Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016 durchgeführt von Patrycja (Administrator) auf PATRYCJA (12-06-2016 14:10:55) Gestartet von C:\Users\Patrycja\Documents\wirus Geladene Profile: Patrycja (Verfügbare Profile: Patrycja) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe () C:\Program Files (x86)\360\Total Security\QHSafeMain.exe () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Qihu 360 Software Co., Ltd.) C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink) HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [326264 2016-05-09] (QIHU 360 SOFTWARE CO. LIMITED) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation) HKU\S-1-5-21-623183252-2095525383-214824706-1001\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2646504 2012-05-14] (CyberLink Corp.) HKU\S-1-5-21-623183252-2095525383-214824706-1001\...\RunOnce: [Uninstall C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64" HKU\S-1-5-21-623183252-2095525383-214824706-1001\...\RunOnce: [Uninstall C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" HKU\S-1-5-21-623183252-2095525383-214824706-1001\...\RunOnce: [Uninstall C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-623183252-2095525383-214824706-1001\...\RunOnce: [Uninstall C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64" HKU\S-1-5-21-623183252-2095525383-214824706-1001\...\RunOnce: [Uninstall C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" HKU\S-1-5-21-623183252-2095525383-214824706-1001\...\RunOnce: [Uninstall C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-623183252-2095525383-214824706-1001\...\RunOnce: [Uninstall C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-623183252-2095525383-214824706-1001\...\RunOnce: [Uninstall C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" HKU\S-1-5-21-623183252-2095525383-214824706-1001\...\RunOnce: [Uninstall C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-21] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-21] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Patrycja\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-21] (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{1448444e-8830-4689-a00f-c5295d608591}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{dc601806-c956-43b5-a9b9-766ed752574f}: [DhcpNameServer] 192.168.2.1 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-623183252-2095525383-214824706-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-623183252-2095525383-214824706-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ SearchScopes: HKU\S-1-5-21-623183252-2095525383-214824706-1001 -> {F25098DF-953E-4432-9AE2-687BD0E2D820} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-14] (Qualcomm Atheros Commnucations) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-08] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-08] (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKU\S-1-5-21-623183252-2095525383-214824706-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Patrycja\AppData\Roaming\Mozilla\Firefox\Profiles\qyr5463i.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-08] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.de/ CHR StartupUrls: Default -> "hxxp://google.de/" CHR Profile: C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-05-11] CHR Extension: (Google Docs) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (SoundCloud Downloader) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\baignpanbngjdimbgmannbolcbplmofl [2016-04-23] CHR Extension: (YouTube) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30] CHR Extension: (Google-Suche) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Google Docs Offline) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (360 Internet Protection) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2016-05-20] CHR Extension: (Skype) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-24] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05] CHR Extension: (Google Mail) - C:\Users\Patrycja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Datei ist nicht signiert] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-15] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [916392 2016-05-09] (QIHU 360 SOFTWARE CO. LIMITED) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH) R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [Datei ist nicht signiert] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2016-04-19] (360.cn) R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2016-05-09] (360.cn) R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2016-05-09] (360.cn) R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2016-05-09] (360.cn) R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2016-04-19] (360.cn) R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [370768 2016-04-19] (360.cn) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-28] (ASUS Corporation) R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2016-04-19] (360.cn) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-05-17] (Samsung Electronics Co., Ltd.) R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.) S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [320816 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.) S3 HDJMidi; C:\Windows\system32\DRIVERS\HDJMidi.sys [274736 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-05-17] (Samsung Electronics Co., Ltd.) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.) R3 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.) S3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.) R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.) R3 vmlitestor; C:\Windows\System32\drivers\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.) R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-12 13:43 - 2016-06-12 13:43 - 00016148 _____ C:\WINDOWS\system32\PATRYCJA_Patrycja_HistoryPrediction.bin 2016-06-11 22:41 - 2016-06-11 22:43 - 03677248 _____ C:\Users\Patrycja\Documents\adwcleaner_5.119.exe 2016-06-11 22:40 - 2016-06-11 22:45 - 00000000 ____D C:\AdwCleaner 2016-06-09 20:37 - 2016-06-09 20:52 - 367811849 _____ C:\Users\Patrycja\Desktop\patryk 2703.mp4 2016-06-09 19:36 - 2016-06-09 19:36 - 00001841 _____ C:\Users\Patrycja\Desktop\HitFilm 4 Express.lnk 2016-06-09 19:24 - 2016-06-09 19:33 - 428892160 _____ C:\Users\Patrycja\Downloads\HitFilm4Express_x64_4.0.5227.37263.msi 2016-06-08 19:49 - 2016-06-09 19:35 - 00000000 ____D C:\Users\Patrycja\AppData\Local\HitFilm 4 Express Activation 2016-06-08 19:48 - 2016-06-08 19:48 - 00000000 ____D C:\Users\Patrycja\Documents\FXHOME 2016-06-08 19:48 - 2016-06-08 19:48 - 00000000 ____D C:\Users\Patrycja\AppData\Local\FXHOME Helper 2016-06-08 19:48 - 2016-06-08 19:48 - 00000000 ____D C:\Users\Patrycja\AppData\Local\FXHOME 2016-06-08 19:46 - 2016-06-08 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitFilm 4 Express 2016-06-08 19:45 - 2016-06-08 19:46 - 00000000 ____D C:\Program Files\Boris FX, Inc 2016-06-08 19:45 - 2016-06-08 19:45 - 00000000 ____D C:\ProgramData\FXHOME 2016-06-08 19:45 - 2016-06-08 19:45 - 00000000 ____D C:\Program Files\FXHOME 2016-06-08 19:45 - 2016-06-08 19:45 - 00000000 ____D C:\Program Files\Common Files\OFX 2016-06-08 19:45 - 2016-06-08 19:45 - 00000000 ____D C:\Program Files (x86)\Boris FX, Inc 2016-06-08 19:34 - 2016-06-08 19:34 - 00983624 _____ ( ) C:\Users\Patrycja\Downloads\HitFilm-Express-26758-dp.exe 2016-06-08 18:49 - 2016-06-08 18:49 - 00000000 ____D C:\Users\Patrycja\.MCTranscodingSDK 2016-06-08 18:49 - 2016-06-08 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks 2016-06-08 18:48 - 2016-06-08 18:58 - 00000000 ____D C:\Users\Public\Documents\Lightworks 2016-06-08 18:48 - 2016-06-08 18:48 - 00000000 ____D C:\ProgramData\Geevs 2016-06-08 18:47 - 2016-06-08 19:20 - 00000000 ____D C:\Program Files\Lightworks 2016-06-08 18:43 - 2016-06-08 18:46 - 73511992 _____ (Lightworks) C:\Users\Patrycja\Downloads\lightworks_v12.6.0_full_64bit_setup.exe 2016-06-08 18:09 - 2016-06-08 18:15 - 00000000 ____D C:\Users\Patrycja\AppData\Local\Mozilla 2016-06-08 18:09 - 2016-06-08 18:09 - 00000000 ____D C:\Users\Patrycja\AppData\Roaming\Mozilla 2016-06-08 18:07 - 2016-06-08 18:07 - 00242344 _____ C:\Users\Patrycja\Downloads\Firefox Setup Stub 47.0.exe 2016-06-08 17:49 - 2016-06-11 22:45 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2016-06-08 17:47 - 2016-06-08 17:47 - 00000000 ____D C:\Users\Patrycja\AppData\Roaming\Sun 2016-06-08 17:47 - 2016-06-08 17:47 - 00000000 ____D C:\Users\Patrycja\AppData\LocalLow\Sun 2016-06-08 17:47 - 2016-06-08 17:47 - 00000000 ____D C:\Users\Patrycja\.oracle_jre_usage 2016-06-08 17:47 - 2016-06-08 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-06-08 17:47 - 2016-06-08 17:46 - 00097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2016-06-08 17:46 - 2016-06-08 17:47 - 00000000 ____D C:\ProgramData\Oracle 2016-06-08 17:46 - 2016-06-08 17:46 - 00000000 ____D C:\Program Files (x86)\Java 2016-06-08 17:45 - 2016-06-08 17:45 - 00000000 ____D C:\Users\Patrycja\AppData\LocalLow\Oracle 2016-06-08 17:44 - 2016-06-08 17:44 - 00738880 _____ (Oracle Corporation) C:\Users\Patrycja\Downloads\JavaSetup8u91.exe 2016-06-04 13:10 - 2016-06-04 13:29 - 00000000 ____D C:\Users\Patrycja\Desktop\Lukas ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-12 14:10 - 2016-04-23 15:19 - 00000000 ____D C:\Users\Patrycja\Documents\wirus 2016-06-12 14:10 - 2016-04-23 15:15 - 00000000 ____D C:\FRST 2016-06-12 14:09 - 2015-03-27 14:01 - 00000000 ____D C:\Users\Patrycja\Desktop\programy i dokumety 2016-06-12 14:07 - 2016-04-23 11:25 - 00000000 ____D C:\Users\Patrycja\AppData\LocalLow\360WD 2016-06-12 14:04 - 2014-08-17 19:50 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-12 13:48 - 2013-10-04 07:19 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2016-06-12 13:48 - 2013-10-04 07:19 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2016-06-12 13:46 - 2015-01-23 15:16 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F8618A7A-BCB0-4F28-9C81-9AC2F1A51A4E} 2016-06-12 13:43 - 2016-04-23 16:51 - 00000401 _____ C:\Users\Patrycja\AppData\Roaming\sp_data.sys 2016-06-12 13:43 - 2015-08-13 18:08 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture 2016-06-12 13:43 - 2015-08-12 22:35 - 00000000 __SHD C:\Users\Patrycja\IntelGraphicsProfiles 2016-06-12 13:43 - 2014-08-17 19:50 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-11 22:46 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-11 22:45 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-06-11 22:34 - 2016-04-23 12:30 - 00000000 __SHD C:\$360Section 2016-06-11 22:34 - 2016-04-23 11:26 - 00000000 ____D C:\ProgramData\360Quarant 2016-06-11 22:27 - 2015-02-04 17:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-06-11 22:24 - 2015-07-10 18:31 - 00000000 ____D C:\Users\Patrycja\VMLites 2016-06-11 20:46 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-11 20:45 - 2015-08-12 22:59 - 00000000 ___DC C:\WINDOWS\Panther 2016-06-11 20:39 - 2016-04-27 09:16 - 00000000 ___HD C:\$WINDOWS.~BT 2016-06-11 20:24 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-08 19:20 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF 2016-06-08 18:49 - 2015-08-12 22:08 - 00000000 ____D C:\Users\Patrycja 2016-06-08 18:06 - 2014-08-17 19:51 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-08 18:06 - 2014-08-17 19:51 - 00002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-08 17:59 - 2015-08-23 12:05 - 00000000 ____D C:\Users\Patrycja\AppData\Local\MicrosoftEdge 2016-06-08 17:48 - 2016-03-19 22:33 - 00000000 ____D C:\Users\Patrycja\AppData\LocalLow\Canon Easy-WebPrint EX 2016-06-05 12:53 - 2014-08-17 20:45 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-06-02 21:29 - 2015-06-13 19:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-23 16:48 - 2016-05-12 21:19 - 00000000 ____D C:\Users\Patrycja\Documents\trening 2016-05-21 00:15 - 2015-08-13 18:10 - 00002434 _____ C:\Users\Patrycja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-05-21 00:15 - 2015-08-13 18:10 - 00000000 ___RD C:\Users\Patrycja\OneDrive 2016-05-17 22:00 - 2014-01-22 08:52 - 00129152 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys 2016-05-17 21:59 - 2014-01-22 08:52 - 00221824 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2016-05-16 21:08 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-04-23 16:51 - 2016-06-12 13:43 - 0000401 _____ () C:\Users\Patrycja\AppData\Roaming\sp_data.sys 2016-04-17 21:44 - 2016-04-17 21:44 - 0004866 _____ () C:\Users\Patrycja\AppData\Local\recently-used.xbel 2015-10-02 19:59 - 2015-10-02 19:59 - 0007605 _____ () C:\Users\Patrycja\AppData\Local\Resmon.ResmonCfg 2015-08-12 22:05 - 2015-08-12 22:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2015-03-23 22:48 - 2015-03-23 22:50 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2015-03-23 22:47 - 2015-03-23 22:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Einige Dateien in TEMP: ==================== C:\Users\Patrycja\AppData\Local\Temp\libeay32.dll C:\Users\Patrycja\AppData\Local\Temp\msvcr120.dll C:\Users\Patrycja\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-06-07 20:47 ==================== Ende von FRST.txt ============================