Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01
durchgeführt von johnf (Administrator) auf EPSON3191BJ (19-01-2019 00:08:27)
Gestartet von D:\tmp
Geladene Profile: defaultuser0 & johnf & admin & Administrator (Verfügbare Profile: defaultuser0 & johnf & admin & Administrator)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(MongoDB, Inc) C:\Program Files\MongoDB\Server\4.0\bin\mongod.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() D:\Programme\ProtonVPN\ProtonVPNService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Hauppauge Computer Works, Inc) D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
(VMware, Inc.) S:\VMware\VMware Workstation\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Binary Fortress Software) D:\Programme\DisplayFusion\DisplayFusion.exe
(Binary Fortress Software) D:\Programme\DisplayFusion\DisplayFusionHookApp32.exe
(Binary Fortress Software) D:\Programme\DisplayFusion\DisplayFusionHookApp64.exe
(Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(AvJoeSW Inc.) C:\Program Files (x86)\BGPKiller\BGPKiller.exe
(Venturi) D:\Programme\HideVolumeOSD\HideVolumeOSD.exe
(Skwire Empire) C:\RibbonDisabler\TBarIconBlanker.exe
(TechSmith Corporation) C:\Program Files (x86)\Snagit 13\Snagit32.exe
(Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(TechSmith Corporation) C:\Program Files (x86)\Snagit 13\SnagPriv.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(TechSmith Corporation) C:\Program Files (x86)\Snagit 13\SnagitEditor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Steven Mayall) D:\Programme\MusicBee\MusicBee.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Google Inc.) C:\Users\johnf\AppData\Local\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Users\johnf\AppData\Local\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) D:\tmp\avast_free_antivirus_setup.exe
(AVAST Software) C:\Users\johnf\AppData\Local\Temp\_av_iup.tm~a07636\Instup.exe
(AVAST Software) C:\Users\johnf\AppData\Local\Temp\_av_iup.tm~a07636\New_13010938\instup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\johnf\AppData\Local\Temp\_av_iup.tm~a07636\New_13010938\sbr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) D:\tmp\FRST64 (1).exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [588136 2017-01-18] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489920 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobePSE17AutoAnalyzer] => D:\Programme\Elements 2019 Organizer\Elements Auto Creations 2019.exe [3058696 2018-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2016-11-13] (Acronis International GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FxSound Enhancer] => C:\Program Files (x86)\DFX\dfx.exe [1695224 2017-11-13] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Microsoft Office 2010 Professional Plus\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2018-09-13] (Adobe Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [AvRepair] => "C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:repair /wait
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-127663350-3041579137-739029980-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\Run: [DisplayFusion] => D:\Programme\DisplayFusion\DisplayFusion.exe [8626064 2017-11-14] (Binary Fortress Software)
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\Run: [reWASD Tray Agent] => D:\Programme\reWASD\Launcher.exe [3405504 2017-11-02] (Disc Soft Ltd)
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\Run: [EpicGamesLauncher] => D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35184016 2019-01-15] (Epic Games, Inc.)
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\Run: [Google Update] => C:\Users\johnf\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-17] (Google Inc.)
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2018-07-09] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\Run: [Steam] => D:\Steam\steam.exe [3133216 2019-01-05] (Valve Corporation)
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\Run: [GoogleChromeAutoLaunch_27E519C7728811BA68C834EBDE556FEC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1587680 2018-12-12] (Google Inc.)
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {388c7019-d5a0-11e8-8a26-061cc31ba87d} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {48059458-1317-11e9-8a78-a81e846ac091} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {675494ea-727a-11e8-89dc-a81e846ac091} - "G:\dvdcheck.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {7a5ac85a-9635-11e8-89f6-a81e846ac091} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {7f428c8c-6ddf-11e8-89da-a81e846ac091} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {b0fae1d3-7589-11e8-89df-a81e846ac091} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\Programme\DisplayFusion\DFSSaver.scr [5560320 2017-11-14] (Binary Fortress Software)
HKU\S-1-5-21-127663350-3041579137-739029980-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Drivers32-x32: [vidc.yv12] => C:\Windows\SysWOW64\yv12vfw.dll [70656 2004-01-25] (
www.helixcommunity.org)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2018-08-30]
ShortcutTarget: AutoStart IR.lnk -> D:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BGPKiller.lnk [2018-12-14]
ShortcutTarget: BGPKiller.lnk -> C:\Program Files (x86)\BGPKiller\BGPKiller.exe (AvJoeSW Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ETR.lnk [2017-12-11]
ShortcutTarget: ETR.lnk -> C:\RibbonDisabler\etr64.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HideVolumeOSD (1).lnk [2017-11-05]
ShortcutTarget: HideVolumeOSD (1).lnk -> D:\Programme\HideVolumeOSD\HideVolumeOSD.exe (Venturi)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TBarIconBlanker.lnk [2017-12-11]
ShortcutTarget: TBarIconBlanker.lnk -> C:\RibbonDisabler\TBarIconBlanker.exe (Skwire Empire)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSC_SI_13.lnk [2017-11-30]
ShortcutTarget: TSC_SI_13.lnk -> C:\Program Files (x86)\Snagit 13\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2018-08-30]
ShortcutTarget: WinTV Recording Status.lnk -> D:\Programme\WinTV\WinTV8\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\johnf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader 2.lnk [2018-01-22]
ShortcutTarget: JDownloader 2.lnk -> C:\Users\johnf\AppData\Local\JDownloader 2.0\JDownloader2.exe (AppWork GmbH)
Startup: C:\Users\johnf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-01-22]
ShortcutTarget: MEGAsync.lnk -> C:\Users\johnf\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\johnf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ProtonMail Bridge.lnk [2018-11-21]
ShortcutTarget: ProtonMail Bridge.lnk -> D:\Programme\ProtonMail Bridge\Desktop-Bridge.exe ()
Startup: C:\Users\johnf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-11-07]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\Users\johnf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WallpaperDayNightCycleScriptBG.lnk [2018-11-29]
ShortcutTarget: WallpaperDayNightCycleScriptBG.lnk -> D:\Programme\DisplayFusion\DisplayFusionCommand.exe (Binary Fortress Software)
GroupPolicy: Beschränkung ? <==== ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{109ed733-761c-4c21-a36e-2227cfa51343}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{42b2ff9e-009a-429b-b5a2-f36b3e806da8}: [NameServer] 204.152.184.76,8.8.8.8
Tcpip\..\Interfaces\{42b2ff9e-009a-429b-b5a2-f36b3e806da8}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-127663350-3041579137-739029980-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131636414581884282&GUID=8B5751C8-C74A-4A58-BDB3-98A2FE9D6F40
HKU\S-1-5-21-127663350-3041579137-739029980-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-127663350-3041579137-739029980-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131636414582765433&GUID=8B5751C8-C74A-4A58-BDB3-98A2FE9D6F40
HKU\S-1-5-21-127663350-3041579137-739029980-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-127663350-3041579137-739029980-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-127663350-3041579137-739029980-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-127663350-3041579137-739029980-1001 -> DefaultScope {B02D0787-BF2C-496E-8534-50198E09B2E5} URL =
SearchScopes: HKU\S-1-5-21-127663350-3041579137-739029980-1001 -> {B02D0787-BF2C-496E-8534-50198E09B2E5} URL =
BHO: Kein Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\johnf\Windows Themes\one1184\OldNewExplorer64.dll [2017-08-16] (
www.startisback.com)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-12-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Programme\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-14] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Kein Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\johnf\Windows Themes\one1184\OldNewExplorer32.dll [2017-08-16] (
www.startisback.com)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-31] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office 2010 Professional Plus\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-31] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-06-12] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: t5nr5z14.default
FF ProfilePath: C:\Users\johnf\AppData\Roaming\Mozilla\Firefox\Profiles\t5nr5z14.default [2019-01-18]
FF NetworkProxy: Mozilla\Firefox\Profiles\t5nr5z14.default -> socks", "localhost"
FF Extension: (MyJDownloader Browser Erweiterung) - C:\Users\johnf\AppData\Roaming\Mozilla\Firefox\Profiles\t5nr5z14.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2018-11-11]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-14] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Programme\Microsoft Office 2010 Professional Plus\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Programme\Microsoft Office 2010 Professional Plus\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems)
FF Plugin HKU\S-1-5-21-127663350-3041579137-739029980-1001: @tools.google.com/Google Update;version=3 -> C:\Users\johnf\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-127663350-3041579137-739029980-1001: @tools.google.com/Google Update;version=9 -> C:\Users\johnf\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://
www.google.com
CHR NewTab: Default -> Active:"chrome-extension://nnnkddnnlpamobajfibfdgfnbcnkgngh/pages/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://help.steampowered.com/de/wizard/HelpRequest/HT-5JMC-RCYY-G67G
CHR Profile: C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default [2019-01-19]
CHR Extension: (Präsentationen) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-01]
CHR Extension: (Bookmark Favicon Changer) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfnomgphggonodopogfbmkneepfgnh [2018-12-01]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2019-01-18]
CHR Extension: (Theme Creator) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2018-12-01]
CHR Extension: (Docs) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-01]
CHR Extension: (Google Drive) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-01]
CHR Extension: (Select & translate - context menu) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapcampblfdohlgnilfjbmhjijhflbjf [2018-12-01]
CHR Extension: (YouTube) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-01]
CHR Extension: (Adblock Plus) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-03]
CHR Extension: (Pushbullet) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2018-12-01]
CHR Extension: (Adblock für Youtube™) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2018-12-19]
CHR Extension: (Xdebug helper) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2019-01-13]
CHR Extension: (jQuery Injector) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkjohcjbjcjjifokpingdbdlfekjcgi [2018-12-24]
CHR Extension: (I don't care about cookies) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2018-12-20]
CHR Extension: (Stylish- Benutzerdef. Motive f. jede Webseite) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2018-12-25]
CHR Extension: (Avira Browserschutz) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-01-07]
CHR Extension: (Google Docs Offline) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-01]
CHR Extension: (AdBlock) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-01-16]
CHR Extension: (Ad-Free SoundCloud) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnjglicckckaeiijceebbfgeibnehjgg [2019-01-12]
CHR Extension: (Google Hangouts) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-12-14]
CHR Extension: (Open-as-Popup) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncppfjladdkdaemaghochfikpmghbcpc [2018-12-01]
CHR Extension: (Twitch Now) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2018-12-01]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-01]
CHR Extension: (J CSS Reload) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnmebjmgdonemncjdliomljdfhpnlekk [2018-12-01]
CHR Extension: (Infinity New Tab (Pro)) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnnkddnnlpamobajfibfdgfnbcnkgngh [2019-01-18]
CHR Extension: (ColorPick Eyedropper) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2018-12-18]
CHR Extension: (Google Mail) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-14]
CHR Extension: (Custom JavaScript for websites ) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\poakhlngfciodnhlhhgnaaelnpjljija [2018-12-01]
CHR Extension: (Popout for YouTube™) - C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofekaindcmmojfnfgbpklepkjfilcep [2018-12-03]
CHR Profile: C:\Users\johnf\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-07]
CHR Profile: C:\Users\johnf\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-19]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-127663350-3041579137-739029980-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S4 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [1175976 2017-01-16] (Acronis International GmbH)
S4 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1276464 2017-01-18] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Inc.)
S4 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2017-09-29] ()
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Windows (R) Win 7 DDK provider)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8352184 2019-01-15] ()
R2 DisplayFusionService; C:\Programme\DisplayFusion\DisplayFusionService.exe [6601128 2018-12-27] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-01-15] (EasyAntiCheat Ltd)
R2 HauppaugeTVServer; D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe [587048 2018-08-15] (Hauppauge Computer Works, Inc) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4679576 2016-12-20] (Acronis International GmbH)
S4 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2908352 2017-01-06] (Acronis International GmbH)
R2 MongoDB; C:\Program Files\MongoDB\Server\4.0\bin\mongod.exe [32523264 2018-12-19] (MongoDB, Inc) [Datei ist nicht signiert]
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-03-09] (Native Instruments GmbH) [Datei ist nicht signiert]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
R2 ProtonVPN Service; D:\Programme\ProtonVPN\ProtonVPNService.exe [38664 2018-10-17] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2018-07-09] (Sandboxie Holdings, LLC)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7013704 2016-12-21] ()
R2 TeamViewer; C:\Programme\TeamViewer\TeamViewer_Service.exe [11660528 2018-12-07] (TeamViewer GmbH)
S4 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R2 VMAuthdService; S:\VMware\VMware Workstation\vmware-authd.exe [96184 2018-05-11] (VMware, Inc.)
S2 VMwareHostd; S:\VMware\VMware Workstation\vmware-hostd.exe [14346680 2018-05-11] ()
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-06-22] (Microsoft Corporation)
S3 wampapache64; d:\wamp64\bin\apache\apache2.4.33\bin\httpd.exe [30720 2018-03-18] (Apache Software Foundation) [Datei ist nicht signiert]
S3 wampmariadb64; d:\wamp64\bin\mariadb\mariadb10.2.14\bin\mysqld.exe [14550440 2018-03-26] ()
S3 wampmysqld64; d:\wamp64\bin\mysql\mysql5.7.21\bin\mysqld.exe [39551488 2017-12-28] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2016-12-27] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [38320 2016-12-27] ()
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (Apple Inc.)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-12-23] (Qualcomm)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2017-06-19] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2017-06-19] (Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET)
S3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [217688 2016-08-17] (ELAN Microelectronic Corp.)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-12-23] (ELAN Microelectronic Corp.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [14976 2012-12-22] (Huawei Technologies Co., Ltd.)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [447328 2017-09-29] (Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [375136 2017-09-29] (Acronis International GmbH)
R0 hidgamemap; C:\WINDOWS\System32\drivers\hidgamemap.sys [148992 2017-11-11] (Disc Soft Ltd)
S3 HWHandSetProLine; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-23] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-12-23] (REALiX(tm))
S3 hw_ctrlfakedev; C:\WINDOWS\system32\DRIVERS\hw_ctrlfakedev.sys [115712 2015-03-10] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-23] (Huawei Technologies Co., Ltd.)
S3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2018-04-12] (Microsoft Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81736 2017-07-27] (Insecure.Com LLC.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_9a6512484ba25dcd\nvlddmkm.sys [20461984 2019-01-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-12-23] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782816 2017-12-23] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228176 2018-07-09] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-06-01] (The OpenVPN Project)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310560 2017-09-29] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [214360 2017-09-29] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [688864 2017-09-29] (Acronis International GmbH)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Corporation)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213080 2018-08-14] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-08-14] (Oracle Corporation)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [324448 2017-09-29] (Acronis International GmbH)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-08-25] (Microsoft Corporation)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
S3 WofAdk; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wofadk.sys [221376 2016-07-16] (Microsoft Corporation)
U1 avgbdisk; kein ImagePath
S3 HTCAND64; \SystemRoot\System32\Drivers\ANDROIDUSB.sys [X]
U4 npcap_wifi; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2019-01-19 00:07 - 2019-01-19 00:07 - 000000000 ____D C:\Program Files\AVAST Software
2019-01-19 00:06 - 2019-01-19 00:06 - 000000000 ____D C:\ProgramData\AVAST Software
2019-01-18 23:59 - 2019-01-18 23:59 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2019-01-18 23:20 - 2019-01-18 23:20 - 000000000 ____D C:\ProgramData\TweakBit
2019-01-18 23:20 - 2019-01-18 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2019-01-18 23:20 - 2019-01-18 23:20 - 000000000 ____D C:\Program Files (x86)\TweakBit
2019-01-18 12:17 - 2019-01-18 12:17 - 000000000 ___DC C:\Users\johnf\AppData\Roaming\NVIDIA
2019-01-18 09:55 - 2019-01-18 09:56 - 000000000 ___DC C:\Users\johnf\AppData\Local\Steam
2019-01-18 09:05 - 2019-01-18 09:05 - 000000554 _____ C:\Users\Public\Desktop\Steam.lnk
2019-01-18 09:05 - 2019-01-18 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2019-01-18 08:46 - 2019-01-18 08:59 - 000000000 ___DC C:\Users\johnf\AppData\Roaming\Wise Registry Cleaner
2019-01-18 08:46 - 2019-01-18 08:46 - 000001306 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2019-01-18 08:46 - 2019-01-18 08:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2019-01-18 08:46 - 2019-01-18 08:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2019-01-18 08:46 - 2019-01-18 08:46 - 000000000 ____D C:\Program Files (x86)\Wise
2019-01-17 21:41 - 2019-01-17 21:41 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2019-01-17 21:41 - 2019-01-17 21:41 - 000000000 ____D C:\ProgramData\Sophos
2019-01-17 21:41 - 2019-01-17 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-01-17 21:41 - 2019-01-17 21:41 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-01-17 18:31 - 2019-01-17 18:31 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2019-01-17 17:25 - 2019-01-17 17:25 - 000000000 ___HD C:\$SysReset
2019-01-17 17:20 - 2019-01-19 00:08 - 000000000 ____D C:\FRST
2019-01-17 17:10 - 2019-01-17 17:10 - 005660510 ____C (Swearware) C:\Users\johnf\Desktop\ComboFix.exe
2019-01-17 16:50 - 2019-01-17 16:50 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\522414DD.sys
2019-01-17 16:49 - 2019-01-17 17:03 - 000000000 ___DC C:\Users\johnf\Desktop\mbar
2019-01-17 16:49 - 2019-01-17 17:03 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-01-17 16:49 - 2019-01-17 16:49 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2019-01-17 16:23 - 2019-01-17 17:11 - 000000000 ____D C:\ProgramData\RogueKiller
2019-01-17 16:23 - 2019-01-17 16:23 - 000000905 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-01-17 16:23 - 2019-01-17 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-01-17 16:23 - 2019-01-17 16:23 - 000000000 ____D C:\Program Files\RogueKiller
2019-01-17 15:49 - 2019-01-17 16:12 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\ClassicShell
2019-01-17 15:49 - 2019-01-17 15:49 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\ansel
2019-01-17 15:49 - 2019-01-17 15:49 - 000000000 _____ C:\Users\Administrator.EPSON3191BJ\Desktop\Neues Textdokument.txt
2019-01-17 15:48 - 2019-01-17 15:48 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Roaming\ClassicShell
2019-01-17 15:47 - 2019-01-17 16:11 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\D3DSCache
2019-01-17 15:47 - 2019-01-17 15:47 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Roaming\TechSmith
2019-01-17 15:47 - 2019-01-17 15:47 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\LocalLow\CampoSanto
2019-01-17 15:47 - 2019-01-17 15:47 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\Steam
2019-01-17 15:47 - 2019-01-17 15:47 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\DBG
2019-01-17 15:47 - 2019-01-17 15:47 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\CrashDumps
2019-01-17 15:46 - 2019-01-17 15:49 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\Adobe
2019-01-17 15:46 - 2019-01-17 15:46 - 000001417 _____ C:\Users\Administrator.EPSON3191BJ\Desktop\Microsoft Edge.lnk
2019-01-17 15:46 - 2019-01-17 15:46 - 000000921 _____ C:\Users\Administrator.EPSON3191BJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elements Creations Notification.lnk
2019-01-17 15:46 - 2019-01-17 15:46 - 000000000 ___HD C:\Users\Administrator.EPSON3191BJ\MicrosoftEdgeBackups
2019-01-17 15:46 - 2019-01-17 15:46 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Roaming\BGPKiller
2019-01-17 15:46 - 2019-01-17 15:46 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\TechSmith
2019-01-17 15:46 - 2019-01-17 15:46 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\Publishers
2019-01-17 15:46 - 2019-01-17 15:46 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\MicrosoftEdge
2019-01-17 15:46 - 2019-01-17 15:46 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\CEF
2019-01-17 15:45 - 2019-01-17 16:12 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\Packages
2019-01-17 15:45 - 2019-01-17 16:11 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2019-01-17 15:45 - 2019-01-17 15:49 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Roaming\Adobe
2019-01-17 15:45 - 2019-01-17 15:49 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ
2019-01-17 15:45 - 2019-01-17 15:47 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\NVIDIA Corporation
2019-01-17 15:45 - 2019-01-17 15:46 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\ConnectedDevicesPlatform
2019-01-17 15:45 - 2019-01-17 15:45 - 000000020 ___SH C:\Users\Administrator.EPSON3191BJ\ntuser.ini
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 _SHDL C:\Users\Administrator.EPSON3191BJ\Vorlagen
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 _SHDL C:\Users\Administrator.EPSON3191BJ\Startmenü
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 _SHDL C:\Users\Administrator.EPSON3191BJ\Netzwerkumgebung
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 _SHDL C:\Users\Administrator.EPSON3191BJ\Lokale Einstellungen
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 _SHDL C:\Users\Administrator.EPSON3191BJ\Eigene Dateien
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 _SHDL C:\Users\Administrator.EPSON3191BJ\Druckumgebung
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 _SHDL C:\Users\Administrator.EPSON3191BJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 _SHDL C:\Users\Administrator.EPSON3191BJ\AppData\Local\Verlauf
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 _SHDL C:\Users\Administrator.EPSON3191BJ\AppData\Local\Anwendungsdaten
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 _SHDL C:\Users\Administrator.EPSON3191BJ\Anwendungsdaten
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 ___RD C:\Users\Administrator.EPSON3191BJ\3D Objects
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\NVIDIA
2019-01-17 15:45 - 2019-01-17 15:45 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\Google
2019-01-17 15:45 - 2018-12-14 17:20 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Roaming\Macromedia
2019-01-17 15:45 - 2018-04-12 00:34 - 000001105 _____ C:\Users\Administrator.EPSON3191BJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-17 15:45 - 2017-11-29 19:26 - 000000000 ____D C:\Users\Administrator.EPSON3191BJ\AppData\Local\Microsoft Help
2019-01-16 19:12 - 2019-01-16 19:12 - 000013212 ____C C:\Users\johnf\AppData\Local\recently-used.xbel
