Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 10 64 Bit DNSUNLOCKER

Windows 10 64 Bit DNSUNLOCKER


Log-Analyse und Auswertung: Windows 10 64 Bit DNSUNLOCKER

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.01.2016, 22:07   #1
antifa
 
Windows 10 64 Bit DNSUNLOCKER - Standard

Windows 10 64 Bit DNSUNLOCKER


Hallo Leute

leider habe ich ein Problem, bei fast allen Webseiten die ich besuche Popen zwei Fenster (1xgroß und 1xklein) mit DNSUNLOCKER auf.

Hoffe auf eure Hilfe , denn ich müsste in die sehen.

Alt 11.01.2016, 22:15   #2
Deathkid535
/// Malwareteam
 
Windows 10 64 Bit DNSUNLOCKER - Standard

Windows 10 64 Bit DNSUNLOCKER




Mein Name ist Dennis und ich werde dir bei der Bereinigung helfen.

Bitte beachte, dass es ein paar Regeln gibt:
  • Bitte lies meine Posts komplett durch bevor du sie abarbeitest
  • Wenn ein Problem auftauchen sollte, unterbreche deine Arbeit, poste die entstandenen Logs und schildere dieses so genau wie möglich.
  • Bitte kein Crossposting
  • Installiere oder Deinstalliere keine Software ohne Aufforderung
  • Bitte verwende nur die Tools welche hier im Thread erwähnt werden
  • Antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen

Sollte ich nicht innerhalb von 48h antworten, schreibe mir eine PM!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 11.01.2016, 22:23   #3
antifa
 
Windows 10 64 Bit DNSUNLOCKER - Standard

logfiles Teil 1



FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
durchgeführt von Peter (Administrator) auf KRIEGLERGASSE (11-01-2016 21:10:43)
Gestartet von C:\Users\Peter\Desktop
Geladene Profile: Peter (Verfügbare Profile: Peter & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\...\Run: [GoogleChromeAutoLaunch_14883A56D9D426BB697F73C8366CAF1F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\...\MountPoints2: {ac3bed94-a7bb-11e5-9be1-90fba647330b} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\...\MountPoints2: {d03a6f82-a1a0-11e5-b17e-96e4c8e611cc} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [425984 2009-08-05] ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-10] (Egis Technology Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{393a788f-6c73-4517-ba87-a0b6ad4b2e50}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{c3e79a92-5d28-4e30-a142-a4ee15413ef6}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{f2846e53-2364-42f4-bf72-6709c646ebae}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_m5811&r=17360815m905pe426v185w4491u28o
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_m5811&r=17360815m905pe426v185w4491u28o
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2261528197-3593764689-1178806888-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT652
SearchScopes: HKU\S-1-5-21-2261528197-3593764689-1178806888-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT652
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2261528197-3593764689-1178806888-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.at/"
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Loupe Collage) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-06]
CHR Extension: (Google-Suche) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-03]
CHR Extension: (Cat's Eye) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhokghddgejhlagoihgnfmfojplpmojk [2015-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Google Mail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [Datei ist nicht signiert]
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S3 Origin Client Service; G:\spiele\Spiele\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [Datei ist nicht signiert]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-08-13] (Realsil Semiconductor Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-11 21:10 - 2016-01-11 21:11 - 00015475 _____ C:\Users\Peter\Desktop\FRST.txt
2016-01-11 21:10 - 2016-01-11 21:10 - 02370560 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2016-01-11 21:10 - 2016-01-11 21:10 - 00000000 ____D C:\FRST
2016-01-02 17:40 - 2016-01-02 17:41 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-01-02 17:26 - 2016-01-02 17:26 - 00000000 ____D C:\Users\Peter\Documents\My Games
2016-01-02 14:09 - 2016-01-03 18:50 - 00000000 ____D C:\Users\Peter\AppData\Roaming\The Creative Assembly
2015-12-26 19:25 - 2015-12-26 19:25 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2015-12-26 19:25 - 2015-12-26 19:25 - 00000000 ____D C:\Users\Peter\Documents\Sports Interactive
2015-12-26 19:25 - 2015-12-26 19:25 - 00000000 ____D C:\Users\Peter\AppData\Local\Sports Interactive
2015-12-23 09:46 - 2015-12-23 09:46 - 00000000 ____D C:\ProgramData\ATI
2015-12-22 11:44 - 2015-12-22 11:44 - 00002343 _____ C:\Users\Peter\Desktop\AdwCleaner[C1].txt
2015-12-22 11:30 - 2015-12-22 11:39 - 00000000 ____D C:\AdwCleaner
2015-12-22 11:29 - 2015-12-22 11:29 - 00003065 _____ C:\Users\Peter\Desktop\mbam.txt
2015-12-22 11:01 - 2015-12-22 11:30 - 01743360 _____ C:\Users\Peter\Desktop\AdwCleaner_5.026.exe
2015-12-22 10:53 - 2015-12-23 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-12-22 10:53 - 2015-12-23 16:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-12-22 10:53 - 2015-12-23 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-22 10:53 - 2015-12-22 11:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-22 10:53 - 2015-12-22 10:53 - 00001179 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-22 10:53 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-22 10:53 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-22 10:53 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-19 11:13 - 2015-12-22 11:56 - 00007606 _____ C:\Users\Peter\AppData\Local\resmon.resmoncfg
2015-12-19 11:08 - 2015-12-19 11:08 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-12-19 10:56 - 2015-12-23 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-12-19 10:55 - 2015-12-23 16:45 - 00000000 ____D C:\Program Files\ATI Technologies
2015-12-19 03:47 - 2015-12-19 03:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-18 11:44 - 2015-12-07 05:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 11:44 - 2015-12-07 05:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 11:44 - 2015-12-07 05:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 11:44 - 2015-12-07 05:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 11:44 - 2015-12-07 05:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 11:44 - 2015-12-07 05:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 11:44 - 2015-12-07 05:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 11:44 - 2015-12-07 05:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 11:44 - 2015-12-07 05:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 11:44 - 2015-12-07 05:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 11:44 - 2015-12-07 05:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 11:44 - 2015-12-07 05:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 11:44 - 2015-12-07 05:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 11:44 - 2015-12-07 05:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 11:44 - 2015-12-07 05:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 11:44 - 2015-12-07 04:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 11:44 - 2015-12-07 04:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 11:44 - 2015-12-07 04:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 11:44 - 2015-12-07 04:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 11:44 - 2015-12-07 04:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 11:44 - 2015-12-07 04:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 11:44 - 2015-12-07 04:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 11:44 - 2015-12-07 04:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 11:43 - 2015-12-07 05:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 11:43 - 2015-12-07 05:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 11:43 - 2015-12-07 05:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 11:43 - 2015-12-07 05:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 11:43 - 2015-12-07 05:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 11:43 - 2015-12-07 05:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 11:43 - 2015-12-07 05:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 11:43 - 2015-12-07 05:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 11:43 - 2015-12-07 05:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 11:43 - 2015-12-07 05:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 11:43 - 2015-12-07 05:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 11:43 - 2015-12-07 05:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 11:43 - 2015-12-07 05:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 11:43 - 2015-12-07 05:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 11:43 - 2015-12-07 05:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 11:43 - 2015-12-07 05:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 11:43 - 2015-12-07 05:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 11:43 - 2015-12-07 05:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 11:43 - 2015-12-07 05:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 11:43 - 2015-12-07 05:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 11:43 - 2015-12-07 05:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 11:43 - 2015-12-07 05:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 11:43 - 2015-12-07 05:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 11:43 - 2015-12-07 05:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 11:43 - 2015-12-07 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 11:43 - 2015-12-07 05:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 11:43 - 2015-12-07 05:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 11:43 - 2015-12-07 05:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 11:43 - 2015-12-07 05:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 11:43 - 2015-12-07 04:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 11:43 - 2015-12-07 04:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 11:43 - 2015-12-07 04:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 11:43 - 2015-12-07 04:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 11:43 - 2015-12-07 04:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 11:43 - 2015-12-07 04:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 11:43 - 2015-12-07 04:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 11:43 - 2015-12-07 04:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 11:43 - 2015-12-07 04:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 11:43 - 2015-12-07 04:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 11:43 - 2015-12-07 04:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 11:43 - 2015-12-07 04:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 11:43 - 2015-12-07 04:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 11:43 - 2015-12-07 04:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 11:43 - 2015-12-07 04:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 11:43 - 2015-12-07 04:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 11:43 - 2015-12-07 04:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 11:43 - 2015-12-07 04:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 11:43 - 2015-12-07 04:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 11:43 - 2015-12-07 04:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 11:43 - 2015-12-07 04:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 11:43 - 2015-12-07 04:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 11:43 - 2015-12-07 04:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 11:43 - 2015-12-07 04:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 11:43 - 2015-12-07 04:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 11:43 - 2015-12-07 04:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 11:43 - 2015-12-07 04:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 11:43 - 2015-12-07 04:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 11:43 - 2015-12-07 04:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-12-15 12:17 - 2015-12-15 12:17 - 00150218 _____ C:\Users\Peter\Downloads\Datenbank2.0.rar
2015-12-15 12:16 - 2015-12-15 12:44 - 1204714775 _____ C:\Users\Peter\Downloads\Spieler Bilder.rar
2015-12-15 12:16 - 2015-12-15 12:31 - 440877836 _____ C:\Users\Peter\Downloads\Wappen.rar
2015-12-15 12:15 - 2015-12-15 12:19 - 29880026 _____ C:\Users\Peter\Downloads\Datenbank Stand 14.10. ohne Minilnder.dbs
2015-12-15 12:15 - 2015-12-15 12:17 - 40422840 _____ C:\Users\Peter\Downloads\Torhymnen.rar
2015-12-14 14:12 - 2015-12-14 14:12 - 00854368 _____ C:\Users\Peter\Downloads\registerzaehlung_2011_gemeindetabelle_oesterreich.pdf
2015-12-14 11:51 - 2015-12-14 12:00 - 00000000 ____D C:\Users\Peter\Documents\FUSSBALL MANAGER 14
2015-12-14 10:34 - 2015-12-14 10:34 - 00003312 _____ C:\WINDOWS\System32\Tasks\{6B9954C3-D390-4903-BEDE-057E19A55488}
2015-12-14 10:30 - 2015-12-14 10:30 - 00003312 _____ C:\WINDOWS\System32\Tasks\{BC4B5753-AD4E-46C1-AB16-13923F429A3C}
2015-12-14 10:24 - 2015-12-14 10:24 - 00003328 _____ C:\WINDOWS\System32\Tasks\{073D3642-44D9-4829-A083-7FC9553C119E}
2015-12-14 10:23 - 2015-12-14 10:23 - 00003318 _____ C:\WINDOWS\System32\Tasks\{72DF7AED-381F-49D5-9B58-7360BEB41363}
2015-12-14 09:00 - 2015-12-14 11:14 - 00000000 ____D C:\Users\Peter\Documents\FUSSBALL MANAGER 13
2015-12-13 19:11 - 2015-12-13 21:52 - 00009728 _____ C:\Users\Peter\Desktop\Mappe1.xlsx
2015-12-13 16:20 - 2015-12-13 16:20 - 00111139 _____ C:\Users\Peter\Downloads\Schadenaufnahme (1) (1).pdf
2015-12-13 16:14 - 2015-12-13 16:14 - 00111139 _____ C:\Users\Peter\Downloads\Schadenaufnahme (1).pdf
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 ____D C:\Users\Peter\AppData\Local\ActiveSync
2015-12-13 15:25 - 2015-12-13 15:25 - 00000020 ___SH C:\Users\Peter\ntuser.ini
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-12-13 15:24 - 2015-12-13 15:24 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-12-13 15:19 - 2016-01-03 07:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-13 15:10 - 2015-12-13 15:10 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-13 15:10 - 2015-12-13 15:10 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-12-13 15:10 - 2015-12-13 15:10 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-12-13 15:10 - 2015-12-13 15:10 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-12-13 15:10 - 2015-12-13 15:10 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-12-13 15:10 - 2015-12-13 15:10 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-12-13 15:10 - 2015-12-13 15:10 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-12-13 15:10 - 2015-12-13 15:10 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-12-13 15:10 - 2015-12-13 15:10 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-12-13 15:05 - 2015-12-13 15:12 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-13 15:05 - 2015-12-13 15:05 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-12-13 15:02 - 2016-01-04 17:34 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-13 15:02 - 2016-01-04 12:57 - 00000000 ____D C:\Users\Peter
2015-12-13 15:02 - 2015-12-23 16:46 - 00000000 ____D C:\Users\DefaultAppPool
2015-12-13 15:02 - 2015-12-13 15:02 - 01989310 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\Vorlagen
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\Startmenü
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\Netzwerkumgebung
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\Lokale Einstellungen
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\Eigene Dateien
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\Druckumgebung
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\Documents\Eigene Videos
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\Documents\Eigene Musik
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\Documents\Eigene Bilder
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\AppData\Local\Verlauf
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\AppData\Local\Anwendungsdaten
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\Peter\Anwendungsdaten
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Vorlagen
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Startmenü
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Netzwerkumgebung
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Lokale Einstellungen
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Eigene Dateien
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Druckumgebung
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Videos
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Musik
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Bilder
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Verlauf
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2015-12-13 15:02 - 2015-12-13 15:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Anwendungsdaten
2015-12-13 14:58 - 2015-12-23 16:45 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-12-13 14:58 - 2015-12-23 16:36 - 00000000 ____D C:\Program Files\AMD
2015-12-13 14:58 - 2015-12-13 15:06 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-13 14:58 - 2015-12-13 14:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-12-13 14:58 - 2015-12-13 14:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2015-12-13 14:58 - 2015-12-13 14:58 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-12-13 14:58 - 2015-12-13 14:58 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2015-12-13 14:57 - 2015-12-13 14:57 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-13 14:57 - 2015-12-13 14:57 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-13 14:57 - 2015-12-13 14:57 - 00000000 ____D C:\WINDOWS\system32\DAX2
2015-12-13 14:57 - 2015-12-13 14:57 - 00000000 ____D C:\Program Files\Realtek
2015-12-13 14:57 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-13 14:53 - 2015-12-13 15:14 - 00345576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-13 14:52 - 2015-12-13 18:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-13 14:49 - 2015-12-13 14:49 - 00000000 ____D C:\Windows.old
2015-12-13 14:48 - 2015-12-13 14:48 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-13 14:48 - 2015-12-13 14:48 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-13 14:48 - 2015-12-13 14:48 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-13 14:48 - 2015-12-13 14:48 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-13 14:48 - 2015-12-13 14:48 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-13 14:48 - 2015-12-13 14:48 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-13 14:48 - 2015-12-13 14:48 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-13 14:48 - 2015-12-13 14:48 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-13 14:48 - 2015-12-13 14:48 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-13 14:45 - 2015-12-13 14:45 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-13 14:42 - 2015-12-23 16:45 - 00000000 ____D C:\inetpub
2015-12-13 14:42 - 2015-12-13 15:12 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-13 14:42 - 2015-12-13 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-12-13 14:42 - 2015-12-13 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-12-13 14:42 - 2015-12-13 14:42 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-12-13 14:42 - 2015-12-13 14:42 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-12-13 14:42 - 2015-12-13 14:42 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-13 14:42 - 2015-12-13 14:42 - 00000000 ____D C:\Program Files\MSBuild
2015-12-13 14:42 - 2015-12-13 14:42 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-13 14:41 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-13 14:41 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-13 14:41 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-13 14:41 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-13 14:41 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-13 14:41 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-11 21:10 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-11 21:03 - 2015-08-03 16:41 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-11 20:16 - 2015-08-23 19:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-11 19:23 - 2015-08-06 16:22 - 00000000 ____D C:\ProgramData\Origin
2016-01-11 09:03 - 2015-08-03 16:41 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 14:25 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-09 10:44 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-06 07:47 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-04 17:34 - 2015-10-30 19:35 - 00888008 _____ C:\WINDOWS\system32\perfh007.dat
2016-01-04 17:34 - 2015-10-30 19:35 - 00197092 _____ C:\WINDOWS\system32\perfc007.dat
2016-01-04 17:34 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-03 14:11 - 2015-11-22 12:18 - 00000000 ____D C:\Users\Peter\Documents\FIFA 16
2016-01-03 07:47 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-03 02:40 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 14:43 - 2015-11-03 17:23 - 00000000 ____D C:\Users\Peter\Documents\Paradox Interactive
2015-12-23 16:47 - 2015-08-03 20:17 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-12-23 16:46 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-23 16:46 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-23 16:46 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-23 16:45 - 2015-08-06 18:21 - 00000000 ____D C:\Users\Peter\Documents\FIFA 15
2015-12-23 16:45 - 2015-08-03 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-12-23 16:45 - 2015-08-03 20:17 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Raptr
2015-12-23 16:39 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\registration
2015-12-23 16:36 - 2015-11-01 12:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-23 16:36 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-23 16:36 - 2015-08-04 10:50 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-12-23 16:36 - 2015-08-04 09:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-23 16:36 - 2015-08-04 09:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-23 16:36 - 2015-08-03 16:13 - 00000000 ____D C:\Program Files\Intel
2015-12-23 16:36 - 2015-08-03 16:06 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-12-23 16:36 - 2009-11-18 22:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-12-23 16:36 - 2009-11-18 22:47 - 00000000 ____D C:\Program Files (x86)\NewTech Infosystems
2015-12-23 16:35 - 2015-08-03 20:16 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-23 16:35 - 2015-08-03 19:56 - 00000000 ____D C:\AMD
2015-12-23 16:32 - 2015-08-03 19:34 - 00000000 ____D C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2015-12-19 03:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-19 03:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-14 04:53 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-13 15:45 - 2015-08-06 11:28 - 00000000 ____D C:\Users\Peter\AppData\Local\Packages
2015-12-13 15:44 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-13 15:31 - 2015-08-06 11:33 - 00002405 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-13 15:31 - 2015-08-06 11:33 - 00000000 ___RD C:\Users\Peter\OneDrive
2015-12-13 15:26 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-13 15:26 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-13 15:26 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-13 15:25 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-13 15:25 - 2015-08-06 11:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-13 15:24 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT
2015-12-13 15:24 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-13 15:24 - 2015-08-06 10:34 - 00023782 _____ C:\WINDOWS\diagerr.xml
2015-12-13 15:24 - 2015-08-06 10:34 - 00022863 _____ C:\WINDOWS\diagwrn.xml
2015-12-13 15:22 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-13 15:20 - 2015-08-06 11:23 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-13 15:20 - 2015-08-03 16:13 - 00002160 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2015-12-13 15:19 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media
2015-12-13 15:19 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-13 15:19 - 2015-08-03 16:41 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-13 15:19 - 2015-08-03 16:41 - 00003434 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-13 15:12 - 2015-11-26 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Online
2015-12-13 15:12 - 2015-11-14 11:20 - 00000000 ____D C:\WINDOWS\de
2015-12-13 15:12 - 2015-11-14 11:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-12-13 15:12 - 2015-11-03 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearts of Iron III - Their Finest Hour
2015-12-13 15:12 - 2015-11-01 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-12-13 15:12 - 2015-10-30 19:44 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-13 15:12 - 2015-08-23 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-13 15:12 - 2015-08-17 21:36 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
2015-12-13 15:12 - 2015-08-04 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-13 15:12 - 2015-08-03 16:46 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-12-13 15:12 - 2015-08-03 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-13 15:12 - 2015-08-03 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2015-12-13 15:12 - 2015-08-03 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2015-12-13 15:12 - 2015-08-03 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
2015-12-13 15:12 - 2009-11-18 23:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2
2015-12-13 15:12 - 2009-11-18 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-12-13 15:12 - 2009-11-18 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-12-13 15:12 - 2009-11-18 22:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-13 15:12 - 2009-11-18 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
2015-12-13 15:12 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-13 15:10 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-13 15:08 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-12-13 15:08 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-13 15:08 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-13 15:07 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-12-13 15:07 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-13 15:07 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-13 15:07 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-13 15:07 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-13 15:07 - 2015-08-04 11:02 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-12-13 15:07 - 2015-08-04 11:01 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-12-13 15:06 - 2015-11-03 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
2015-12-13 15:06 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-12-13 15:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-13 15:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\schemas
2015-12-13 15:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-13 15:06 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-13 15:06 - 2015-08-23 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-12-13 15:06 - 2009-11-18 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec
2015-12-13 15:05 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-12-13 15:05 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-12-13 15:05 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-12-13 14:53 - 2015-10-30 19:55 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-13 14:52 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-13 14:49 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-13 14:49 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-13 14:49 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-13 14:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-12-13 14:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-12-13 14:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-12-13 14:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-12-13 14:42 - 2015-10-30 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-12-13 14:42 - 2015-10-30 08:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-12-13 14:42 - 2015-10-30 08:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-12-13 14:42 - 2015-10-30 08:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-12-13 14:42 - 2015-10-30 08:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-12-13 14:42 - 2015-10-30 08:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-12-13 14:42 - 2015-10-30 08:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-12-13 14:42 - 2015-10-30 08:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-12-13 14:42 - 2015-10-30 08:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-12-13 14:42 - 2015-10-30 08:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-12-13 14:42 - 2015-10-30 08:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-12-13 14:42 - 2015-10-30 08:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-12-13 14:42 - 2015-10-30 08:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-12-13 14:42 - 2015-10-30 08:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-12-13 14:42 - 2015-10-30 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-12-13 14:42 - 2015-10-30 08:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-12-13 14:42 - 2015-10-30 08:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-12-13 14:42 - 2015-10-30 08:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-12-13 14:42 - 2015-10-30 08:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-12-13 14:42 - 2015-10-30 08:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-12-13 14:42 - 2015-10-30 08:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-12-13 14:42 - 2015-10-30 08:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-12-13 14:42 - 2015-10-30 08:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-12-13 14:42 - 2015-10-30 08:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-12-13 14:42 - 2015-10-30 08:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-12-13 14:42 - 2015-10-30 08:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-12-13 14:42 - 2015-10-30 08:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-12-13 14:42 - 2015-10-30 08:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-12-13 14:42 - 2015-10-30 08:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-12-13 14:42 - 2015-10-30 08:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2015-12-13 14:42 - 2015-10-30 08:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2015-12-13 14:21 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-07 21:21 - 2015-09-07 21:21 - 0000000 _____ () C:\Program Files\Microsoft Security Client
2009-11-18 22:39 - 2009-02-10 21:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico
2015-09-07 21:21 - 2015-09-07 21:21 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2015-08-17 20:58 - 2015-10-31 20:37 - 0000664 _____ () C:\Users\Peter\AppData\Roaming\wklnhst.dat
2015-08-04 11:55 - 2015-08-04 12:03 - 0020087 _____ () C:\Users\Peter\AppData\Local\HWVendorDetection.log
2015-08-23 12:20 - 2015-08-23 14:20 - 29249520 _____ (Sony Mobile Communications                                  ) C:\Users\Peter\AppData\Local\pcc.exe
2015-12-19 11:13 - 2015-12-22 11:56 - 0007606 _____ () C:\Users\Peter\AppData\Local\resmon.resmoncfg
2008-02-05 12:28 - 2008-02-05 12:28 - 0000051 _____ () C:\Users\Peter\AppData\Local\setup.txt
2015-09-18 19:37 - 2015-09-18 19:37 - 0000000 _____ () C:\Users\Peter\AppData\Local\{81632B5F-2EA7-403B-9872-38AB37F58A83}
2015-08-29 02:38 - 2015-08-29 02:38 - 0000000 _____ () C:\Users\Peter\AppData\Local\{C70376B6-CC57-4808-847A-DDAC03402C63}
2015-08-03 16:01 - 2015-08-03 16:03 - 0009364 _____ () C:\ProgramData\ArcadeDeluxe3.log
2015-12-13 14:57 - 2015-12-13 14:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2009-11-18 22:40 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2015-08-03 16:47 - 2015-08-03 16:48 - 0000091 _____ () C:\ProgramData\PS.log

Einige Dateien in TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\AutoEdManager13.exe
C:\Users\Peter\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-01-07 19:32

==================== Ende von FRST.txt ============================
--- --- ---
__________________
Alt 11.01.2016, 22:25   #4
antifa
 
Windows 10 64 Bit DNSUNLOCKER - Standard

logfiles teil 2


Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
durchgeführt von Peter (2016-01-11 21:12:05)
Gestartet von C:\Users\Peter\Desktop
Windows 10 Home (X64) (2015-12-13 14:25:07)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2261528197-3593764689-1178806888-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2261528197-3593764689-1178806888-503 - Limited - Disabled)
Gast (S-1-5-21-2261528197-3593764689-1178806888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2261528197-3593764689-1178806888-1002 - Limited - Enabled)
Peter (S-1-5-21-2261528197-3593764689-1178806888-1000 - Administrator - Enabled) => C:\Users\Peter

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0812 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{92265DEC-AA16-8226-AE4B-96165DB368B6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ATI AVIVO64 Codecs (Version: 10.11.0.41019 - ATI Technologies Inc.) Hidden
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Black ICE 8.2 (HKLM-x32\...\{015E0577-7D4A-456C-A435-DD9EE7E72589}_is1) (Version: 8.2 - Panzeroo, Inc.)
Chaos Domain (HKLM-x32\...\Steam App 287100) (Version:  - Holy Warp)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.4.64673.4 - Electronic Arts)
Football Manager 2016 Demo (HKLM-x32\...\Steam App 378180) (Version:  - SEGA)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grim Legends: The Forsaken Bride (HKLM-x32\...\Steam App 284850) (Version:  - Artifex Mundi sp. z o.o.)
Hearts of Iron III - Their Finest Hour version 4.02 (HKLM-x32\...\{25D080C2-19A4-427D-A12A-979D674B57F8}}_is1) (Version: 4.02 - Paradox Interactive)
Hearts of Iron III (HKLM-x32\...\{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}) (Version:  - )
Hearts of Iron III: For the Motherland Version 3.05 (HKLM-x32\...\Hearts of Iron III: For the Motherland_is1) (Version: 3.05 - Paradox Interactive)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 14.7.31.0 (HKLM\...\PROSetDX) (Version: 14.7.31.0 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.20.101.05210 (HKLM-x32\...\{78D0E870-B5F7-8AE8-35DC-18060AAD9C7A}) (Version: 2.20.101.05210 - Sony)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Melissa K. and the Heart of Gold Collector's Edition (HKLM-x32\...\Steam App 321150) (Version:  - SDP Games)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Nero 9 Essentials (HKLM-x32\...\{965ef942-36c2-4f92-b60f-c75cd1dcde2f}) (Version:  - Nero AG)
Nightmares from the Deep 3: Davy Jones (HKLM-x32\...\Steam App 284810) (Version:  - Artifex Mundi sp. z o.o.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Semper Fi 2.03 (HKLM-x32\...\Semper Fi_is1) (Version:  - Paradox Interactive)
Sony PC Companion 2.10.289 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.289 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total War Battles: SHOGUN (HKLM-x32\...\Steam App 217060) (Version:  - The Creative Assembly)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Überwachungstool für die Intel® Turbo-Boost-Technologie (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Victoria II (HKLM-x32\...\Steam App 42960) (Version:  - Paradox Development Studio)
Victoria: Revolutions (HKLM-x32\...\Steam App 42980) (Version:  - Paradox Development Studio)
Viking: Battle for Asgard (HKLM-x32\...\Steam App 211160) (Version:  - Creative Assembly, PC Port - Hardlight)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
X-Blades (HKLM-x32\...\Steam App 7510) (Version:  - Topware Interactive)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2261528197-3593764689-1178806888-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0164B127-7661-4BF3-A42F-D17DDC6D8993} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {0399541E-5223-4F34-9522-0ECA6D5C7EE3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {05ADF2FB-8D20-4CC4-9804-3D2B8482BD45} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {06108260-B314-4F8D-9BCC-F98F23F7123F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1BA7CC4C-CA59-4ED3-8E4D-7E0275A318A2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {21830F4B-069F-4BCC-981A-90F67C2B387B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {233488D2-D1EC-4D43-AE9E-B90B2AABE8E2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2A635F75-650C-4C73-AA06-E2C6530ACD76} - System32\Tasks\{72DF7AED-381F-49D5-9B58-7360BEB41363} => pcalua.exe -a C:\Users\Peter\Downloads\fm13_sonstiges_namenfile.exe -d C:\Users\Peter\Downloads
Task: {3179D9E9-2B34-42B2-9AE5-895C7DD2C157} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3481EDD2-B7FC-4571-B681-F51ABFE9A122} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {39518C7C-731E-45D2-A1EE-719656C0EBCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-03] (Google Inc.)
Task: {3951F957-EA3C-43B4-AA6F-3A4F844F4EDE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {3E31CBAE-E7A7-4E22-BEE6-1ECF34608CEF} - System32\Tasks\{073D3642-44D9-4829-A083-7FC9553C119E} => pcalua.exe -a C:\Users\Peter\Downloads\fm13_sonstiges_trainingslager.exe -d C:\Users\Peter\Downloads
Task: {49CB602D-C0D9-4CC3-9C7E-AF968B0FDF98} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4EA64A8F-E179-44E0-9548-6F7C4A27821C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {4F205B26-6643-49FC-A80F-D224BB52DA02} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4FC5A44F-3B9D-4693-9913-A5C8ACD86CE4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {563E777B-E70F-4961-84EA-32F50CB9AB86} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {58C9CB79-95D5-454B-9FEE-2704EFA47136} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {58F1646A-E884-4D63-9F99-49386A705077} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {5D7D197C-5D0B-459B-868B-C54DB15F0487} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5EE1D46B-8998-4A8C-8DFB-DE2B1CAD8A6D} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {6347A06E-C280-4364-AC77-4F20B544EEEE} - System32\Tasks\{6B9954C3-D390-4903-BEDE-057E19A55488} => pcalua.exe -a C:\Users\Peter\Downloads\fm13_citypics_schweiz.exe -d C:\Users\Peter\Downloads
Task: {6E122308-3726-4D43-871F-02BAC92950C6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {74E8C569-930B-4D82-9446-7E094D7D1D96} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7A973C52-09F9-45E7-A4F9-0DD2D770F81D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7D23D873-B4E2-403D-8FD5-4278639C643A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-03] (Google Inc.)
Task: {7F0BBA52-C1F8-45C3-92AE-634BA3437FE5} - System32\Tasks\{BC4B5753-AD4E-46C1-AB16-13923F429A3C} => pcalua.exe -a C:\Users\Peter\Downloads\fm13_bilder_sanmarino.exe -d C:\Users\Peter\Downloads
Task: {828064D3-28A3-4350-A244-CDFC01F7EF85} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {98559395-EAC2-4074-A823-6B8797149A11} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {9F2D1042-16FE-45A6-8411-29B814A95B9A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A88D809B-4015-447C-A529-E52C1241921A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {A8C76873-F7A1-43CE-AA25-5E5EDABE7B80} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {AC583177-613C-4C32-BD71-E4C10E6AA070} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AFBA5C1D-96CB-4443-94BF-8A592BCB498A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B6846902-B76B-4A40-AD42-FE1541E43656} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B818464B-FEC1-47F9-8AB0-FE9DB1E5A78D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BF25383A-6E1F-4DED-9B9A-C1A5264E5EDC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C975C427-44B7-450B-9A46-58DF1499D33E} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {CB3AF109-A446-4600-8EAB-6C792BECFDF2} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CE69E0AD-542A-427D-A6A5-7DD21EA6E618} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {D5B0A6A2-71AB-483E-8F26-C0E1AEA4F9D4} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {F55FD23E-3896-4ACE-A703-ED05DECE6327} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F9C90FB3-9CCF-46ED-A30D-DB7CC6E8F87B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2009-12-14 03:19 - 2009-12-09 10:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-18 11:43 - 2015-12-07 04:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-18 11:43 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 11:43 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 11:44 - 2015-12-07 04:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 11:44 - 2015-12-07 04:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 11:44 - 2015-12-07 04:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2009-08-18 08:27 - 2009-08-18 08:27 - 00629280 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2015-12-17 12:29 - 2015-12-17 12:29 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2015-12-17 12:29 - 2015-12-17 12:29 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 12:29 - 2015-12-17 12:30 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-17 12:29 - 2015-12-17 12:29 - 02940416 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2015-12-17 12:29 - 2015-12-17 12:29 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2015-12-17 12:29 - 2015-12-17 12:29 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2015-12-17 01:04 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 01:04 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-25 19:32 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Peter\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run: => "mwlDaemon"
HKLM\...\StartupApproved\Run32: => "BackupManagerTray"
HKLM\...\StartupApproved\Run32: => "EgisTecLiveUpdate"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_14883A56D9D426BB697F73C8366CAF1F"
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C74AB72C-B0F2-4A3F-BFD5-967EC4BDE597}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{D912C5DA-1507-4DC2-AD82-7CF50CD20031}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [UDP Query User{7FFAB758-5A66-496A-A6C8-5AB542ADB7A4}G:\program files (x86)\origin games\command and conquer red alert ii\game.exe] => (Block) G:\program files (x86)\origin games\command and conquer red alert ii\game.exe
FirewallRules: [TCP Query User{809FE923-5366-44AC-8AF6-D82F5E97E452}G:\program files (x86)\origin games\command and conquer red alert ii\game.exe] => (Block) G:\program files (x86)\origin games\command and conquer red alert ii\game.exe
FirewallRules: [{4D3B848D-2F02-48CB-9E9E-7D51EC15F41C}] => (Allow) G:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{3617B00F-9FA7-4716-8F88-9FB4B203CCCA}] => (Allow) G:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [UDP Query User{2BAAC27E-E7DA-428B-AFBD-C79C77B42DE1}G:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) G:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [TCP Query User{D5C559A9-36B6-4B58-9224-2F9BB093EADC}G:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) G:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{432787AA-64DE-4F6E-8C3D-8049AD30CEFF}] => (Allow) LPort=1900
FirewallRules: [{7BE67941-088F-42DA-AD7F-9EBB8E29AEA3}] => (Allow) LPort=2869
FirewallRules: [{28BC86D1-8ACC-47FC-855B-998D3FE9EE72}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{67532DC1-6767-4742-91B1-E79B0AA9404E}] => (Allow) LPort=53
FirewallRules: [{56625FAC-25E1-4FF8-8367-6BDACF8D5E1E}] => (Allow) LPort=53
FirewallRules: [{C030E19B-822F-42E1-8AE8-5B6A3CF0B480}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2BD761B5-EADA-4EBE-936A-5DBF2AA52826}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7FBBE5AC-C5CE-4B62-A66F-F31FC3B8A37B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B8474EE1-C9F7-4271-8D39-CCD0F51CCC5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{7952A2CC-F9DF-4DA8-B02B-1102557777C9}G:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) G:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [TCP Query User{1F4D00F6-4C54-4791-8057-DFE45AEF6C5A}G:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) G:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{A78C4F53-8045-4712-9F39-59108E0EF3BA}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{A13B25EF-B583-4859-B09E-1F6493481266}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{BE21EB57-A91E-4128-B8FC-2F411902049B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E4A1342E-339C-4F78-859A-28CC54098EB5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BC2507D7-62B7-41CB-95D9-18CF32717647}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8A882510-6114-4909-B5C8-FC736DEC404C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A3BE79E6-796F-452B-9478-0F6CFBFA75AB}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exe
FirewallRules: [{71945F89-831C-45D8-8917-A6D21AA5A799}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exe
FirewallRules: [{DBCD4794-480C-4F31-A0D0-D0E527A0335C}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{37FF8F4D-606E-4C98-AB0C-E87C8CE0E962}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{A9A30864-B58D-4C96-B5DB-EECB8E8A2A4E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{98EFA58B-88C9-4391-86F8-8A5CC3047E75}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{83E03E99-A934-4C6D-83D6-2E4B88B2CDB8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{E3B497A8-FA8B-4BDA-AE44-627CDA72B883}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016 Demo\fm.exe
FirewallRules: [{A33A685F-0F6F-49F1-82C0-D97B75CCF956}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016 Demo\fm.exe
FirewallRules: [{411BE43C-D608-4444-A965-EF98754EF7E1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{D2D8AF95-B695-4EE1-BB24-F88E35A1A938}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{2169D415-1A47-4BFD-9E62-FEAEABDD6ACA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{5583EC29-97D7-4D66-BD47-66F24F460825}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{03E8D31C-89DD-4E12-BBC6-2C843C86C606}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{83B8FE69-47AB-43CA-A05C-C1069BC39456}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{E41CD61A-7B23-4225-AF0F-C6F235C3DE5D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Chaos Domain\Binaries\Win32\CDGame.exe
FirewallRules: [{563225E3-5194-4C50-915D-53CC63F64A19}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Chaos Domain\Binaries\Win32\CDGame.exe
FirewallRules: [{C42EEDD9-D1BD-4389-AF46-892C58AAC868}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{9DC8A66F-56BF-43EF-9081-308D52959C76}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{C1BE9325-FEB6-4573-98B1-72F7E99E6266}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{69D7830A-F134-420B-A035-717A610F0257}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{64C140BD-DE6F-4F4A-9E9D-C5B6D66579AD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{BCABC698-9D80-4C33-A741-A3C695FDA100}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{8D29D785-AB02-45A5-A172-71C8FACD8A4B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{FAEDFCEB-A17C-4B48-A822-026FC3A8A8A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{CBEF021A-7D69-44EE-BBFA-24891212616F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Victoria Revolutions\Victoria.exe
FirewallRules: [{E4689F2B-B97A-4885-9044-64853956389A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Victoria Revolutions\Victoria.exe
FirewallRules: [{47C3B3DF-8A41-49D0-BA69-9145696D12A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{68298E59-F27F-48EA-A818-B019426C3B10}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{9B6BA915-93C1-43F8-AE6B-52D427132146}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [{7FFC7127-CB92-4014-9383-068964846860}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [TCP Query User{6708C9C8-C9C7-4712-93F9-A2D9CF32424D}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{75A4C3F1-BF4F-4BAE-8460-E86CEAC93869}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{01194BAE-8375-41FC-B926-4E4C61BCC7FB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{84C1B859-AD12-43A0-B1B8-7022EA4E1478}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{6B1A2500-24B0-4E68-8864-C2CB2294DD91}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Blades\launcher.exe
FirewallRules: [{6DBA3308-F164-4899-969E-6EED5DCD2AC8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Blades\launcher.exe
FirewallRules: [{F1EB6F31-B24D-40FF-800C-BCEA4B08BBDB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Melissa K and the Heart of Gold\MelissaK_Steam.exe
FirewallRules: [{51DCDDC7-F5DC-4B27-AD28-91B9257BD2CC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Melissa K and the Heart of Gold\MelissaK_Steam.exe
FirewallRules: [{783277BD-41AE-4594-8B31-8C58474255E4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\total war battles shogun\twbattles.exe
FirewallRules: [{985B1EC2-84C5-4B50-9FF7-26451BA47238}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\total war battles shogun\twbattles.exe
FirewallRules: [{48EB76E0-E421-4488-8A63-1813E1253992}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Nightmares from the Deep Davy Jones\NightmaresFromTheDeep_DavyJones.exe
FirewallRules: [{5050777E-8501-4F41-8F2B-983A192417E9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Nightmares from the Deep Davy Jones\NightmaresFromTheDeep_DavyJones.exe

==================== Wiederherstellungspunkte =========================

23-12-2015 00:03:22 Wiederherstellungsvorgang
30-12-2015 21:04:59 Windows Update
02-01-2016 14:07:45 DirectX wurde installiert
03-01-2016 18:47:04 DirectX wurde installiert
06-01-2016 08:38:13 DirectX wurde installiert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2-Standardtastatur
Description: PS/2-Standardtastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/09/2016 03:55:05 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/09/2016 03:55:00 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/09/2016 02:56:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/09/2016 02:21:31 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/09/2016 02:21:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dwm.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d756
Name des fehlerhaften Moduls: Windows.Gaming.Input.dll, Version: 10.0.10586.0, Zeitstempel: 0x5632da39
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eecd
ID des fehlerhaften Prozesses: 0x1014
Startzeit der fehlerhaften Anwendung: 0xdwm.exe0
Pfad der fehlerhaften Anwendung: dwm.exe1
Pfad des fehlerhaften Moduls: dwm.exe2
Berichtskennung: dwm.exe3
Vollständiger Name des fehlerhaften Pakets: dwm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dwm.exe5

Error: (01/09/2016 02:21:26 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/08/2016 01:35:38 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/08/2016 01:35:27 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/08/2016 01:35:27 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/06/2016 08:38:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


Systemfehler:
=============
Error: (01/11/2016 07:54:10 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 07:54:10 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 07:54:10 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:35:16 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:35:16 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:35:16 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:20:21 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:20:21 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:20:21 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:20:21 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


CodeIntegrity:
===================================
  Date: 2016-01-07 03:51:00.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-06 15:55:44.167
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:44.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:44.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:31.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:31.909
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:31.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:31.630
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 08:40:20.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 01:06:19.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 4055.06 MB
Verfügbarer physikalischer RAM: 1927.97 MB
Summe virtueller Speicher: 8151.06 MB
Verfügbarer virtueller Speicher: 5523.43 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:458.45 GB) (Free:377.48 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.96 GB) (Free:293.16 GB) NTFS
Drive f: (MobileWiFi) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: (Iomega HDD) (Fixed) (Total:1397.26 GB) (Free:1232.2 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C5BA9D19)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 27E9BFE8)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
durchgeführt von Peter (2016-01-11 21:12:05)
Gestartet von C:\Users\Peter\Desktop
Windows 10 Home (X64) (2015-12-13 14:25:07)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2261528197-3593764689-1178806888-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2261528197-3593764689-1178806888-503 - Limited - Disabled)
Gast (S-1-5-21-2261528197-3593764689-1178806888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2261528197-3593764689-1178806888-1002 - Limited - Enabled)
Peter (S-1-5-21-2261528197-3593764689-1178806888-1000 - Administrator - Enabled) => C:\Users\Peter

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0812 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{92265DEC-AA16-8226-AE4B-96165DB368B6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ATI AVIVO64 Codecs (Version: 10.11.0.41019 - ATI Technologies Inc.) Hidden
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Black ICE 8.2 (HKLM-x32\...\{015E0577-7D4A-456C-A435-DD9EE7E72589}_is1) (Version: 8.2 - Panzeroo, Inc.)
Chaos Domain (HKLM-x32\...\Steam App 287100) (Version:  - Holy Warp)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.4.64673.4 - Electronic Arts)
Football Manager 2016 Demo (HKLM-x32\...\Steam App 378180) (Version:  - SEGA)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grim Legends: The Forsaken Bride (HKLM-x32\...\Steam App 284850) (Version:  - Artifex Mundi sp. z o.o.)
Hearts of Iron III - Their Finest Hour version 4.02 (HKLM-x32\...\{25D080C2-19A4-427D-A12A-979D674B57F8}}_is1) (Version: 4.02 - Paradox Interactive)
Hearts of Iron III (HKLM-x32\...\{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}) (Version:  - )
Hearts of Iron III: For the Motherland Version 3.05 (HKLM-x32\...\Hearts of Iron III: For the Motherland_is1) (Version: 3.05 - Paradox Interactive)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 14.7.31.0 (HKLM\...\PROSetDX) (Version: 14.7.31.0 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.20.101.05210 (HKLM-x32\...\{78D0E870-B5F7-8AE8-35DC-18060AAD9C7A}) (Version: 2.20.101.05210 - Sony)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Melissa K. and the Heart of Gold Collector's Edition (HKLM-x32\...\Steam App 321150) (Version:  - SDP Games)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Nero 9 Essentials (HKLM-x32\...\{965ef942-36c2-4f92-b60f-c75cd1dcde2f}) (Version:  - Nero AG)
Nightmares from the Deep 3: Davy Jones (HKLM-x32\...\Steam App 284810) (Version:  - Artifex Mundi sp. z o.o.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Semper Fi 2.03 (HKLM-x32\...\Semper Fi_is1) (Version:  - Paradox Interactive)
Sony PC Companion 2.10.289 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.289 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total War Battles: SHOGUN (HKLM-x32\...\Steam App 217060) (Version:  - The Creative Assembly)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Überwachungstool für die Intel® Turbo-Boost-Technologie (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Victoria II (HKLM-x32\...\Steam App 42960) (Version:  - Paradox Development Studio)
Victoria: Revolutions (HKLM-x32\...\Steam App 42980) (Version:  - Paradox Development Studio)
Viking: Battle for Asgard (HKLM-x32\...\Steam App 211160) (Version:  - Creative Assembly, PC Port - Hardlight)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
X-Blades (HKLM-x32\...\Steam App 7510) (Version:  - Topware Interactive)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2261528197-3593764689-1178806888-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0164B127-7661-4BF3-A42F-D17DDC6D8993} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {0399541E-5223-4F34-9522-0ECA6D5C7EE3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {05ADF2FB-8D20-4CC4-9804-3D2B8482BD45} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {06108260-B314-4F8D-9BCC-F98F23F7123F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1BA7CC4C-CA59-4ED3-8E4D-7E0275A318A2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {21830F4B-069F-4BCC-981A-90F67C2B387B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {233488D2-D1EC-4D43-AE9E-B90B2AABE8E2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2A635F75-650C-4C73-AA06-E2C6530ACD76} - System32\Tasks\{72DF7AED-381F-49D5-9B58-7360BEB41363} => pcalua.exe -a C:\Users\Peter\Downloads\fm13_sonstiges_namenfile.exe -d C:\Users\Peter\Downloads
Task: {3179D9E9-2B34-42B2-9AE5-895C7DD2C157} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3481EDD2-B7FC-4571-B681-F51ABFE9A122} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {39518C7C-731E-45D2-A1EE-719656C0EBCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-03] (Google Inc.)
Task: {3951F957-EA3C-43B4-AA6F-3A4F844F4EDE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {3E31CBAE-E7A7-4E22-BEE6-1ECF34608CEF} - System32\Tasks\{073D3642-44D9-4829-A083-7FC9553C119E} => pcalua.exe -a C:\Users\Peter\Downloads\fm13_sonstiges_trainingslager.exe -d C:\Users\Peter\Downloads
Task: {49CB602D-C0D9-4CC3-9C7E-AF968B0FDF98} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4EA64A8F-E179-44E0-9548-6F7C4A27821C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {4F205B26-6643-49FC-A80F-D224BB52DA02} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4FC5A44F-3B9D-4693-9913-A5C8ACD86CE4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {563E777B-E70F-4961-84EA-32F50CB9AB86} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {58C9CB79-95D5-454B-9FEE-2704EFA47136} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {58F1646A-E884-4D63-9F99-49386A705077} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {5D7D197C-5D0B-459B-868B-C54DB15F0487} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5EE1D46B-8998-4A8C-8DFB-DE2B1CAD8A6D} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {6347A06E-C280-4364-AC77-4F20B544EEEE} - System32\Tasks\{6B9954C3-D390-4903-BEDE-057E19A55488} => pcalua.exe -a C:\Users\Peter\Downloads\fm13_citypics_schweiz.exe -d C:\Users\Peter\Downloads
Task: {6E122308-3726-4D43-871F-02BAC92950C6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {74E8C569-930B-4D82-9446-7E094D7D1D96} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7A973C52-09F9-45E7-A4F9-0DD2D770F81D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7D23D873-B4E2-403D-8FD5-4278639C643A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-03] (Google Inc.)
Task: {7F0BBA52-C1F8-45C3-92AE-634BA3437FE5} - System32\Tasks\{BC4B5753-AD4E-46C1-AB16-13923F429A3C} => pcalua.exe -a C:\Users\Peter\Downloads\fm13_bilder_sanmarino.exe -d C:\Users\Peter\Downloads
Task: {828064D3-28A3-4350-A244-CDFC01F7EF85} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {98559395-EAC2-4074-A823-6B8797149A11} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {9F2D1042-16FE-45A6-8411-29B814A95B9A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A88D809B-4015-447C-A529-E52C1241921A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {A8C76873-F7A1-43CE-AA25-5E5EDABE7B80} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {AC583177-613C-4C32-BD71-E4C10E6AA070} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AFBA5C1D-96CB-4443-94BF-8A592BCB498A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B6846902-B76B-4A40-AD42-FE1541E43656} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B818464B-FEC1-47F9-8AB0-FE9DB1E5A78D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BF25383A-6E1F-4DED-9B9A-C1A5264E5EDC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C975C427-44B7-450B-9A46-58DF1499D33E} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {CB3AF109-A446-4600-8EAB-6C792BECFDF2} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CE69E0AD-542A-427D-A6A5-7DD21EA6E618} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {D5B0A6A2-71AB-483E-8F26-C0E1AEA4F9D4} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {F55FD23E-3896-4ACE-A703-ED05DECE6327} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F9C90FB3-9CCF-46ED-A30D-DB7CC6E8F87B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2009-12-14 03:19 - 2009-12-09 10:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-18 11:43 - 2015-12-07 04:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-13 14:48 - 2015-12-13 14:48 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-18 11:43 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 11:43 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 11:44 - 2015-12-07 04:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 11:44 - 2015-12-07 04:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 11:44 - 2015-12-07 04:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2009-08-18 08:27 - 2009-08-18 08:27 - 00629280 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2015-12-17 12:29 - 2015-12-17 12:29 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2015-12-17 12:29 - 2015-12-17 12:29 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 12:29 - 2015-12-17 12:30 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-17 12:29 - 2015-12-17 12:29 - 02940416 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2015-12-17 12:29 - 2015-12-17 12:29 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2015-12-17 12:29 - 2015-12-17 12:29 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2015-12-17 01:04 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 01:04 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-25 19:32 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Peter\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run: => "mwlDaemon"
HKLM\...\StartupApproved\Run32: => "BackupManagerTray"
HKLM\...\StartupApproved\Run32: => "EgisTecLiveUpdate"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_14883A56D9D426BB697F73C8366CAF1F"
HKU\S-1-5-21-2261528197-3593764689-1178806888-1000\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C74AB72C-B0F2-4A3F-BFD5-967EC4BDE597}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{D912C5DA-1507-4DC2-AD82-7CF50CD20031}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [UDP Query User{7FFAB758-5A66-496A-A6C8-5AB542ADB7A4}G:\program files (x86)\origin games\command and conquer red alert ii\game.exe] => (Block) G:\program files (x86)\origin games\command and conquer red alert ii\game.exe
FirewallRules: [TCP Query User{809FE923-5366-44AC-8AF6-D82F5E97E452}G:\program files (x86)\origin games\command and conquer red alert ii\game.exe] => (Block) G:\program files (x86)\origin games\command and conquer red alert ii\game.exe
FirewallRules: [{4D3B848D-2F02-48CB-9E9E-7D51EC15F41C}] => (Allow) G:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{3617B00F-9FA7-4716-8F88-9FB4B203CCCA}] => (Allow) G:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [UDP Query User{2BAAC27E-E7DA-428B-AFBD-C79C77B42DE1}G:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) G:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [TCP Query User{D5C559A9-36B6-4B58-9224-2F9BB093EADC}G:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) G:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{432787AA-64DE-4F6E-8C3D-8049AD30CEFF}] => (Allow) LPort=1900
FirewallRules: [{7BE67941-088F-42DA-AD7F-9EBB8E29AEA3}] => (Allow) LPort=2869
FirewallRules: [{28BC86D1-8ACC-47FC-855B-998D3FE9EE72}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{67532DC1-6767-4742-91B1-E79B0AA9404E}] => (Allow) LPort=53
FirewallRules: [{56625FAC-25E1-4FF8-8367-6BDACF8D5E1E}] => (Allow) LPort=53
FirewallRules: [{C030E19B-822F-42E1-8AE8-5B6A3CF0B480}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2BD761B5-EADA-4EBE-936A-5DBF2AA52826}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7FBBE5AC-C5CE-4B62-A66F-F31FC3B8A37B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B8474EE1-C9F7-4271-8D39-CCD0F51CCC5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{7952A2CC-F9DF-4DA8-B02B-1102557777C9}G:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) G:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [TCP Query User{1F4D00F6-4C54-4791-8057-DFE45AEF6C5A}G:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) G:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{A78C4F53-8045-4712-9F39-59108E0EF3BA}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{A13B25EF-B583-4859-B09E-1F6493481266}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{BE21EB57-A91E-4128-B8FC-2F411902049B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E4A1342E-339C-4F78-859A-28CC54098EB5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BC2507D7-62B7-41CB-95D9-18CF32717647}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8A882510-6114-4909-B5C8-FC736DEC404C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A3BE79E6-796F-452B-9478-0F6CFBFA75AB}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exe
FirewallRules: [{71945F89-831C-45D8-8917-A6D21AA5A799}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exe
FirewallRules: [{DBCD4794-480C-4F31-A0D0-D0E527A0335C}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{37FF8F4D-606E-4C98-AB0C-E87C8CE0E962}] => (Allow) G:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{A9A30864-B58D-4C96-B5DB-EECB8E8A2A4E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{98EFA58B-88C9-4391-86F8-8A5CC3047E75}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{83E03E99-A934-4C6D-83D6-2E4B88B2CDB8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{E3B497A8-FA8B-4BDA-AE44-627CDA72B883}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016 Demo\fm.exe
FirewallRules: [{A33A685F-0F6F-49F1-82C0-D97B75CCF956}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016 Demo\fm.exe
FirewallRules: [{411BE43C-D608-4444-A965-EF98754EF7E1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{D2D8AF95-B695-4EE1-BB24-F88E35A1A938}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{2169D415-1A47-4BFD-9E62-FEAEABDD6ACA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{5583EC29-97D7-4D66-BD47-66F24F460825}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{03E8D31C-89DD-4E12-BBC6-2C843C86C606}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{83B8FE69-47AB-43CA-A05C-C1069BC39456}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{E41CD61A-7B23-4225-AF0F-C6F235C3DE5D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Chaos Domain\Binaries\Win32\CDGame.exe
FirewallRules: [{563225E3-5194-4C50-915D-53CC63F64A19}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Chaos Domain\Binaries\Win32\CDGame.exe
FirewallRules: [{C42EEDD9-D1BD-4389-AF46-892C58AAC868}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{9DC8A66F-56BF-43EF-9081-308D52959C76}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{C1BE9325-FEB6-4573-98B1-72F7E99E6266}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{69D7830A-F134-420B-A035-717A610F0257}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{64C140BD-DE6F-4F4A-9E9D-C5B6D66579AD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{BCABC698-9D80-4C33-A741-A3C695FDA100}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{8D29D785-AB02-45A5-A172-71C8FACD8A4B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{FAEDFCEB-A17C-4B48-A822-026FC3A8A8A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{CBEF021A-7D69-44EE-BBFA-24891212616F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Victoria Revolutions\Victoria.exe
FirewallRules: [{E4689F2B-B97A-4885-9044-64853956389A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Victoria Revolutions\Victoria.exe
FirewallRules: [{47C3B3DF-8A41-49D0-BA69-9145696D12A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{68298E59-F27F-48EA-A818-B019426C3B10}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{9B6BA915-93C1-43F8-AE6B-52D427132146}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [{7FFC7127-CB92-4014-9383-068964846860}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [TCP Query User{6708C9C8-C9C7-4712-93F9-A2D9CF32424D}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{75A4C3F1-BF4F-4BAE-8460-E86CEAC93869}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{01194BAE-8375-41FC-B926-4E4C61BCC7FB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{84C1B859-AD12-43A0-B1B8-7022EA4E1478}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{6B1A2500-24B0-4E68-8864-C2CB2294DD91}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Blades\launcher.exe
FirewallRules: [{6DBA3308-F164-4899-969E-6EED5DCD2AC8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Blades\launcher.exe
FirewallRules: [{F1EB6F31-B24D-40FF-800C-BCEA4B08BBDB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Melissa K and the Heart of Gold\MelissaK_Steam.exe
FirewallRules: [{51DCDDC7-F5DC-4B27-AD28-91B9257BD2CC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Melissa K and the Heart of Gold\MelissaK_Steam.exe
FirewallRules: [{783277BD-41AE-4594-8B31-8C58474255E4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\total war battles shogun\twbattles.exe
FirewallRules: [{985B1EC2-84C5-4B50-9FF7-26451BA47238}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\total war battles shogun\twbattles.exe
FirewallRules: [{48EB76E0-E421-4488-8A63-1813E1253992}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Nightmares from the Deep Davy Jones\NightmaresFromTheDeep_DavyJones.exe
FirewallRules: [{5050777E-8501-4F41-8F2B-983A192417E9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Nightmares from the Deep Davy Jones\NightmaresFromTheDeep_DavyJones.exe

==================== Wiederherstellungspunkte =========================

23-12-2015 00:03:22 Wiederherstellungsvorgang
30-12-2015 21:04:59 Windows Update
02-01-2016 14:07:45 DirectX wurde installiert
03-01-2016 18:47:04 DirectX wurde installiert
06-01-2016 08:38:13 DirectX wurde installiert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2-Standardtastatur
Description: PS/2-Standardtastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/09/2016 03:55:05 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/09/2016 03:55:00 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/09/2016 02:56:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/09/2016 02:21:31 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/09/2016 02:21:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dwm.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d756
Name des fehlerhaften Moduls: Windows.Gaming.Input.dll, Version: 10.0.10586.0, Zeitstempel: 0x5632da39
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eecd
ID des fehlerhaften Prozesses: 0x1014
Startzeit der fehlerhaften Anwendung: 0xdwm.exe0
Pfad der fehlerhaften Anwendung: dwm.exe1
Pfad des fehlerhaften Moduls: dwm.exe2
Berichtskennung: dwm.exe3
Vollständiger Name des fehlerhaften Pakets: dwm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dwm.exe5

Error: (01/09/2016 02:21:26 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/08/2016 01:35:38 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/08/2016 01:35:27 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/08/2016 01:35:27 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/06/2016 08:38:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


Systemfehler:
=============
Error: (01/11/2016 07:54:10 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 07:54:10 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 07:54:10 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:35:16 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:35:16 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:35:16 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:20:21 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:20:21 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:20:21 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/11/2016 02:20:21 PM) (Source: DCOM) (EventID: 10016) (User: Krieglergasse)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KrieglergassePeterS-1-5-21-2261528197-3593764689-1178806888-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


CodeIntegrity:
===================================
  Date: 2016-01-07 03:51:00.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-06 15:55:44.167
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:44.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:44.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:31.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:31.909
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:31.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 15:55:31.630
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-06 08:40:20.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 01:06:19.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 4055.06 MB
Verfügbarer physikalischer RAM: 1927.97 MB
Summe virtueller Speicher: 8151.06 MB
Verfügbarer virtueller Speicher: 5523.43 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:458.45 GB) (Free:377.48 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.96 GB) (Free:293.16 GB) NTFS
Drive f: (MobileWiFi) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: (Iomega HDD) (Fixed) (Total:1397.26 GB) (Free:1232.2 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C5BA9D19)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 27E9BFE8)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
Code:
ATTFilter
# AdwCleaner v5.026 - Bericht erstellt am 22/12/2015 um 11:39:56
# Aktualisiert am 21/12/2015 von Xplode
# Datenbank : 2015-12-21.3 [Server]
# Betriebssystem : Windows 10 Home  (x64)
# Benutzername : Peter - KRIEGLERGASSE
# Gestartet von : C:\Users\Peter\Desktop\AdwCleaner_5.026.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\ProgramData\Partner
[-] Ordner Gelöscht : C:\Users\Peter\AppData\Roaming\RPEng

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage
[-] Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2261 Bytes] ##########

Alt 11.01.2016, 22:43   #5
Deathkid535
/// Malwareteam
 
Windows 10 64 Bit DNSUNLOCKER - Standard

Windows 10 64 Bit DNSUNLOCKER


Hi,

tritt das in allen Browsern auf?


Alt 11.01.2016, 22:48   #6
antifa
 
Windows 10 64 Bit DNSUNLOCKER - Standard

Dürfte nur chrome betreffen


Verwende normalerweise nur chrome und habe jetzt seiten mit dem explorer bzw edge angesteuert. betrifft anscheinden nur chrome.

lg
peter

Alt 11.01.2016, 22:50   #7
Deathkid535
/// Malwareteam
 
Windows 10 64 Bit DNSUNLOCKER - Standard

Windows 10 64 Bit DNSUNLOCKER


Hi,

dann mal folgendes machen:

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Google Chrome

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 



Danach neu herunterladen und installieren, direkt danach das hier machen.

Alt 11.01.2016, 23:09   #8
antifa
 
Windows 10 64 Bit DNSUNLOCKER - Standard

neu Installiert


Hallo Dennis,

alles erledigt und im Moment schaut es gut aus.

Sollte es das gewesen sein, sage ich mal herzlichen Dank!

LG
Peter

Alt 11.01.2016, 23:09   #9
Deathkid535
/// Malwareteam
 
Windows 10 64 Bit DNSUNLOCKER - Standard

Windows 10 64 Bit DNSUNLOCKER


Hi,

wir machen Sicherheitshalber einen Kontrollscan, wobei ich aber nicht glaube, dass der großartig was findet.

Schritt # 1: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt # 2: Frage

Gibts noch Probleme?



Schritt # 3: Bitte Posten
  • Das Log von ESET
  • Die Antwort auf meine Frage
Alt 12.01.2016, 06:50   #10
antifa
 
Windows 10 64 Bit DNSUNLOCKER - Standard

Esetlog


Guten morgen Dennis

hier meine Esetlog mit 5 Funden

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5740be895aff4f488f28ebfc091fa455
# end=init
# utc_time=2016-01-11 10:12:06
# local_time=2016-01-11 11:12:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 27593
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5740be895aff4f488f28ebfc091fa455
# end=updated
# utc_time=2016-01-11 10:16:31
# local_time=2016-01-11 11:16:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5740be895aff4f488f28ebfc091fa455
# engine=27593
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-01-12 02:42:10
# local_time=2016-01-12 03:42:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 59979 6380673 0 0
# scanned=841245
# found=5
# cleaned=0
# scan_time=15938
sh=D76BC575ACE057613858AC4D8448E88D8FF33672 ft=1 fh=55125305ffc163cb vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2261528197-3593764689-1178806888-1000\$R9YWEGX.exe"
sh=DF27AD522CC308658A5630005C0CB01B475F5AA2 ft=1 fh=9dea4e4cea251f45 vn="Variante von Win32/UniBlue.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Roaming\RPEng\BC49A718362C4074BB377A76A09BF3CF\PCM_ROE_p1v5.exe.vir"
sh=5B5EA2F5CEC496F99D245A68C884C09F5849E037 ft=1 fh=038fab3ea954bf64 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Peter\AppData\Local\Temp\DMR\dmr_72.exe"
sh=60524E0360597E0EBBEF2DBA655B4319B80B6F5A ft=1 fh=8c9b4ae647db9a60 vn="Win32/UniBlue.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\TIA5UOLM\pcmechanicpm-standalone-setup[1].exe"
sh=60524E0360597E0EBBEF2DBA655B4319B80B6F5A ft=1 fh=8c9b4ae647db9a60 vn="Win32/UniBlue.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Peter\AppData\Local\Temp\is-H73AR.tmp\pm-standalone-setup.exe"

Alt 12.01.2016, 08:20   #11
Deathkid535
/// Malwareteam
 
Windows 10 64 Bit DNSUNLOCKER - Standard

Windows 10 64 Bit DNSUNLOCKER


Hi,

wenn du deinen Windows.old Ordner nicht mehr brauchst kannst du ihn entfernen: Wie kann ich den Ordner "Windows.old" entfernen?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Dann wären wir hier durch. Deine Logs sind sauber

Falls du deine Passwörter nicht regelmäßig änderst - jetzt ist der Zeitpunkt dafür!

Schritt # 1: Entfernen unserer Tools

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend noch ein paar Tipps von mir:

Schritt # 2: Empfohlene Software

Habe immer ein aktuelles Antivirenprogramm deiner Wahl installiert und aktiviere die automatischen Updates (standardmäßig eingeschaltet).

Ich empfehle:

Verwende nach Möglichkeit nicht den Internet Explorer, da dieser viele Sicherheitslücken enthält. Achte aber darauf, dass er immer up to date bleibt, weil viele Programme diesen zum Anzeigen von Websites benutzen.

Alternativ kannst du verwenden:Dazu sind folgende Add-ons empfehlenswert:

uBlock Origin (Chrome) --> Blockiert Werbung. Werbung kann sehr nervig sein, aber auch auf schädliche Links verweisen. uBlock ist effizienter als der Konkurrent AdblockPlus.
Ghostery --> Blockiert Tracker und Cookies, welche dich im Internet nachverfolgen können. Stelle jedoch bei der Installation sicher, dass du Ghostrank nicht zustimmst.

Du kannst auch Malwarebytes Anti-Exploit verwenden, um aktuelle Sicherheitslücken zu stopfen.

Halte immer deine Plug-ins und Software aktuell, vor allem:Du kannst diese komfortabel regelmäßig hiermit überprüfen:

PluginCheck
Filehippo App Manager



Schritt # 3: Tipps um eine Neuinfektion zu vermeiden

Downloade nach Möglichkeit immer direkt von der Herstellerseite oder alternativ von einem sauberen Download-Portal wie FilePony.de. Von Downloadern wie die von Chip, Softonic und Sourceforge raten wir ab: CHIP-Installer - was ist das? - Anleitungen

Auch versuchen sich immer mehr Programme durch Installationsroutinen auf den PC "durchzumogeln". Das klappt ganz gut, weil viele Anwender sich diese nicht genau durchlesen und schnell durchklicken. Manchmal steht auch in den Lizenzvereinbarungen, dass ein Programm, was eigentlich als Freeware angepriesen wird, nur genutzt werden kann, wenn man sich bestimmte Toolbars oder andere Programme mitinstallieren lässt.
Da hilft es nur aufmerksam zu sein.

Ein Tool, welches dich dabei gut unterstützen kann, ist: Unchecky. Dieses überwacht im Hintergrund Installationsprozesse und hakt automatisch nervige Adwarekomponenten wie Toolbars ab. Falls man etwas übersieht, warnt noch ein Pop-up, bevor man fortfahren kann.

Wir raten von jeglichen Optimizern, Cleanern, SpeedUps und Ähnlichem ab, da diese Softwareprodukte meist keinen Performancegewinn bringen. Du kannst jedoch regelmäßig deinen PC mit der windowsinternen Datenträgerbereinigung behandeln.

Überprüfe regelmäßig (mind. 1x pro Monat) deinen PC mit Malwarebytes Anti-Malware und ESET.

Falls du dir unsicher bist, ob ein Download wirklich sauber ist, kannst du immer https://www.virustotal.com/ zurate ziehen.



Schritt # 4: Unterstütze uns!

Wenn du uns mit einer kleinen Spende unterstützen möchtest, so kannst du dies hier tun: http://www.trojaner-board.de/79994-s...ndenkonto.html

Es reicht aber auch schon ein simples hier, wenn du mit uns zufrieden warst.

unsere Facebook-Seite!

Bitte gib mir bescheid, wenn du das alles gelesen hast und alles klar ist, damit ich dieses Thema aus meinen Abos löschen kann.

Alt 12.01.2016, 10:01   #12
antifa
 
Windows 10 64 Bit DNSUNLOCKER - Standard

Fixlog


Hi Dennis,

ein problem gab es mit dem neustart
Dpc_WatchDog_Violation

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
durchgeführt von Peter (2016-01-12 08:48:52) Run:1
Gestartet von C:\Users\Peter\Desktop
Geladene Profile: Peter (Verfügbare Profile: Peter & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
EmptyTemp:
*****************

EmptyTemp: => 1.3 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 08:50:31 ====


Dennis herzlichen Dank

ich werde versuchen deine ratschläge zu beherzigen

ich weis allerdings jetzt schon, dass ich euch irgendwann wieder in anspruch nehmen werden muss.
eigentlich hoffe ich, dass ich das nicht mehr brauche und wie sagt man so schön
die hoffnung stirbt zuletzt

lg
peter

Alt 12.01.2016, 10:38   #13
Deathkid535
/// Malwareteam
 
Windows 10 64 Bit DNSUNLOCKER - Standard

Windows 10 64 Bit DNSUNLOCKER


Gerne

Antwort

Themen zu Windows 10 64 Bit DNSUNLOCKER
64 bit, dnsunlocke, dnsunlocker, fenster, glaskugel, hilfe, locker, popen, problem, webseite, webseiten, windows, windows 10


« CLSID: FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11} | Rechner total infiziert, zerschossen, hinüber, keine Ahnung. »


Ähnliche Themen: Windows 10 64 Bit DNSUNLOCKER


  1. Unerwünschte Werbung in Chrome - bestpriceninja / dnsunlocker
    Log-Analyse und Auswertung - 02.12.2015 (12)
  2. Windows 8.1: Runtime Errror c:\windows\syswow64\rundll32.exe und Update-Fehler bei Windows
    Log-Analyse und Auswertung - 24.11.2015 (14)
  3. Windows 7: Auf den meisten Webseiten kommt Werbung von DNSUnlocker!
    Log-Analyse und Auswertung - 16.10.2015 (7)
  4. DNSUnlocker in Chrome
    Plagegeister aller Art und deren Bekämpfung - 08.09.2015 (16)
  5. Windows 8, Windows 7, Android, Windows Phone - Websiten werden auf adfoc.us umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 30.11.2014 (7)
  6. Windows 7: Windows-Sicherheitscenter und Windows Defender funktionieren nicht mehr, Services.exe verseucht?
    Log-Analyse und Auswertung - 07.01.2014 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 10 64 Bit DNSUNLOCKER - Hallo Leute leider habe ich ein Problem, bei fast allen Webseiten die ich besuche Popen zwei Fenster (1xgroß und 1xklein) mit DNSUNLOCKER auf. Hoffe auf eure Hilfe , denn ich - Windows 10 64 Bit DNSUNLOCKER...
Archiv
Du betrachtest: Windows 10 64 Bit DNSUNLOCKER auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131