Jump to content

Cmd Pop-Ups after Infection


Recommended Posts

Hi there (i hope thats the correct subforum area),

3 days ago i infected my PC through stupidity - i was running avira, eset, malwarebytes and the windows defender all over the PC the last 2 days and got rid of "everything" i thaught but since yesterday i got 2 cmd windows pop up randomly during the usage of my PC - they are only there for a split of a second so i was running process monitor to get them (i was running a lot of google searches to get solve the problem myself) - but now i´m out of ideas because the 2 processes are looking legit but the Popups are still there and i want to get rid of them and i hope with some professional help to get rid of them.

Best regards Roman

P.S. sry for the "broken" english - i´m from germanyUnbenannt.PNG

Link to post
Share on other sites

Hello MrMisgunst and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites

Hi Kevin - thx for the quick reply and for the help, really appreciated:

 

The Malwarebytes log:
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 08.09.2016
Suchlaufzeit: 22:08
Protokolldatei: 
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.09.08.08
Rootkit-Datenbank: v2016.08.15.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Roman

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 406821
Abgelaufene Zeit: 40 Min., 54 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

 

 

The Rkill Log:

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/08/2016 10:02:04 PM in x64 mode.
Windows Version: Windows 10 Pro 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 09/08/2016 10:04:25 PM
Execution time: 0 hours(s), 2 minute(s), and 21 seconds(s)

 

The FRST log:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von Roman (Administrator) auf T3RRORTROOPER (08-09-2016 22:54:25)
Gestartet von C:\Users\Roman\Desktop
Geladene Profile: Roman (Verfügbare Profile: Roman & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Hammer & Chisel, Inc.) C:\Users\Roman\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Roman\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Roman\AppData\Local\Discord\app-0.0.296\Discord.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-892226439-550228776-773139121-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-892226439-550228776-773139121-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2016-07-01] (Microsoft Corporation)
HKU\S-1-5-21-892226439-550228776-773139121-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-07-01] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-04-03]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar203.lnk [2016-09-08]
ShortcutTarget: Sidebar203.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d6d0d28e-8d6d-44e7-bb39-14ec19b959a5}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\riTscHJS.default
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Avira Browser Safety) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\riTscHJS.default\Extensions\abs@avira.com [2015-04-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-10-16] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-02] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-02-24] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [Datei ist nicht signiert]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-12] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2016-09-08] (Sysinternals - www.sysinternals.com)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-08 22:54 - 2016-09-08 22:55 - 00013617 _____ C:\Users\Roman\Desktop\FRST.txt
2016-09-08 22:54 - 2016-09-08 22:54 - 00000000 ____D C:\FRST
2016-09-08 22:53 - 2016-09-08 22:53 - 02397696 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2016-09-08 22:02 - 2016-09-08 22:04 - 00001996 _____ C:\Users\Roman\Desktop\Rkill.txt
2016-09-08 22:01 - 2016-09-08 22:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roman\Desktop\rkill.exe
2016-09-08 20:32 - 2016-09-08 20:32 - 00092344 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2016-09-08 20:31 - 2016-09-08 20:31 - 00998093 _____ C:\Users\Roman\Downloads\ProcessMonitor.zip
2016-09-08 20:20 - 2016-09-08 20:20 - 01304400 _____ C:\Users\Roman\Downloads\Autoruns.zip
2016-09-08 04:37 - 2016-09-08 04:37 - 00003978 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1473302227
2016-09-08 04:37 - 2016-09-08 04:37 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-08 04:36 - 2016-09-08 04:36 - 00963000 _____ (Opera Software) C:\Users\Roman\Downloads\OperaSetup.exe
2016-09-07 16:09 - 2016-09-07 16:10 - 00410404 _____ C:\WINDOWS\Minidump\090716-36984-01.dmp
2016-09-05 04:17 - 2016-09-05 04:17 - 00000036 _____ C:\Users\Roman\AppData\Local\housecall.guid.cache
2016-09-04 13:48 - 2016-09-04 13:48 - 00028525 _____ C:\ProgramData\1472989695.bdinstall.bin
2016-09-04 09:23 - 2016-09-08 22:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 09:22 - 2016-09-04 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-04 09:22 - 2016-09-04 09:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-04 09:22 - 2016-09-04 09:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-04 09:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-04 09:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-04 09:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-04 08:13 - 2016-09-04 08:13 - 00044326 _____ C:\ProgramData\1472969595.bdinstall.bin
2016-09-04 08:13 - 2016-09-04 08:13 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-09-04 08:12 - 2016-09-04 08:12 - 00000000 ____D C:\Users\Roman\AppData\Roaming\QuickScan
2016-09-04 08:08 - 2016-09-04 08:10 - 00000000 ___HD C:\WINDOWS\AxInstSV
2016-09-03 19:09 - 2016-09-03 19:09 - 00000000 ____D C:\avrescue
2016-09-02 21:32 - 2016-09-02 21:32 - 00000000 ____D C:\Users\Roman\AppData\Local\UCBrowser
2016-09-02 21:30 - 2016-09-02 21:44 - 00000000 ____D C:\Users\Roman\AppData\Local\DailyBee
2016-09-02 21:30 - 2016-09-02 21:30 - 00000002 _____ C:\END
2016-09-02 21:30 - 2016-09-02 21:30 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Softlink
2016-09-02 21:29 - 2016-09-02 21:49 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-09-02 21:28 - 2016-09-02 21:28 - 00138240 _____ C:\Users\Roman\AppData\Roaming\Installer.dat
2016-09-02 21:27 - 2016-09-02 22:02 - 00000000 ___HD C:\Program Files (x86)\SOEasy.5
2016-09-02 21:27 - 2016-09-02 22:01 - 00000000 ___HD C:\Program Files (x86)\SOEasy.4
2016-09-02 21:27 - 2016-09-02 21:27 - 00000000 ____D C:\ProgramData\Avg
2016-09-02 21:26 - 2016-09-02 22:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-01 13:33 - 2016-09-01 13:33 - 00396288 ____H C:\WINDOWS\system32\BITAA35.tmp
2016-09-01 13:33 - 2016-09-01 13:33 - 00396288 ____H C:\WINDOWS\system32\BITA69A.tmp
2016-09-01 06:31 - 2016-09-01 06:31 - 00088319 _____ C:\Users\Roman\Downloads\Luka (Finished).chum5
2016-08-31 15:45 - 2016-08-31 15:45 - 00410268 _____ C:\WINDOWS\Minidump\083116-57937-01.dmp
2016-08-31 15:39 - 2016-08-31 15:39 - 00000000 _____ C:\Users\Roman\AppData\Local\{F04667BD-E8BE-4F52-A0BD-7F9036E40EEB}
2016-08-28 23:20 - 2016-08-28 23:20 - 00087778 _____ C:\Users\Roman\Downloads\Moto_Created_3.chum5
2016-08-28 23:18 - 2016-08-28 23:18 - 00132527 _____ C:\Users\Roman\Downloads\Naberius.chum5
2016-08-28 23:18 - 2016-08-28 23:18 - 00125536 _____ C:\Users\Roman\Downloads\Havoc.chum5
2016-08-28 23:18 - 2016-08-28 23:18 - 00104220 _____ C:\Users\Roman\Downloads\Axel 6-27.chum5
2016-08-26 13:14 - 2016-08-11 13:30 - 00138808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-08-26 13:13 - 2016-05-04 04:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-08-26 13:13 - 2016-05-04 04:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-08-26 13:13 - 2016-05-04 04:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-08-26 13:13 - 2016-05-04 04:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-08-26 13:09 - 2016-08-16 07:45 - 00054728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 40070200 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 35182648 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 34837952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 28236856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 10728856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 10530960 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 10273096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 09086344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 08681720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 08644456 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 02914752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 02553912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437254.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437254.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 01023544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00961080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00945088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00897592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00803096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00694952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00644648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00584712 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00574120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00471424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00442816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00413256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00393664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00348728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00345936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00181488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00159352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00153184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00131536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-08-26 13:09 - 2016-08-11 16:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-08-24 19:09 - 2016-08-24 19:10 - 00407444 _____ C:\WINDOWS\Minidump\082416-45609-01.dmp
2016-08-15 09:24 - 2016-09-08 20:32 - 02135712 _____ (Sysinternals - www.sysinternals.com) C:\Users\Roman\Desktop\Procmon.exe
2016-08-15 09:17 - 2016-09-08 20:32 - 00063582 _____ C:\Users\Roman\Desktop\procmon.chm
2016-08-12 02:00 - 2016-08-12 02:00 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Shadwen
2016-08-10 00:05 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 00:05 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 00:05 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 00:05 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 00:05 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 00:05 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 00:05 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 00:05 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 00:05 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 00:05 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 00:05 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 00:05 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 00:05 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 00:05 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 00:05 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 00:05 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 00:05 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 00:05 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 00:05 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 00:05 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 00:05 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 00:05 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 00:05 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 00:05 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 00:05 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 00:05 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 00:05 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 00:05 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 00:05 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 00:05 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 00:05 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 00:05 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 00:05 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 00:05 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 00:05 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 00:05 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 00:04 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 00:04 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 00:04 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 00:04 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 00:04 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 00:04 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 00:04 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 00:04 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 00:04 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 00:04 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 00:04 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 00:04 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 00:04 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 00:04 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 00:04 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 00:04 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 00:04 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 00:04 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 00:04 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 00:04 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 00:04 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 00:04 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 00:04 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 00:04 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 00:04 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 00:04 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 00:04 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 00:04 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 00:04 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 00:04 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 00:04 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 00:04 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 00:04 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 00:04 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 00:04 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 00:04 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 00:04 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 00:04 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 00:04 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 00:04 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 00:04 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 00:04 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 00:04 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 00:04 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 00:04 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 00:04 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 00:04 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 00:04 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 00:04 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 00:04 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 00:04 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 00:04 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 00:04 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 00:04 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 00:04 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 00:04 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 00:04 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 00:04 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 00:04 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 00:04 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 00:04 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 00:04 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 00:04 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 00:04 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 00:04 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 00:04 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 00:04 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 00:04 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 00:04 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 00:04 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 00:04 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 00:04 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 00:04 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 00:04 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 00:04 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 00:04 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 00:04 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 00:04 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 00:04 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 00:04 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 00:04 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 00:04 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 00:04 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 00:04 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 00:04 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 00:04 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 00:04 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 00:04 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 00:04 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-08 22:44 - 2015-08-07 14:54 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-08 20:32 - 2016-03-03 21:44 - 00007490 _____ C:\Users\Roman\Desktop\Eula.txt
2016-09-08 19:19 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-08 19:08 - 2015-04-01 18:55 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-08 05:06 - 2015-08-07 14:54 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A869755-2A72-4D79-8EA5-71CF6A88E8A0}
2016-09-08 04:37 - 2015-04-01 18:52 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-07 16:09 - 2016-07-30 18:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-07 16:09 - 2016-03-05 17:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-07 16:09 - 2016-03-05 15:00 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-07 16:09 - 2015-04-05 13:23 - 737934093 _____ C:\WINDOWS\MEMORY.DMP
2016-09-07 16:09 - 2015-04-02 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2016-09-06 22:44 - 2016-01-29 14:57 - 00000000 ____D C:\Users\Roman\AppData\Local\CrashDumps
2016-09-05 17:49 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-05 09:07 - 2016-03-05 15:05 - 00000000 ____D C:\Users\Roman
2016-09-05 01:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-05 01:30 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-04 21:49 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-09-04 10:07 - 2016-05-22 08:07 - 00000682 _____ C:\Users\Roman\Desktop\RPG - Verknüpfung.lnk
2016-09-04 10:07 - 2016-05-14 16:22 - 00001119 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chummer5.lnk
2016-09-04 10:07 - 2016-04-28 01:39 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2016-09-04 10:07 - 2016-03-05 15:12 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-04 10:07 - 2016-01-17 18:27 - 00000279 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2016-09-04 10:07 - 2016-01-17 18:23 - 00000758 _____ C:\Users\Roman\Desktop\TARALIA.lnk
2016-09-04 10:07 - 2015-08-07 02:35 - 00002405 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-04 10:07 - 2015-08-07 02:31 - 00001053 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2016-09-04 10:07 - 2015-06-05 10:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002775 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002715 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002703 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002687 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002645 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2016-09-04 08:18 - 2015-04-01 18:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-04 08:05 - 2015-08-07 02:39 - 00000000 ____D C:\Users\Roman\AppData\Local\MicrosoftEdge
2016-09-04 02:51 - 2015-08-07 14:10 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-03 07:06 - 2015-04-30 15:40 - 00000000 ____D C:\ProgramData\Skype
2016-09-03 07:04 - 2016-05-21 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-03 07:04 - 2015-04-30 15:41 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Skype
2016-09-02 22:29 - 2016-05-21 21:11 - 00000000 ____D C:\Users\Roman\AppData\Local\Google
2016-09-02 22:29 - 2016-03-13 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-09-02 22:29 - 2016-03-13 15:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-09-02 22:29 - 2016-03-05 14:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-02 22:29 - 2016-03-05 14:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-09-02 22:29 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help
2016-09-02 22:29 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-09-02 22:29 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-02 22:29 - 2015-10-30 08:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-02 22:29 - 2015-04-01 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-02 22:29 - 2015-04-01 18:57 - 00000000 ____D C:\Users\Roman\AppData\Roaming\IrfanView
2016-09-02 22:28 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-09-02 22:23 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\registration
2016-09-02 22:22 - 2016-03-05 15:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-31 23:04 - 2015-08-17 22:25 - 00000000 ____D C:\Users\Roman\Documents\My Games
2016-08-25 05:15 - 2016-02-20 17:05 - 00000000 ____D C:\Users\Roman\AppData\Roaming\discord
2016-08-25 03:40 - 2016-02-20 17:05 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-25 03:40 - 2016-02-20 17:05 - 00000000 ____D C:\Users\Roman\AppData\Local\Discord
2016-08-24 01:08 - 2015-04-14 10:04 - 00000000 ____D C:\Users\Roman\AppData\Roaming\TS3Client
2016-08-16 17:44 - 2016-01-28 01:14 - 14199352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-08-16 07:45 - 2016-01-28 01:14 - 01588688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-08-16 07:45 - 2016-01-28 01:14 - 00223304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-08-14 11:17 - 2016-03-05 15:04 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-14 11:17 - 2015-10-30 20:35 - 00888028 _____ C:\WINDOWS\system32\perfh007.dat
2016-08-14 11:17 - 2015-10-30 20:35 - 00197112 _____ C:\WINDOWS\system32\perfc007.dat
2016-08-12 20:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 16:33 - 2016-03-13 15:50 - 20208360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 23699584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 17619464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 14476904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 03901520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 03443152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 00040827 _____ C:\WINDOWS\system32\nvinfo.pb
2016-08-11 14:27 - 2016-03-05 15:00 - 06386048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 02468288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-11 14:27 - 2016-03-05 15:00 - 00548920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-11 10:59 - 2015-08-07 02:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 03:13 - 2015-10-30 08:28 - 03670016 ___SH C:\WINDOWS\system32\config\BBI
2016-08-11 03:12 - 2015-10-30 20:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 03:12 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 17:58 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 17:57 - 2015-04-02 11:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 17:51 - 2015-04-02 11:20 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 18:06 - 2016-03-05 15:00 - 07255045 _____ C:\WINDOWS\system32\nvcoproc.bin

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-02 21:28 - 2016-09-02 21:28 - 0138240 _____ () C:\Users\Roman\AppData\Roaming\Installer.dat
2016-09-05 04:17 - 2016-09-05 04:17 - 0000036 _____ () C:\Users\Roman\AppData\Local\housecall.guid.cache
2016-04-19 01:47 - 2016-04-19 02:20 - 0007605 _____ () C:\Users\Roman\AppData\Local\Resmon.ResmonCfg
2016-08-31 15:39 - 2016-08-31 15:39 - 0000000 _____ () C:\Users\Roman\AppData\Local\{F04667BD-E8BE-4F52-A0BD-7F9036E40EEB}
2016-09-04 08:13 - 2016-09-04 08:13 - 0044326 _____ () C:\ProgramData\1472969595.bdinstall.bin
2016-09-04 13:48 - 2016-09-04 13:48 - 0028525 _____ () C:\ProgramData\1472989695.bdinstall.bin
2016-03-05 15:00 - 2016-03-05 15:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Roman\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-09-03 19:20

==================== Ende von FRST.txt ============================

 

The Addition log:

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Roman (08-09-2016 22:56:08)
Gestartet von C:\Users\Roman\Desktop
Windows 10 Pro Version 1511 (X64) (2016-03-05 16:38:40)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-892226439-550228776-773139121-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-892226439-550228776-773139121-503 - Limited - Disabled)
Gast (S-1-5-21-892226439-550228776-773139121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-892226439-550228776-773139121-1002 - Limited - Enabled)
Roman (S-1-5-21-892226439-550228776-773139121-1001 - Administrator - Enabled) => C:\Users\Roman

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

8GadgetPack (HKLM-x32\...\{5D6CB70E-6FA7-4E5E-8A12-06612313E671}) (Version: 18.0.0 - Helmut Buhler)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Discord (HKU\S-1-5-21-892226439-550228776-773139121-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dreadnought (HKLM-x32\...\Dreadnought) (Version: 1.0.0 - Grey Box)
Epic Games Launcher (HKLM-x32\...\{F9E7706A-FCFE-40D2-9B58-45567B3E1F3F}) (Version: 1.1.69.0 - Epic Games, Inc.)
Ghost of a Tale (HKLM\...\Steam App 417290) (Version:  - SeithCG)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 39.0.2256.71 (HKLM-x32\...\Opera 39.0.2256.71) (Version: 39.0.2256.71 - Opera Software)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Shadowrun: Hong Kong - Extended Edition (HKLM\...\Steam App 346940) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
UE4 Prerequisites (HKLM\...\{E8F64548-5B1F-405A-89EA-9D3147E9DE39}) (Version: 1.0.6.0 - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-892226439-550228776-773139121-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Roman\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0007E3D2-9ADB-4BE0-8F04-9750DBDF9100} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {028E81FD-22B5-4983-963D-2F3D88F51C0C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {0C25D5F3-EE00-46B4-A113-26FC0C59804A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1E6550BF-CEB6-44A5-98ED-ABF7C0D016ED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {238F8432-A4E6-47B9-A95D-138BC7D7F6E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {2AB3B6CE-C9FF-4757-A4D5-A10B2D15237D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {2F1A71F4-C7D6-496F-872C-EC912D73EBA4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {2FBA7C67-E620-41C6-A224-FEC9446E1277} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {3EADB767-2D3D-4798-B0A8-20824F6324D5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {68EE312E-2440-43D7-8A48-76DA3ADAFD9B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {7183A5B4-125E-41A1-B118-A683F76A9133} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {72E40E18-17BD-418B-A8DA-BD72DF9E0914} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {7BEC7C82-822E-4EFF-973D-39188C0C15BB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {82A4C4B8-C0C8-4E47-983B-302F28FD7FE5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {85FF4349-8639-49E0-B018-67D240CF9510} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {8AF39AF9-F1C9-4887-B7EA-0354F426189D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {8C15DD13-C538-4C83-9F00-4C222C4F22B5} - System32\Tasks\{B75D0DBA-92FA-4D5B-A699-15BBA2210FD2} => pcalua.exe -a "K:\World of Warships\unins000.exe"
Task: {9659AB1D-F415-4ECE-97B2-AAFE49B0D7A3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {97F43A9A-74C4-44D3-BAD4-04C81339ED5C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {A61073F0-6AC9-4E0E-9432-3558A7D1CE0F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {B132360A-C712-4BF0-B477-910C5CAD21F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {B17C4800-4B18-4066-8070-7A4861C03C05} - System32\Tasks\Opera scheduled Autoupdate 1473302227 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-02] (Opera Software)
Task: {B87437F6-4E4C-454E-8737-41AD61253BEE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {C509D5DF-C9F7-4890-9B7C-D9DE6BC08E7C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {CC8C5D43-F6E4-46D3-851B-263C02E2462F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CF584839-CAA3-415C-A913-5B68792EF777} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {DB391B9A-D479-4D6F-82D6-02235DF0A9E0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {DC79B438-0381-4933-A54B-1081A851EB4F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {E07F2F35-02EB-4EB5-9928-C66687152D1A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {E9697535-871C-41F4-A1F4-06DF266C6CF9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {EB2C31CE-0284-4D58-A0FC-E6E56067E5DD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EB333C74-B6F6-4C2A-A7BB-4E2B09772FCA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {F2874A7A-7F6C-486F-881D-FC6844A93D52} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F391B84C-D181-4C2E-BB71-0B776825FFC6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {F52BE702-4D30-4A24-87DF-742CB1711A70} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {F6071D14-4D0E-49F8-8193-4791866B643D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {F9AEF40A-C9DF-42C5-B3E8-07D6581CA54C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {FA8B8B4B-B792-480D-9F6E-A1060BF937B0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {FEC7605F-2D83-4C89-9905-7308F89FA922} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-05 15:00 - 2016-08-11 14:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-12 22:47 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 22:48 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 22:47 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-05 14:48 - 2016-03-05 14:48 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 22:51 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 22:47 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 22:47 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 22:47 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 19:10 - 2016-04-19 19:10 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-04-01 19:19 - 2016-06-14 22:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-01 19:10 - 2016-08-09 01:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-01 19:10 - 2015-07-02 00:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-01 19:10 - 2016-08-23 21:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-01 19:10 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-01 19:10 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-01 19:10 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-01 19:10 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-01 19:10 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-01 19:10 - 2015-07-02 00:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-01 19:10 - 2015-07-02 00:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-01 19:10 - 2016-08-23 21:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 15:13 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-04-01 19:10 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-01 19:10 - 2015-09-25 01:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-04-19 19:10 - 2016-04-19 19:10 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 19:10 - 2016-04-19 19:10 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-09-08 04:37 - 2016-09-02 11:45 - 69076488 _____ () C:\Program Files (x86)\Opera\39.0.2256.71\opera.dll
2016-09-08 04:37 - 2016-09-02 11:44 - 02209288 _____ () C:\Program Files (x86)\Opera\39.0.2256.71\libglesv2.dll
2016-09-08 04:37 - 2016-09-02 11:44 - 00086024 _____ () C:\Program Files (x86)\Opera\39.0.2256.71\libegl.dll
2016-08-25 03:39 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Roman\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-25 05:15 - 2016-08-25 05:15 - 01050296 _____ () \\?\C:\Users\Roman\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-25 05:15 - 2016-08-25 05:15 - 03793080 _____ () \\?\C:\Users\Roman\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-25 05:15 - 2016-08-25 05:15 - 00894136 _____ () \\?\C:\Users\Roman\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-25 05:15 - 2016-08-25 05:15 - 01119416 _____ () \\?\C:\Users\Roman\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-25 03:39 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Roman\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-25 03:39 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Roman\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-09-08 19:12 - 2016-09-08 19:12 - 00170496 _____ () \\?\C:\Users\Roman\AppData\Local\Temp\27CF.tmp.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-892226439-550228776-773139121-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-892226439-550228776-773139121-1001\...\StartupApproved\StartupFolder: => "Sidebar329.lnk"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{F962895F-5D95-4C2F-8919-22ECA22C41B2}] => (Allow) K:\UPLAY\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{2C0DACC0-D82E-444C-908D-089976DF1DEA}] => (Allow) K:\UPLAY\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{80E5804D-90C5-4FE0-80AF-34EB269C10D8}K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{0F67E87D-D925-45F9-8FAC-BDB4B19DD00B}K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{A14E115E-FD00-47C8-AB0A-FA3794666D57}K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{1A1E8663-1EEE-4789-868C-0218A19C626A}K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{F682495E-75FE-4AFA-9539-3CAA961D38DC}K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E818AA6A-56CF-4EC2-BCB5-13EAD9E79EA4}K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7BBB1938-923D-4CDA-AA93-49E30508E450}K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [TCP Query User{4F47C4B0-CA86-46E7-9974-B10945F589D4}K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{89E91AEB-522F-4157-8725-6631DD6FD3D1}K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [TCP Query User{6767BBCC-1266-4E07-8554-30943164AA58}K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [UDP Query User{69D3B4F7-A60B-4188-ADA3-4D014412DA55}K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{D1B53083-C0A8-40E7-95BB-99C4A27244E2}K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{3DA0444F-F70C-492B-B5A7-87DF2280BF8D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B5ED6688-0DBC-471C-B8CC-2B1587E1B49B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E226801A-512E-45D2-935F-1CEFB32B24D6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EA8BDAFF-FA58-411E-A3D4-62B651A34A4B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{73E984E8-A9B0-4299-B916-695718F25965}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{67727369-BDC4-467C-B838-54AA9A18DCBD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E4FF9700-218B-4311-8E5E-BA8D07D25967}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{531EA950-84B8-46D7-A0CD-6CAB5B157200}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{A984F22E-D135-49EF-8C92-89B587008084}K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe] => (Allow) K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe
FirewallRules: [UDP Query User{8F1BF7B3-C2D0-4814-B4C2-8FD75F3BBAAC}K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe] => (Allow) K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe
FirewallRules: [{0EB7B969-640C-4021-84CA-114D88704C04}] => (Allow) K:\SteamLibrary\steamapps\common\Dex\Dex_EarlyAccess.exe
FirewallRules: [{5C3E4205-C593-4943-921B-886DF12049A6}] => (Allow) K:\SteamLibrary\steamapps\common\Dex\Dex_EarlyAccess.exe
FirewallRules: [TCP Query User{EE3EE003-354F-47DE-B2D8-250E7948CEA5}K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A9E24D0D-65EF-4F12-B1B7-EBC99C8BDDD3}K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{0E917153-79A2-4797-A591-2E031FD484B2}] => (Allow) K:\Heartstone\Hearthstone\Hearthstone.exe
FirewallRules: [{76A3A749-F7FF-4E96-9334-BC8E7F65E930}] => (Allow) K:\Heartstone\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{D63D3878-C17F-4CE0-B4C5-B5AFE426B9F6}K:\world of warships\wowslauncher.exe] => (Allow) K:\world of warships\wowslauncher.exe
FirewallRules: [UDP Query User{02F59A9E-E912-497D-BC4C-ED69AE4F065E}K:\world of warships\wowslauncher.exe] => (Allow) K:\world of warships\wowslauncher.exe
FirewallRules: [{6959D042-5BF2-456C-96D6-31AE589E8BFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C7F100A1-1634-4F89-A067-D84890E04DC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{81F4430F-4C3B-4FD0-88DF-E24791A6D5F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6AAD1850-7EA7-4A3B-AE99-5D660A87E68E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F08AAF3-04DD-45F2-ABF6-76B4EE486D04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3512C26B-A1D7-4524-B51A-D6969CBF3B9E}K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AB56981A-0291-4781-811B-849855D58561}K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1C019BA4-BEDA-4A9A-B76F-B9F94E00F92F}K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{FA95276B-069E-46CE-A89C-38191AD18FFE}K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{702B4215-3FA5-4709-9A8F-408C76FB4496}K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{3853B752-F561-4B4A-8899-79EE46C802FC}K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{B49C68FD-BAE1-443D-9FC6-E660062396D4}K:\dreadnought\dreadnoughtlauncher.exe] => (Allow) K:\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [UDP Query User{09B94B3B-A4A1-4754-BF91-C6B985D4EC2E}K:\dreadnought\dreadnoughtlauncher.exe] => (Allow) K:\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [TCP Query User{030FD1ED-3567-4E0B-827E-784A7837EE2A}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [UDP Query User{A8CFEFCB-2AA4-49EE-8E4E-FF62D7EADBBD}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [TCP Query User{4C039FD5-C953-4E10-A25B-9C1E94EF9E77}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe
FirewallRules: [UDP Query User{8156FC35-1728-4B54-AAFC-92DF00416967}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe
FirewallRules: [TCP Query User{509D23B3-2C32-456A-BA98-ACBDDC98CBAC}K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe] => (Allow) K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe
FirewallRules: [UDP Query User{F4B1FE73-5BBD-4CD2-9975-CE76F456A822}K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe] => (Allow) K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe
FirewallRules: [{339BA4DE-77CD-42D1-BF51-4E4F17320A96}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{BA4DE8DD-62F8-43B9-8630-B5D777FD7B4E}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4094B6A0-C667-40D4-9238-CAA7FBAC0A6D}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{C26255FB-F8A0-4103-B8F0-94898F058887}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{D20EB99A-FB34-419F-B56D-8693296E3086}] => (Allow) K:\SteamLibrary\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{188D1787-CA77-49F1-BFFD-61FA4168B7D1}] => (Allow) K:\SteamLibrary\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{6BE1F394-5A80-4C30-A780-ECC465643086}] => (Allow) K:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{B6012D0B-DC0A-49A1-8AAD-D2FC0A46EE35}] => (Allow) K:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{2BFE5705-F408-4293-8BDA-EF902791A3CA}] => (Allow) K:\SteamLibrary\steamapps\common\Life is Feudal Forest Village\ForestVillage.exe
FirewallRules: [{FC21B849-DD2C-4875-81EC-A0D20AFE44FF}] => (Allow) K:\SteamLibrary\steamapps\common\Life is Feudal Forest Village\ForestVillage.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: PS/2-Standardtastatur
Description: PS/2-Standardtastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Coprozessor
Description: Coprozessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/08/2016 10:52:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: T3RRORTROOPER)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/08/2016 10:52:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: T3RRORTROOPER)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/06/2016 10:44:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0xe1b8
Startzeit der fehlerhaften Anwendung: 0x01d2087df02ed614
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 42e45414-e0a4-4aa1-81c1-92106f9d2f4b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/04/2016 03:48:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0x7df8
Startzeit der fehlerhaften Anwendung: 0x01d2064e6df7ab85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 6140a76a-4571-4689-a79b-7e81eef7f9fc
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/03/2016 01:45:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0x1b1c
Startzeit der fehlerhaften Anwendung: 0x01d20572ca7c90be
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: e107c49a-3997-4a05-be5c-f670cf7ab69d
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/03/2016 01:35:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0x2668
Startzeit der fehlerhaften Anwendung: 0x01d2056137bc700b
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 20724152-0016-4bab-a960-c8774648a778
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/02/2016 10:34:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1760) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\WINDOWS\system32\SRU\SRU00D51.log.

Error: (09/02/2016 10:17:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (09/02/2016 10:14:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 15.0.19.163 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2a64

Startzeit: 01d205523c2ff891

Beendigungszeit: 60000

Anwendungspfad: C:\Program Files (x86)\Avira\Antivirus\avscan.exe

Berichts-ID: a07b5284-7149-11e6-9d10-002268685522

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (09/02/2016 10:11:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 10.0.10586.494 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1638

Startzeit: 01d20551c71a3c01

Beendigungszeit: 0

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 92304244-7147-11e6-9d10-002268685522

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:


Systemfehler:
=============
Error: (09/08/2016 10:52:03 AM) (Source: DCOM) (EventID: 10010) (User: T3RRORTROOPER)
Description: Der Server "CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/08/2016 10:52:03 AM) (Source: DCOM) (EventID: 10010) (User: T3RRORTROOPER)
Description: Der Server "microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/08/2016 10:51:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_2e8eb80 erreicht.

Error: (09/08/2016 10:51:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Benutzerdatenspeicher _2e8eb80 erreicht.

Error: (09/08/2016 10:51:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_2e8eb80" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 10:51:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _2e8eb80" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 10:51:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_2e8eb80" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 10:51:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_2e8eb80" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 06:28:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_46dc10" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 06:28:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _46dc10" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-09-05 04:58:55.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-02 22:41:05.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-02 21:38:42.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-02 04:33:03.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 10:57:29.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 01:01:09.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-15 03:25:54.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 11:39:14.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-22 22:50:28.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-18 04:16:28.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Prozentuale Nutzung des RAM: 59%
Installierter physikalischer RAM: 6143.22 MB
Verfügbarer physikalischer RAM: 2495.93 MB
Summe virtueller Speicher: 12287.22 MB
Verfügbarer virtueller Speicher: 7721.86 MB

==================== Laufwerke ================================

Drive c: (SYSTEMCORE) (Fixed) (Total:490.3 GB) (Free:451.29 GB) NTFS
Drive d: (DATA HEAVEN) (Fixed) (Total:205.08 GB) (Free:202.3 GB) NTFS
Drive e: (MINDCLUSTER) (Fixed) (Total:351.56 GB) (Free:350.57 GB) NTFS
Drive f: (EMERGENCY CASE) (Fixed) (Total:374.87 GB) (Free:374.73 GB) NTFS
Drive g: (MUSICLOUNGE) (Fixed) (Total:440.77 GB) (Free:377.49 GB) NTFS
Drive k: (GAMESCUBE) (Fixed) (Total:931.51 GB) (Free:791.54 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ED815CE4)
Partition 1: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=351.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=374.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FAFD00E8)
Partition 1: (Not Active) - (Size=490.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=440.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 52D3E3E7)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Hi Kevin - thx for the quick reply and for the help, really appreciated:

 

The Malwarebytes log:
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 08.09.2016
Suchlaufzeit: 22:08
Protokolldatei: 
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.09.08.08
Rootkit-Datenbank: v2016.08.15.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Roman

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 406821
Abgelaufene Zeit: 40 Min., 54 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

 

 

The Rkill Log:

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/08/2016 10:02:04 PM in x64 mode.
Windows Version: Windows 10 Pro 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 09/08/2016 10:04:25 PM
Execution time: 0 hours(s), 2 minute(s), and 21 seconds(s)

 

The FRST log:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von Roman (Administrator) auf T3RRORTROOPER (08-09-2016 22:54:25)
Gestartet von C:\Users\Roman\Desktop
Geladene Profile: Roman (Verfügbare Profile: Roman & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Hammer & Chisel, Inc.) C:\Users\Roman\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Roman\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Roman\AppData\Local\Discord\app-0.0.296\Discord.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-892226439-550228776-773139121-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-892226439-550228776-773139121-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2016-07-01] (Microsoft Corporation)
HKU\S-1-5-21-892226439-550228776-773139121-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-07-01] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-04-03]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar203.lnk [2016-09-08]
ShortcutTarget: Sidebar203.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d6d0d28e-8d6d-44e7-bb39-14ec19b959a5}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\riTscHJS.default
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Avira Browser Safety) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\riTscHJS.default\Extensions\abs@avira.com [2015-04-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-10-16] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-02] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-02-24] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [Datei ist nicht signiert]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-12] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2016-09-08] (Sysinternals - www.sysinternals.com)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-08 22:54 - 2016-09-08 22:55 - 00013617 _____ C:\Users\Roman\Desktop\FRST.txt
2016-09-08 22:54 - 2016-09-08 22:54 - 00000000 ____D C:\FRST
2016-09-08 22:53 - 2016-09-08 22:53 - 02397696 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2016-09-08 22:02 - 2016-09-08 22:04 - 00001996 _____ C:\Users\Roman\Desktop\Rkill.txt
2016-09-08 22:01 - 2016-09-08 22:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roman\Desktop\rkill.exe
2016-09-08 20:32 - 2016-09-08 20:32 - 00092344 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2016-09-08 20:31 - 2016-09-08 20:31 - 00998093 _____ C:\Users\Roman\Downloads\ProcessMonitor.zip
2016-09-08 20:20 - 2016-09-08 20:20 - 01304400 _____ C:\Users\Roman\Downloads\Autoruns.zip
2016-09-08 04:37 - 2016-09-08 04:37 - 00003978 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1473302227
2016-09-08 04:37 - 2016-09-08 04:37 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-08 04:36 - 2016-09-08 04:36 - 00963000 _____ (Opera Software) C:\Users\Roman\Downloads\OperaSetup.exe
2016-09-07 16:09 - 2016-09-07 16:10 - 00410404 _____ C:\WINDOWS\Minidump\090716-36984-01.dmp
2016-09-05 04:17 - 2016-09-05 04:17 - 00000036 _____ C:\Users\Roman\AppData\Local\housecall.guid.cache
2016-09-04 13:48 - 2016-09-04 13:48 - 00028525 _____ C:\ProgramData\1472989695.bdinstall.bin
2016-09-04 09:23 - 2016-09-08 22:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 09:22 - 2016-09-04 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-04 09:22 - 2016-09-04 09:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-04 09:22 - 2016-09-04 09:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-04 09:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-04 09:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-04 09:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-04 08:13 - 2016-09-04 08:13 - 00044326 _____ C:\ProgramData\1472969595.bdinstall.bin
2016-09-04 08:13 - 2016-09-04 08:13 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-09-04 08:12 - 2016-09-04 08:12 - 00000000 ____D C:\Users\Roman\AppData\Roaming\QuickScan
2016-09-04 08:08 - 2016-09-04 08:10 - 00000000 ___HD C:\WINDOWS\AxInstSV
2016-09-03 19:09 - 2016-09-03 19:09 - 00000000 ____D C:\avrescue
2016-09-02 21:32 - 2016-09-02 21:32 - 00000000 ____D C:\Users\Roman\AppData\Local\UCBrowser
2016-09-02 21:30 - 2016-09-02 21:44 - 00000000 ____D C:\Users\Roman\AppData\Local\DailyBee
2016-09-02 21:30 - 2016-09-02 21:30 - 00000002 _____ C:\END
2016-09-02 21:30 - 2016-09-02 21:30 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Softlink
2016-09-02 21:29 - 2016-09-02 21:49 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-09-02 21:28 - 2016-09-02 21:28 - 00138240 _____ C:\Users\Roman\AppData\Roaming\Installer.dat
2016-09-02 21:27 - 2016-09-02 22:02 - 00000000 ___HD C:\Program Files (x86)\SOEasy.5
2016-09-02 21:27 - 2016-09-02 22:01 - 00000000 ___HD C:\Program Files (x86)\SOEasy.4
2016-09-02 21:27 - 2016-09-02 21:27 - 00000000 ____D C:\ProgramData\Avg
2016-09-02 21:26 - 2016-09-02 22:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-01 13:33 - 2016-09-01 13:33 - 00396288 ____H C:\WINDOWS\system32\BITAA35.tmp
2016-09-01 13:33 - 2016-09-01 13:33 - 00396288 ____H C:\WINDOWS\system32\BITA69A.tmp
2016-09-01 06:31 - 2016-09-01 06:31 - 00088319 _____ C:\Users\Roman\Downloads\Luka (Finished).chum5
2016-08-31 15:45 - 2016-08-31 15:45 - 00410268 _____ C:\WINDOWS\Minidump\083116-57937-01.dmp
2016-08-31 15:39 - 2016-08-31 15:39 - 00000000 _____ C:\Users\Roman\AppData\Local\{F04667BD-E8BE-4F52-A0BD-7F9036E40EEB}
2016-08-28 23:20 - 2016-08-28 23:20 - 00087778 _____ C:\Users\Roman\Downloads\Moto_Created_3.chum5
2016-08-28 23:18 - 2016-08-28 23:18 - 00132527 _____ C:\Users\Roman\Downloads\Naberius.chum5
2016-08-28 23:18 - 2016-08-28 23:18 - 00125536 _____ C:\Users\Roman\Downloads\Havoc.chum5
2016-08-28 23:18 - 2016-08-28 23:18 - 00104220 _____ C:\Users\Roman\Downloads\Axel 6-27.chum5
2016-08-26 13:14 - 2016-08-11 13:30 - 00138808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-08-26 13:13 - 2016-05-04 04:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-08-26 13:13 - 2016-05-04 04:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-08-26 13:13 - 2016-05-04 04:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-08-26 13:13 - 2016-05-04 04:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-08-26 13:09 - 2016-08-16 07:45 - 00054728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 40070200 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 35182648 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 34837952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 28236856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 10728856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 10530960 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 10273096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 09086344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 08681720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 08644456 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 02914752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 02553912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437254.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437254.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 01023544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00961080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00945088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00897592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00803096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00694952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00644648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00584712 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00574120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00471424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00442816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00413256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00393664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00348728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00345936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00181488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00159352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00153184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00131536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-08-26 13:09 - 2016-08-11 16:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-08-24 19:09 - 2016-08-24 19:10 - 00407444 _____ C:\WINDOWS\Minidump\082416-45609-01.dmp
2016-08-15 09:24 - 2016-09-08 20:32 - 02135712 _____ (Sysinternals - www.sysinternals.com) C:\Users\Roman\Desktop\Procmon.exe
2016-08-15 09:17 - 2016-09-08 20:32 - 00063582 _____ C:\Users\Roman\Desktop\procmon.chm
2016-08-12 02:00 - 2016-08-12 02:00 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Shadwen
2016-08-10 00:05 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 00:05 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 00:05 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 00:05 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 00:05 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 00:05 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 00:05 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 00:05 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 00:05 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 00:05 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 00:05 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 00:05 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 00:05 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 00:05 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 00:05 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 00:05 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 00:05 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 00:05 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 00:05 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 00:05 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 00:05 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 00:05 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 00:05 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 00:05 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 00:05 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 00:05 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 00:05 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 00:05 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 00:05 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 00:05 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 00:05 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 00:05 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 00:05 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 00:05 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 00:05 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 00:05 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 00:04 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 00:04 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 00:04 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 00:04 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 00:04 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 00:04 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 00:04 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 00:04 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 00:04 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 00:04 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 00:04 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 00:04 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 00:04 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 00:04 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 00:04 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 00:04 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 00:04 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 00:04 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 00:04 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 00:04 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 00:04 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 00:04 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 00:04 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 00:04 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 00:04 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 00:04 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 00:04 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 00:04 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 00:04 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 00:04 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 00:04 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 00:04 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 00:04 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 00:04 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 00:04 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 00:04 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 00:04 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 00:04 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 00:04 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 00:04 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 00:04 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 00:04 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 00:04 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 00:04 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 00:04 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 00:04 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 00:04 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 00:04 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 00:04 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 00:04 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 00:04 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 00:04 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 00:04 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 00:04 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 00:04 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 00:04 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 00:04 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 00:04 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 00:04 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 00:04 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 00:04 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 00:04 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 00:04 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 00:04 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 00:04 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 00:04 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 00:04 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 00:04 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 00:04 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 00:04 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 00:04 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 00:04 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 00:04 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 00:04 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 00:04 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 00:04 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 00:04 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 00:04 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 00:04 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 00:04 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 00:04 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 00:04 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 00:04 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 00:04 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 00:04 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 00:04 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 00:04 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 00:04 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 00:04 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-08 22:44 - 2015-08-07 14:54 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-08 20:32 - 2016-03-03 21:44 - 00007490 _____ C:\Users\Roman\Desktop\Eula.txt
2016-09-08 19:19 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-08 19:08 - 2015-04-01 18:55 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-08 05:06 - 2015-08-07 14:54 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A869755-2A72-4D79-8EA5-71CF6A88E8A0}
2016-09-08 04:37 - 2015-04-01 18:52 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-07 16:09 - 2016-07-30 18:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-07 16:09 - 2016-03-05 17:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-07 16:09 - 2016-03-05 15:00 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-07 16:09 - 2015-04-05 13:23 - 737934093 _____ C:\WINDOWS\MEMORY.DMP
2016-09-07 16:09 - 2015-04-02 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2016-09-06 22:44 - 2016-01-29 14:57 - 00000000 ____D C:\Users\Roman\AppData\Local\CrashDumps
2016-09-05 17:49 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-05 09:07 - 2016-03-05 15:05 - 00000000 ____D C:\Users\Roman
2016-09-05 01:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-05 01:30 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-04 21:49 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-09-04 10:07 - 2016-05-22 08:07 - 00000682 _____ C:\Users\Roman\Desktop\RPG - Verknüpfung.lnk
2016-09-04 10:07 - 2016-05-14 16:22 - 00001119 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chummer5.lnk
2016-09-04 10:07 - 2016-04-28 01:39 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2016-09-04 10:07 - 2016-03-05 15:12 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-04 10:07 - 2016-01-17 18:27 - 00000279 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2016-09-04 10:07 - 2016-01-17 18:23 - 00000758 _____ C:\Users\Roman\Desktop\TARALIA.lnk
2016-09-04 10:07 - 2015-08-07 02:35 - 00002405 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-04 10:07 - 2015-08-07 02:31 - 00001053 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2016-09-04 10:07 - 2015-06-05 10:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002775 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002715 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002703 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002687 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002645 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2016-09-04 08:18 - 2015-04-01 18:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-04 08:05 - 2015-08-07 02:39 - 00000000 ____D C:\Users\Roman\AppData\Local\MicrosoftEdge
2016-09-04 02:51 - 2015-08-07 14:10 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-03 07:06 - 2015-04-30 15:40 - 00000000 ____D C:\ProgramData\Skype
2016-09-03 07:04 - 2016-05-21 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-03 07:04 - 2015-04-30 15:41 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Skype
2016-09-02 22:29 - 2016-05-21 21:11 - 00000000 ____D C:\Users\Roman\AppData\Local\Google
2016-09-02 22:29 - 2016-03-13 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-09-02 22:29 - 2016-03-13 15:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-09-02 22:29 - 2016-03-05 14:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-02 22:29 - 2016-03-05 14:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-09-02 22:29 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help
2016-09-02 22:29 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-09-02 22:29 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-02 22:29 - 2015-10-30 08:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-02 22:29 - 2015-04-01 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-02 22:29 - 2015-04-01 18:57 - 00000000 ____D C:\Users\Roman\AppData\Roaming\IrfanView
2016-09-02 22:28 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-09-02 22:23 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\registration
2016-09-02 22:22 - 2016-03-05 15:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-31 23:04 - 2015-08-17 22:25 - 00000000 ____D C:\Users\Roman\Documents\My Games
2016-08-25 05:15 - 2016-02-20 17:05 - 00000000 ____D C:\Users\Roman\AppData\Roaming\discord
2016-08-25 03:40 - 2016-02-20 17:05 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-25 03:40 - 2016-02-20 17:05 - 00000000 ____D C:\Users\Roman\AppData\Local\Discord
2016-08-24 01:08 - 2015-04-14 10:04 - 00000000 ____D C:\Users\Roman\AppData\Roaming\TS3Client
2016-08-16 17:44 - 2016-01-28 01:14 - 14199352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-08-16 07:45 - 2016-01-28 01:14 - 01588688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-08-16 07:45 - 2016-01-28 01:14 - 00223304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-08-14 11:17 - 2016-03-05 15:04 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-14 11:17 - 2015-10-30 20:35 - 00888028 _____ C:\WINDOWS\system32\perfh007.dat
2016-08-14 11:17 - 2015-10-30 20:35 - 00197112 _____ C:\WINDOWS\system32\perfc007.dat
2016-08-12 20:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 16:33 - 2016-03-13 15:50 - 20208360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 23699584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 17619464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 14476904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 03901520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 03443152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 00040827 _____ C:\WINDOWS\system32\nvinfo.pb
2016-08-11 14:27 - 2016-03-05 15:00 - 06386048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 02468288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-11 14:27 - 2016-03-05 15:00 - 00548920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-11 10:59 - 2015-08-07 02:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 03:13 - 2015-10-30 08:28 - 03670016 ___SH C:\WINDOWS\system32\config\BBI
2016-08-11 03:12 - 2015-10-30 20:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 03:12 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 17:58 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 17:57 - 2015-04-02 11:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 17:51 - 2015-04-02 11:20 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 18:06 - 2016-03-05 15:00 - 07255045 _____ C:\WINDOWS\system32\nvcoproc.bin

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-02 21:28 - 2016-09-02 21:28 - 0138240 _____ () C:\Users\Roman\AppData\Roaming\Installer.dat
2016-09-05 04:17 - 2016-09-05 04:17 - 0000036 _____ () C:\Users\Roman\AppData\Local\housecall.guid.cache
2016-04-19 01:47 - 2016-04-19 02:20 - 0007605 _____ () C:\Users\Roman\AppData\Local\Resmon.ResmonCfg
2016-08-31 15:39 - 2016-08-31 15:39 - 0000000 _____ () C:\Users\Roman\AppData\Local\{F04667BD-E8BE-4F52-A0BD-7F9036E40EEB}
2016-09-04 08:13 - 2016-09-04 08:13 - 0044326 _____ () C:\ProgramData\1472969595.bdinstall.bin
2016-09-04 13:48 - 2016-09-04 13:48 - 0028525 _____ () C:\ProgramData\1472989695.bdinstall.bin
2016-03-05 15:00 - 2016-03-05 15:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Roman\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-09-03 19:20

==================== Ende von FRST.txt ============================

 

The Addition log:

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Roman (08-09-2016 22:56:08)
Gestartet von C:\Users\Roman\Desktop
Windows 10 Pro Version 1511 (X64) (2016-03-05 16:38:40)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-892226439-550228776-773139121-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-892226439-550228776-773139121-503 - Limited - Disabled)
Gast (S-1-5-21-892226439-550228776-773139121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-892226439-550228776-773139121-1002 - Limited - Enabled)
Roman (S-1-5-21-892226439-550228776-773139121-1001 - Administrator - Enabled) => C:\Users\Roman

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

8GadgetPack (HKLM-x32\...\{5D6CB70E-6FA7-4E5E-8A12-06612313E671}) (Version: 18.0.0 - Helmut Buhler)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Discord (HKU\S-1-5-21-892226439-550228776-773139121-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dreadnought (HKLM-x32\...\Dreadnought) (Version: 1.0.0 - Grey Box)
Epic Games Launcher (HKLM-x32\...\{F9E7706A-FCFE-40D2-9B58-45567B3E1F3F}) (Version: 1.1.69.0 - Epic Games, Inc.)
Ghost of a Tale (HKLM\...\Steam App 417290) (Version:  - SeithCG)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 39.0.2256.71 (HKLM-x32\...\Opera 39.0.2256.71) (Version: 39.0.2256.71 - Opera Software)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Shadowrun: Hong Kong - Extended Edition (HKLM\...\Steam App 346940) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
UE4 Prerequisites (HKLM\...\{E8F64548-5B1F-405A-89EA-9D3147E9DE39}) (Version: 1.0.6.0 - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-892226439-550228776-773139121-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Roman\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0007E3D2-9ADB-4BE0-8F04-9750DBDF9100} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {028E81FD-22B5-4983-963D-2F3D88F51C0C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {0C25D5F3-EE00-46B4-A113-26FC0C59804A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1E6550BF-CEB6-44A5-98ED-ABF7C0D016ED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {238F8432-A4E6-47B9-A95D-138BC7D7F6E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {2AB3B6CE-C9FF-4757-A4D5-A10B2D15237D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {2F1A71F4-C7D6-496F-872C-EC912D73EBA4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {2FBA7C67-E620-41C6-A224-FEC9446E1277} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {3EADB767-2D3D-4798-B0A8-20824F6324D5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {68EE312E-2440-43D7-8A48-76DA3ADAFD9B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {7183A5B4-125E-41A1-B118-A683F76A9133} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {72E40E18-17BD-418B-A8DA-BD72DF9E0914} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {7BEC7C82-822E-4EFF-973D-39188C0C15BB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {82A4C4B8-C0C8-4E47-983B-302F28FD7FE5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {85FF4349-8639-49E0-B018-67D240CF9510} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {8AF39AF9-F1C9-4887-B7EA-0354F426189D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {8C15DD13-C538-4C83-9F00-4C222C4F22B5} - System32\Tasks\{B75D0DBA-92FA-4D5B-A699-15BBA2210FD2} => pcalua.exe -a "K:\World of Warships\unins000.exe"
Task: {9659AB1D-F415-4ECE-97B2-AAFE49B0D7A3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {97F43A9A-74C4-44D3-BAD4-04C81339ED5C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {A61073F0-6AC9-4E0E-9432-3558A7D1CE0F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {B132360A-C712-4BF0-B477-910C5CAD21F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {B17C4800-4B18-4066-8070-7A4861C03C05} - System32\Tasks\Opera scheduled Autoupdate 1473302227 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-02] (Opera Software)
Task: {B87437F6-4E4C-454E-8737-41AD61253BEE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {C509D5DF-C9F7-4890-9B7C-D9DE6BC08E7C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {CC8C5D43-F6E4-46D3-851B-263C02E2462F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CF584839-CAA3-415C-A913-5B68792EF777} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {DB391B9A-D479-4D6F-82D6-02235DF0A9E0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {DC79B438-0381-4933-A54B-1081A851EB4F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {E07F2F35-02EB-4EB5-9928-C66687152D1A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {E9697535-871C-41F4-A1F4-06DF266C6CF9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {EB2C31CE-0284-4D58-A0FC-E6E56067E5DD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EB333C74-B6F6-4C2A-A7BB-4E2B09772FCA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {F2874A7A-7F6C-486F-881D-FC6844A93D52} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F391B84C-D181-4C2E-BB71-0B776825FFC6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {F52BE702-4D30-4A24-87DF-742CB1711A70} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {F6071D14-4D0E-49F8-8193-4791866B643D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {F9AEF40A-C9DF-42C5-B3E8-07D6581CA54C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {FA8B8B4B-B792-480D-9F6E-A1060BF937B0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {FEC7605F-2D83-4C89-9905-7308F89FA922} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-05 15:00 - 2016-08-11 14:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-12 22:47 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 22:48 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 22:47 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-05 14:48 - 2016-03-05 14:48 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 22:51 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 22:47 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 22:47 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 22:47 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 19:10 - 2016-04-19 19:10 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-04-01 19:19 - 2016-06-14 22:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-01 19:10 - 2016-08-09 01:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-01 19:10 - 2015-07-02 00:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-01 19:10 - 2016-08-23 21:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-01 19:10 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-01 19:10 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-01 19:10 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-01 19:10 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-01 19:10 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-01 19:10 - 2015-07-02 00:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-01 19:10 - 2015-07-02 00:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-01 19:10 - 2016-08-23 21:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 15:13 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-04-01 19:10 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-01 19:10 - 2015-09-25 01:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-04-19 19:10 - 2016-04-19 19:10 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 19:10 - 2016-04-19 19:10 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-09-08 04:37 - 2016-09-02 11:45 - 69076488 _____ () C:\Program Files (x86)\Opera\39.0.2256.71\opera.dll
2016-09-08 04:37 - 2016-09-02 11:44 - 02209288 _____ () C:\Program Files (x86)\Opera\39.0.2256.71\libglesv2.dll
2016-09-08 04:37 - 2016-09-02 11:44 - 00086024 _____ () C:\Program Files (x86)\Opera\39.0.2256.71\libegl.dll
2016-08-25 03:39 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Roman\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-25 05:15 - 2016-08-25 05:15 - 01050296 _____ () \\?\C:\Users\Roman\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-25 05:15 - 2016-08-25 05:15 - 03793080 _____ () \\?\C:\Users\Roman\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-25 05:15 - 2016-08-25 05:15 - 00894136 _____ () \\?\C:\Users\Roman\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-25 05:15 - 2016-08-25 05:15 - 01119416 _____ () \\?\C:\Users\Roman\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-25 03:39 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Roman\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-25 03:39 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Roman\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-09-08 19:12 - 2016-09-08 19:12 - 00170496 _____ () \\?\C:\Users\Roman\AppData\Local\Temp\27CF.tmp.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-892226439-550228776-773139121-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-892226439-550228776-773139121-1001\...\StartupApproved\StartupFolder: => "Sidebar329.lnk"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{F962895F-5D95-4C2F-8919-22ECA22C41B2}] => (Allow) K:\UPLAY\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{2C0DACC0-D82E-444C-908D-089976DF1DEA}] => (Allow) K:\UPLAY\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{80E5804D-90C5-4FE0-80AF-34EB269C10D8}K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{0F67E87D-D925-45F9-8FAC-BDB4B19DD00B}K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{A14E115E-FD00-47C8-AB0A-FA3794666D57}K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{1A1E8663-1EEE-4789-868C-0218A19C626A}K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{F682495E-75FE-4AFA-9539-3CAA961D38DC}K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E818AA6A-56CF-4EC2-BCB5-13EAD9E79EA4}K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7BBB1938-923D-4CDA-AA93-49E30508E450}K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [TCP Query User{4F47C4B0-CA86-46E7-9974-B10945F589D4}K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{89E91AEB-522F-4157-8725-6631DD6FD3D1}K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [TCP Query User{6767BBCC-1266-4E07-8554-30943164AA58}K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [UDP Query User{69D3B4F7-A60B-4188-ADA3-4D014412DA55}K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{D1B53083-C0A8-40E7-95BB-99C4A27244E2}K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{3DA0444F-F70C-492B-B5A7-87DF2280BF8D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B5ED6688-0DBC-471C-B8CC-2B1587E1B49B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E226801A-512E-45D2-935F-1CEFB32B24D6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EA8BDAFF-FA58-411E-A3D4-62B651A34A4B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{73E984E8-A9B0-4299-B916-695718F25965}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{67727369-BDC4-467C-B838-54AA9A18DCBD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E4FF9700-218B-4311-8E5E-BA8D07D25967}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{531EA950-84B8-46D7-A0CD-6CAB5B157200}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{A984F22E-D135-49EF-8C92-89B587008084}K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe] => (Allow) K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe
FirewallRules: [UDP Query User{8F1BF7B3-C2D0-4814-B4C2-8FD75F3BBAAC}K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe] => (Allow) K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe
FirewallRules: [{0EB7B969-640C-4021-84CA-114D88704C04}] => (Allow) K:\SteamLibrary\steamapps\common\Dex\Dex_EarlyAccess.exe
FirewallRules: [{5C3E4205-C593-4943-921B-886DF12049A6}] => (Allow) K:\SteamLibrary\steamapps\common\Dex\Dex_EarlyAccess.exe
FirewallRules: [TCP Query User{EE3EE003-354F-47DE-B2D8-250E7948CEA5}K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A9E24D0D-65EF-4F12-B1B7-EBC99C8BDDD3}K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{0E917153-79A2-4797-A591-2E031FD484B2}] => (Allow) K:\Heartstone\Hearthstone\Hearthstone.exe
FirewallRules: [{76A3A749-F7FF-4E96-9334-BC8E7F65E930}] => (Allow) K:\Heartstone\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{D63D3878-C17F-4CE0-B4C5-B5AFE426B9F6}K:\world of warships\wowslauncher.exe] => (Allow) K:\world of warships\wowslauncher.exe
FirewallRules: [UDP Query User{02F59A9E-E912-497D-BC4C-ED69AE4F065E}K:\world of warships\wowslauncher.exe] => (Allow) K:\world of warships\wowslauncher.exe
FirewallRules: [{6959D042-5BF2-456C-96D6-31AE589E8BFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C7F100A1-1634-4F89-A067-D84890E04DC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{81F4430F-4C3B-4FD0-88DF-E24791A6D5F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6AAD1850-7EA7-4A3B-AE99-5D660A87E68E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F08AAF3-04DD-45F2-ABF6-76B4EE486D04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3512C26B-A1D7-4524-B51A-D6969CBF3B9E}K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AB56981A-0291-4781-811B-849855D58561}K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1C019BA4-BEDA-4A9A-B76F-B9F94E00F92F}K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{FA95276B-069E-46CE-A89C-38191AD18FFE}K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{702B4215-3FA5-4709-9A8F-408C76FB4496}K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{3853B752-F561-4B4A-8899-79EE46C802FC}K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{B49C68FD-BAE1-443D-9FC6-E660062396D4}K:\dreadnought\dreadnoughtlauncher.exe] => (Allow) K:\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [UDP Query User{09B94B3B-A4A1-4754-BF91-C6B985D4EC2E}K:\dreadnought\dreadnoughtlauncher.exe] => (Allow) K:\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [TCP Query User{030FD1ED-3567-4E0B-827E-784A7837EE2A}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [UDP Query User{A8CFEFCB-2AA4-49EE-8E4E-FF62D7EADBBD}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [TCP Query User{4C039FD5-C953-4E10-A25B-9C1E94EF9E77}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe
FirewallRules: [UDP Query User{8156FC35-1728-4B54-AAFC-92DF00416967}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe
FirewallRules: [TCP Query User{509D23B3-2C32-456A-BA98-ACBDDC98CBAC}K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe] => (Allow) K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe
FirewallRules: [UDP Query User{F4B1FE73-5BBD-4CD2-9975-CE76F456A822}K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe] => (Allow) K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe
FirewallRules: [{339BA4DE-77CD-42D1-BF51-4E4F17320A96}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{BA4DE8DD-62F8-43B9-8630-B5D777FD7B4E}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4094B6A0-C667-40D4-9238-CAA7FBAC0A6D}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{C26255FB-F8A0-4103-B8F0-94898F058887}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{D20EB99A-FB34-419F-B56D-8693296E3086}] => (Allow) K:\SteamLibrary\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{188D1787-CA77-49F1-BFFD-61FA4168B7D1}] => (Allow) K:\SteamLibrary\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{6BE1F394-5A80-4C30-A780-ECC465643086}] => (Allow) K:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{B6012D0B-DC0A-49A1-8AAD-D2FC0A46EE35}] => (Allow) K:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{2BFE5705-F408-4293-8BDA-EF902791A3CA}] => (Allow) K:\SteamLibrary\steamapps\common\Life is Feudal Forest Village\ForestVillage.exe
FirewallRules: [{FC21B849-DD2C-4875-81EC-A0D20AFE44FF}] => (Allow) K:\SteamLibrary\steamapps\common\Life is Feudal Forest Village\ForestVillage.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: PS/2-Standardtastatur
Description: PS/2-Standardtastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Coprozessor
Description: Coprozessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/08/2016 10:52:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: T3RRORTROOPER)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/08/2016 10:52:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: T3RRORTROOPER)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/06/2016 10:44:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0xe1b8
Startzeit der fehlerhaften Anwendung: 0x01d2087df02ed614
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 42e45414-e0a4-4aa1-81c1-92106f9d2f4b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/04/2016 03:48:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0x7df8
Startzeit der fehlerhaften Anwendung: 0x01d2064e6df7ab85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 6140a76a-4571-4689-a79b-7e81eef7f9fc
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/03/2016 01:45:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0x1b1c
Startzeit der fehlerhaften Anwendung: 0x01d20572ca7c90be
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: e107c49a-3997-4a05-be5c-f670cf7ab69d
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/03/2016 01:35:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0x2668
Startzeit der fehlerhaften Anwendung: 0x01d2056137bc700b
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 20724152-0016-4bab-a960-c8774648a778
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/02/2016 10:34:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1760) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\WINDOWS\system32\SRU\SRU00D51.log.

Error: (09/02/2016 10:17:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (09/02/2016 10:14:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 15.0.19.163 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2a64

Startzeit: 01d205523c2ff891

Beendigungszeit: 60000

Anwendungspfad: C:\Program Files (x86)\Avira\Antivirus\avscan.exe

Berichts-ID: a07b5284-7149-11e6-9d10-002268685522

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (09/02/2016 10:11:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 10.0.10586.494 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1638

Startzeit: 01d20551c71a3c01

Beendigungszeit: 0

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 92304244-7147-11e6-9d10-002268685522

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:


Systemfehler:
=============
Error: (09/08/2016 10:52:03 AM) (Source: DCOM) (EventID: 10010) (User: T3RRORTROOPER)
Description: Der Server "CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/08/2016 10:52:03 AM) (Source: DCOM) (EventID: 10010) (User: T3RRORTROOPER)
Description: Der Server "microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/08/2016 10:51:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_2e8eb80 erreicht.

Error: (09/08/2016 10:51:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Benutzerdatenspeicher _2e8eb80 erreicht.

Error: (09/08/2016 10:51:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_2e8eb80" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 10:51:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _2e8eb80" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 10:51:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_2e8eb80" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 10:51:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_2e8eb80" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 06:28:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_46dc10" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 06:28:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _46dc10" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-09-05 04:58:55.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-02 22:41:05.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-02 21:38:42.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-02 04:33:03.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 10:57:29.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 01:01:09.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-15 03:25:54.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 11:39:14.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-22 22:50:28.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-18 04:16:28.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Prozentuale Nutzung des RAM: 59%
Installierter physikalischer RAM: 6143.22 MB
Verfügbarer physikalischer RAM: 2495.93 MB
Summe virtueller Speicher: 12287.22 MB
Verfügbarer virtueller Speicher: 7721.86 MB

==================== Laufwerke ================================

Drive c: (SYSTEMCORE) (Fixed) (Total:490.3 GB) (Free:451.29 GB) NTFS
Drive d: (DATA HEAVEN) (Fixed) (Total:205.08 GB) (Free:202.3 GB) NTFS
Drive e: (MINDCLUSTER) (Fixed) (Total:351.56 GB) (Free:350.57 GB) NTFS
Drive f: (EMERGENCY CASE) (Fixed) (Total:374.87 GB) (Free:374.73 GB) NTFS
Drive g: (MUSICLOUNGE) (Fixed) (Total:440.77 GB) (Free:377.49 GB) NTFS
Drive k: (GAMESCUBE) (Fixed) (Total:931.51 GB) (Free:791.54 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ED815CE4)
Partition 1: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=351.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=374.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FAFD00E8)
Partition 1: (Not Active) - (Size=490.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=440.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 52D3E3E7)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Link to post
Share on other sites

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!
Link to post
Share on other sites

Sry for the late response (i was on call last night and it got really busy) and thx again for the help

Here is the RogueKiller log:

RogueKiller V12.6.1.0 (x64) [Sep  6 2016] (Free) by Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 10 (10.0.10586) 64 bits version
gestarted in : normaler Modus
User : Roman [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Modus : Scannen -- Datum : 09/08/2016 23:31:09 (Duration : 07:46:40)

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Distromatic -> Gefunden
[PUP] (X64) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\OCS -> Gefunden
[PUP] (X86) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Distromatic -> Gefunden
[PUP] (X86) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\OCS -> Gefunden
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gefunden
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Gefunden
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gefunden
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Gefunden

¤¤¤ Aufgaben : 0 ¤¤¤

¤¤¤ Dateien : 2 ¤¤¤
[PUP.Trotux][Ordner] C:\Program Files (x86)\SOEasy.4 -> Gefunden
[PUP.Trotux][Ordner] C:\Program Files (x86)\SOEasy.5 -> Gefunden

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Host Dateien : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: geladen) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 EAVS-00D7B1 SCSI Disk Device +++++
--- User ---
[MBR] c1a8ffc99df91288632338a7cf30c78e
[BSP] 9d7705160cf249af8d202130faa6a345 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 210000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 430082048 | Size: 360000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1167362048 | Size: 383867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Unzulässige Funktion. )

+++++ PhysicalDrive1: WDC WD10 EAVS-00D7B1 SCSI Disk Device +++++
--- User ---
[MBR] d2f41bd3fc92a79e3272db0ca3d77c65
[BSP] c90dfcfd437d4656c7b5eeb489332ad0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 502063 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1028227072 | Size: 450 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1029148672 | Size: 451353 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Unzulässige Funktion. )

+++++ PhysicalDrive2: ST1000DM 003-1CH162 SCSI Disk Device +++++
--- User ---
[MBR] 5d73bbcd4d836a7ac46ed285fe6ad7c2
[BSP] caba574f630f728906a573005ca9b321 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Unzulässige Funktion. )
 

Link to post
Share on other sites

Double-click RogueKiller.exe to run again. (Vista/7/8/10 right-click and select Run as Administrator)

When "initializing/pre-scan” completes press the Scan button, this may take a few minutes to complete.

When the scan completes open the Registry tab and locate the following detections:

[PUP] (X64) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Distromatic -> Gefunden
[PUP] (X64) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\OCS -> Gefunden
[PUP] (X86) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Distromatic -> Gefunden
[PUP] (X86) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\OCS -> Gefunden


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Open the Files tab and locate the following detections:

[PUP.Trotux][Ordner] C:\Program Files (x86)\SOEasy.4 -> Gefunden
[PUP.Trotux][Ordner] C:\Program Files (x86)\SOEasy.5 -> Gefunden


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Hit the Delete button, when complete select "Report" in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference.
 
Next,
 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Let me see those logs, also tell me if you have any remaining issus or concerns... eg do the cmd windows still popup

Thank you,

Kevin

Link to post
Share on other sites

Thank you again for the incredible help!

Roguekiller Log:

RogueKiller V12.6.1.0 (x64) [Sep  6 2016] (Free) by Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 10 (10.0.10586) 64 bits version
gestarted in : normaler Modus
User : Roman [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Modus : Löschen -- Datum : 09/09/2016 16:49:30 (Duration : 00:36:29)

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Distromatic -> gelöscht
[PUP] (X64) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\OCS -> gelöscht
[PUP] (X86) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Distromatic -> gelöscht
[PUP] (X86) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\OCS -> gelöscht
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Nicht ausgewählt
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Nicht ausgewählt
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Nicht ausgewählt
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-892226439-550228776-773139121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Nicht ausgewählt

¤¤¤ Aufgaben : 0 ¤¤¤

¤¤¤ Dateien : 2 ¤¤¤
[PUP.Trotux][Ordner] C:\Program Files (x86)\SOEasy.4 -> gelöscht
[PUP.Trotux][Ordner] C:\Program Files (x86)\SOEasy.5 -> gelöscht

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Host Dateien : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0x20]) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 EAVS-00D7B1 SCSI Disk Device +++++
--- User ---
[MBR] c1a8ffc99df91288632338a7cf30c78e
[BSP] 9d7705160cf249af8d202130faa6a345 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 210000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 430082048 | Size: 360000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1167362048 | Size: 383867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Unzulässige Funktion. )

+++++ PhysicalDrive1: WDC WD10 EAVS-00D7B1 SCSI Disk Device +++++
--- User ---
[MBR] d2f41bd3fc92a79e3272db0ca3d77c65
[BSP] c90dfcfd437d4656c7b5eeb489332ad0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 502063 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1028227072 | Size: 450 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1029148672 | Size: 451353 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Unzulässige Funktion. )

+++++ PhysicalDrive2: ST1000DM 003-1CH162 SCSI Disk Device +++++
--- User ---
[MBR] 5d73bbcd4d836a7ac46ed285fe6ad7c2
[BSP] caba574f630f728906a573005ca9b321 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Unzulässige Funktion. )
 

FRST Log:

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von Roman (Administrator) auf T3RRORTROOPER (09-09-2016 17:29:48)
Gestartet von C:\Users\Roman\Desktop
Geladene Profile: Roman (Verfügbare Profile: Roman & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-892226439-550228776-773139121-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-892226439-550228776-773139121-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-07-01] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-04-03]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar895.lnk [2016-09-08]
ShortcutTarget: Sidebar895.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d6d0d28e-8d6d-44e7-bb39-14ec19b959a5}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\riTscHJS.default
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Avira Browser Safety) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\riTscHJS.default\Extensions\abs@avira.com [2015-04-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-10-16] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-02]
CHR Extension: (Kein Name) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-02] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-02-24] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [Datei ist nicht signiert]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-12] (Disc Soft Ltd)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2016-09-08] (Sysinternals - www.sysinternals.com)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-08] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-09 17:28 - 2016-09-09 17:28 - 00007506 _____ C:\Users\Roman\Desktop\Roguekiller 3.txt
2016-09-09 17:28 - 2016-09-09 17:28 - 00007506 _____ C:\Users\Roman\Desktop\Roguekiller 2.txt
2016-09-09 07:18 - 2016-09-09 07:18 - 00007482 _____ C:\Users\Roman\Desktop\Rougekiller.txt
2016-09-08 23:31 - 2016-09-08 23:31 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-09-08 23:30 - 2016-09-08 23:30 - 00000909 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-09-08 23:30 - 2016-09-08 23:30 - 00000000 ____D C:\ProgramData\RogueKiller
2016-09-08 23:30 - 2016-09-08 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-09-08 23:30 - 2016-09-08 23:30 - 00000000 ____D C:\Program Files\RogueKiller
2016-09-08 23:28 - 2016-09-08 23:30 - 33106704 _____ (Adlice Software ) C:\Users\Roman\Desktop\setup.exe
2016-09-08 22:56 - 2016-09-08 22:57 - 00047743 _____ C:\Users\Roman\Desktop\Addition.txt
2016-09-08 22:54 - 2016-09-09 17:29 - 00012301 _____ C:\Users\Roman\Desktop\FRST.txt
2016-09-08 22:54 - 2016-09-09 17:29 - 00000000 ____D C:\FRST
2016-09-08 22:53 - 2016-09-08 22:53 - 02397696 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2016-09-08 22:02 - 2016-09-08 22:04 - 00001996 _____ C:\Users\Roman\Desktop\Rkill.txt
2016-09-08 22:01 - 2016-09-08 22:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roman\Desktop\rkill.exe
2016-09-08 20:32 - 2016-09-08 20:32 - 00092344 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2016-09-08 20:31 - 2016-09-08 20:31 - 00998093 _____ C:\Users\Roman\Downloads\ProcessMonitor.zip
2016-09-08 20:20 - 2016-09-08 20:20 - 01304400 _____ C:\Users\Roman\Downloads\Autoruns.zip
2016-09-08 04:37 - 2016-09-08 04:37 - 00003978 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1473302227
2016-09-08 04:37 - 2016-09-08 04:37 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-08 04:36 - 2016-09-08 04:36 - 00963000 _____ (Opera Software) C:\Users\Roman\Downloads\OperaSetup.exe
2016-09-07 16:09 - 2016-09-07 16:10 - 00410404 _____ C:\WINDOWS\Minidump\090716-36984-01.dmp
2016-09-05 04:17 - 2016-09-05 04:17 - 00000036 _____ C:\Users\Roman\AppData\Local\housecall.guid.cache
2016-09-04 13:48 - 2016-09-04 13:48 - 00028525 _____ C:\ProgramData\1472989695.bdinstall.bin
2016-09-04 09:23 - 2016-09-08 22:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 09:22 - 2016-09-04 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-04 09:22 - 2016-09-04 09:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-04 09:22 - 2016-09-04 09:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-04 09:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-04 09:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-04 09:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-04 08:13 - 2016-09-04 08:13 - 00044326 _____ C:\ProgramData\1472969595.bdinstall.bin
2016-09-04 08:13 - 2016-09-04 08:13 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-09-04 08:12 - 2016-09-04 08:12 - 00000000 ____D C:\Users\Roman\AppData\Roaming\QuickScan
2016-09-04 08:08 - 2016-09-04 08:10 - 00000000 ___HD C:\WINDOWS\AxInstSV
2016-09-03 19:09 - 2016-09-03 19:09 - 00000000 ____D C:\avrescue
2016-09-02 21:32 - 2016-09-02 21:32 - 00000000 ____D C:\Users\Roman\AppData\Local\UCBrowser
2016-09-02 21:30 - 2016-09-02 21:44 - 00000000 ____D C:\Users\Roman\AppData\Local\DailyBee
2016-09-02 21:30 - 2016-09-02 21:30 - 00000002 _____ C:\END
2016-09-02 21:30 - 2016-09-02 21:30 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Softlink
2016-09-02 21:29 - 2016-09-02 21:49 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-09-02 21:28 - 2016-09-02 21:28 - 00138240 _____ C:\Users\Roman\AppData\Roaming\Installer.dat
2016-09-02 21:27 - 2016-09-02 21:27 - 00000000 ____D C:\ProgramData\Avg
2016-09-02 21:26 - 2016-09-02 22:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-01 13:33 - 2016-09-01 13:33 - 00396288 ____H C:\WINDOWS\system32\BITAA35.tmp
2016-09-01 13:33 - 2016-09-01 13:33 - 00396288 ____H C:\WINDOWS\system32\BITA69A.tmp
2016-09-01 06:31 - 2016-09-01 06:31 - 00088319 _____ C:\Users\Roman\Downloads\Luka (Finished).chum5
2016-08-31 15:45 - 2016-08-31 15:45 - 00410268 _____ C:\WINDOWS\Minidump\083116-57937-01.dmp
2016-08-31 15:39 - 2016-08-31 15:39 - 00000000 _____ C:\Users\Roman\AppData\Local\{F04667BD-E8BE-4F52-A0BD-7F9036E40EEB}
2016-08-28 23:20 - 2016-08-28 23:20 - 00087778 _____ C:\Users\Roman\Downloads\Moto_Created_3.chum5
2016-08-28 23:18 - 2016-08-28 23:18 - 00132527 _____ C:\Users\Roman\Downloads\Naberius.chum5
2016-08-28 23:18 - 2016-08-28 23:18 - 00125536 _____ C:\Users\Roman\Downloads\Havoc.chum5
2016-08-28 23:18 - 2016-08-28 23:18 - 00104220 _____ C:\Users\Roman\Downloads\Axel 6-27.chum5
2016-08-26 13:14 - 2016-08-11 13:30 - 00138808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-08-26 13:13 - 2016-05-04 04:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-08-26 13:13 - 2016-05-04 04:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-08-26 13:13 - 2016-05-04 04:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-08-26 13:13 - 2016-05-04 04:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-08-26 13:09 - 2016-08-16 07:45 - 00054728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 40070200 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 35182648 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 34837952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 28236856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 10728856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 10530960 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 10273096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 09086344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 08681720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 08644456 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 02914752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 02553912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437254.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437254.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 01023544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00961080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00945088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00897592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00803096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00694952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00644648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00584712 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00574120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00471424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00442816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00413256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00393664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00348728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00345936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00181488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00159352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00153184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00131536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-08-26 13:09 - 2016-08-11 16:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-08-26 13:09 - 2016-08-11 16:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-08-24 19:09 - 2016-08-24 19:10 - 00407444 _____ C:\WINDOWS\Minidump\082416-45609-01.dmp
2016-08-15 09:24 - 2016-09-08 20:32 - 02135712 _____ (Sysinternals - www.sysinternals.com) C:\Users\Roman\Desktop\Procmon.exe
2016-08-15 09:17 - 2016-09-08 20:32 - 00063582 _____ C:\Users\Roman\Desktop\procmon.chm
2016-08-12 02:00 - 2016-08-12 02:00 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Shadwen
2016-08-10 00:05 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 00:05 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 00:05 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 00:05 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 00:05 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 00:05 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 00:05 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 00:05 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 00:05 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 00:05 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 00:05 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 00:05 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 00:05 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 00:05 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 00:05 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 00:05 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 00:05 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 00:05 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 00:05 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 00:05 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 00:05 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 00:05 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 00:05 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 00:05 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 00:05 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 00:05 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 00:05 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 00:05 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 00:05 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 00:05 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 00:05 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 00:05 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 00:05 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 00:05 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 00:05 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 00:05 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 00:04 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 00:04 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 00:04 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 00:04 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 00:04 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 00:04 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 00:04 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 00:04 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 00:04 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 00:04 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 00:04 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 00:04 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 00:04 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 00:04 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 00:04 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 00:04 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 00:04 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 00:04 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 00:04 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 00:04 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 00:04 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 00:04 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 00:04 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 00:04 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 00:04 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 00:04 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 00:04 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 00:04 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 00:04 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 00:04 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 00:04 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 00:04 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 00:04 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 00:04 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 00:04 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 00:04 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 00:04 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 00:04 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 00:04 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 00:04 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 00:04 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 00:04 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 00:04 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 00:04 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 00:04 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 00:04 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 00:04 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 00:04 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 00:04 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 00:04 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 00:04 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 00:04 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 00:04 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 00:04 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 00:04 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 00:04 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 00:04 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 00:04 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 00:04 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 00:04 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 00:04 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 00:04 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 00:04 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 00:04 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 00:04 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 00:04 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 00:04 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 00:04 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 00:04 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 00:04 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 00:04 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 00:04 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 00:04 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 00:04 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 00:04 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 00:04 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 00:04 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 00:04 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 00:04 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 00:04 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 00:04 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 00:04 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 00:04 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 00:04 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 00:04 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 00:04 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 00:04 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 00:04 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 00:04 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 00:04 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-09 16:48 - 2015-04-01 18:55 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-09 16:44 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-09 16:44 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-09 16:44 - 2015-08-07 14:54 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-09 16:41 - 2015-08-07 14:54 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A869755-2A72-4D79-8EA5-71CF6A88E8A0}
2016-09-08 20:32 - 2016-03-03 21:44 - 00007490 _____ C:\Users\Roman\Desktop\Eula.txt
2016-09-08 04:37 - 2015-04-01 18:52 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-07 16:09 - 2016-07-30 18:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-07 16:09 - 2016-03-05 17:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-07 16:09 - 2016-03-05 15:00 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-07 16:09 - 2015-04-05 13:23 - 737934093 _____ C:\WINDOWS\MEMORY.DMP
2016-09-07 16:09 - 2015-04-02 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2016-09-06 22:44 - 2016-01-29 14:57 - 00000000 ____D C:\Users\Roman\AppData\Local\CrashDumps
2016-09-05 09:07 - 2016-03-05 15:05 - 00000000 ____D C:\Users\Roman
2016-09-05 01:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-05 01:30 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-04 21:49 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-09-04 10:07 - 2016-05-22 08:07 - 00000682 _____ C:\Users\Roman\Desktop\RPG - Verknüpfung.lnk
2016-09-04 10:07 - 2016-05-14 16:22 - 00001119 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chummer5.lnk
2016-09-04 10:07 - 2016-04-28 01:39 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2016-09-04 10:07 - 2016-03-05 15:12 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-04 10:07 - 2016-01-17 18:27 - 00000279 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2016-09-04 10:07 - 2016-01-17 18:23 - 00000758 _____ C:\Users\Roman\Desktop\TARALIA.lnk
2016-09-04 10:07 - 2015-08-07 02:35 - 00002405 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-04 10:07 - 2015-08-07 02:31 - 00001053 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2016-09-04 10:07 - 2015-06-05 10:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002775 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002715 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002703 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002687 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2016-09-04 10:07 - 2015-04-03 00:14 - 00002645 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2016-09-04 08:18 - 2015-04-01 18:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-04 08:05 - 2015-08-07 02:39 - 00000000 ____D C:\Users\Roman\AppData\Local\MicrosoftEdge
2016-09-04 02:51 - 2015-08-07 14:10 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-03 07:06 - 2015-04-30 15:40 - 00000000 ____D C:\ProgramData\Skype
2016-09-03 07:04 - 2016-05-21 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-03 07:04 - 2015-04-30 15:41 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Skype
2016-09-02 22:29 - 2016-05-21 21:11 - 00000000 ____D C:\Users\Roman\AppData\Local\Google
2016-09-02 22:29 - 2016-03-13 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-09-02 22:29 - 2016-03-13 15:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-09-02 22:29 - 2016-03-05 14:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-02 22:29 - 2016-03-05 14:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-09-02 22:29 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Help
2016-09-02 22:29 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-09-02 22:29 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-02 22:29 - 2015-10-30 08:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-02 22:29 - 2015-04-01 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-02 22:29 - 2015-04-01 18:57 - 00000000 ____D C:\Users\Roman\AppData\Roaming\IrfanView
2016-09-02 22:28 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-09-02 22:23 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\registration
2016-09-02 22:22 - 2016-03-05 15:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-31 23:04 - 2015-08-17 22:25 - 00000000 ____D C:\Users\Roman\Documents\My Games
2016-08-25 05:15 - 2016-02-20 17:05 - 00000000 ____D C:\Users\Roman\AppData\Roaming\discord
2016-08-25 03:40 - 2016-02-20 17:05 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-25 03:40 - 2016-02-20 17:05 - 00000000 ____D C:\Users\Roman\AppData\Local\Discord
2016-08-24 01:08 - 2015-04-14 10:04 - 00000000 ____D C:\Users\Roman\AppData\Roaming\TS3Client
2016-08-16 17:44 - 2016-01-28 01:14 - 14199352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-08-16 07:45 - 2016-01-28 01:14 - 01588688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-08-16 07:45 - 2016-01-28 01:14 - 00223304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-08-14 11:17 - 2016-03-05 15:04 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-14 11:17 - 2015-10-30 20:35 - 00888028 _____ C:\WINDOWS\system32\perfh007.dat
2016-08-14 11:17 - 2015-10-30 20:35 - 00197112 _____ C:\WINDOWS\system32\perfc007.dat
2016-08-12 20:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 16:33 - 2016-03-13 15:50 - 20208360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 23699584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 17619464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 14476904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 03901520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 03443152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-08-11 16:33 - 2016-01-28 01:14 - 00040827 _____ C:\WINDOWS\system32\nvinfo.pb
2016-08-11 14:27 - 2016-03-05 15:00 - 06386048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 02468288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-11 14:27 - 2016-03-05 15:00 - 00548920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-11 14:27 - 2016-03-05 15:00 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-11 10:59 - 2015-08-07 02:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 03:13 - 2015-10-30 08:28 - 03670016 ___SH C:\WINDOWS\system32\config\BBI
2016-08-11 03:12 - 2015-10-30 20:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 03:12 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 17:58 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 17:57 - 2015-04-02 11:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 17:51 - 2015-04-02 11:20 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-02 21:28 - 2016-09-02 21:28 - 0138240 _____ () C:\Users\Roman\AppData\Roaming\Installer.dat
2016-09-05 04:17 - 2016-09-05 04:17 - 0000036 _____ () C:\Users\Roman\AppData\Local\housecall.guid.cache
2016-04-19 01:47 - 2016-04-19 02:20 - 0007605 _____ () C:\Users\Roman\AppData\Local\Resmon.ResmonCfg
2016-08-31 15:39 - 2016-08-31 15:39 - 0000000 _____ () C:\Users\Roman\AppData\Local\{F04667BD-E8BE-4F52-A0BD-7F9036E40EEB}
2016-09-04 08:13 - 2016-09-04 08:13 - 0044326 _____ () C:\ProgramData\1472969595.bdinstall.bin
2016-09-04 13:48 - 2016-09-04 13:48 - 0028525 _____ () C:\ProgramData\1472989695.bdinstall.bin
2016-03-05 15:00 - 2016-03-05 15:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Roman\AppData\Local\Temp\avgnt.exe
C:\Users\Roman\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-09-03 19:20

==================== Ende von FRST.txt ============================

 

Addition Log:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Roman (09-09-2016 17:30:50)
Gestartet von C:\Users\Roman\Desktop
Windows 10 Pro Version 1511 (X64) (2016-03-05 16:38:40)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-892226439-550228776-773139121-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-892226439-550228776-773139121-503 - Limited - Disabled)
Gast (S-1-5-21-892226439-550228776-773139121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-892226439-550228776-773139121-1002 - Limited - Enabled)
Roman (S-1-5-21-892226439-550228776-773139121-1001 - Administrator - Enabled) => C:\Users\Roman

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

8GadgetPack (HKLM-x32\...\{5D6CB70E-6FA7-4E5E-8A12-06612313E671}) (Version: 18.0.0 - Helmut Buhler)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Discord (HKU\S-1-5-21-892226439-550228776-773139121-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dreadnought (HKLM-x32\...\Dreadnought) (Version: 1.0.0 - Grey Box)
Epic Games Launcher (HKLM-x32\...\{F9E7706A-FCFE-40D2-9B58-45567B3E1F3F}) (Version: 1.1.69.0 - Epic Games, Inc.)
Ghost of a Tale (HKLM\...\Steam App 417290) (Version:  - SeithCG)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 39.0.2256.71 (HKLM-x32\...\Opera 39.0.2256.71) (Version: 39.0.2256.71 - Opera Software)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
RogueKiller Version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Shadowrun: Hong Kong - Extended Edition (HKLM\...\Steam App 346940) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
UE4 Prerequisites (HKLM\...\{E8F64548-5B1F-405A-89EA-9D3147E9DE39}) (Version: 1.0.6.0 - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-892226439-550228776-773139121-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Roman\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0007E3D2-9ADB-4BE0-8F04-9750DBDF9100} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {028E81FD-22B5-4983-963D-2F3D88F51C0C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {0C25D5F3-EE00-46B4-A113-26FC0C59804A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1E6550BF-CEB6-44A5-98ED-ABF7C0D016ED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {238F8432-A4E6-47B9-A95D-138BC7D7F6E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {2AB3B6CE-C9FF-4757-A4D5-A10B2D15237D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {2F1A71F4-C7D6-496F-872C-EC912D73EBA4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {2FBA7C67-E620-41C6-A224-FEC9446E1277} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {3EADB767-2D3D-4798-B0A8-20824F6324D5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {68EE312E-2440-43D7-8A48-76DA3ADAFD9B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {7183A5B4-125E-41A1-B118-A683F76A9133} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {72E40E18-17BD-418B-A8DA-BD72DF9E0914} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {7BEC7C82-822E-4EFF-973D-39188C0C15BB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {82A4C4B8-C0C8-4E47-983B-302F28FD7FE5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {85FF4349-8639-49E0-B018-67D240CF9510} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {8AF39AF9-F1C9-4887-B7EA-0354F426189D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {8C15DD13-C538-4C83-9F00-4C222C4F22B5} - System32\Tasks\{B75D0DBA-92FA-4D5B-A699-15BBA2210FD2} => pcalua.exe -a "K:\World of Warships\unins000.exe"
Task: {9659AB1D-F415-4ECE-97B2-AAFE49B0D7A3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {97F43A9A-74C4-44D3-BAD4-04C81339ED5C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {A61073F0-6AC9-4E0E-9432-3558A7D1CE0F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {B132360A-C712-4BF0-B477-910C5CAD21F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {B17C4800-4B18-4066-8070-7A4861C03C05} - System32\Tasks\Opera scheduled Autoupdate 1473302227 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-02] (Opera Software)
Task: {B87437F6-4E4C-454E-8737-41AD61253BEE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {C509D5DF-C9F7-4890-9B7C-D9DE6BC08E7C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {CC8C5D43-F6E4-46D3-851B-263C02E2462F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CF584839-CAA3-415C-A913-5B68792EF777} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {DB391B9A-D479-4D6F-82D6-02235DF0A9E0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {DC79B438-0381-4933-A54B-1081A851EB4F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {E07F2F35-02EB-4EB5-9928-C66687152D1A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {E9697535-871C-41F4-A1F4-06DF266C6CF9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {EB2C31CE-0284-4D58-A0FC-E6E56067E5DD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EB333C74-B6F6-4C2A-A7BB-4E2B09772FCA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {F2874A7A-7F6C-486F-881D-FC6844A93D52} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F391B84C-D181-4C2E-BB71-0B776825FFC6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {F52BE702-4D30-4A24-87DF-742CB1711A70} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {F6071D14-4D0E-49F8-8193-4791866B643D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {F9AEF40A-C9DF-42C5-B3E8-07D6581CA54C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {FA8B8B4B-B792-480D-9F6E-A1060BF937B0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {FEC7605F-2D83-4C89-9905-7308F89FA922} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-05 15:00 - 2016-08-11 14:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-12 22:47 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 22:47 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-12 22:48 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-19 19:10 - 2016-04-19 19:10 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-05 14:48 - 2016-03-05 14:48 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 22:51 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 22:47 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 22:47 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 22:47 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-08 23:30 - 2016-09-06 17:53 - 25199688 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe
2016-04-19 19:10 - 2016-04-19 19:10 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 19:10 - 2016-04-19 19:10 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-04-01 19:19 - 2016-06-14 22:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-08 04:37 - 2016-09-02 11:45 - 69076488 _____ () C:\Program Files (x86)\Opera\39.0.2256.71\opera.dll
2016-09-08 04:37 - 2016-09-02 11:44 - 02209288 _____ () C:\Program Files (x86)\Opera\39.0.2256.71\libglesv2.dll
2016-09-08 04:37 - 2016-09-02 11:44 - 00086024 _____ () C:\Program Files (x86)\Opera\39.0.2256.71\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-892226439-550228776-773139121-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-892226439-550228776-773139121-1001\...\StartupApproved\StartupFolder: => "Sidebar329.lnk"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{F962895F-5D95-4C2F-8919-22ECA22C41B2}] => (Allow) K:\UPLAY\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{2C0DACC0-D82E-444C-908D-089976DF1DEA}] => (Allow) K:\UPLAY\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{80E5804D-90C5-4FE0-80AF-34EB269C10D8}K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{0F67E87D-D925-45F9-8FAC-BDB4B19DD00B}K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{A14E115E-FD00-47C8-AB0A-FA3794666D57}K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{1A1E8663-1EEE-4789-868C-0218A19C626A}K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) K:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{F682495E-75FE-4AFA-9539-3CAA961D38DC}K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E818AA6A-56CF-4EC2-BCB5-13EAD9E79EA4}K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) K:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7BBB1938-923D-4CDA-AA93-49E30508E450}K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [TCP Query User{4F47C4B0-CA86-46E7-9974-B10945F589D4}K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{89E91AEB-522F-4157-8725-6631DD6FD3D1}K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [TCP Query User{6767BBCC-1266-4E07-8554-30943164AA58}K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) K:\steamlibrary\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [UDP Query User{69D3B4F7-A60B-4188-ADA3-4D014412DA55}K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{D1B53083-C0A8-40E7-95BB-99C4A27244E2}K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) K:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{3DA0444F-F70C-492B-B5A7-87DF2280BF8D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B5ED6688-0DBC-471C-B8CC-2B1587E1B49B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E226801A-512E-45D2-935F-1CEFB32B24D6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EA8BDAFF-FA58-411E-A3D4-62B651A34A4B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{73E984E8-A9B0-4299-B916-695718F25965}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{67727369-BDC4-467C-B838-54AA9A18DCBD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E4FF9700-218B-4311-8E5E-BA8D07D25967}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{531EA950-84B8-46D7-A0CD-6CAB5B157200}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{A984F22E-D135-49EF-8C92-89B587008084}K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe] => (Allow) K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe
FirewallRules: [UDP Query User{8F1BF7B3-C2D0-4814-B4C2-8FD75F3BBAAC}K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe] => (Allow) K:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe
FirewallRules: [{0EB7B969-640C-4021-84CA-114D88704C04}] => (Allow) K:\SteamLibrary\steamapps\common\Dex\Dex_EarlyAccess.exe
FirewallRules: [{5C3E4205-C593-4943-921B-886DF12049A6}] => (Allow) K:\SteamLibrary\steamapps\common\Dex\Dex_EarlyAccess.exe
FirewallRules: [TCP Query User{EE3EE003-354F-47DE-B2D8-250E7948CEA5}K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A9E24D0D-65EF-4F12-B1B7-EBC99C8BDDD3}K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) K:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{0E917153-79A2-4797-A591-2E031FD484B2}] => (Allow) K:\Heartstone\Hearthstone\Hearthstone.exe
FirewallRules: [{76A3A749-F7FF-4E96-9334-BC8E7F65E930}] => (Allow) K:\Heartstone\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{D63D3878-C17F-4CE0-B4C5-B5AFE426B9F6}K:\world of warships\wowslauncher.exe] => (Allow) K:\world of warships\wowslauncher.exe
FirewallRules: [UDP Query User{02F59A9E-E912-497D-BC4C-ED69AE4F065E}K:\world of warships\wowslauncher.exe] => (Allow) K:\world of warships\wowslauncher.exe
FirewallRules: [{6959D042-5BF2-456C-96D6-31AE589E8BFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C7F100A1-1634-4F89-A067-D84890E04DC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{81F4430F-4C3B-4FD0-88DF-E24791A6D5F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6AAD1850-7EA7-4A3B-AE99-5D660A87E68E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F08AAF3-04DD-45F2-ABF6-76B4EE486D04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3512C26B-A1D7-4524-B51A-D6969CBF3B9E}K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AB56981A-0291-4781-811B-849855D58561}K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) K:\neuer ordner\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1C019BA4-BEDA-4A9A-B76F-B9F94E00F92F}K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{FA95276B-069E-46CE-A89C-38191AD18FFE}K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{702B4215-3FA5-4709-9A8F-408C76FB4496}K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{3853B752-F561-4B4A-8899-79EE46C802FC}K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) K:\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{B49C68FD-BAE1-443D-9FC6-E660062396D4}K:\dreadnought\dreadnoughtlauncher.exe] => (Allow) K:\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [UDP Query User{09B94B3B-A4A1-4754-BF91-C6B985D4EC2E}K:\dreadnought\dreadnoughtlauncher.exe] => (Allow) K:\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [TCP Query User{030FD1ED-3567-4E0B-827E-784A7837EE2A}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [UDP Query User{A8CFEFCB-2AA4-49EE-8E4E-FF62D7EADBBD}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [TCP Query User{4C039FD5-C953-4E10-A25B-9C1E94EF9E77}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe
FirewallRules: [UDP Query User{8156FC35-1728-4B54-AAFC-92DF00416967}K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe] => (Allow) K:\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe
FirewallRules: [TCP Query User{509D23B3-2C32-456A-BA98-ACBDDC98CBAC}K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe] => (Allow) K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe
FirewallRules: [UDP Query User{F4B1FE73-5BBD-4CD2-9975-CE76F456A822}K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe] => (Allow) K:\paragon\paragon\oriongame\binaries\win64\orionclient-win64-shipping.exe
FirewallRules: [{339BA4DE-77CD-42D1-BF51-4E4F17320A96}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{BA4DE8DD-62F8-43B9-8630-B5D777FD7B4E}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4094B6A0-C667-40D4-9238-CAA7FBAC0A6D}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{C26255FB-F8A0-4103-B8F0-94898F058887}] => (Allow) K:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{D20EB99A-FB34-419F-B56D-8693296E3086}] => (Allow) K:\SteamLibrary\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{188D1787-CA77-49F1-BFFD-61FA4168B7D1}] => (Allow) K:\SteamLibrary\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{6BE1F394-5A80-4C30-A780-ECC465643086}] => (Allow) K:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{B6012D0B-DC0A-49A1-8AAD-D2FC0A46EE35}] => (Allow) K:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{2BFE5705-F408-4293-8BDA-EF902791A3CA}] => (Allow) K:\SteamLibrary\steamapps\common\Life is Feudal Forest Village\ForestVillage.exe
FirewallRules: [{FC21B849-DD2C-4875-81EC-A0D20AFE44FF}] => (Allow) K:\SteamLibrary\steamapps\common\Life is Feudal Forest Village\ForestVillage.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: PS/2-Standardtastatur
Description: PS/2-Standardtastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Coprozessor
Description: Coprozessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/09/2016 04:38:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: T3RRORTROOPER)
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/09/2016 07:20:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: T3RRORTROOPER)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/09/2016 07:20:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: T3RRORTROOPER)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/08/2016 10:52:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: T3RRORTROOPER)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/08/2016 10:52:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: T3RRORTROOPER)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/06/2016 10:44:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0xe1b8
Startzeit der fehlerhaften Anwendung: 0x01d2087df02ed614
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 42e45414-e0a4-4aa1-81c1-92106f9d2f4b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/04/2016 03:48:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0x7df8
Startzeit der fehlerhaften Anwendung: 0x01d2064e6df7ab85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 6140a76a-4571-4689-a79b-7e81eef7f9fc
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/03/2016 01:45:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0x1b1c
Startzeit der fehlerhaften Anwendung: 0x01d20572ca7c90be
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: e107c49a-3997-4a05-be5c-f670cf7ab69d
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/03/2016 01:35:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 15.17.20050.61080, Zeitstempel: 0x5774facd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0xe6398c7a
ID des fehlerhaften Prozesses: 0x2668
Startzeit der fehlerhaften Anwendung: 0x01d2056137bc700b
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 20724152-0016-4bab-a960-c8774648a778
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/02/2016 10:34:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1760) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\WINDOWS\system32\SRU\SRU00D51.log.


Systemfehler:
=============
Error: (09/09/2016 04:38:54 PM) (Source: DCOM) (EventID: 10010) (User: T3RRORTROOPER)
Description: Der Server "App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/09/2016 07:20:53 AM) (Source: DCOM) (EventID: 10010) (User: T3RRORTROOPER)
Description: Der Server "App.AppX65azfy60a5wn91mcvdd3dr2y0wj02n39.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/09/2016 07:20:53 AM) (Source: DCOM) (EventID: 10010) (User: T3RRORTROOPER)
Description: Der Server "microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/09/2016 07:20:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_363f820" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/09/2016 07:20:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _363f820" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/09/2016 07:20:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_363f820" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/09/2016 07:20:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_363f820" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/08/2016 10:52:03 AM) (Source: DCOM) (EventID: 10010) (User: T3RRORTROOPER)
Description: Der Server "CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/08/2016 10:52:03 AM) (Source: DCOM) (EventID: 10010) (User: T3RRORTROOPER)
Description: Der Server "microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/08/2016 10:51:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_2e8eb80 erreicht.


CodeIntegrity:
===================================
  Date: 2016-09-05 04:58:55.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-02 22:41:05.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-02 21:38:42.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-02 04:33:03.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 10:57:29.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 01:01:09.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-15 03:25:54.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 11:39:14.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-22 22:50:28.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-18 04:16:28.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 6143.22 MB
Verfügbarer physikalischer RAM: 2624.6 MB
Summe virtueller Speicher: 12287.22 MB
Verfügbarer virtueller Speicher: 9165.47 MB

==================== Laufwerke ================================

Drive c: (SYSTEMCORE) (Fixed) (Total:490.3 GB) (Free:451.06 GB) NTFS
Drive d: (DATA HEAVEN) (Fixed) (Total:205.08 GB) (Free:202.3 GB) NTFS
Drive e: (MINDCLUSTER) (Fixed) (Total:351.56 GB) (Free:350.57 GB) NTFS
Drive f: (EMERGENCY CASE) (Fixed) (Total:374.87 GB) (Free:374.73 GB) NTFS
Drive g: (MUSICLOUNGE) (Fixed) (Total:440.77 GB) (Free:377.49 GB) NTFS
Drive k: (GAMESCUBE) (Fixed) (Total:931.51 GB) (Free:791.54 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

==================== Ende von Addition.txt ========================

 

So far after deleting the files with Roguekiller there where no PopUps anymore - but they came in different times so i will watch if they are really gone.

 

Again, thx for the help :)

 

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

This AV scan is very thorough so may take couple of hours to complete...

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs in your reply...

Thank you,

Kevin....

Fixlist.txt

Link to post
Share on other sites

Thank you again for the ongoing and great help, have run FRST with the Fixlist, here is the log will now run the Sophos Free Virus Removal Tool and reply again

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Roman (09-09-2016 18:23:03) Run:1
Gestartet von C:\Users\Roman\Desktop
Geladene Profile: Roman (Verfügbare Profile: Roman & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start
CreateRestorePoint:
CloseProcesses:
U3 idsvc; kein ImagePath 
C:\WINDOWS\system32\BITAA35.tmp
C:\WINDOWS\system32\BITA69A.tmp
Task: {238F8432-A4E6-47B9-A95D-138BC7D7F6E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {2AB3B6CE-C9FF-4757-A4D5-A10B2D15237D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7183A5B4-125E-41A1-B118-A683F76A9133} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {85FF4349-8639-49E0-B018-67D240CF9510} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {97F43A9A-74C4-44D3-BAD4-04C81339ED5C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {B132360A-C712-4BF0-B477-910C5CAD21F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {DC79B438-0381-4933-A54B-1081A851EB4F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {F391B84C-D181-4C2E-BB71-0B776825FFC6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {F6071D14-4D0E-49F8-8193-4791866B643D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {F9AEF40A-C9DF-42C5-B3E8-07D6581CA54C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {FEC7605F-2D83-4C89-9905-7308F89FA922} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
EmptyTemp:
end

*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozess erfolgreich geschlossen.
idsvc => Dienst erfolgreich entfernt
C:\WINDOWS\system32\BITAA35.tmp => erfolgreich verschoben
C:\WINDOWS\system32\BITA69A.tmp => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{238F8432-A4E6-47B9-A95D-138BC7D7F6E4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{238F8432-A4E6-47B9-A95D-138BC7D7F6E4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AB3B6CE-C9FF-4757-A4D5-A10B2D15237D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AB3B6CE-C9FF-4757-A4D5-A10B2D15237D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7183A5B4-125E-41A1-B118-A683F76A9133}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7183A5B4-125E-41A1-B118-A683F76A9133}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85FF4349-8639-49E0-B018-67D240CF9510}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85FF4349-8639-49E0-B018-67D240CF9510}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97F43A9A-74C4-44D3-BAD4-04C81339ED5C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97F43A9A-74C4-44D3-BAD4-04C81339ED5C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B132360A-C712-4BF0-B477-910C5CAD21F8}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B132360A-C712-4BF0-B477-910C5CAD21F8}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC79B438-0381-4933-A54B-1081A851EB4F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC79B438-0381-4933-A54B-1081A851EB4F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F391B84C-D181-4C2E-BB71-0B776825FFC6}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F391B84C-D181-4C2E-BB71-0B776825FFC6}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6071D14-4D0E-49F8-8193-4791866B643D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6071D14-4D0E-49F8-8193-4791866B643D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9AEF40A-C9DF-42C5-B3E8-07D6581CA54C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9AEF40A-C9DF-42C5-B3E8-07D6581CA54C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEC7605F-2D83-4C89-9905-7308F89FA922}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEC7605F-2D83-4C89-9905-7308F89FA922}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 67403705 B
Java, Flash, Steam htmlcache => 352143660 B
Windows/system/drivers => 311605643 B
Edge => 18019150 B
Chrome => 0 B
Firefox => 46123316 B
Opera => 554832185 B

Temp, IE cache, history, cookies, recent:
Default => 22862 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 292062 B
NetworkService => 128193907 B
Roman => 1638727513 B
DefaultAppPool => 22862 B

RecycleBin => 0 B
EmptyTemp: => 2.9 GB temporäre Dateien entfernt.

================================
 

Link to post
Share on other sites

So i monitored the system now for over 24 hours and nothing happened - so i say Thank you a lot! 1 last question, because i don´t know exactly what happened to the PC so should i change all my passwords now? Wish a wonderful rest of the weekend.

Best regards Roman

P.S. Couldn´t afford to much :( , but i hope you can get at least one beer out of it :) 

Link to post
Share on other sites

Hello Roman,

Thank you very much for your kind donation, appreciated...

Continue to clean up tools....

Sophos can be uninstalled via programs and features, re-boot when complete..

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.