D2C-BB95-9F1671233B79}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{B279BD0B-6E53-4823-A32D-D08A44CF5B03}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7DA813D8-6936-4E3D-9064-8733E1728C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{345C46CB-B8CF-4AEC-90D9-6428D51A118F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E239265D-6359-48C0-BD8B-90248C22238A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{DB9AE537-09CB-4E9E-AD60-4C6733CE7DEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BB1FECD9-4580-442F-8924-5C5B1919DB1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{D96D63F4-1525-480B-8D1C-679A76AE8959}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{4861ABD4-052E-419F-98EB-E7D6CBDBD5C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{94310E4C-25E4-4B21-9C51-156C2DEEE197}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{8B099E2F-CF90-42B5-AEFC-D2C53001845F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{4E82DCCC-6EAD-4DAE-9736-980ABA886F69}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7CD43DFA-70BD-45E3-B2E1-5AAC5765158C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{494E49C1-9348-4045-9A5F-3CE31DEC5D09}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{DACAEFE3-5368-45B4-ACB1-98551DBE9EC4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{849C3FF8-9077-4A97-B40C-AC05218A924D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8A68DD50-0E93-4A6D-B8D3-2723A02BB241}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{BE15EDAE-CF91-42A4-93FF-7414DFFE638F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{A34DE4A3-78BB-449A-8F1B-416186F5700F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{175133BA-3A0D-44AC-BA75-66AEFCA9B9DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{7BD1E93C-54F9-4C99-8DD0-88ADB7938831}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9D16849D-51E9-4886-9C47-BE94846333F6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FCB64F93-38BF-4452-8BE6-CF986B3A77FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E7A98DEA-2F32-4DB7-B6E1-3F94FA36F704}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5C5BD0A5-BFCC-4BC5-B8D9-0EE950D5DCED}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A0F80382-2902-4511-81E8-E2DE5EA2942F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8522CED1-4C3D-44E9-8641-4F96C1FAA311}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5B2D2225-751A-4F16-A257-E59A48537304}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C98ED621-3F5A-466A-8A19-30C62EC881BE}C:\users\nico\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nico\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AC07BEF5-EBC6-4942-B30A-D46DCA2E2761}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{78445581-2B8C-4D1F-89B2-773A3AFCE6A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{D8CEC2C1-9689-43F8-96B2-306C3BD7C7E8}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{579B5D01-49B2-4034-A22C-7BBBD6876E92}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{00654931-AB31-4CDB-A9FB-D5BE7F353A2A}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{710AD1CD-F1AB-4B04-8A5C-33BE93258438}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C84871E6-6369-47ED-8531-1B13242C52E4}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F570D22D-BC2D-4300-AB24-D36D0643248A}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0A531268-64FA-4D3F-B0F5-089714CA264D}C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E62E82FC-622B-4C77-AE98-48F64919D9FB}C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [{E51830C3-4F9A-4F13-8D1E-E0862526B3DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FA3B63D-443B-493C-A934-1F3F416A115A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D4FD331-B4F8-416F-B3BB-FFDD006DD146}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D08355AE-93E4-433A-969E-59799CC7D11F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8E3A5292-3238-4DD0-9E2A-6828115CB2EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{CC862ED2-F94F-4744-9383-CE0F07805233}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [TCP Query User{C0750D98-84AE-4DBD-9F16-D1CBC46050A0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{ABB768B0-926B-4231-8B77-6AB82097EAF8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{D657C096-730D-4818-AB3F-CE410804CAC6}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{93A4FD8B-49D0-493C-8B2C-B1708BEFB07C}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [{8353D005-8BAE-4FDA-9111-4B1869A7938C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7A057CB1-578A-41D0-9FE2-46168E01C43B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2B74267A-3025-4675-8466-E5888D52327A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E6050361-4091-4ECD-ABA4-3EA32462C48E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B7BD1A22-ABAB-4479-808D-005C393E4F0E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DD86E8E9-15E2-4561-9999-13182C1D1FA5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{04B25235-305F-4F5E-989C-E776E2084621}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{34D301BD-03A0-45B9-A0BD-60CA0C2F5AAD}C:\users\nico\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\nico\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{9CFC4963-0EFA-4E2B-8661-2817F9130382}C:\users\nico\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\nico\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{460D93BF-DB37-4666-A744-DEFAFB0E231D}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2787BDDD-A8D0-4388-95EE-DDA74A9BAE66}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF6A0B01-47E4-4C11-880B-60950FFA179B}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B06FA57-DEC3-415C-B0B5-A7261FC24212}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{48A9DFEC-0960-4958-BECD-700DDE6863F2}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{761B3A65-5C31-47E2-AEF9-D9302B8B7FF7}] => (Allow) C:\Users\Nico\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8BC26C80-3AE7-4583-AD57-3FC528D0C873}] => (Allow) C:\Users\Nico\Downloads\PlayBlackDesert.exe
FirewallRules: [{EE844952-2A3B-4EB4-B73E-D8794C3E623D}] => (Allow) C:\Users\Nico\Downloads\PlayBlackDesert.exe
FirewallRules: [{0F43F983-AA19-441F-B8A5-00782063148B}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe
FirewallRules: [{A2AC6A7F-DBE3-4B7C-AE42-B2548172477D}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe
FirewallRules: [{938EF0C9-7A77-42D5-8C94-C5F2DDC9970F}] => (Allow) C:\Users\Nico\AppData\Local\Temp\is-JCSFP.tmp\setup6879.tmp
FirewallRules: [{74AFC2BF-6055-414B-8C98-C8FC0070A9AD}] => (Allow) C:\Users\Nico\AppData\Local\Temp\is-JCSFP.tmp\setup6879.tmp
FirewallRules: [TCP Query User{912FFECD-DE87-4F79-AE77-9929148FE734}C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{B9C5FABF-3471-4EFD-909B-9CD78CA6E493}C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nico\appdata\local\temp\i1452290950\windows\resource\jre\bin\javaw.exe
FirewallRules: [{CB724CF0-B343-4816-993F-868A8B38A94F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CBF178EE-4530-4F1F-869A-7F667457D83A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{88F15CB0-A7FE-4B86-B1DB-18C95E4878F0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{437E7BED-E866-4C4B-AD78-8BD4731D772C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

==================== Wiederherstellungspunkte =========================

04-01-2016 18:57:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
08-01-2016 23:10:13 DirectX wurde installiert
12-01-2016 20:28:54 Installed Blender
14-01-2016 16:03:14 Installiert Blade & Soul
14-01-2016 23:21:14 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/14/2016 11:21:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (01/14/2016 04:03:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (01/14/2016 03:31:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGGO)
Description: Bei der Aktivierung der App „Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/14/2016 03:31:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGGO)
Description: Bei der Aktivierung der App „Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/13/2016 10:31:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Bethesda.net_Launcher.exe, Version 3.6.5.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b24

Startzeit: 01d14e496ace1368

Beendigungszeit: 5

Anwendungspfad: C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe

Berichts-ID: 03d671e1-ba3d-11e5-bed1-801f02a76539

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (01/13/2016 10:18:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGGO)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/13/2016 10:18:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SearchUI.exe, Version 10.0.10240.16603 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15f4

Startzeit: 01d14e4766b93cd7

Beendigungszeit: 4294967295

Anwendungspfad: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Berichts-ID: 2bcaf854-ba3b-11e5-bed0-94de80ac5860

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Auf das fehlerhafte Paket bezogene Anwendungs-ID: CortanaUI

Error: (01/13/2016 10:18:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: NIGGO)
Description: Das Paket „Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (01/13/2016 09:28:54 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (9064) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (01/13/2016 09:28:54 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (9064) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.


Systemfehler:
=============
Error: (01/14/2016 11:20:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/14/2016 11:20:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/14/2016 11:20:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/14/2016 11:20:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/14/2016 11:20:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/14/2016 11:20:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/14/2016 11:20:14 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/14/2016 11:20:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/14/2016 11:20:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/14/2016 11:20:11 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


CodeIntegrity:
===================================
  Date: 2016-01-12 20:25:23.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 20:25:23.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 20:25:22.636
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 20:25:22.602
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 18:47:20.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:39:05.836
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:31:29.714
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:30:41.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 18:29:32.742
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 18:29:32.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz
Prozentuale Nutzung des RAM: 21%
Installierter physikalischer RAM: 8136.63 MB
Verfügbarer physikalischer RAM: 6410.38 MB
Summe virtueller Speicher: 9416.63 MB
Verfügbarer virtueller Speicher: 7608.42 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:543.18 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8F36E99A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== Ende von Addition.txt ============================
         

Alt 14.01.2016, 23:46   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {0701EA5D-874F-4217-8D7A-F53986B382E4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0E94E16D-1263-4900-BBD7-9983C618D2DB} - \crash_service -> Keine Datei <==== ACHTUNG
Task: {17930800-9D3E-469C-9FAC-750DB1ED7880} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {99E9D2B1-33E0-4A39-8D80-D31E10274C01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {A242B510-44CF-422B-8D05-30B171AE4D4A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {CFB97A37-4BCC-44B5-A38A-2D07C35E4155} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {E3BCDA42-3149-4CFE-8F0E-27872950264B} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> Keine Datei <==== ACHTUNG
Task: {F31DD1F0-6CA9-4E78-A685-FC706511BACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {F833C75A-4500-4269-93DD-C11AB3AB4A5C} - \SwiftSearch Auto Updater 1.10.0.25 Core -> Keine Datei <==== ACHTUNG
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logs bitte immer in CODE-Tags posten

Alt 14.01.2016, 23:53   #15
BlueRavenHD
 
Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Standard

Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
durchgeführt von Nico (2016-01-14 23:48:51) Run:1
Gestartet von C:\Users\Nico\Desktop
Geladene Profile: Nico (Verfügbare Profile: Nico)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Task: {0701EA5D-874F-4217-8D7A-F53986B382E4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {0E94E16D-1263-4900-BBD7-9983C618D2DB} - \crash_service -> Keine Datei <==== ACHTUNG
Task: {17930800-9D3E-469C-9FAC-750DB1ED7880} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {99E9D2B1-33E0-4A39-8D80-D31E10274C01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {A242B510-44CF-422B-8D05-30B171AE4D4A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {CFB97A37-4BCC-44B5-A38A-2D07C35E4155} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {E3BCDA42-3149-4CFE-8F0E-27872950264B} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> Keine Datei <==== ACHTUNG
Task: {F31DD1F0-6CA9-4E78-A685-FC706511BACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {F833C75A-4500-4269-93DD-C11AB3AB4A5C} - \SwiftSearch Auto Updater 1.10.0.25 Core -> Keine Datei <==== ACHTUNG
emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0701EA5D-874F-4217-8D7A-F53986B382E4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0701EA5D-874F-4217-8D7A-F53986B382E4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E94E16D-1263-4900-BBD7-9983C618D2DB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E94E16D-1263-4900-BBD7-9983C618D2DB}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\crash_service => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17930800-9D3E-469C-9FAC-750DB1ED7880}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17930800-9D3E-469C-9FAC-750DB1ED7880}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99E9D2B1-33E0-4A39-8D80-D31E10274C01}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99E9D2B1-33E0-4A39-8D80-D31E10274C01}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A242B510-44CF-422B-8D05-30B171AE4D4A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A242B510-44CF-422B-8D05-30B171AE4D4A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFB97A37-4BCC-44B5-A38A-2D07C35E4155}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFB97A37-4BCC-44B5-A38A-2D07C35E4155}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3BCDA42-3149-4CFE-8F0E-27872950264B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3BCDA42-3149-4CFE-8F0E-27872950264B}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F31DD1F0-6CA9-4E78-A685-FC706511BACE}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F31DD1F0-6CA9-4E78-A685-FC706511BACE}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F833C75A-4500-4269-93DD-C11AB3AB4A5C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F833C75A-4500-4269-93DD-C11AB3AB4A5C}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core => Schlüssel nicht gefunden. 
EmptyTemp: => 3 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 23:50:51 ====
         

Antwort

Themen zu Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%
100%, browser, dnsapi.dll, einfach, erkennt, festplatte, forbidden, guten, interne, internetverbindung, klicke, kurzzeitig, launch, links, lädt, neue, officejet, onedrive, piesearch, platte, problem, programme, schei, schonmal, unregelmäßige, uplay, verbindung, virus, websites, windows, windowsapps, öffnen, öffnet



Ähnliche Themen: Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%


  1. Neue Tabs öffnen sich automatisch im Browser
    Log-Analyse und Auswertung - 18.12.2015 (7)
  2. Firefox lädt ständig - ununterbrochen neu/Werbung/neue Tabs/neue Fenster
    Log-Analyse und Auswertung - 28.10.2015 (11)
  3. Chrome und Mozilla öffnen dauernd neue Ad-Tabs wenn ich auf Links klicke
    Log-Analyse und Auswertung - 15.09.2015 (7)
  4. Werbebomben, ständig öffnende Browser, neue Programme auf Desktop
    Plagegeister aller Art und deren Bekämpfung - 12.04.2015 (14)
  5. Windows 7: Ständig neue Werbeanzeigen sowie neue Fenster öffnen sich in Chrome
    Plagegeister aller Art und deren Bekämpfung - 12.03.2015 (15)
  6. Win 7, Addware durch Softwareinstallation (Programme, Umleitungen, neue Startseite und Suchmaschine, Browser Add-ons und Plug-Ins)
    Log-Analyse und Auswertung - 21.01.2015 (11)
  7. Windows 7: Ständig neue Werbeanzeigen sowie neue Fenster öffnen sich in Chrome.
    Plagegeister aller Art und deren Bekämpfung - 13.01.2015 (10)
  8. festplatte lässt sich nicht öffnen, Pc geht einfach aus WINDOWS XP
    Antiviren-, Firewall- und andere Schutzprogramme - 09.01.2015 (6)
  9. neue Tabs mit stake7.com öffnen sich bei klick auf links
    Plagegeister aller Art und deren Bekämpfung - 30.06.2014 (11)
  10. Browser öffnen immer neue Fenster mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (13)
  11. Browser-Hijacking - Google-Links öffnen Schund
    Log-Analyse und Auswertung - 24.03.2011 (2)
  12. Browser öffnen willkürlich Tabs, Links werden geändert
    Plagegeister aller Art und deren Bekämpfung - 09.07.2010 (14)
  13. Browser - Google Links funktionieren nicht, andere Seiten öffnen sich
    Log-Analyse und Auswertung - 04.03.2010 (27)
  14. browser öffnen keine google links!?
    Log-Analyse und Auswertung - 06.09.2009 (2)
  15. Browser Hijack - Explorer und Firefox öffnen bei Google-Links falsche Seiten
    Log-Analyse und Auswertung - 27.03.2009 (4)
  16. Es öffnen sich einfach neue Seiten !!!
    Mülltonne - 28.06.2008 (0)
  17. Browser öffnen nicht mehr alle Links - mein Logfile
    Log-Analyse und Auswertung - 26.09.2007 (10)

Zum Thema Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% - Guten Tag, ich hoffe ihr könnt mir bei meinem Problem helfen. Wie man am Titel erkennt habe ich mir scheinbar einen Virus geladen. Dieser läd irgendwelche Programme auf meinen Pc. - Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100%...
Archiv
Du betrachtest: Windows 10: Browser öffnen einfach neue Links, Pc lädt Programme und Festplatte auf 100% auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.