Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Browser Hijacker nova.rumbler.ru gefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.01.2017, 13:24   #1
Spheenix
 
Browser Hijacker nova.rumbler.ru gefangen - Frage

Browser Hijacker nova.rumbler.ru gefangen



Hallo zusammen!

Ich habe seit gestern Abend das Problem, das ich ständig auf nova.rambler.ru weitergeleitet werde, wenn ich etwas bei Google suche.
Ich habe bereits mein Antivirenprogramm Sophos den Rechner durchscannen lassen, leider erfolglos. Zusätzlich habe ich es mit dem zurücksetzen von Chrome versucht, ebenfalls nur kurzzeitig von Erfolg gekrönt, wenn ich den Browser schließe und wieder öffne habe ich das gleiche Problem erneut.
In der Registry finde ich manuell leider auch nichts, was auf nova.rambler.ru zu deuten scheint
Kurz gesagt: HILFE !

/edit: Nutze Windows 10 64bit.... ^^"

Alt 15.01.2017, 13:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



+++ WICHTIGER HINWEIS +++


Während der Analyse und Bereinigung nimmst du KEINERLEI Änderungen auf eigene Faust vor, d.h. du installierst oder deinstallierst keine Software ohne Absprache.
Auch veränderst du keine Systemeinstellungen, solange wir deinen Fall bearbeiten. Änderungen, Installationen oder Deinstallationen machst du AUSSCHLIESSLICH nur auf Anweisung!
Es wird erforderlich sein, deinen Virenscanner zu deaktivieren und in bestimmten Fällen auch zu deinstallieren, damit vernünftig bereinigt werden kann. Dein System ist daher erst wenn wir hier fertig sind wieder für den alltäglichen Gebrauch wie surfen oder mailen von mir freigegeben.

Gelesen und verstanden?




Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 15.01.2017, 13:51   #3
Spheenix
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



Jawohl, gelesen und verstanden. Werde nichts machen, bis das Gerät wieder sauber ist und danach meine gesamten Passwörter ändern!

FRST
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-01-2017
durchgeführt von Sebastian (Administrator) auf MICASA (15-01-2017 13:15:44)
Gestartet von C:\Users\Sebastian\Downloads
Geladene Profile: Sebastian (Verfügbare Profile: Sebastian)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos System Protection\ssp.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Pokki) C:\Users\Sebastian\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\System\3DG4me.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
(GOG.com) D:\GalaxyClient\GalaxyClient.exe
(GOG.com) D:\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) D:\GalaxyClient\GalaxyClient Helper.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Users\Sebastian\AppData\Local\Temp\INS_713799e7.TMP
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(GOG.com) D:\GalaxyClient\GalaxyClient Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-15] (Realtek Semiconductor)
HKLM\...\Run: [3DG4me] => C:\WINDOWS\System\3DG4me.exe [151552 2013-05-28] ()
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1480176 2016-10-06] (Sophos Limited)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1207808 2016-12-09] (Cisco Systems, Inc.)
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [Steam] => D:\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [GalaxyClient] => D:\GalaxyClient\GalaxyClient.exe [3971648 2017-01-15] (GOG.com)
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [Spotify Web Helper] => C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-12] (Spotify Ltd)
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [uTorrent] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2017-01-13] (BitTorrent Inc.)
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [icq.desktop] => C:\Users\Sebastian\AppData\Roaming\ICQ\bin\icq.exe [30170328 2016-04-05] ()
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [8608888 2016-12-13] (Sand Studio)
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\sophos_detoured.dll [207864 2016-09-13] (Sophos Limited)
ShellIconOverlayIdentifiers: [     MagentaOverlayIconCheck] -> {c80109bf-013d-343d-a627-d2a5213efafc} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [     MagentaOverlayIconError] -> {bb6644a0-636d-3808-95f1-2e267c49e9c2} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [     MagentaOverlayIconSync] -> {72dbcbb5-55c9-36cd-a56d-bb2491861618} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  MagentaOverlayIcon1] -> {8ec6dd7e-fece-30b6-a924-9f002415595d} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  MagentaOverlayIcon2] -> {b0211a8e-58b3-3932-9689-32d644a0828a} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  MagentaOverlayIcon3] -> {3465eba8-d186-3b9c-870b-0c418f7dd282} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  MagentaOverlayIcon4] -> {6f195ec8-0779-3aa2-85b3-a43e7f3ef055} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-06]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-06-22] ()
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagentaCLOUD.lnk [2016-04-08]
ShortcutTarget: MagentaCLOUD.lnk -> C:\Users\Sebastian\AppData\Roaming\Telekom\MagentaCloud\MagentaCloud.App.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4846ce9a-c26b-4d21-8f6a-68ce95eab118}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{afe46b60-ff9b-4cc6-bd16-17b4cc2fa14c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cef7a83d-546a-42a1-9e7e-bf73509c81c0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pesonal-spage.com/sall/
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1585825436-704687126-3158100386-1001 -> {389BE386-6D17-4415-8E22-C27781DBF71C} URL = 
SearchScopes: HKU\S-1-5-21-1585825436-704687126-3158100386-1001 -> {4CADCACE-1FEB-11E5-825E-28C2DD30DC9C} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1585825436-704687126-3158100386-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-11] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-06] (LastPass)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-11] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-07] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-06] (LastPass)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-07] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-06] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-06] (LastPass)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-11] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-11] (Microsoft Corporation)

FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-06] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-06] (LastPass)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-11] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-11] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1585825436-704687126-3158100386-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-01-09] ()

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.de/", "hxxp://avg.nation.com/avgtbavg/search/home?cid={1E4F1280-4B18-46D1-9385-7068B2A90700}&mid=1f6a9e5389bc47d39c41d9a4ff3c6cf1-75473c4f0acddff29a510c8cda5f5cbfcb604a63&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2013-10-05 15:36:15&v=17.0.1.12&pid=nation&sg=&sap=hp&cmpid=0913b", "hxxp://homepage-web.com/?s=acer&m=start"
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default [2017-01-15]
CHR Extension: (Google Präsentationen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-30]
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-12]
CHR Extension: (Google Tabellen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-30]
CHR Extension: (Vysor) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-01-11]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-08-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-09]
CHR Extension: (Privacy Palette) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone [2015-06-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2016-01-03]
CHR Extension: (Fast search) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-15]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]
CHR Extension: (Inbox by Gmail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2016-01-03]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [463112 2014-07-31] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-06-04] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-10-03] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 GalaxyClientService; D:\GalaxyClient\GalaxyClientService.exe [284224 2017-01-15] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-17] (GOG.com)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-06] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-06] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-01-06] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2119688 2016-12-07] (Electronic Arts)
S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [2180624 2016-12-07] (Electronic Arts)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-07-02] ()
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [Datei ist nicht signiert]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [229672 2016-09-13] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2016-09-13] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [780432 2016-10-06] (Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1379856 2016-09-04] (Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1805368 2016-09-04] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2016-09-13] (Sophos Limited)
R2 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-09-12] (Sophos Limited)
R2 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-09-12] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2016-09-13] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3644368 2016-09-13] (Sophos Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2016-07-15] (ASRock Incorporation)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-10-04] (BitRaider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-06] (NVIDIA Corporation)
R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [201168 2016-09-13] (Sophos Limited)
S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2016-09-13] (Sophos Limited)
S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [27904 2016-09-13] (Sophos Limited)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2016-09-13] (Sophos Limited)
R3 USBADVAU; C:\WINDOWS\system32\drivers\cm11264.sys [4121088 2012-11-29] (C-Media Electronics Inc)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [Datei ist nicht signiert]
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [Datei ist nicht signiert]
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-12-23] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-15 13:15 - 2017-01-15 13:32 - 00029563 _____ C:\Users\Sebastian\Downloads\FRST.txt
2017-01-15 13:15 - 2017-01-15 13:15 - 00000000 ____D C:\FRST
2017-01-15 13:12 - 2017-01-15 13:14 - 02419200 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2017-01-15 10:57 - 2017-01-15 10:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-15 10:57 - 2016-12-11 19:23 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-01-15 10:57 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-15 10:57 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-15 10:57 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-15 10:57 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-15 10:54 - 2016-12-12 04:03 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00801560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00643928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00642392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00617696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00347072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-15 10:54 - 2016-12-12 04:03 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-15 10:44 - 2017-01-15 10:56 - 00000000 ____D C:\WINDOWS\LastGood
2017-01-15 10:44 - 2017-01-15 10:44 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-15 10:44 - 2017-01-06 02:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-15 10:44 - 2017-01-06 02:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-15 10:44 - 2017-01-06 02:10 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-15 10:44 - 2017-01-06 01:09 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-15 02:22 - 2016-11-09 16:52 - 08003880 _____ C:\Users\Sebastian\Desktop\tyranny_shortstories.pdf
2017-01-15 02:18 - 2017-01-15 03:53 - 117449122 _____ C:\Users\Sebastian\Downloads\tyranny_wallpapers.zip
2017-01-15 02:16 - 2017-01-15 02:21 - 06624854 _____ C:\Users\Sebastian\Downloads\tyranny_shortstories (2).zip
2017-01-15 02:08 - 2017-01-15 02:08 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\SPI
2017-01-15 02:08 - 2017-01-15 02:08 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Browsers
2017-01-14 22:21 - 2017-01-14 22:21 - 00000000 ____D C:\Users\Sebastian\.android
2017-01-14 22:15 - 2017-01-14 22:15 - 00000000 ____D C:\Users\Sebastian\Desktop\ADB
2017-01-14 01:11 - 2017-01-14 01:11 - 00000908 _____ C:\Users\Sebastian\Desktop\Tyranny.lnk
2017-01-13 20:46 - 2017-01-13 21:48 - 00000000 ____D C:\Users\Sebastian\Downloads\3DMGAME-Tyranny.Overlord.Edition.Cracked-3DM
2017-01-13 20:45 - 2017-01-13 21:03 - 00000000 ____D C:\Users\Sebastian\AppData\LocalLow\uTorrent
2017-01-13 19:12 - 2017-01-13 19:12 - 00000000 __SHD C:\Users\Sebastian\AppData\Roaming\wyUpdate AU
2017-01-12 22:37 - 2017-01-12 22:37 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2017-01-12 22:37 - 2017-01-12 22:37 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-12 13:11 - 2017-01-12 13:30 - 00019518 _____ C:\Users\Sebastian\Downloads\Kopie von 2017 BKT - Teilnehmerliste.xlsx
2017-01-11 17:12 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 17:12 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 17:12 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 17:12 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 17:12 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 17:12 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 17:12 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 17:12 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 17:12 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 17:12 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 17:12 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:12 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 17:12 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 17:12 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 17:12 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 17:12 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 17:12 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 17:12 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 17:12 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 17:12 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 17:12 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 17:12 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 17:12 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 17:12 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 17:12 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 17:12 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 17:12 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 17:12 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 17:12 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 17:12 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 17:12 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 17:12 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 17:12 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 17:12 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 17:12 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 17:12 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 17:12 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 17:12 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 17:12 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 17:12 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 17:12 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 17:12 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 17:12 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 17:12 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 17:12 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 17:12 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 17:12 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 17:12 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 17:12 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 17:12 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 17:12 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 17:12 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 17:12 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 17:12 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 17:12 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 17:12 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 17:12 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 17:12 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 17:12 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 17:12 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 17:11 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 17:11 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 17:11 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 17:11 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 17:11 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 17:11 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:11 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 17:11 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 17:11 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 17:11 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 17:11 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 17:11 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 17:11 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 17:11 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 17:11 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 17:11 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 17:11 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 17:11 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 17:11 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 17:11 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 17:11 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 17:11 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 17:11 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 17:11 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 17:11 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 17:11 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 17:11 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 17:11 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 17:11 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 17:11 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 17:11 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:11 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 17:11 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 17:11 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 17:11 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 17:11 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 17:11 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 17:11 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 17:11 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 17:11 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 17:11 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 17:11 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 17:11 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 17:11 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 17:11 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 17:11 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 17:11 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 17:11 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:11 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 17:11 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 17:11 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 17:11 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 17:11 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 17:11 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 17:11 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 17:11 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 17:11 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 17:11 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 17:11 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 17:11 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 17:11 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 17:11 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 17:11 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 17:11 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 17:11 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 17:11 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 17:11 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 17:11 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 17:11 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 17:11 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 17:11 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 17:11 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 17:11 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 17:11 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 17:11 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 17:11 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 17:11 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 17:11 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 17:11 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 17:11 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:11 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 17:11 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 17:11 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 17:11 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 17:11 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 17:11 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 17:11 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 17:11 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 17:11 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 17:11 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 17:11 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 17:11 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 17:11 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 17:11 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 17:11 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 17:11 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 17:11 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 17:11 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 17:11 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 17:11 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 17:11 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 17:11 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 17:11 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 17:11 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 17:11 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 17:11 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 00002587 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-11 10:41 - 2017-01-11 10:41 - 00002583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-11 10:41 - 2017-01-11 10:41 - 00002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-01-11 10:41 - 2017-01-11 10:41 - 00002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-01-11 10:41 - 2017-01-11 10:41 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-11 10:41 - 2017-01-11 10:41 - 00002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-01-11 10:41 - 2017-01-11 10:41 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-01-11 10:41 - 2017-01-11 10:41 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-01-11 10:41 - 2017-01-11 10:41 - 00002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-01-11 10:41 - 2017-01-11 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-01-11 10:34 - 2017-01-11 10:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-10 16:10 - 2016-09-13 22:24 - 00047760 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys
2017-01-10 16:10 - 2016-09-13 22:24 - 00044304 _____ (Sophos Limited) C:\WINDOWS\system32\SophosBootTasks.exe
2017-01-10 10:47 - 2017-01-10 10:47 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Brice_Lambson
2017-01-10 10:45 - 2017-01-10 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
2017-01-10 10:45 - 2017-01-10 10:45 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2017-01-10 10:45 - 2017-01-10 10:45 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2017-01-10 10:44 - 2017-01-10 10:45 - 00887180 _____ (Brice Lambson) C:\Users\Sebastian\Downloads\ImageResizerSetup.exe
2017-01-10 09:55 - 2017-01-10 09:55 - 02558695 _____ C:\Users\Sebastian\Downloads\magentacloud-14.12 Knochenaugmentation .zip
2017-01-08 22:08 - 2017-01-08 22:08 - 00414657 _____ C:\Users\Sebastian\Desktop\10.1177_0022034514549378.pdf
2017-01-08 14:11 - 2017-01-08 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2017-01-08 14:07 - 2017-01-08 14:07 - 00000000 ____D C:\Users\Sebastian\.cisco
2017-01-08 14:05 - 2017-01-08 14:11 - 00000000 ____D C:\ProgramData\Cisco
2017-01-08 14:05 - 2017-01-08 14:11 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-01-08 14:05 - 2017-01-08 14:05 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Cisco
2017-01-08 14:05 - 2016-12-09 16:43 - 00244032 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys
2017-01-02 23:44 - 2017-01-02 23:44 - 00226216 _____ C:\Users\Sebastian\Downloads\Parodontologische Epikrise cmd  Sebastian Fox.pdf
2017-01-02 16:55 - 2017-01-02 16:55 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-28 13:29 - 2017-01-02 18:26 - 00000000 ____D C:\Users\Sebastian\Desktop\MUSIC
2016-12-20 13:10 - 2016-12-20 13:10 - 00053495 _____ C:\Users\Sebastian\Downloads\Begruessungsschreiben_Zusatzdienste-04.12.2014.pdf
2016-12-20 13:03 - 2016-12-20 13:03 - 00053048 _____ C:\Users\Sebastian\Downloads\Auftragsbestaetigung_Zusatzdienste-04.12.2014.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-15 12:33 - 2016-10-17 12:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-15 12:25 - 2016-10-17 12:18 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-15 11:19 - 2016-05-29 11:44 - 00000000 ____D C:\Users\Sebastian\Documents\PCSX2
2017-01-15 10:58 - 2016-10-17 12:18 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-15 10:58 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-15 10:58 - 2016-07-15 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-15 10:50 - 2016-03-08 10:13 - 00000000 ____D C:\Users\Sebastian\Desktop\Seltene Proggis
2017-01-15 10:47 - 2016-07-17 11:48 - 01643192 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-15 10:47 - 2016-07-16 23:51 - 00590596 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-15 10:47 - 2016-07-16 23:51 - 00115538 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-15 10:45 - 2016-10-23 11:42 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-15 10:45 - 2016-07-15 18:29 - 00000000 ____D C:\Users\Sebastian\AppData\Local\NVIDIA
2017-01-15 10:44 - 2016-10-23 11:42 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-15 10:44 - 2016-10-23 11:42 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-15 10:44 - 2016-10-23 11:42 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-15 10:44 - 2016-10-23 11:42 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-15 10:44 - 2016-10-23 11:42 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-15 10:44 - 2016-10-17 12:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-15 10:44 - 2016-10-17 12:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-15 10:44 - 2016-07-15 18:29 - 00000000 ____D C:\Users\Sebastian\AppData\Local\NVIDIA Corporation
2017-01-15 02:25 - 2016-12-13 10:31 - 00000000 ____D C:\AirDroid
2017-01-15 02:25 - 2015-10-31 13:47 - 00000000 ____D C:\Users\Sebastian\Documents\AirDroid
2017-01-15 02:08 - 2016-07-11 10:54 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps
2017-01-15 02:08 - 2015-06-30 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-01-15 02:04 - 2015-07-01 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-01-15 01:17 - 2015-06-30 17:49 - 00000000 ____D C:\Users\Sebastian\AppData\Local\SweetLabs App Platform
2017-01-14 22:21 - 2016-10-17 12:21 - 00000000 ____D C:\Users\Sebastian
2017-01-14 20:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-14 13:16 - 2016-12-03 18:43 - 00003024 _____ C:\WINDOWS\System32\Tasks\AsrSP.exe
2017-01-14 13:13 - 2016-10-17 12:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-14 13:12 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-14 01:18 - 2016-01-28 00:24 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\uTorrent
2017-01-13 22:19 - 2015-07-04 19:32 - 00000000 ____D C:\Users\Sebastian\AppData\LocalLow\Obsidian Entertainment
2017-01-13 20:43 - 2016-03-08 10:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Usenet.nl
2017-01-13 20:42 - 2016-04-06 10:40 - 00000000 ____D C:\Users\Sebastian\Downloads\Usenet
2017-01-13 20:26 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 19:12 - 2015-07-01 04:56 - 00000000 ___RD C:\Users\Sebastian\MagentaCLOUD
2017-01-13 15:59 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 15:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-12 22:21 - 2015-09-03 11:47 - 00000000 ____D C:\Users\Sebastian\Desktop\Unikrams
2017-01-12 13:30 - 2015-06-30 17:51 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Packages
2017-01-12 13:18 - 2015-07-03 08:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-12 13:17 - 2016-02-07 10:33 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 13:16 - 2016-10-17 12:35 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 13:03 - 2016-04-27 06:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 20:14 - 2016-10-17 12:16 - 00353376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 20:12 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 20:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 20:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 20:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 20:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 19:02 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 10:59 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-11 10:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-11 10:21 - 2015-06-30 17:59 - 00000000 __RDO C:\Users\Sebastian\OneDrive
2017-01-10 16:11 - 2015-08-12 22:07 - 00000000 ____D C:\ProgramData\Sophos
2017-01-10 15:58 - 2016-06-16 11:02 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\vlc
2017-01-10 10:45 - 2014-08-01 05:25 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-09 20:13 - 2015-06-30 18:48 - 00000000 ____D C:\Users\Sebastian\AppData\Local\CrashDumps
2017-01-09 15:17 - 2016-01-06 22:38 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Origin
2017-01-09 15:17 - 2016-01-06 22:37 - 00000000 ____D C:\ProgramData\Origin
2017-01-09 15:07 - 2015-09-28 05:19 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Ubisoft Game Launcher
2017-01-08 16:03 - 2016-08-01 21:01 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\dvdcss
2017-01-06 02:10 - 2016-10-23 11:42 - 01855544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-06 02:10 - 2016-10-23 11:42 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-06 02:10 - 2016-10-23 11:42 - 01454136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-06 02:10 - 2016-10-23 11:42 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-06 02:10 - 2016-10-23 11:42 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-06 02:10 - 2016-10-23 11:42 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-01-02 22:28 - 2015-07-04 19:44 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TS3Client
2017-01-02 18:04 - 2016-05-12 14:52 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\WhatsApp
2017-01-02 16:55 - 2016-07-17 12:09 - 00002435 _____ C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-23 00:13 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-21 06:04 - 2016-01-06 22:36 - 00000000 ____D C:\Users\Sebastian\AppData\Local\ElevatedDiagnostics
2016-12-20 13:19 - 2016-10-17 12:35 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-20 13:19 - 2016-10-17 12:35 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-20 13:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Tasks

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-03-06 19:27 - 2016-03-06 19:27 - 21405208 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-10-03 21:01 - 2015-10-04 10:00 - 0002067 _____ () C:\Users\Sebastian\AppData\Roaming\SpeedRunnersLog.txt
2016-07-15 18:40 - 2016-07-15 18:40 - 0000017 _____ () C:\Users\Sebastian\AppData\Local\resmon.resmoncfg
2015-08-26 10:03 - 2015-08-26 10:03 - 0005219 _____ () C:\Users\Sebastian\AppData\Local\transitiontransition_9237a2690e8a06e6e509f66bf7085492.ini
2015-07-03 08:34 - 2015-07-03 08:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-10-17 12:18 - 2016-10-17 12:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\Adblocker.exe
C:\Users\Sebastian\AppData\Local\Temp\MMIns.exe
C:\Users\Sebastian\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Sebastian\AppData\Local\Temp\nvStInst.exe
C:\Users\Sebastian\AppData\Local\Temp\NvTelemetry.dll
C:\Users\Sebastian\AppData\Local\Temp\NvTelemetryAPI32.dll
C:\Users\Sebastian\AppData\Local\Temp\NvTelemetryAPI64.dll
C:\Users\Sebastian\AppData\Local\Temp\octCEC7.tmp.exe
C:\Users\Sebastian\AppData\Local\Temp\SetupScreenShared.exe
C:\Users\Sebastian\AppData\Local\Temp\VideoBox.exe
C:\Users\Sebastian\AppData\Local\Temp\wajam_install.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-01-06 18:17

==================== Ende von FRST.txt ============================
         
__________________

Alt 15.01.2017, 13:52   #4
Spheenix
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



Addition.txt
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-01-2017
durchgeführt von Sebastian (15-01-2017 13:36:29)
Gestartet von C:\Users\Sebastian\Downloads
Windows 10 Home Version 1607 (X64) (2016-10-17 11:44:45)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1585825436-704687126-3158100386-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1585825436-704687126-3158100386-503 - Limited - Disabled)
Gast (S-1-5-21-1585825436-704687126-3158100386-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1585825436-704687126-3158100386-1019 - Limited - Enabled)
Sebastian (S-1-5-21-1585825436-704687126-3158100386-1001 - Administrator - Enabled) => C:\Users\Sebastian
SophosSAUMICASA0 (S-1-5-21-1585825436-704687126-3158100386-1004 - Limited - Enabled)
SophosSAUMICASA1 (S-1-5-21-1585825436-704687126-3158100386-1017 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Sophos Home (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Home (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

"Nero SoundTrax Help (x32 Version: 4.4.32.0 - Nero AG) Hidden
µTorrent (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AirDroid 3.2.0.0 (HKLM-x32\...\AirDroid) (Version: 3.2.0.0 - Sand Studio)
Amazon Kindle (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
AnimanicChat Version 4.2.365 (HKLM-x32\...\AnimanicChat_is1) (Version: 4.2.365 - )
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
A-Tuning v2.0.271 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.271 - ASRock Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
calibre 64bit (HKLM\...\{489E20EA-CCB7-4B03-A9A9-10BA7E460A21}) (Version: 2.66.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.05017 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.05017 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Core Temp 1.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.1 - Alcpu)
Corel PaintShop Pro X7  (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)
Corel PaintShop Pro X7 (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
Curse Client (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version:  - Eidos Montreal)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Divinity: Original Sin Enhanced Edition (HKLM\...\Steam App 373420) (Version:  - Larian Studios)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version:  - SEIKO EPSON Corporation)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gwent (HKLM-x32\...\1971477531_is1) (Version: 2.0.0.0 - GOG.com)
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Heroes & Generals (HKLM\...\Steam App 227940) (Version:  - Reto-Moto)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Host App Service (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\SweetLabs_AP) (Version: 0.269.8.114 - Pokki)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Acer Incorporated)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
ICA (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
ICQ (Version 10.0.12027) (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\icq.desktop) (Version: 10.0.12027 - ICQ)
Image Resizer for Windows (64 bit) (HKLM\...\{B6EFF29D-7CAB-4CE0-9FFC-3D55D27E948D}) (Version: 3.0.4442.6002 - Brice Lambson)
Image Resizer for Windows (HKLM-x32\...\{14ebe571-096e-4cdd-8ee5-a2c0cc6b9b5e}) (Version: 3.0.4442.6002 - Brice Lambson)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Infix PDF Editor Version 7.0.5.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 7.0.5.0 - Iceni Technology)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
IPM_PSP_COM (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 17.0.0.199 - Corel Corporation) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Kingdom Come: Deliverance (Beta Access) (HKLM\...\Steam App 286860) (Version:  - )
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version:  - LastPass)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
MagentaCLOUD Software (HKLM-x32\...\{E9D2DFCA-ACCC-4D19-B0DA-9CD1DE76B2DA}) (Version: 5.2.0.0 - Deutsche Telekom AG)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Mansions of Madness (HKLM\...\Steam App 478980) (Version:  - Fantasy Flight Games)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Master of Orion (HKLM-x32\...\Steam App 298050) (Version:  - NGD Studios)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Nero 9 (HKLM-x32\...\{aa3bd892-e1e0-4873-a8b7-7c03975a475b}) (Version:  - Nero AG)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 368.81 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.2.1 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.2 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
PDF24 Creator 7.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version:  - Obsidian Entertainment)
Pokki Start Menu (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\SweetLabs_Start_Menu) (Version: 0.269.8.114 - Pokki)
PSPPContent (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPro64 (Version: 17.0.0.199 - Corel Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version:  - Square Enix)
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - )
Setup (x32 Version: 17.0.0.199 - Ihr Firmenname) Hidden
Shadowrun: Hong Kong (HKLM-x32\...\Steam App 346940) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version:  - Firaxis)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{3B998572-90A5-4D61-9022-00B288DD755D}) (Version: 10.7.0.301 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.5.2.1 - Sophos Limited)
Sophos Diagnostic Utility (HKLM-x32\...\{4627F5A1-E85A-4394-9DB3-875DF83AF6C2}) (Version: 1.13.0.4 - Sophos Limited)
Sophos Home (HKLM-x32\...\{63F3BF88-DE8E-4B21-BB24-F64CE500308E}) (Version: 1.1.0.78 - Sophos Limited)
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.3.0.107 - Sophos Limited)
Sophos System Protection (HKLM\...\{934BEF80-B9D1-4A86-8B42-D8A6716A8D27}) (Version: 2.6.0.71 - Sophos Limited)
SoundTrax (x32 Version: 4.4.32.0 - Nero AG) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version:  - Creative Assembly)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version:  - )
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WhatsApp (HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\WhatsApp) (Version: 0.2.2245 - WhatsApp)
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolcen: Lords of Mayhem (HKLM\...\Steam App 424370) (Version:  - WOLCEN Studio)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00F02F14-DE4B-4E6F-AA9B-1D2432DB25BC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-11] (Microsoft Corporation)
Task: {0808349E-5446-43AA-9B70-87F3A995977F} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2014-03-03] (Acer Incorporated)
Task: {10D838AC-36D5-48BD-8018-DEB637B03BF1} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-06] (NVIDIA Corporation)
Task: {2038DE5D-86E9-4ADA-A81E-D85B2E4B77A3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-06] (NVIDIA Corporation)
Task: {24E082F2-9ACD-4C4C-AFBE-105475BB95EF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {2865A78C-C913-4EF3-8895-D69C60316FDC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {2B85DB4A-A78E-4262-9BD1-CF0F8BA355B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
Task: {320B7238-A78D-4BB8-A3D1-D6A4CD822057} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-06-08] (Acer Incorporated)
Task: {32F981EB-6F99-4C70-ACD2-9E3408BBC372} - System32\Tasks\Update\SecUpdate => C:\Users\Sebastian\AppData\Roaming\svchost.exe <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {353D9464-75E2-4381-A08A-FB9A52667188} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {4354A565-40E2-4CE0-B0CE-FA61965DB292} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
Task: {4CCA3664-5306-4441-A05B-FEE1B0944CA2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {50032F7A-5814-44FF-BC04-AD8B7E0E52D8} - System32\Tasks\{BE121B94-043A-49C6-B2BE-1333B2973479} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=prometheus --displayname="Overwatch"
Task: {5597F99E-CAF5-4EFC-A3AE-65983DB37143} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {62967D05-79A7-4AA2-B25C-9D91D51D6393} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-06] (NVIDIA Corporation)
Task: {689D66B7-07CC-43F4-8890-1C477FA735AC} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
Task: {79252ADA-73B4-4E07-8CDC-F7291F065563} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-06] (NVIDIA Corporation)
Task: {799B1AFA-17B3-42AE-B5A9-301B858AF1D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {7C59626F-CB46-48BD-84E8-00CBD1A7BEB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-11] (Microsoft Corporation)
Task: {7D38A6E6-3915-4F47-B71E-F4FF052C2726} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {967F54D9-5DDF-4E34-B0D3-D4321D875F91} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-01-11] (Microsoft Corporation)
Task: {A2AB4BD6-6239-464C-9EE5-36560B473C5D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {BE19FBD8-397A-4634-8B4C-CCAB2B64655B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {BEDB405D-600B-4EE6-AE3B-AB774DA16DE6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {C01A1739-AEC4-48E5-B0DB-28DEDFAEED6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {C757024D-8B2F-4F45-BC1B-76602C022477} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-06] (NVIDIA Corporation)
Task: {C8F4BAFD-BDEF-4CDA-9E9F-6DFDAF2C7632} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {C9E11438-0AE0-4686-8885-732FA9ADA86B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-06] (NVIDIA Corporation)
Task: {CDBD533D-4B82-43F5-80E2-C90B6BD11C55} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-12-02] ()
Task: {D00FAF10-8977-4545-85D2-578B545DE28F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {D00FBD76-EE80-491D-B919-2819BF259886} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {D40E1AC1-72B2-45B0-A859-9DB3217D5F9B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {E5A832E2-20B3-405F-AD21-9425A5069C3C} - System32\Tasks\SweetLabs App Platform => C:\Users\Sebastian\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-11-16] (Pokki)
Task: {E7B49752-54E9-4776-BE4F-69496A93EE5A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {EFAAE108-C311-470E-97E9-85E403679CF6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {FFDDF89D-3299-44BD-BAF3-1E3CD4B792D1} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-06] (NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Vysоr.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.emorhc.bat ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorеr.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Сhromе.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.emorhc.bat ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internеt Ехрlоrer Вrowsеr.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\АirDroid.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.rehcnual.bat ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Chromе.lnk -> C:\Users\Sebastian\AppData\Roaming\Browsers\exe.emorhc.bat ()

ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Vysor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gidgenkbbabolejbgbpnhbimgjbffefm

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 18:21 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-15 18:43 - 2014-07-31 15:17 - 00463112 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2016-11-05 21:05 - 2016-06-25 08:52 - 00018432 _____ () C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
2016-12-14 18:21 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-02 16:54 - 2017-01-02 16:54 - 01678560 _____ () C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-10-17 13:11 - 2016-10-17 13:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 17:11 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-01 15:55 - 2013-05-28 17:56 - 00151552 _____ () C:\Windows\System\3DG4me.exe
2016-12-14 18:24 - 2016-12-14 18:24 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 18:24 - 2016-12-14 18:24 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-11 17:11 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 17:11 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 17:11 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 17:11 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 17:11 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 17:11 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-23 11:42 - 2017-01-06 02:10 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-23 11:42 - 2017-01-06 02:10 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-17 12:18 - 2016-12-11 19:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 18:24 - 2016-12-14 18:24 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-08-02 22:23 - 2016-09-13 22:24 - 00111400 _____ () C:\Program Files (x86)\Sophos\Sophos Anti-Virus\rkdisk.dll
2016-12-09 17:26 - 2016-12-09 17:26 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-11-05 21:05 - 2015-05-26 19:54 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll
2016-09-01 15:55 - 2012-06-06 10:56 - 00143360 _____ () C:\Windows\System\3DG4me.dll
2015-05-20 10:20 - 2013-09-16 05:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-10-26 23:18 - 2016-10-26 23:18 - 53018112 _____ () D:\GalaxyClient\libcef.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00507968 _____ () D:\GalaxyClient\PocoUtil.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 01076800 _____ () D:\GalaxyClient\PocoNet.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 01854528 _____ () D:\GalaxyClient\PocoData.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00393280 _____ () D:\GalaxyClient\PocoDataSQLite.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 01589312 _____ () D:\GalaxyClient\PocoFoundation.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00307776 _____ () D:\GalaxyClient\PocoNetSSL.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00330816 _____ () D:\GalaxyClient\PocoJSON.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00104000 _____ () D:\GalaxyClient\zlib.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00520768 _____ () D:\GalaxyClient\PocoXML.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00272448 _____ () D:\GalaxyClient\PocoZip.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00680000 _____ () D:\GalaxyClient\sqlite.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00157760 _____ () D:\GalaxyClient\PocoCrypto.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00425536 _____ () D:\GalaxyClient\pcre.dll
2017-01-15 01:58 - 2017-01-15 01:58 - 00152128 _____ () D:\GalaxyClient\expat.dll
2016-10-23 11:42 - 2017-01-06 02:10 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-23 11:42 - 2017-01-06 02:10 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-23 11:42 - 2017-01-06 02:10 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-23 11:42 - 2017-01-06 01:09 - 00527416 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-23 11:42 - 2017-01-06 01:09 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-23 11:42 - 2017-01-06 01:09 - 02807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-23 11:42 - 2017-01-06 01:09 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-23 11:42 - 2017-01-06 01:09 - 00449080 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-23 11:42 - 2017-01-06 01:09 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-23 11:42 - 2017-01-06 01:09 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-15 10:44 - 2017-01-06 01:09 - 00954816 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-10-26 23:18 - 2016-10-26 23:18 - 01738752 _____ () D:\GalaxyClient\libglesv2.dll
2016-10-26 23:18 - 2016-10-26 23:18 - 00078848 _____ () D:\GalaxyClient\libegl.dll
2016-10-23 11:42 - 2017-01-06 02:10 - 64246840 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-14 14:42 - 2016-10-14 14:42 - 40629032 _____ () C:\Program Files (x86)\Sophos\Sophos Home\libcef.dll
2016-10-14 14:42 - 2016-10-14 14:42 - 00956712 _____ () C:\Program Files (x86)\Sophos\Sophos Home\ffmpegsumo.dll
2016-12-15 15:32 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 15:32 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-13 19:13 - 2016-12-08 16:13 - 00656160 _____ () D:\Steam\SDL2.dll
2016-10-16 11:06 - 2016-09-01 02:02 - 04969248 _____ () D:\Steam\v8.dll
2017-01-02 17:42 - 2016-12-20 03:25 - 02322720 _____ () D:\Steam\video.dll
2016-10-16 11:06 - 2016-09-01 02:02 - 01563936 _____ () D:\Steam\icui18n.dll
2016-10-16 11:06 - 2016-09-01 02:02 - 01195296 _____ () D:\Steam\icuuc.dll
2016-10-16 11:05 - 2016-01-27 08:49 - 02549760 _____ () D:\Steam\libavcodec-56.dll
2016-10-16 11:05 - 2016-01-27 08:49 - 00491008 _____ () D:\Steam\libavformat-56.dll
2016-10-16 11:05 - 2016-01-27 08:49 - 00332800 _____ () D:\Steam\libavresample-2.dll
2016-10-16 11:05 - 2016-01-27 08:49 - 00442880 _____ () D:\Steam\libavutil-54.dll
2016-10-16 11:05 - 2016-01-27 08:49 - 00485888 _____ () D:\Steam\libswscale-3.dll
2017-01-02 17:42 - 2016-12-20 03:25 - 00838944 _____ () D:\Steam\bin\chromehtml.DLL
2016-10-16 11:05 - 2016-07-04 23:17 - 00266560 _____ () D:\Steam\openvr_api.dll
2016-12-13 19:13 - 2016-12-05 17:21 - 67304736 _____ () D:\Steam\bin\cef\cef.win7\libcef.dll
2016-10-16 11:05 - 2015-09-25 00:52 - 00119208 _____ () D:\Steam\winh264.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Sebastian:Heroes & Generals [38]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2016-12-07 11:26 - 00003085 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 vortex.data.microsoft.com 
0.0.0.0 vortex-win.data.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 
0.0.0.0 oca.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 
0.0.0.0 watson.telemetry.microsoft.com 
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 
0.0.0.0 redir.metaservices.microsoft.com 
0.0.0.0 choice.microsoft.com 
0.0.0.0 choice.microsoft.com.nsatc.net 
0.0.0.0 wes.df.telemetry.microsoft.com 
0.0.0.0 services.wes.df.telemetry.microsoft.com 
0.0.0.0 sqm.df.telemetry.microsoft.com 
0.0.0.0 telemetry.microsoft.com 
0.0.0.0 watson.ppe.telemetry.microsoft.com 
0.0.0.0 telemetry.appex.bing.net 
0.0.0.0 telemetry.urs.microsoft.com 
0.0.0.0 telemetry.appex.bing.net:443 
0.0.0.0 settings-sandbox.data.microsoft.com 
0.0.0.0 survey.watson.microsoft.com 
0.0.0.0 watson.live.com 
0.0.0.0 watson.microsoft.com 
0.0.0.0 statsfe2.ws.microsoft.com 
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 
0.0.0.0 compatexchange.cloudapp.net 
0.0.0.0 a-0001.a-msedge.net 
0.0.0.0 statsfe2.update.microsoft.com.akadns.net 
0.0.0.0 sls.update.microsoft.com.akadns.net 

Da befinden sich 30 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{bb17ab4f-846f-43cc-9156-6835177188f7}.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\StartupFolder: => "vpngui.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\StartupFolder: => "MagentaCLOUD.lnk"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "AcerPortal"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "HP Deskjet 3520 series (NET)"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "autoRunTest"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "icq.desktop"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "AirDroid 3"
HKU\S-1-5-21-1585825436-704687126-3158100386-1001\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{1E2FCB30-188E-4064-B3E3-CDECF4A77BC9}] => D:\Steam\steamapps\common\How to Survive 2\Exe\Detect.exe
FirewallRules: [{1D86337B-D945-4B6F-BDA5-4F02D5AFCD96}] => D:\Steam\steamapps\common\How to Survive 2\Exe\Detect.exe
FirewallRules: [{96BC4FB7-7919-4C35-944D-350BF6720031}] => D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{DA56D1F5-C267-417F-8091-658718E0A61A}] => D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{6FA063BF-560B-41DB-A608-2BDE32B6BC80}] => D:\Steam\steamapps\common\How to Survive 2\Exe\Detect.exe
FirewallRules: [{754C5186-84A8-4DFC-91C1-DB66C944E143}] => D:\Steam\steamapps\common\How to Survive 2\Exe\Detect.exe
FirewallRules: [{D1593052-2167-44D5-AC6A-F214EFF3759B}] => D:\Steam\steamapps\common\How to Survive 2\Exe\HowToSurvive2.exe
FirewallRules: [{DB2D85BD-0061-4E20-80DD-B7323F3C4D78}] => D:\Steam\steamapps\common\How to Survive 2\Exe\HowToSurvive2.exe
FirewallRules: [{D9974259-2F1D-425A-A66F-A30329CF38F8}] => D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{447DE757-8F8D-4E82-8AFC-163A10B1C251}] => D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{FA8DE2EB-12FA-43F7-9C82-6A8734A4393F}] => D:\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{7B6C33B0-FB82-43A2-A250-8A459736D7C3}] => D:\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [UDP Query User{CB20F2D2-A04C-4EBA-82F9-252C2F856F3D}D:\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe] => D:\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe
FirewallRules: [TCP Query User{53701EF3-87E6-4AA4-87E3-ABFBD4E593DF}D:\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe] => D:\steam\steamapps\common\life is feudal your own\server\cm_yo_server.exe
FirewallRules: [{50286E3B-8E36-414C-9BFC-B0458C58D174}] => D:\Steam\steamapps\common\Kingdom Come Deliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{A415AEA0-AC37-4F94-9FEC-8541A03FFA7C}] => D:\Steam\steamapps\common\Kingdom Come Deliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{0D04DD23-CACC-4A6D-BDA1-7826A0D0D395}] => D:\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{3E257D4E-E632-48D7-A23A-71329A7E4E7C}] => D:\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{E571D2BA-8496-4F5C-888B-4AABB2378B42}] => C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E52CD804-4FF4-4CA7-A58E-CD8D417943ED}] => C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F8146DE8-34D8-4D8A-AAA9-82783948D8B7}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{A9434915-3207-4FBA-A179-81C9054ECCEF}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{40FC94B5-E6D4-4003-834D-AFE6979337DE}] => D:\Steam\Steam.exe
FirewallRules: [{64826A5F-81A8-4D33-9D4C-17EC5CE023E1}] => D:\Steam\Steam.exe
FirewallRules: [{11ED5125-63F7-40AE-B49A-1FE6E421B7C4}] => D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{83B19263-5FB4-4055-B8E4-800472E5B7F7}] => D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{8CC69F9C-0FC7-45E6-84BC-CCDFD404E5FC}] => D:\Battle.net\Battle.net.exe
FirewallRules: [{14634FAF-E8B2-427E-B3E5-31B0C31BD25A}] => D:\Battle.net\Battle.net.exe
FirewallRules: [{F08CB014-20C2-4FD6-9190-DA7988FE6237}] => D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{4A1E334F-5EAE-47A1-804A-24C7D7076BFA}] => D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{97CA08B6-AD2D-44A5-A058-69AC3452B214}] => D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{65B1B9B4-C260-4A07-A790-80C79AB4DB7B}] => D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{7A3C1821-C450-4D82-AA03-6694B59C6438}] => D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{5D7977EE-2587-4D92-8ED3-152C93D38D14}] => D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{E71B900E-2431-46F6-BC22-E165851B19C1}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BDC4493D-DE85-4601-9092-432844F54343}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{49536044-9D3C-4C9C-A432-F5F5E0A41FC3}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B4D87CB3-FB89-4579-8E42-8AE89A314666}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{59C6A513-8B30-41D8-A569-C049BE95B31D}] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{275E7FC1-9D7D-4701-B0EF-D6D8E83625FF}] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A8B14BF4-FC01-47CC-AE2A-E2DFC50C8601}] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{83352639-0988-44A4-A0FA-E2D4C8807703}] => D:\The Secret World\ClientPatcher.exe
FirewallRules: [{878F7B7B-7B63-44F1-82C5-5F0B59A86D37}] => D:\The Secret World\ClientPatcher.exe
FirewallRules: [TCP Query User{F5C3513C-3A46-4A68-96DE-112FC9B7A9B3}C:\windows\syswow64\msiexec.exe] => C:\windows\syswow64\msiexec.exe
FirewallRules: [UDP Query User{4C9C6C66-9995-4255-B2E9-27A622E8BB43}C:\windows\syswow64\msiexec.exe] => C:\windows\syswow64\msiexec.exe
FirewallRules: [TCP Query User{752AA425-2EEB-4A30-AE58-ECB1093CEC9C}C:\users\sebastian\appdata\roaming\spotify\spotify.exe] => C:\users\sebastian\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{27A0D4E1-856D-42B8-80B4-4702FCC7AC57}C:\users\sebastian\appdata\roaming\spotify\spotify.exe] => C:\users\sebastian\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C8033AF6-FBA3-4902-9699-DB8F29C05F57}] => D:\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{AE22A613-392C-4262-AC5E-FEB412153FF8}] => D:\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [TCP Query User{DD76B5B4-D07A-4B09-ABF0-CC2C1CC533E9}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{F7F15F6F-13ED-41C4-8693-854350B77316}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [TCP Query User{3E354004-9268-458B-9A99-1FCED9BC2616}C:\users\sebastian\documents\octgn\octgn\octgn.exe] => C:\users\sebastian\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{400B5718-1B40-4855-90B4-30F9F513471C}C:\users\sebastian\documents\octgn\octgn\octgn.exe] => C:\users\sebastian\documents\octgn\octgn\octgn.exe
FirewallRules: [TCP Query User{5FA96732-ABDF-495B-ACED-C315068CE662}C:\users\sebastian\documents\octgn\octgn\octgn.online.standaloneserver.exe] => C:\users\sebastian\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [UDP Query User{406450A6-8838-4830-80A5-6C0FC412D820}C:\users\sebastian\documents\octgn\octgn\octgn.online.standaloneserver.exe] => C:\users\sebastian\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [{ABC943DC-EDCD-4834-BB3D-87E96B7478D3}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{419D19DC-9CEC-47EC-B24F-9785AE2550EE}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [TCP Query User{5E898775-9F44-4C56-92B8-D1D5E3102A1E}C:\program files (x86)\airdroid\airdroid.exe] => C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{83384FE7-0C39-4E68-B5A9-2265065AE523}C:\program files (x86)\airdroid\airdroid.exe] => C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{E6757B03-4881-4C24-B433-B95D46973D5B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9BD03B36-BDE6-41F4-A2F6-A450558A9538}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{36B7A6DE-1A19-4556-8501-69D9386A7E31}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D4E2DC39-2B1F-4579-8D47-AD662567EC1B}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6ADBBA35-D962-46A8-BFB8-DB9E3E4A65FC}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8485B2A0-C9F8-4277-B724-5697659E6CCF}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{68A2A34D-BDEF-4901-B461-6909D53BF282}] => D:\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{683A8B75-1D2C-4AD3-BCF1-D95AE8F528F4}] => D:\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{5F00ADEC-8D64-4EE1-9BB8-66F0FC6AAA1C}] => D:\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{CE697F2F-E8A6-4C14-9B80-3689B69FD7F6}] => D:\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{F169CA40-D9C0-441C-8936-987B8D13E739}] => D:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{9C49EC69-BA8C-49D4-8FA8-CAA9AB9A947E}] => D:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{AB7388E9-13EA-49A5-9AF2-70D6A17DDF1F}] => D:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{5270EEB3-B047-4917-A56F-2598C010E634}] => D:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{24864E73-C3C3-4A9F-B444-BF5BEEA7EFF7}] => D:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{AEF2FE6B-B6EA-4782-8388-168F5CF9489F}] => D:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{360E5EE0-373F-4B5B-90C3-C606735B20C8}] => D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{4EC1512D-7E5A-478E-AFF2-EED706A49E28}] => D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [TCP Query User{2C9C4554-1DB6-4774-B4E9-10A6C93E2AB7}D:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe] => D:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{C5B58821-8763-4F7E-82D1-C7C8AD99A9DF}D:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe] => D:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [{ECD4C8F3-6821-492C-85FD-8F11DF298749}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{504ACAF4-9687-41A6-A705-1363B707C00F}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{150A4AEB-F4C3-4E92-B8B3-BEF67FCB2C65}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{652FBEF4-BF9C-4FAA-B4BB-BB75F5A7679E}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{85B39268-9006-4852-9253-ADC6B5FBCEB0}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6CDDAA5-88A1-49AC-97CF-D4D3CC595BC7}] => C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B79D23D2-435B-4FA5-ADC7-00CF340B04E7}D:\steam\steamapps\common\dayz\dayz.exe] => D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{BD223A38-745A-49A4-9E7B-4CEDBC60FBB5}D:\steam\steamapps\common\dayz\dayz.exe] => D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{F9D09625-2A4C-432E-82F9-BC16604EB404}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0B13E370-F5F8-4A7F-BD44-B8E02D769A86}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FC755AC1-4BE5-4D80-88A7-B5FE4B66A88C}] => D:\Steam\steamapps\common\Master of Orion\MasterOfOrion.exe
FirewallRules: [{1D233D33-5AF8-499B-B5ED-53C7EBE86BDF}] => D:\Steam\steamapps\common\Master of Orion\MasterOfOrion.exe
FirewallRules: [{F3E51548-9C74-4540-8556-68AD6805584E}] => D:\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{91D19457-4724-447E-8657-82F862079FA1}] => D:\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{1F1ABCED-8FED-4251-B186-BE2BD261A08D}] => D:\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{CB1DF477-8C62-4653-932E-C9EAEA6835DB}] => D:\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [TCP Query User{5F045DA0-746C-45FE-B3A1-64AA872233B4}D:\steam\steamapps\common\total war warhammer\warhammer.exe] => D:\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [UDP Query User{0B9C5B8D-AF74-4E05-BD29-FC70AE576709}D:\steam\steamapps\common\total war warhammer\warhammer.exe] => D:\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{6E995F57-FD6B-4103-B4B1-00ADFB7D3537}C:\program files (x86)\airdroid\airdroid.exe] => C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{3A0457DE-F585-4B4C-AAFB-18454028B18C}C:\program files (x86)\airdroid\airdroid.exe] => C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{CFE949C7-DEF8-4327-B83F-EBCCA68250EF}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{00C520C6-6352-47F0-ABAC-8EFC87226455}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{307DF031-DDE4-4BCE-97DF-B7419C15F55E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D5F685E7-B5C5-4EF7-A4DC-987F70CF6453}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDCA39D0-25CD-4552-9297-6BD5708C6C20}] => D:\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{B8950063-3A1F-4AFE-8158-5988296A97DC}] => D:\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{E0379937-13F7-4682-A9FB-132CF0051966}] => D:\Steam\steamapps\common\How to Survive 2\Exe\HowToSurvive2.exe
FirewallRules: [{82522F76-9015-432A-9678-B5ACC4A4D5C8}] => D:\Steam\steamapps\common\How to Survive 2\Exe\HowToSurvive2.exe
FirewallRules: [{5B14A1AB-F510-4959-8A63-1E2A8DC1E1D4}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{E2E03B96-686A-4E4A-AB08-7AFB08486890}] => D:\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{27AF7F03-0254-4028-AE31-CBD6D3BA01E9}] => D:\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{6CEC33C8-0BC4-4CF1-AA3F-3AC4896DE355}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{AAD09435-7629-46A4-92C4-0BF4412D3E57}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{85E83FF6-AB0D-43AA-B165-931E19250471}] => C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{B12E5F70-9D93-4189-B27D-4BE89EFC8CF3}] => C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [TCP Query User{F4B46B22-43D3-4DF6-874C-D0F159BE2A62}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm.exe] => C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm.exe
FirewallRules: [UDP Query User{698782D2-8C0D-4AF1-B3EB-80A824B89E25}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm.exe] => C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm.exe
FirewallRules: [{C43E6989-9C85-4A70-B6D7-61ED93737D6D}] => D:\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{458AA6CC-4444-4158-85FB-CE84E47CE0DF}] => D:\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [TCP Query User{013E6EC7-8959-4CE2-9B36-CCC02BE56538}C:\gog games\gwent\gwent.exe] => C:\gog games\gwent\gwent.exe
FirewallRules: [UDP Query User{4A9B70CA-2449-4972-B9D1-793A6D2CD93C}C:\gog games\gwent\gwent.exe] => C:\gog games\gwent\gwent.exe
FirewallRules: [TCP Query User{CC9B9F35-BC41-4777-A5B8-779DF526F3D1}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm.exe] => C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm.exe
FirewallRules: [UDP Query User{BE5885CF-12CD-49DD-802E-60BC71F62B03}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm.exe] => C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm.exe
FirewallRules: [{D924F747-86E8-4645-A559-58B710F021E2}] => D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3F37CB3F-D5B3-4EF5-B85B-A442B7A4A5E4}] => D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7011B0D9-8930-4B24-86BC-951C4C90E788}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{06569F85-BA34-46AA-84BE-C7152193AE5E}] => D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{404E1F38-FD2F-479E-92C8-2BA1F73414D0}] => D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{FD5A5B3F-4A66-4CD4-9E99-13D97711D4DF}] => D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{91BD9679-40FE-4B72-8A69-73F4810D0E3A}] => D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{FA75CE1F-835E-45F9-931E-3B86083C9F42}] => D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{0BCEDA18-8A52-4A27-849B-5509A12519EA}] => D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{E97D4C8C-F6EF-4404-B775-B94FA06FE8C4}] => D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{6DD127F3-D9C4-47C0-8136-4E681535D2FC}] => D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{28601C56-EBB8-4AA8-A69E-EF0676AE02B0}] => D:\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{2F1B23F0-4F51-4300-8210-3D720633205B}] => D:\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{D66D6626-C5E9-4649-95EE-74A638754DE8}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{6957B582-14D7-4264-8791-D8ADAEC5D1AB}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{679E17E2-6610-4666-8253-73381AFDBDB0}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{96B33869-E91C-4276-A2A3-B59FD1D3C24A}] => D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{B25458AF-5C54-4F72-95AD-469750094E46}] => D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{9C896262-4BE2-49D8-8BAB-2E9ED3626D79}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F02C68A0-3A8A-4B5A-8AB7-AAF6E419E466}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{CB6A2BA9-4228-45EA-A75E-97C7C3BB3CC5}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{06667E90-F57E-413F-A88A-01CBDCEBE9F2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{92264551-342E-402E-81BD-252CE33441B0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Wiederherstellungspunkte =========================

21-12-2016 09:32:56 Windows Update
02-01-2017 16:55:59 Windows Update
05-01-2017 17:34:37 Windows Update
08-01-2017 14:04:39 Installed Cisco AnyConnect Secure Mobility Client
11-01-2017 17:12:57 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/15/2017 11:08:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\nero\nero 9\nero photosnap\PhotoSnap.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/15/2017 11:08:13 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (01/15/2017 11:08:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/15/2017 10:59:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\nero\nero 9\nero photosnap\PhotoSnap.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/15/2017 10:58:26 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (01/15/2017 10:58:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/15/2017 10:53:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\nero\nero 9\nero photosnap\PhotoSnap.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/15/2017 10:46:17 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (01/15/2017 10:46:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/14/2017 07:55:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvxdsync.exe, Version: 8.17.13.7619, Zeitstempel: 0x584051a5
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x5825887f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f8283
ID des fehlerhaften Prozesses: 0xf1c
Startzeit der fehlerhaften Anwendung: 0x01d26e5f9f79be9b
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: ddbc0567-bfc1-4089-bb19-6902af4fe57b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (01/15/2017 01:00:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero BackItUp Scheduler 4.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/15/2017 12:45:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/15/2017 12:41:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/15/2017 11:27:51 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/14/2017 01:24:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/14/2017 01:21:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200b fehlgeschlagen: Hewlett-Packard  - Imaging - Null Print - HP Deskjet 3520 series

Error: (01/14/2017 01:17:20 PM) (Source: DCOM) (EventID: 10016) (User: MICASA)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Micasa\Sebastian" (SID: S-1-5-21-1585825436-704687126-3158100386-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/14/2017 01:17:20 PM) (Source: DCOM) (EventID: 10016) (User: MICASA)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Micasa\Sebastian" (SID: S-1-5-21-1585825436-704687126-3158100386-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/14/2017 01:17:20 PM) (Source: DCOM) (EventID: 10016) (User: MICASA)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Micasa\Sebastian" (SID: S-1-5-21-1585825436-704687126-3158100386-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/14/2017 01:17:19 PM) (Source: DCOM) (EventID: 10016) (User: MICASA)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Micasa\Sebastian" (SID: S-1-5-21-1585825436-704687126-3158100386-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


CodeIntegrity:
===================================
  Date: 2017-01-15 11:34:49.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-15 11:34:47.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-11 10:08:50.106
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-11 10:08:49.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 8142.85 MB
Verfügbarer physikalischer RAM: 4122.22 MB
Summe virtueller Speicher: 9422.85 MB
Verfügbarer virtueller Speicher: 4311 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:455.5 GB) (Free:221.51 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.01 GB) (Free:188.13 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DE6E102E)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 15.01.2017, 13:55   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



Zitat:
C:\Users\Sebastian\Downloads\3DMGAME-Tyranny.Overlord.Edition.Cracked-3DM
Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.01.2017, 14:05   #6
Spheenix
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



Entschuldige bitte, mea culpa, teste meistens darüber und hol es mir dann wenns gefällt.
Ist entfernt, soll ich dir eine neue logfile posten?

Alt 15.01.2017, 14:11   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



Fürs testen gibt es Demoversionen.

Ist das Programm auch deinstalliert worden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.01.2017, 14:13   #8
Spheenix
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



Vollständig - dürftest es jetzt nur noch in meinen Steamapps finden.

OT: Leider gibt es nicht mehr für alles eine Demoversion :-\

/edit: und die beiden anderen, die du finden dürftest, ebenso.

Alt 15.01.2017, 14:18   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



Gut ich hoffe du hast nix weiteres drauf was gecrackt ist...


1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.01.2017, 14:59   #10
Spheenix
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.01.15.03
  rootkit: v2016.11.20.01

Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
Sebastian :: MICASA [administrator]

15.01.2017 14:30:49
mbar-log-2017-01-15 (14-30-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 359519
Time elapsed: 22 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
TDSSKiller
Code:
ATTFilter
14:56:03.0689 0x32c0  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
14:56:03.0689 0x32c0  UEFI system
14:56:07.0796 0x32c0  ============================================================
14:56:07.0796 0x32c0  Current date / time: 2017/01/15 14:56:07.0796
14:56:07.0798 0x32c0  SystemInfo:
14:56:07.0798 0x32c0  
14:56:07.0798 0x32c0  OS Version: 10.0.14393 ServicePack: 0.0
14:56:07.0798 0x32c0  Product type: Workstation
14:56:07.0798 0x32c0  ComputerName: MICASA
14:56:07.0799 0x32c0  UserName: Sebastian
14:56:07.0799 0x32c0  Windows directory: C:\WINDOWS
14:56:07.0799 0x32c0  System windows directory: C:\WINDOWS
14:56:07.0799 0x32c0  Running under WOW64
14:56:07.0799 0x32c0  Processor architecture: Intel x64
14:56:07.0799 0x32c0  Number of processors: 4
14:56:07.0799 0x32c0  Page size: 0x1000
14:56:07.0799 0x32c0  Boot type: Normal boot
14:56:07.0799 0x32c0  CodeIntegrityOptions = 0x00000001
14:56:07.0799 0x32c0  ============================================================
14:56:08.0816 0x32c0  KLMD registered as C:\WINDOWS\system32\drivers\73121870.sys
14:56:08.0816 0x32c0  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
14:56:09.0286 0x32c0  System UUID: {331859AA-1F7A-2436-C6F5-4682B1DA5DBB}
14:56:10.0080 0x32c0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:56:10.0088 0x32c0  ============================================================
14:56:10.0088 0x32c0  \Device\Harddisk0\DR0:
14:56:10.0100 0x32c0  GPT partitions:
14:56:10.0130 0x32c0  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {810FC053-D3E1-4372-B567-5BBB3A6B8343}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x12C000
14:56:10.0130 0x32c0  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {EACFC1CF-161D-4FFC-96E6-6E3A267662E6}, Name: EFI system partition, StartLBA 0x12C800, BlocksNum 0x96000
14:56:10.0130 0x32c0  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {50677074-B3B7-4EF5-BF58-2A0B334B1279}, Name: Microsoft reserved partition, StartLBA 0x1C2800, BlocksNum 0x40000
14:56:10.0130 0x32c0  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {03B848BA-65FC-4BC2-B0BF-BC8D62CDB0EA}, Name: Basic data partition, StartLBA 0x202800, BlocksNum 0x38EFF000
14:56:10.0130 0x32c0  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {72AEAE8A-1F55-4F7F-B23B-28F3F667F176}, Name: Basic data partition, StartLBA 0x39101800, BlocksNum 0x39005000
14:56:10.0130 0x32c0  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {34A3AC33-CEA4-4964-A9BF-6A3AB06257D8}, Name: Basic data partition, StartLBA 0x72106800, BlocksNum 0x2600000
14:56:10.0130 0x32c0  MBR partitions:
14:56:10.0130 0x32c0  ============================================================
14:56:10.0162 0x32c0  C: <-> \Device\Harddisk0\DR0\Partition4
14:56:10.0199 0x32c0  D: <-> \Device\Harddisk0\DR0\Partition5
14:56:10.0199 0x32c0  ============================================================
14:56:10.0199 0x32c0  Initialize success
14:56:10.0199 0x32c0  ============================================================
14:57:08.0099 0x2ab8  ============================================================
14:57:08.0099 0x2ab8  Scan started
14:57:08.0099 0x2ab8  Mode: Manual; SigCheck; TDLFS; 
14:57:08.0099 0x2ab8  ============================================================
14:57:08.0099 0x2ab8  KSN ping started
14:57:08.0184 0x2ab8  KSN ping finished: true
14:57:11.0755 0x2ab8  ================ Scan system memory ========================
14:57:11.0755 0x2ab8  System memory - ok
14:57:11.0755 0x2ab8  ================ Scan services =============================
14:57:11.0863 0x2ab8  1394ohci - ok
14:57:11.0866 0x2ab8  3ware - ok
14:57:11.0874 0x2ab8  ACPI - ok
14:57:11.0877 0x2ab8  AcpiDev - ok
14:57:11.0889 0x2ab8  acpiex - ok
14:57:11.0892 0x2ab8  acpipagr - ok
14:57:11.0933 0x2ab8  AcpiPmi - ok
14:57:11.0935 0x2ab8  acpitime - ok
14:57:11.0979 0x2ab8  [ A4E1EA8C252B0974EE0810580E53047F, 3C9203F0276678001D1B7B0866D327F32A308B7123688A469FA69FBF4F48039A ] acsock          C:\WINDOWS\system32\DRIVERS\acsock64.sys
14:57:12.0040 0x2ab8  acsock - ok
14:57:12.0120 0x2ab8  [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:57:12.0145 0x2ab8  AdobeARMservice - ok
14:57:12.0148 0x2ab8  ADP80XX - ok
14:57:12.0161 0x2ab8  AFD - ok
14:57:12.0168 0x2ab8  ahcache - ok
14:57:12.0184 0x2ab8  AJRouter - ok
14:57:12.0198 0x2ab8  ALG - ok
14:57:12.0200 0x2ab8  AmdK8 - ok
14:57:12.0202 0x2ab8  AmdPPM - ok
14:57:12.0204 0x2ab8  amdsata - ok
14:57:12.0206 0x2ab8  amdsbs - ok
14:57:12.0210 0x2ab8  amdxata - ok
14:57:12.0212 0x2ab8  AppID - ok
14:57:12.0214 0x2ab8  AppIDSvc - ok
14:57:12.0219 0x2ab8  Appinfo - ok
14:57:12.0223 0x2ab8  applockerfltr - ok
14:57:12.0238 0x2ab8  AppReadiness - ok
14:57:12.0265 0x2ab8  AppXSvc - ok
14:57:12.0267 0x2ab8  arcsas - ok
14:57:12.0318 0x2ab8  [ 1A234F4643F5658BAB07BFA611282267, F40435488389B4FB3B945CA21A8325A51E1B5F80F045AB019748D0EC66056A8B ] AsrDrv101       C:\Windows\SysWOW64\Drivers\AsrDrv101.sys
14:57:12.0328 0x2ab8  AsrDrv101 - ok
14:57:12.0362 0x2ab8  [ A16DACE95B82683C852CD18578162735, 6E3663B43FB18BFD3B47A63297FA251C467D7B3C7B70020FC87DEAD8F0882B37 ] ASRockIOMon     C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
14:57:12.0522 0x2ab8  ASRockIOMon - ok
14:57:12.0545 0x2ab8  [ A149C93231945A5118C63AEACA6D1E72, 60B28184585B389751FCF71651A139D74018DE04AEBF4A497835AF727B64BD53 ] AsrRamDisk      C:\WINDOWS\system32\drivers\AsrRamDisk.sys
14:57:12.0555 0x2ab8  AsrRamDisk - ok
14:57:12.0557 0x2ab8  AsyncMac - ok
14:57:12.0561 0x2ab8  atapi - ok
14:57:12.0571 0x2ab8  AudioEndpointBuilder - ok
14:57:12.0592 0x2ab8  Audiosrv - ok
14:57:12.0594 0x2ab8  AxInstSV - ok
14:57:12.0597 0x2ab8  b06bdrv - ok
14:57:12.0599 0x2ab8  BasicDisplay - ok
14:57:12.0601 0x2ab8  BasicRender - ok
14:57:12.0604 0x2ab8  bcmfn - ok
14:57:12.0606 0x2ab8  bcmfn2 - ok
14:57:12.0624 0x2ab8  BDESVC - ok
14:57:12.0627 0x2ab8  Beep - ok
14:57:12.0695 0x2ab8  [ CE4DEB0464915A50371D1FCDD22BE6D0, 8CFDC981605DE5ED22DC07E892108445BDAE84FCACFAF2EB5E4417E0757B623D ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
14:57:12.0861 0x2ab8  BEService - ok
14:57:12.0872 0x2ab8  BFE - ok
14:57:12.0874 0x2ab8  BITS - ok
14:57:12.0910 0x2ab8  [ 3F56903E124E820AEECE6D471583C6C1, B3C045AFACC8A8F5DC289ADE9ACFB2FE7F9CA24A900BBAED47E2A63837208CB3 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:57:12.0974 0x2ab8  Bonjour Service - ok
14:57:12.0985 0x2ab8  bowser - ok
14:57:13.0051 0x2ab8  [ 7487B46E104303E247F68D485C12326F, BAC6A4FFD5B4009B4B673479630FAA2784618438925DFB6489F07BF163188114 ] BRDriver64_1_3_3_E02B25FC C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys
14:57:13.0063 0x2ab8  BRDriver64_1_3_3_E02B25FC - ok
14:57:13.0081 0x2ab8  BrokerInfrastructure - ok
14:57:13.0096 0x2ab8  Browser - ok
14:57:13.0124 0x2ab8  [ 448917845F097FCE9D4554C3D2001EF3, BDCBEC01579D7CF28963E4E13CDC5B26E4B69CA24FA2CC4D6E24CAE0DDBCB3FE ] BRSptStub       C:\ProgramData\BitRaider\BRSptStub.exe
14:57:13.0170 0x2ab8  BRSptStub - ok
14:57:13.0182 0x2ab8  BthAvrcpTg - ok
14:57:13.0208 0x2ab8  BthEnum - ok
14:57:13.0211 0x2ab8  BthHFEnum - ok
14:57:13.0213 0x2ab8  bthhfhid - ok
14:57:13.0227 0x2ab8  BthHFSrv - ok
14:57:13.0230 0x2ab8  BTHMODEM - ok
14:57:13.0235 0x2ab8  BthPan - ok
14:57:13.0243 0x2ab8  BTHPORT - ok
14:57:13.0245 0x2ab8  bthserv - ok
14:57:13.0264 0x2ab8  BTHUSB - ok
14:57:13.0267 0x2ab8  buttonconverter - ok
14:57:13.0269 0x2ab8  CapImg - ok
14:57:13.0271 0x2ab8  cdfs - ok
14:57:13.0285 0x2ab8  CDPSvc - ok
14:57:13.0300 0x2ab8  CDPUserSvc - ok
14:57:13.0322 0x2ab8  cdrom - ok
14:57:13.0334 0x2ab8  CertPropSvc - ok
14:57:13.0337 0x2ab8  cht4iscsi - ok
14:57:13.0339 0x2ab8  cht4vbd - ok
14:57:13.0342 0x2ab8  circlass - ok
14:57:13.0359 0x2ab8  CLFS - ok
14:57:13.0483 0x2ab8  [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
14:57:13.0565 0x2ab8  ClickToRunSvc - ok
14:57:13.0575 0x2ab8  ClipSVC - ok
14:57:13.0592 0x2ab8  clreg - ok
14:57:13.0598 0x2ab8  CmBatt - ok
14:57:13.0600 0x2ab8  CNG - ok
14:57:13.0602 0x2ab8  cnghwassist - ok
14:57:13.0657 0x2ab8  CompositeBus - ok
14:57:13.0659 0x2ab8  COMSysApp - ok
14:57:13.0662 0x2ab8  condrv - ok
14:57:13.0677 0x2ab8  CoreMessagingRegistrar - ok
14:57:13.0681 0x2ab8  CryptSvc - ok
14:57:13.0683 0x2ab8  dam - ok
14:57:13.0693 0x2ab8  DcomLaunch - ok
14:57:13.0705 0x2ab8  DcpSvc - ok
14:57:13.0719 0x2ab8  defragsvc - ok
14:57:13.0732 0x2ab8  DeviceAssociationService - ok
14:57:13.0734 0x2ab8  DeviceInstall - ok
14:57:13.0742 0x2ab8  DevQueryBroker - ok
14:57:13.0745 0x2ab8  Dfsc - ok
14:57:13.0762 0x2ab8  [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
14:57:13.0777 0x2ab8  dg_ssudbus - ok
14:57:13.0793 0x2ab8  Dhcp - ok
14:57:13.0830 0x2ab8  diagnosticshub.standardcollector.service - ok
14:57:13.0832 0x2ab8  disk - ok
14:57:13.0840 0x2ab8  DmEnrollmentSvc - ok
14:57:13.0844 0x2ab8  dmvsc - ok
14:57:13.0846 0x2ab8  dmwappushservice - ok
14:57:13.0859 0x2ab8  Dnscache - ok
14:57:13.0862 0x2ab8  dot3svc - ok
14:57:13.0864 0x2ab8  DPS - ok
14:57:13.0874 0x2ab8  drmkaud - ok
14:57:13.0877 0x2ab8  DsmSvc - ok
14:57:13.0878 0x2ab8  DsSvc - ok
14:57:13.0892 0x2ab8  DXGKrnl - ok
14:57:13.0895 0x2ab8  e1iexpress - ok
14:57:13.0897 0x2ab8  EapHost - ok
14:57:13.0899 0x2ab8  ebdrv - ok
14:57:13.0913 0x2ab8  EFS - ok
14:57:13.0915 0x2ab8  EhStorClass - ok
14:57:13.0923 0x2ab8  EhStorTcgDrv - ok
14:57:13.0933 0x2ab8  embeddedmode - ok
14:57:13.0943 0x2ab8  EntAppSvc - ok
14:57:13.0944 0x2ab8  ErrDev - ok
14:57:13.0948 0x2ab8  EventSystem - ok
14:57:13.0950 0x2ab8  exfat - ok
14:57:13.0953 0x2ab8  fastfat - ok
14:57:13.0965 0x2ab8  Fax - ok
14:57:13.0967 0x2ab8  fdc - ok
14:57:13.0969 0x2ab8  fdPHost - ok
14:57:13.0971 0x2ab8  FDResPub - ok
14:57:13.0985 0x2ab8  fhsvc - ok
14:57:13.0987 0x2ab8  FileCrypt - ok
14:57:13.0989 0x2ab8  FileInfo - ok
14:57:13.0991 0x2ab8  Filetrace - ok
14:57:13.0993 0x2ab8  flpydisk - ok
14:57:13.0996 0x2ab8  FltMgr - ok
14:57:14.0006 0x2ab8  FontCache - ok
14:57:14.0082 0x2ab8  FontCache3.0.0.0 - ok
14:57:14.0102 0x2ab8  FrameServer - ok
14:57:14.0104 0x2ab8  FsDepends - ok
14:57:14.0106 0x2ab8  Fs_Rec - ok
14:57:14.0109 0x2ab8  fvevol - ok
14:57:14.0157 0x2ab8  [ 11DD69E94F3B3F2614E88C5657011583, C87D588C3F6517F5ED42BB2512653E0D9860D98E043161686F3A4750F6ECBD40 ] GalaxyClientService D:\GalaxyClient\GalaxyClientService.exe
14:57:14.0207 0x2ab8  GalaxyClientService - ok
14:57:14.0394 0x2ab8  [ CB8157B535DA674CA6CBEBE7E3BD5268, 1028FDA5207E9CF412BB0B1F0B984FEFEE511EBF8BD353F392F7052B0021F531 ] GalaxyCommunication C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
14:57:14.0709 0x2ab8  GalaxyCommunication - ok
14:57:14.0733 0x2ab8  gencounter - ok
14:57:14.0736 0x2ab8  genericusbfn - ok
14:57:14.0738 0x2ab8  GPIOClx0101 - ok
14:57:14.0744 0x2ab8  gpsvc - ok
14:57:14.0746 0x2ab8  GpuEnergyDrv - ok
14:57:14.0784 0x2ab8  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:57:14.0819 0x2ab8  gupdate - ok
14:57:14.0822 0x2ab8  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:57:14.0855 0x2ab8  gupdatem - ok
14:57:14.0858 0x2ab8  HDAudBus - ok
14:57:14.0860 0x2ab8  HidBatt - ok
14:57:14.0862 0x2ab8  HidBth - ok
14:57:14.0865 0x2ab8  hidi2c - ok
14:57:14.0867 0x2ab8  hidinterrupt - ok
14:57:14.0870 0x2ab8  HidIr - ok
14:57:14.0872 0x2ab8  hidserv - ok
14:57:14.0874 0x2ab8  HidUsb - ok
14:57:14.0884 0x2ab8  HomeGroupListener - ok
14:57:14.0889 0x2ab8  HomeGroupProvider - ok
14:57:14.0891 0x2ab8  HpSAMD - ok
14:57:14.0893 0x2ab8  HTTP - ok
14:57:14.0919 0x2ab8  HvHost - ok
14:57:14.0926 0x2ab8  hvservice - ok
14:57:14.0928 0x2ab8  hwpolicy - ok
14:57:14.0930 0x2ab8  hyperkbd - ok
14:57:14.0947 0x2ab8  i8042prt - ok
14:57:14.0949 0x2ab8  iagpio - ok
14:57:14.0951 0x2ab8  iai2c - ok
14:57:14.0953 0x2ab8  iaLPSS2i_GPIO2 - ok
14:57:14.0955 0x2ab8  iaLPSS2i_I2C - ok
14:57:14.0957 0x2ab8  iaLPSSi_GPIO - ok
14:57:14.0960 0x2ab8  iaLPSSi_I2C - ok
14:57:14.0962 0x2ab8  iaStorAV - ok
14:57:14.0964 0x2ab8  iaStorV - ok
14:57:14.0967 0x2ab8  ibbus - ok
14:57:15.0002 0x2ab8  [ E199288F016C354255C39A84378A48F6, 881B41D64D73F7A3A1680EDD68201E14AC5C60B848374EEAE44CCDDE46010E81 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
14:57:15.0028 0x2ab8  ICCS - ok
14:57:15.0051 0x2ab8  icssvc - ok
14:57:15.0053 0x2ab8  IKEEXT - ok
14:57:15.0055 0x2ab8  IndirectKmd - ok
14:57:15.0157 0x2ab8  [ 7F08B78B1516626869FB44A61EFDF566, C585902D4F6E36A44097C192CCF19F1947F99C86A7BB77E83C0BE475F0151161 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
14:57:15.0281 0x2ab8  IntcAzAudAddService - ok
14:57:15.0379 0x2ab8  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
14:57:15.0453 0x2ab8  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
14:57:16.0709 0x2ab8  Detect skipped due to KSN trusted
14:57:16.0709 0x2ab8  Intel(R) Capability Licensing Service Interface - ok
14:57:16.0732 0x2ab8  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
14:57:16.0764 0x2ab8  Intel(R) Capability Licensing Service TCP IP Interface - ok
14:57:16.0795 0x2ab8  [ DD73746062EAF2767EC84D995B50C977, FC06F843A400CDBC64ED2DC73A15DF4348D52D8D058A490E07363A8F4E9F6F7C ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
14:57:16.0814 0x2ab8  Intel(R) PROSet Monitoring Service - ok
14:57:16.0826 0x2ab8  intelide - ok
14:57:16.0829 0x2ab8  intelpep - ok
14:57:16.0831 0x2ab8  intelppm - ok
14:57:16.0844 0x2ab8  iorate - ok
14:57:16.0846 0x2ab8  IpFilterDriver - ok
14:57:16.0864 0x2ab8  iphlpsvc - ok
14:57:16.0867 0x2ab8  IPMIDRV - ok
14:57:16.0869 0x2ab8  IPNAT - ok
14:57:16.0871 0x2ab8  irda - ok
14:57:16.0873 0x2ab8  IRENUM - ok
14:57:16.0892 0x2ab8  irmon - ok
14:57:16.0894 0x2ab8  isapnp - ok
14:57:16.0896 0x2ab8  iScsiPrt - ok
14:57:16.0923 0x2ab8  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
14:57:16.0955 0x2ab8  jhi_service - ok
14:57:16.0962 0x2ab8  kbdclass - ok
14:57:16.0964 0x2ab8  kbdhid - ok
14:57:16.0981 0x2ab8  kdnic - ok
14:57:16.0983 0x2ab8  KeyIso - ok
14:57:16.0985 0x2ab8  KSecDD - ok
14:57:16.0987 0x2ab8  KSecPkg - ok
14:57:16.0989 0x2ab8  ksthunk - ok
14:57:17.0006 0x2ab8  KtmRm - ok
14:57:17.0018 0x2ab8  LanmanServer - ok
14:57:17.0034 0x2ab8  LanmanWorkstation - ok
14:57:17.0037 0x2ab8  lfsvc - ok
14:57:17.0041 0x2ab8  LicenseManager - ok
14:57:17.0044 0x2ab8  lltdio - ok
14:57:17.0046 0x2ab8  lltdsvc - ok
14:57:17.0048 0x2ab8  lmhosts - ok
14:57:17.0089 0x2ab8  [ 3DE66F47365AA8CEB18B1EE272F4FEBA, 8DDD6AB4AEDE3B2FEA0D3B63DD24E3F3422D6ADE067756A3919FCED53C349167 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:57:17.0183 0x2ab8  LMS - ok
14:57:17.0186 0x2ab8  LSI_SAS - ok
14:57:17.0188 0x2ab8  LSI_SAS2i - ok
14:57:17.0191 0x2ab8  LSI_SAS3i - ok
14:57:17.0193 0x2ab8  LSI_SSS - ok
14:57:17.0208 0x2ab8  LSM - ok
14:57:17.0211 0x2ab8  luafv - ok
14:57:17.0214 0x2ab8  MapsBroker - ok
14:57:17.0216 0x2ab8  megasas - ok
14:57:17.0230 0x2ab8  megasas2i - ok
14:57:17.0232 0x2ab8  megasr - ok
14:57:17.0251 0x2ab8  [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
14:57:17.0275 0x2ab8  MEIx64 - ok
14:57:17.0278 0x2ab8  MessagingService - ok
14:57:17.0298 0x2ab8  mlx4_bus - ok
14:57:17.0300 0x2ab8  MMCSS - ok
14:57:17.0302 0x2ab8  Modem - ok
14:57:17.0316 0x2ab8  monitor - ok
14:57:17.0318 0x2ab8  mouclass - ok
14:57:17.0320 0x2ab8  mouhid - ok
14:57:17.0322 0x2ab8  mountmgr - ok
14:57:17.0325 0x2ab8  mpsdrv - ok
14:57:17.0327 0x2ab8  MpsSvc - ok
14:57:17.0352 0x2ab8  MRxDAV - ok
14:57:17.0354 0x2ab8  mrxsmb - ok
14:57:17.0356 0x2ab8  mrxsmb10 - ok
14:57:17.0359 0x2ab8  mrxsmb20 - ok
14:57:17.0374 0x2ab8  MsBridge - ok
14:57:17.0384 0x2ab8  MSDTC - ok
14:57:17.0388 0x2ab8  Msfs - ok
14:57:17.0399 0x2ab8  msgpiowin32 - ok
14:57:17.0402 0x2ab8  mshidkmdf - ok
14:57:17.0404 0x2ab8  mshidumdf - ok
14:57:17.0406 0x2ab8  msisadrv - ok
14:57:17.0420 0x2ab8  MSiSCSI - ok
14:57:17.0422 0x2ab8  msiserver - ok
14:57:17.0424 0x2ab8  MSKSSRV - ok
14:57:17.0427 0x2ab8  MsLldp - ok
14:57:17.0429 0x2ab8  MSPCLOCK - ok
14:57:17.0431 0x2ab8  MSPQM - ok
14:57:17.0433 0x2ab8  MsRPC - ok
14:57:17.0436 0x2ab8  mssmbios - ok
14:57:17.0438 0x2ab8  MSTEE - ok
14:57:17.0440 0x2ab8  MTConfig - ok
14:57:17.0442 0x2ab8  Mup - ok
14:57:17.0445 0x2ab8  mvumis - ok
14:57:17.0457 0x2ab8  NativeWifiP - ok
14:57:17.0460 0x2ab8  NcaSvc - ok
14:57:17.0467 0x2ab8  NcbService - ok
14:57:17.0469 0x2ab8  NcdAutoSetup - ok
14:57:17.0472 0x2ab8  ndfltr - ok
14:57:17.0476 0x2ab8  NDIS - ok
14:57:17.0478 0x2ab8  NdisCap - ok
14:57:17.0496 0x2ab8  NdisImPlatform - ok
14:57:17.0498 0x2ab8  NdisTapi - ok
14:57:17.0500 0x2ab8  Ndisuio - ok
14:57:17.0502 0x2ab8  NdisVirtualBus - ok
14:57:17.0504 0x2ab8  NdisWan - ok
14:57:17.0507 0x2ab8  ndiswanlegacy - ok
14:57:17.0509 0x2ab8  ndproxy - ok
14:57:17.0511 0x2ab8  Ndu - ok
14:57:17.0588 0x2ab8  [ B90E093E7A7250906F1054418B5339C0, F9A0BAC5B4B29F14B5CACA1047F8928A495EFD56E485492BF71C856B296476D6 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:57:17.0636 0x2ab8  Nero BackItUp Scheduler 4.0 - ok
14:57:17.0639 0x2ab8  NetAdapterCx - ok
14:57:17.0641 0x2ab8  NetBIOS - ok
14:57:17.0645 0x2ab8  NetBT - ok
14:57:17.0647 0x2ab8  Netlogon - ok
14:57:17.0657 0x2ab8  Netman - ok
14:57:17.0660 0x2ab8  netprofm - ok
14:57:17.0667 0x2ab8  netr28ux - ok
14:57:17.0673 0x2ab8  NetSetupSvc - ok
14:57:17.0691 0x2ab8  NetTcpPortSharing - ok
14:57:17.0701 0x2ab8  NgcCtnrSvc - ok
14:57:17.0703 0x2ab8  NgcSvc - ok
14:57:17.0712 0x2ab8  NlaSvc - ok
14:57:17.0714 0x2ab8  Npfs - ok
14:57:17.0716 0x2ab8  npsvctrig - ok
14:57:17.0718 0x2ab8  nsi - ok
14:57:17.0720 0x2ab8  nsiproxy - ok
14:57:17.0732 0x2ab8  NTFS - ok
14:57:17.0734 0x2ab8  Null - ok
14:57:17.0768 0x2ab8  [ C93013BBB38330C73285547174F8FEE1, 2CCC8B1A868098EBEACF4D4E178002D382E9BB28CC0D57D76E0813C56DB1BC98 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
14:57:17.0787 0x2ab8  NvContainerLocalSystem - ok
14:57:17.0818 0x2ab8  [ C93013BBB38330C73285547174F8FEE1, 2CCC8B1A868098EBEACF4D4E178002D382E9BB28CC0D57D76E0813C56DB1BC98 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
14:57:17.0837 0x2ab8  NvContainerNetworkService - ok
14:57:17.0852 0x2ab8  [ 64DA1993B1973F049C1347DA1B05185E, 2A04E263DB13751D033E2F9B9518820CF4942EEAFA5A32488570EEB699EE2A96 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
14:57:17.0866 0x2ab8  NVHDA - ok
14:57:17.0891 0x2ab8  NVIDIA Wireless Controller Service - ok
14:57:18.0239 0x2ab8  [ 557A0393BDFED327968A9E695FB4CEBA, 76D39F74439205B5B614B0D99E9E10629738E00250A5E7FFEE50815F69EE70D0 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys
14:57:18.0674 0x2ab8  nvlddmkm - ok
14:57:18.0688 0x2ab8  nvraid - ok
14:57:18.0690 0x2ab8  nvstor - ok
14:57:18.0723 0x2ab8  [ 4F75E1292E95EBFAD3A0CABB0972F7B8, E4E3AC25AFA4949765F75777769310CB6200A5F537F56205960B40775282FEC0 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
14:57:18.0733 0x2ab8  NvStreamKms - ok
14:57:18.0795 0x2ab8  [ 4D205C0A3C0118D41361F945F337977E, DBEF90119B68EEC7FECBF73D64A0AD63401237048B104B4570E7CEC5D2F38E3A ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
14:57:18.0899 0x2ab8  NvTelemetryContainer - ok
14:57:18.0921 0x2ab8  [ 54ABC4EA39DDE92977DCE644D325213A, D754E5D0418B3C48AD9988D1A2705975C78C8B87990E211651C388A76FB17E51 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
14:57:18.0932 0x2ab8  nvvad_WaveExtensible - ok
14:57:18.0938 0x2ab8  [ B6704EE5A17116F0723014F0C3DA1954, 2319837173981DCC818E433AAE87A2BA7C90EAE43C6C218C18AD8353C4162114 ] nvvhci          C:\WINDOWS\System32\drivers\nvvhci.sys
14:57:18.0949 0x2ab8  nvvhci - ok
14:57:18.0974 0x2ab8  OneSyncSvc - ok
14:57:19.0053 0x2ab8  [ AD851D818F399DD946A9C17AB2156F22, 4A541E7A3A3164581BFB9080DE0976E18F6DD00E39458EBBCBD3B2445708BEB5 ] Origin Client Service D:\Origin\OriginClientService.exe
14:57:19.0176 0x2ab8  Origin Client Service - ok
14:57:19.0227 0x2ab8  [ 788363C87EBD90AC1EAD2DC5A9A40759, B565663B459414C5C9F81451D9A127D62CDF605BC2A9E686F74A2E4FD44A9B43 ] Origin Web Helper Service D:\Origin\OriginWebHelperService.exe
14:57:19.0341 0x2ab8  Origin Web Helper Service - ok
14:57:19.0394 0x2ab8  [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:57:19.0445 0x2ab8  ose - ok
14:57:19.0461 0x2ab8  p2pimsvc - ok
14:57:19.0468 0x2ab8  p2psvc - ok
14:57:19.0470 0x2ab8  Parport - ok
14:57:19.0478 0x2ab8  partmgr - ok
14:57:19.0500 0x2ab8  PcaSvc - ok
14:57:19.0512 0x2ab8  pci - ok
14:57:19.0515 0x2ab8  pciide - ok
14:57:19.0517 0x2ab8  pcmcia - ok
14:57:19.0519 0x2ab8  pcw - ok
14:57:19.0524 0x2ab8  pdc - ok
14:57:19.0533 0x2ab8  PEAUTH - ok
14:57:19.0535 0x2ab8  percsas2i - ok
14:57:19.0537 0x2ab8  percsas3i - ok
14:57:19.0584 0x2ab8  PerfHost - ok
14:57:19.0629 0x2ab8  PhoneSvc - ok
14:57:19.0634 0x2ab8  PimIndexMaintenanceSvc - ok
14:57:19.0645 0x2ab8  pla - ok
14:57:19.0652 0x2ab8  PlugPlay - ok
14:57:19.0654 0x2ab8  PnkBstrA - ok
14:57:19.0657 0x2ab8  PNRPAutoReg - ok
14:57:19.0659 0x2ab8  PNRPsvc - ok
14:57:19.0665 0x2ab8  PolicyAgent - ok
14:57:19.0668 0x2ab8  Power - ok
14:57:19.0670 0x2ab8  PptpMiniport - ok
14:57:19.0771 0x2ab8  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:57:19.0947 0x2ab8  PrintNotify - ok
14:57:19.0952 0x2ab8  Processor - ok
14:57:19.0964 0x2ab8  ProfSvc - ok
14:57:19.0966 0x2ab8  Psched - ok
14:57:19.0969 0x2ab8  QWAVE - ok
14:57:19.0971 0x2ab8  QWAVEdrv - ok
14:57:19.0973 0x2ab8  RasAcd - ok
14:57:20.0004 0x2ab8  RasAgileVpn - ok
14:57:20.0017 0x2ab8  RasAuto - ok
14:57:20.0019 0x2ab8  Rasl2tp - ok
14:57:20.0031 0x2ab8  RasMan - ok
14:57:20.0034 0x2ab8  RasPppoe - ok
14:57:20.0036 0x2ab8  RasSstp - ok
14:57:20.0038 0x2ab8  rdbss - ok
14:57:20.0056 0x2ab8  rdpbus - ok
14:57:20.0059 0x2ab8  RDPDR - ok
14:57:20.0082 0x2ab8  RdpVideoMiniport - ok
14:57:20.0085 0x2ab8  rdyboost - ok
14:57:20.0087 0x2ab8  ReFSv1 - ok
14:57:20.0089 0x2ab8  RemoteAccess - ok
14:57:20.0116 0x2ab8  [ 10E4D1F67A369A3F6E9CE00AC4A43BE0, D41D7DD9CBFB718AFE94883AE8E79832D4DA3321878BEAB81F4382DC1DFAB8A7 ] RemoteMouseService C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
14:57:20.0166 0x2ab8  RemoteMouseService - detected UnsignedFile.Multi.Generic ( 1 )
14:57:20.0429 0x2ab8  Detect skipped due to KSN trusted
14:57:20.0429 0x2ab8  RemoteMouseService - ok
14:57:20.0432 0x2ab8  RemoteRegistry - ok
14:57:20.0452 0x2ab8  RetailDemo - ok
14:57:20.0458 0x2ab8  RFCOMM - ok
14:57:20.0460 0x2ab8  RmSvc - ok
14:57:20.0463 0x2ab8  RpcEptMapper - ok
14:57:20.0474 0x2ab8  RpcLocator - ok
14:57:20.0477 0x2ab8  RpcSs - ok
14:57:20.0479 0x2ab8  rspndr - ok
14:57:20.0483 0x2ab8  s3cap - ok
14:57:20.0489 0x2ab8  SamSs - ok
14:57:20.0557 0x2ab8  [ D324EC7BE1510CE7171B06B8FA7FEDE1, 6C85F8F18C68ADA7C4A55E31F6FE66DF47B7E77B1D2AC7197938B8706FB914D2 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
14:57:20.0595 0x2ab8  SAVAdminService - ok
14:57:20.0614 0x2ab8  [ 3B3437CBEADB5950665A037E9EE7AAF6, FFC568472B688EE6A3C40ED3EF40F100ECA76667D67A4E94D004888485CDFCE9 ] SAVOnAccess     C:\WINDOWS\system32\DRIVERS\savonaccess.sys
14:57:20.0629 0x2ab8  SAVOnAccess - ok
14:57:20.0639 0x2ab8  [ CBD4FC747036459BA52C67BC0EFF92C2, C412999413AC096B7FE48C08FC3E1EE76CE00742B98AFB98EF7E1626889E560F ] SAVService      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
14:57:20.0668 0x2ab8  SAVService - ok
14:57:20.0671 0x2ab8  sbp2port - ok
14:57:20.0678 0x2ab8  SCardSvr - ok
14:57:20.0698 0x2ab8  ScDeviceEnum - ok
14:57:20.0700 0x2ab8  scfilter - ok
14:57:20.0703 0x2ab8  Schedule - ok
14:57:20.0705 0x2ab8  scmbus - ok
14:57:20.0707 0x2ab8  scmdisk0101 - ok
14:57:20.0718 0x2ab8  SCPolicySvc - ok
14:57:20.0734 0x2ab8  sdbus - ok
14:57:20.0748 0x2ab8  [ 75B98959013B22F8F40C08095B8AB73C, EF608EFBF72AF48EFC9352FCEDF0523BDBA6055612FFD22654E3B241AA9C8033 ] sdcfilter       C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
14:57:20.0759 0x2ab8  sdcfilter - ok
14:57:20.0762 0x2ab8  SDRSVC - ok
14:57:20.0765 0x2ab8  sdstor - ok
14:57:20.0767 0x2ab8  seclogon - ok
14:57:20.0785 0x2ab8  SENS - ok
14:57:20.0788 0x2ab8  SensorDataService - ok
14:57:20.0791 0x2ab8  SensorService - ok
14:57:20.0794 0x2ab8  SensrSvc - ok
14:57:20.0796 0x2ab8  SerCx - ok
14:57:20.0798 0x2ab8  SerCx2 - ok
14:57:20.0801 0x2ab8  Serenum - ok
14:57:20.0804 0x2ab8  Serial - ok
14:57:20.0807 0x2ab8  sermouse - ok
14:57:20.0815 0x2ab8  SessionEnv - ok
14:57:20.0817 0x2ab8  sfloppy - ok
14:57:20.0834 0x2ab8  SharedAccess - ok
14:57:20.0844 0x2ab8  ShellHWDetection - ok
14:57:20.0866 0x2ab8  shpamsvc - ok
14:57:20.0869 0x2ab8  SiSRaid2 - ok
14:57:20.0871 0x2ab8  SiSRaid4 - ok
14:57:20.0895 0x2ab8  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:57:20.0931 0x2ab8  SkypeUpdate - ok
14:57:20.0934 0x2ab8  smphost - ok
14:57:20.0953 0x2ab8  SmsRouter - ok
14:57:20.0958 0x2ab8  SNMPTRAP - ok
14:57:20.0995 0x2ab8  [ C051B67548BBAFA9101B695C8C1F2F08, FFDE14BC6A7116A93CC2FACBC1BDE42CEE44CD0630BCB1AA856C22134DCBCB9F ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
14:57:21.0063 0x2ab8  Sophos AutoUpdate Service - ok
14:57:21.0124 0x2ab8  [ 91C1C6631962C8D3A6CABFB901BFB607, C69053A07164C936C1FA30E17025AEE43F0CB0CC2ED0954CECB6E81C84F9669D ] Sophos MCS Agent C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
14:57:21.0292 0x2ab8  Sophos MCS Agent - ok
14:57:21.0327 0x2ab8  [ 7A9AF7DE7A3C9A12B7A0129B9CD00523, 76863318F6D9BFBD8DD7E59F341F9D961C4715B83C325D8E6E098527767F337F ] Sophos MCS Client C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
14:57:21.0527 0x2ab8  Sophos MCS Client - ok
14:57:21.0549 0x2ab8  [ 5861A2F04500F404AAC57CF323E3090C, 912FA7663573D044F57CDA29A122393E6E7BD6B90C8CBD2642DD6C6E105D34F9 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
14:57:21.0602 0x2ab8  Sophos Web Control Service - ok
14:57:21.0615 0x2ab8  [ FFD056D55C46946ACA218F0A61DA2743, A9E3910EBEFC8674704F42C6D43A12A521C212B911D46FCD669D8AAFA8381C55 ] SophosBootDriver C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
14:57:21.0626 0x2ab8  SophosBootDriver - ok
14:57:21.0682 0x2ab8  [ 410506D87F07AF40880BE50262C2D6C4, 7E8195A2028AD577C4E934AEDC1C296EAE06EDEB904EFA00A83B7E7D4D2F9361 ] SophosDataRecorderService C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe
14:57:21.0712 0x2ab8  SophosDataRecorderService - ok
14:57:21.0816 0x2ab8  [ C07BB5FFB85E64DF1AB67E17188DF22F, 322FD46C8694BA5DE88CCACFD8364F8A3397AA02C9FD5644333AE3D3BECA4ABB ] sophossps       C:\Program Files\Sophos\Sophos System Protection\ssp.exe
14:57:21.0939 0x2ab8  sophossps - ok
14:57:21.0960 0x2ab8  spaceport - ok
14:57:21.0963 0x2ab8  SpbCx - ok
14:57:21.0965 0x2ab8  Spooler - ok
14:57:21.0967 0x2ab8  sppsvc - ok
14:57:21.0984 0x2ab8  srv - ok
14:57:21.0992 0x2ab8  srv2 - ok
14:57:21.0994 0x2ab8  srvnet - ok
14:57:22.0001 0x2ab8  SSDPSRV - ok
14:57:22.0003 0x2ab8  SstpSvc - ok
14:57:22.0035 0x2ab8  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
14:57:22.0049 0x2ab8  ssudmdm - ok
14:57:22.0058 0x2ab8  StateRepository - ok
14:57:22.0137 0x2ab8  [ 9867A86327E8AE3806305F1BCF01211A, CCDDB2560B30D27CE662F1B02710E1FAA9331E6A27D9A6629EEDED2CBA822062 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:57:22.0204 0x2ab8  Steam Client Service - ok
14:57:22.0208 0x2ab8  stexstor - ok
14:57:22.0230 0x2ab8  [ B11724BFE7DA1BA55903B4D849415F1A, ED09B6AD68C87FED34FC66CB6C7A74DFC3AF524E3BE89EDD18A5B6685F656ACA ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
14:57:22.0320 0x2ab8  StillCam - ok
14:57:22.0336 0x2ab8  stisvc - ok
14:57:22.0345 0x2ab8  storahci - ok
14:57:22.0347 0x2ab8  storflt - ok
14:57:22.0351 0x2ab8  stornvme - ok
14:57:22.0353 0x2ab8  storqosflt - ok
14:57:22.0356 0x2ab8  StorSvc - ok
14:57:22.0359 0x2ab8  storufs - ok
14:57:22.0362 0x2ab8  storvsc - ok
14:57:22.0365 0x2ab8  svsvc - ok
14:57:22.0367 0x2ab8  swenum - ok
14:57:22.0396 0x2ab8  [ C60F83AC3A812324892B4E740F8C6E68, 5E54B92CE641458F649E8EB29752C38760CB2BAE7FBFBE921403CD31D81F9CDB ] swi_callout     C:\WINDOWS\system32\DRIVERS\swi_callout.sys
14:57:22.0407 0x2ab8  swi_callout - ok
14:57:22.0423 0x2ab8  [ BE992FA01303BF02506D65511D308FC2, 5B37DEE85A6A4C1EFCC1CDBDFDE3366DDEF0D40B70105FCCBA816AE64377F73D ] swi_filter      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
14:57:22.0585 0x2ab8  swi_filter - ok
14:57:22.0655 0x2ab8  [ DD8D59364AF34D7CDD562D5EA92DCF4D, 8C252E59D8ECF395807A9E801CF4393C70DE25BEF9CE80FDF4CE000C94852CFF ] swi_service     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
14:57:22.0761 0x2ab8  swi_service - ok
14:57:22.0767 0x2ab8  swprv - ok
14:57:22.0791 0x2ab8  Synth3dVsc - ok
14:57:22.0793 0x2ab8  SysMain - ok
14:57:22.0811 0x2ab8  SystemEventsBroker - ok
14:57:22.0833 0x2ab8  TabletInputService - ok
14:57:22.0836 0x2ab8  TapiSrv - ok
14:57:22.0838 0x2ab8  Tcpip - ok
14:57:22.0841 0x2ab8  Tcpip6 - ok
14:57:22.0850 0x2ab8  tcpipreg - ok
14:57:22.0854 0x2ab8  tdx - ok
14:57:22.0979 0x2ab8  [ 2AA61246A5B813C1B12BCCFAA6F23DD8, 74EE3DB839A0F4BC781294803281DB2248D013B8808FF05F2EE9597C14C6FEED ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
14:57:23.0448 0x2ab8  TeamViewer - ok
14:57:23.0455 0x2ab8  terminpt - ok
14:57:23.0458 0x2ab8  TermService - ok
14:57:23.0476 0x2ab8  Themes - ok
14:57:23.0484 0x2ab8  TieringEngineService - ok
14:57:23.0486 0x2ab8  tiledatamodelsvc - ok
14:57:23.0489 0x2ab8  TimeBrokerSvc - ok
14:57:23.0492 0x2ab8  TPM - ok
14:57:23.0495 0x2ab8  TrkWks - ok
14:57:23.0522 0x2ab8  TrustedInstaller - ok
14:57:23.0526 0x2ab8  tsusbflt - ok
14:57:23.0530 0x2ab8  TsUsbGD - ok
14:57:23.0532 0x2ab8  tunnel - ok
14:57:23.0535 0x2ab8  tzautoupdate - ok
14:57:23.0538 0x2ab8  UASPStor - ok
14:57:23.0541 0x2ab8  UcmCx0101 - ok
14:57:23.0544 0x2ab8  UcmTcpciCx0101 - ok
14:57:23.0546 0x2ab8  UcmUcsi - ok
14:57:23.0549 0x2ab8  Ucx01000 - ok
14:57:23.0552 0x2ab8  UdeCx - ok
14:57:23.0554 0x2ab8  udfs - ok
14:57:23.0557 0x2ab8  UEFI - ok
14:57:23.0560 0x2ab8  Ufx01000 - ok
14:57:23.0562 0x2ab8  UfxChipidea - ok
14:57:23.0565 0x2ab8  ufxsynopsys - ok
14:57:23.0570 0x2ab8  UI0Detect - ok
14:57:23.0572 0x2ab8  umbus - ok
14:57:23.0575 0x2ab8  UmPass - ok
14:57:23.0578 0x2ab8  UmRdpService - ok
14:57:23.0581 0x2ab8  UnistoreSvc - ok
14:57:23.0591 0x2ab8  upnphost - ok
14:57:23.0593 0x2ab8  UrsChipidea - ok
14:57:23.0596 0x2ab8  UrsCx01000 - ok
14:57:23.0598 0x2ab8  UrsSynopsys - ok
14:57:23.0684 0x2ab8  [ 2F8AB74A6BB3040F4972F77F4B4EF623, 3EE892530419759B6A9A0A27B6EE9771820941B5B0C2A78A6E2606F6C8779ED4 ] USBADVAU        C:\WINDOWS\system32\drivers\cm11264.sys
14:57:23.0877 0x2ab8  USBADVAU - ok
14:57:23.0883 0x2ab8  usbccgp - ok
14:57:23.0886 0x2ab8  usbcir - ok
14:57:23.0888 0x2ab8  usbehci - ok
14:57:23.0891 0x2ab8  usbhub - ok
14:57:23.0895 0x2ab8  USBHUB3 - ok
14:57:23.0897 0x2ab8  usbohci - ok
14:57:23.0900 0x2ab8  usbprint - ok
14:57:23.0902 0x2ab8  usbser - ok
14:57:23.0905 0x2ab8  USBSTOR - ok
14:57:23.0908 0x2ab8  usbuhci - ok
14:57:23.0911 0x2ab8  USBXHCI - ok
14:57:23.0914 0x2ab8  UserDataSvc - ok
14:57:23.0928 0x2ab8  UserManager - ok
14:57:23.0938 0x2ab8  UsoSvc - ok
14:57:23.0947 0x2ab8  VaultSvc - ok
14:57:23.0950 0x2ab8  vdrvroot - ok
14:57:23.0964 0x2ab8  vds - ok
14:57:23.0966 0x2ab8  VerifierExt - ok
14:57:23.0981 0x2ab8  [ E4DA1D85CCCB610DFF0C0E116900E17F, 874EB88B9E2743654094F04AB04C254BBDFBCDECBB200514E73F696098B847F3 ] vflt            C:\WINDOWS\system32\DRIVERS\vfilter.sys
14:57:24.0022 0x2ab8  vflt - detected UnsignedFile.Multi.Generic ( 1 )
14:57:24.0182 0x2ab8  Detect skipped due to KSN trusted
14:57:24.0182 0x2ab8  vflt - ok
14:57:24.0185 0x2ab8  vhdmp - ok
14:57:24.0187 0x2ab8  vhf - ok
14:57:24.0190 0x2ab8  vmbus - ok
14:57:24.0193 0x2ab8  VMBusHID - ok
14:57:24.0196 0x2ab8  vmgid - ok
14:57:24.0199 0x2ab8  vmicguestinterface - ok
14:57:24.0202 0x2ab8  vmicheartbeat - ok
14:57:24.0205 0x2ab8  vmickvpexchange - ok
14:57:24.0207 0x2ab8  vmicrdv - ok
14:57:24.0210 0x2ab8  vmicshutdown - ok
14:57:24.0213 0x2ab8  vmictimesync - ok
14:57:24.0215 0x2ab8  vmicvmsession - ok
14:57:24.0218 0x2ab8  vmicvss - ok
14:57:24.0235 0x2ab8  [ A99CA064AD11266FE7067A79BF78BBB5, B5AFFBA1A9A6E51639A89B9F6C0678E70F73D2BF37D5F88F4AD45DFC6798597D ] vnet            C:\WINDOWS\System32\drivers\virtualnet.sys
14:57:24.0265 0x2ab8  vnet - detected UnsignedFile.Multi.Generic ( 1 )
14:57:24.0796 0x2ab8  Detect skipped due to KSN trusted
14:57:24.0796 0x2ab8  vnet - ok
14:57:24.0799 0x2ab8  volmgr - ok
14:57:24.0801 0x2ab8  volmgrx - ok
14:57:24.0804 0x2ab8  volsnap - ok
14:57:24.0806 0x2ab8  volume - ok
14:57:24.0809 0x2ab8  vpci - ok
14:57:24.0849 0x2ab8  [ 0AC0A4E541EFB67A3D9FDEDEC54481E8, 959F42383AFCED701692AA47478EBF3ECF9E01C733D0442A4D6718FEC98E2E78 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
14:57:24.0886 0x2ab8  vpnagent - ok
14:57:24.0910 0x2ab8  [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva           C:\WINDOWS\System32\drivers\vpnva64-6.sys
14:57:24.0930 0x2ab8  vpnva - ok
14:57:24.0932 0x2ab8  vsmraid - ok
14:57:24.0935 0x2ab8  VSS - ok
14:57:24.0938 0x2ab8  VSTXRAID - ok
14:57:24.0940 0x2ab8  vwifibus - ok
14:57:24.0943 0x2ab8  vwififlt - ok
14:57:24.0946 0x2ab8  vwifimp - ok
14:57:24.0962 0x2ab8  W32Time - ok
14:57:24.0964 0x2ab8  WacomPen - ok
14:57:24.0967 0x2ab8  WalletService - ok
14:57:24.0970 0x2ab8  wanarp - ok
14:57:24.0972 0x2ab8  wanarpv6 - ok
14:57:24.0975 0x2ab8  wbengine - ok
14:57:24.0990 0x2ab8  WbioSrvc - ok
14:57:24.0994 0x2ab8  wcifs - ok
14:57:24.0996 0x2ab8  Wcmsvc - ok
14:57:24.0999 0x2ab8  wcncsvc - ok
14:57:25.0001 0x2ab8  wcnfs - ok
14:57:25.0004 0x2ab8  WdBoot - ok
14:57:25.0007 0x2ab8  Wdf01000 - ok
14:57:25.0010 0x2ab8  WdFilter - ok
14:57:25.0013 0x2ab8  WdiServiceHost - ok
14:57:25.0016 0x2ab8  WdiSystemHost - ok
14:57:25.0019 0x2ab8  wdiwifi - ok
14:57:25.0021 0x2ab8  WdNisDrv - ok
14:57:25.0029 0x2ab8  WdNisSvc - ok
14:57:25.0032 0x2ab8  WebClient - ok
14:57:25.0035 0x2ab8  Wecsvc - ok
14:57:25.0053 0x2ab8  WEPHOSTSVC - ok
14:57:25.0056 0x2ab8  wercplsupport - ok
14:57:25.0059 0x2ab8  WerSvc - ok
14:57:25.0062 0x2ab8  WFPLWFS - ok
14:57:25.0065 0x2ab8  WiaRpc - ok
14:57:25.0068 0x2ab8  WIMMount - ok
14:57:25.0070 0x2ab8  WinDefend - ok
14:57:25.0077 0x2ab8  WindowsTrustedRT - ok
14:57:25.0080 0x2ab8  WindowsTrustedRTProxy - ok
14:57:25.0095 0x2ab8  WinHttpAutoProxySvc - ok
14:57:25.0098 0x2ab8  WinMad - ok
14:57:25.0128 0x2ab8  Winmgmt - ok
14:57:25.0157 0x2ab8  WinRM - ok
14:57:25.0163 0x2ab8  WINUSB - ok
14:57:25.0166 0x2ab8  WinVerbs - ok
14:57:25.0201 0x2ab8  wisvc - ok
14:57:25.0204 0x2ab8  WlanSvc - ok
14:57:25.0231 0x2ab8  wlidsvc - ok
14:57:25.0234 0x2ab8  WmiAcpi - ok
14:57:25.0239 0x2ab8  wmiApSrv - ok
14:57:25.0250 0x2ab8  WMPNetworkSvc - ok
14:57:25.0258 0x2ab8  Wof - ok
14:57:25.0283 0x2ab8  workfolderssvc - ok
14:57:25.0286 0x2ab8  WPDBusEnum - ok
14:57:25.0289 0x2ab8  WpdUpFltr - ok
14:57:25.0292 0x2ab8  WpnService - ok
14:57:25.0295 0x2ab8  WpnUserService - ok
14:57:25.0312 0x2ab8  ws2ifsl - ok
14:57:25.0327 0x2ab8  wscsvc - ok
14:57:25.0330 0x2ab8  WSDPrintDevice - ok
14:57:25.0334 0x2ab8  WSDScan - ok
14:57:25.0337 0x2ab8  WSearch - ok
14:57:25.0351 0x2ab8  wuauserv - ok
14:57:25.0353 0x2ab8  WudfPf - ok
14:57:25.0357 0x2ab8  WUDFRd - ok
14:57:25.0360 0x2ab8  wudfsvc - ok
14:57:25.0363 0x2ab8  WUDFWpdFs - ok
14:57:25.0366 0x2ab8  WUDFWpdMtp - ok
14:57:25.0384 0x2ab8  WwanSvc - ok
14:57:25.0387 0x2ab8  XblAuthManager - ok
14:57:25.0399 0x2ab8  XblGameSave - ok
14:57:25.0402 0x2ab8  xboxgip - ok
14:57:25.0406 0x2ab8  XboxNetApiSvc - ok
14:57:25.0423 0x2ab8  xinputhid - ok
14:57:25.0438 0x2ab8  xusb22 - ok
14:57:25.0439 0x2ab8  ================ Scan global ===============================
14:57:25.0478 0x2ab8  [ Global ] - ok
14:57:25.0478 0x2ab8  ================ Scan MBR ==================================
14:57:25.0511 0x2ab8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:57:25.0586 0x2ab8  \Device\Harddisk0\DR0 - ok
14:57:25.0586 0x2ab8  ================ Scan VBR ==================================
14:57:25.0588 0x2ab8  [ E53244C8EE35D6DDE71F4F149BE02A30 ] \Device\Harddisk0\DR0\Partition1
14:57:25.0589 0x2ab8  \Device\Harddisk0\DR0\Partition1 - ok
14:57:25.0614 0x2ab8  [ 487927010857CE87D8C677812E73775B ] \Device\Harddisk0\DR0\Partition2
14:57:25.0615 0x2ab8  \Device\Harddisk0\DR0\Partition2 - ok
14:57:25.0626 0x2ab8  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
14:57:25.0626 0x2ab8  \Device\Harddisk0\DR0\Partition3 - ok
14:57:25.0637 0x2ab8  [ A2E1B881262A7E742A93F8B8C6EA524C ] \Device\Harddisk0\DR0\Partition4
14:57:25.0639 0x2ab8  \Device\Harddisk0\DR0\Partition4 - ok
14:57:25.0657 0x2ab8  [ DC90FFAE35040E47C043D2F2017C5BC7 ] \Device\Harddisk0\DR0\Partition5
14:57:25.0658 0x2ab8  \Device\Harddisk0\DR0\Partition5 - ok
14:57:25.0685 0x2ab8  [ 927FAED4DE249BB2F06C294F6C65477C ] \Device\Harddisk0\DR0\Partition6
14:57:25.0686 0x2ab8  \Device\Harddisk0\DR0\Partition6 - ok
14:57:25.0686 0x2ab8  ================ Scan generic autorun ======================
14:57:25.0996 0x2ab8  [ 4878D4D36D683EBE2F1E5F83C6A3BDB3, 82DA7BFED5F61DF4B679B06339E4065CCE0DA0D6741287F93A2EF1BCC85AB1E1 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:57:26.0268 0x2ab8  RTHDVCPL - ok
14:57:26.0305 0x2ab8  [ F7ED64C9765A92B65F2E1868CFF7431A, 5EEFDB3B2C8CEF2C96BF39DE3E527D7D59845250B3861F6D42D7CC3CDA7C6769 ] C:\WINDOWS\System\3DG4me.exe
14:57:26.0473 0x2ab8  3DG4me - detected UnsignedFile.Multi.Generic ( 1 )
14:57:26.0682 0x2ab8  3DG4me ( UnsignedFile.Multi.Generic ) - warning
14:57:26.0789 0x2ab8  ShadowPlay - ok
14:57:26.0847 0x2ab8  [ 793D7221E5EC69EA615349A13B702B8C, 1545C9634A6599FE4B35419B1B40932797FE2E7DF0B5F27D6698810CC075CF86 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:57:27.0049 0x2ab8  SunJavaUpdateSched - ok
14:57:27.0082 0x2ab8  [ CD0362AEE36CFE1EF5DF973230742E67, 9F1D8AD4E09D16C39CD6A35CB298456468C1808226FFA8AD65BF9562A6ECC07D ] C:\Program Files (x86)\PDF24\pdf24.exe
14:57:27.0124 0x2ab8  PDFPrint - ok
14:57:27.0201 0x2ab8  [ D1AC7398ACC4B9EEA26758124ABB1C43, 4CA3C434A985450C9D2628ECE033734323431996CA0C483955FE44B596A1FE0D ] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
14:57:27.0249 0x2ab8  Sophos AutoUpdate Monitor - ok
14:57:27.0288 0x2ab8  [ 75A272C58A549AB33B5960B729C2BCF6, 089C5912B75747128E1C0D03AD91D2BC4A9E08745AFB0E5852F4792765D4C259 ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
14:57:27.0326 0x2ab8  Cisco AnyConnect Secure Mobility Agent for Windows - ok
14:57:27.0381 0x2ab8  OneDriveSetup - ok
14:57:27.0382 0x2ab8  OneDriveSetup - ok
14:57:27.0431 0x2ab8  [ 92B29E6BE97F5B2C5894904D1447BBFE, C8BF1ABDC9EDE0264ED7A818F61BB84BA2D42F160FDEA45DE6ED6EF816A6425E ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
14:57:27.0480 0x2ab8  GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26 - ok
14:57:27.0574 0x2ab8  [ FF206944E3A8590FABE10FB2C321AA6D, 77C555667674C9E4473C64921C5F2A7D723FBE28A73EB5EBAA777CD04D11C06B ] D:\Steam\steam.exe
14:57:27.0707 0x2ab8  Steam - ok
14:57:27.0789 0x2ab8  [ C55C8610720CC75EE8358AF58BA520F1, 6B4A01AAB5C9340121A82A95AEAF92DA162C61013EE1684839A7AC22EAE435D0 ] D:\GalaxyClient\GalaxyClient.exe
14:57:27.0884 0x2ab8  GalaxyClient - ok
14:57:28.0000 0x2ab8  [ 67E3BD0F8FB0F39C241A2D60CC7D98EF, 09586F6A11AB10BBD38E8C44A88AFA9AD915981B908EEDA20B9AD2C34BFF7543 ] C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe
14:57:28.0139 0x2ab8  Spotify Web Helper - ok
14:57:28.0188 0x2ab8  [ 2287DAEA100837E40232FD9053F635D8, 8E905B8BC72F8DD6C7C71A7E04CD8D8EC1E9AD2B77EF5A48E089E439A75043D6 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE
14:57:28.0204 0x2ab8  EPLTarget\P0000000000000000 - ok
14:57:28.0273 0x2ab8  [ 309A0390822194B835DBBF1374718354, BE1021B9D5EA4C4180E752F21191BD21010298BB2545F3D725E71E913DB14808 ] C:\Users\Sebastian\AppData\Roaming\uTorrent\uTorrent.exe
14:57:29.0622 0x2ab8  uTorrent - ok
14:57:29.0663 0x2ab8  Skype - ok
14:57:29.0693 0x2ab8  icq.desktop - ok
14:57:29.0863 0x2ab8  [ ABD86DD5E75DC483D4A153B2CB506C4C, 6D20F343BBA0D0CD9D3B0B2BE2A2F18E4EA3E028E48B382B162BD0CDDD06E3AA ] C:\Program Files (x86)\AirDroid\AirDroid.exe
14:57:30.0170 0x2ab8  AirDroid 3 - ok
14:57:30.0361 0x2ab8  [ C4668A2D015BFC941394010662CC21CC, 971712B7C2B12C2931A26B39D7FEB8D1AE0FDF2CEE33A6DE28232DA669CADB16 ] C:\Program Files\CCleaner\CCleaner64.exe
14:57:30.0584 0x2ab8  CCleaner Monitoring - ok
14:57:30.0662 0x2ab8  [ 44348495F9D6ED21F4EFB3FF80677D99, 05B76248764B2BF7F9229626D7EFAFF96B724D38A82969EBE376CBE879E30450 ] C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:57:30.0756 0x2ab8  OneDrive - ok
14:57:30.0838 0x2ab8  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
14:57:30.0929 0x2ab8  HP Deskjet 3520 series (NET) - ok
14:57:30.0931 0x2ab8  Waiting for KSN requests completion. In queue: 72
14:57:31.0999 0x2ab8  AV detected via SS2: Sophos Home, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe ( 10.7.0.0 ), 0x51000 ( enabled : updated )
14:57:32.0017 0x2ab8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
14:57:32.0032 0x2ab8  Win FW state via NFP2: enabled ( trusted )
14:57:32.0132 0x2ab8  ============================================================
14:57:32.0132 0x2ab8  Scan finished
14:57:32.0132 0x2ab8  ============================================================
14:57:32.0137 0x2bdc  Detected object count: 1
14:57:32.0137 0x2bdc  Actual detected object count: 1
14:57:50.0261 0x2bdc  3DG4me ( UnsignedFile.Multi.Generic ) - skipped by user
14:57:50.0261 0x2bdc  3DG4me ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 15.01.2017, 15:01   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.01.2017, 15:25   #12
Spheenix
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



AdwCleaner
Code:
ATTFilter
# AdwCleaner v6.042 - Bericht erstellt am 15/01/2017 um 15:15:58
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-15.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Sebastian - MICASA
# Gestartet von : C:\Users\Sebastian\Desktop\AdwCleaner_6.042.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Users\Sebastian\AppData\Local\SweetLabs App Platform
[-] Ordner gelöscht: C:\ProgramData\pokki
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Pokki
[-] Ordner gelöscht: C:\Users\Default User\AppData\Local\Pokki
[#] Ordner mit Neustart gelöscht: C:\Users\Default\AppData\Local\Pokki
[-] Ordner gelöscht: C:\Users\Sebastian\AppData\Roaming\browsers
[-] Ordner gelöscht: C:\Users\Public\Pokki


***** [ Dateien ] *****

[-] Datei gelöscht: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] Datei gelöscht: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****

[-] Aufgabe gelöscht: SweetLabs App Platform
[-] Aufgabe gelöscht: Software Update Application


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Classes\pokki
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Classes\pokki
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\pokki
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
[-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\SweetLabs App Platform
[-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\SweetLabs App Platform
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\SweetLabs App Platform
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Daten  wiederhergestellt: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Daten  wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Daten  wiederhergestellt: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4CADCACE-1FEB-11E5-825E-28C2DD30DC9C}
[-] Schlüssel gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4CADCACE-1FEB-11E5-825E-28C2DD30DC9C}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4CADCACE-1FEB-11E5-825E-28C2DD30DC9C}
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Wert gelöscht: HKU\S-1-5-21-1585825436-704687126-3158100386-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Schlüssel gelöscht: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Schlüssel gelöscht: HKCU\Software\Classes\Directory\shell\pokki
[-] Schlüssel gelöscht: HKCU\Software\Classes\Drive\shell\pokki
[-] Schlüssel gelöscht: HKCU\Software\Classes\lnkfile\shell\pokki


***** [ Browser ] *****

[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: hamachi.softonic.de
[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: anisearch.de
[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: sven-zw.softonic.de
[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Gelöscht: hxxp://homepage-web.com/?s=acer&m=start


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5437 Bytes] - [15/01/2017 15:15:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [5303 Bytes] - [15/01/2017 15:11:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5583 Bytes] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by Sebastian (Administrator) on 15.01.2017 at 15:20:42,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5 

Successfully deleted: C:\Users\Sebastian\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Sebastian\AppData\Roaming\speedrunnerslog.txt (File) 
Successfully deleted: C:\Users\Sebastian\AppData\Roaming\spi (Folder) 
Successfully deleted: C:\Users\Sebastian\AppData\Roaming\wyupdate au (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)



Registry: 2 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26 (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{389BE386-6D17-4415-8E22-C27781DBF71C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.01.2017 at 15:22:54,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 16.01.2017, 11:01   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



einen neuen Lauf mit adwCleaner zur Kontrolle bitte
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.01.2017, 12:28   #14
Spheenix
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



adwCleaner
Code:
ATTFilter
# AdwCleaner v6.042 - Bericht erstellt am 16/01/2017 um 12:23:29
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-15.1 [Lokal]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Sebastian - MICASA
# Gestartet von : C:\Users\Sebastian\Desktop\AdwCleaner_6.042.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****



***** [ Dateien ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****



***** [ Browser ] *****

[-] [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Gelöscht: hxxp://homepage-web.com/?s=acer&m=start


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5694 Bytes] - [15/01/2017 15:15:57]
C:\AdwCleaner\AdwCleaner[C2].txt - [1142 Bytes] - [16/01/2017 12:23:29]
C:\AdwCleaner\AdwCleaner[S0].txt - [5303 Bytes] - [15/01/2017 15:11:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [1573 Bytes] - [16/01/2017 11:59:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1361 Bytes] ##########
         

Alt 16.01.2017, 13:32   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser Hijacker nova.rumbler.ru gefangen - Standard

Browser Hijacker nova.rumbler.ru gefangen



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Browser Hijacker nova.rumbler.ru gefangen
antivirenprogramm, browser, browser hijacker, ebenfalls, gefangen, gen, gestern, google, hallo zusammen, hijacker, kurzzeitig, manuell, nichts, nova.rambler.ru, problem, programm, rechner, registry, schei, schließe, sophos, versucht, weitergeleitet, zurücksetzen, zusammen, zusätzlich



Ähnliche Themen: Browser Hijacker nova.rumbler.ru gefangen


  1. Windows 8.1 - Versteckter Adware Browser-Hijacker öffnet Werbefenster in jedem Browser - PS4UX.com
    Log-Analyse und Auswertung - 12.08.2016 (1)
  2. Nova Rumbler Virus - Google wechselt in Chrome automatisch zu russischer Seite + Popups
    Plagegeister aller Art und deren Bekämpfung - 27.07.2016 (7)
  3. Browser Hijacker bleibt
    Log-Analyse und Auswertung - 21.04.2016 (1)
  4. Browser Hijacker Terraclicks
    Log-Analyse und Auswertung - 18.01.2016 (27)
  5. Browser Hijacker trovi.com u.a.
    Log-Analyse und Auswertung - 21.02.2015 (25)
  6. Browser Hijacker?
    Plagegeister aller Art und deren Bekämpfung - 19.11.2013 (17)
  7. Browser Hijacker-Wie bekomme ich es weg?
    Log-Analyse und Auswertung - 31.08.2013 (13)
  8. qvo6 Hijacker-Browser?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (11)
  9. Browser Hijacker / Malware
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (4)
  10. Browser Hijacker ?
    Plagegeister aller Art und deren Bekämpfung - 17.06.2007 (10)
  11. browser hijacker
    Mülltonne - 09.04.2007 (1)
  12. rumbler.ru
    Plagegeister aller Art und deren Bekämpfung - 11.08.2006 (7)
  13. Browser HiJacker wer weiss Rat?
    Log-Analyse und Auswertung - 18.09.2005 (5)
  14. Browser Hijacker
    Log-Analyse und Auswertung - 31.01.2005 (3)
  15. Browser-Hijacker
    Log-Analyse und Auswertung - 11.11.2004 (13)
  16. was ist das?? browser hijacker??
    Log-Analyse und Auswertung - 09.11.2004 (2)
  17. Browser Hijacker
    Log-Analyse und Auswertung - 30.06.2004 (5)

Zum Thema Browser Hijacker nova.rumbler.ru gefangen - Hallo zusammen! Ich habe seit gestern Abend das Problem, das ich ständig auf nova.rambler.ru weitergeleitet werde, wenn ich etwas bei Google suche. Ich habe bereits mein Antivirenprogramm Sophos den Rechner - Browser Hijacker nova.rumbler.ru gefangen...
Archiv
Du betrachtest: Browser Hijacker nova.rumbler.ru gefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.