Windows 10 / Installation von unerwünschten Programmen hört nicht auf/Defender geht nicht

Piristibulus · 15.08.2016, 20:49

Hallo,

ich habe mir heute wohl einen Trojaner gefangen.
Ich hatte versucht eine Buch herunterzuladen (Gemeinfrei - geht um was mittelalterliches, was es auch als doc-Dateien und/oder html-Format gibt/geben sollte).
Als ich die Datei mountete, ging auf einmal ein Installer los - ich dachte mir, dass etwas nicht korrekt ist und habe "cancel" geklickt.

Vermutlich hätte ich das über den Task Manager killen sollen, jedenfalls ging gleich Windows Defender los und schlug großen Alarm. Beim scannen fand er aber nur zwei Dateien. Quarantäne und Löschen half nichts - auf einmal wurden ständig weitere Programme installiert. angeblich Systemwartungssoftware und auf einmal was chinesisches.

Löschen konnte man nichts mehr (Angeblich m+uss ich dazu als Administratoren (wörtlich) eingeloggt sein, aber so ein User Account habe ich nicht, da bei mir alles auf Englisch läuft.

Habe schnell das internet ausgeschaltet (auch WiFi gekillt und de PC zugemacht. Über den Taskmanager konnte ich noch sehen, dass jede Menge komischer Sachen laufen.

Ich habe noch nie bei Windows 10 Probleme gehabt. Zum Glück habe ich noch einen alten PC. traue mich aber jetzt gar nicht, den befallenen Computer einfach wieder hochzufahren.
Wie gehe ich jetzt am besten vor? Wie kannich die empfohlenen Schritte (systemscann my FRSt, etc.) durchführen, ohne meinen Rechner wieder hochzufahren und online zu gehen? ich bin leider noch ein ziemlicher Windows 10-Newby.

Ich habe ein Lenova Yoga Pro, Windows 10, mit Anniversary Update, ursprünglich mal Windows 8.1.

ch hoffe, es kann mir jemand Helfen.

Vielen Dank im Voraus, Pirisitbulus

cosinus · 16.08.2016, 07:56

Zitat:

Als ich die Datei mountete

Datei mounten?

Was genau hast du da gemacht?
mounten kann man nur Dateisysteme. Oder aber eben Dateien, die als Container dienen und ein filesystem eingebettet haben...das kennt man aber aus der Linux-Welt und nicht von Windows

Ich glaub du meinst: "Als ich die Datei per Doppelklick ausführte..."

Wenn ein Installer aufpoppte hast du tatsächlich kein Worddokument (*.doc) sondern irgendwas Ausfühbares heruntergeladen.

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Piristibulus · 16.08.2016, 08:37

Lieber Cosinus, vielen Dank,
kurze Frage:

Muss FRSTexe Zugriff auf das Internet haben?
Danke und LG,
Pirisitbulus

cosinus · 16.08.2016, 08:39

ja, sollte es

Piristibulus · 16.08.2016, 09:09

Beim Scannen konnte ich einige der Malware-Programme erkennen, weil sie shortcuts auf dem Desktop angelegt haben:

PC Spped up
MPC Cleaner

und Max Driver Updater startete.

Außerdem ging ein Fenster auf, das behauptewte Farbar Recovery Scan Tool Nutzer hätten auch weitere Software heruntergeladen... der Defender hat auch sobald die Internetverbindung da war, Alarm geschlagen...

Aber hier die beiden Files.

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
durchgeführt von dbirn_000 (16-08-2016 09:44:37)
Gestartet von C:\Users\dbirn_000\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-04 16:16:19)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-528608177-3768278189-544877735-500 - Administrator - Disabled)
dbirn_000 (S-1-5-21-528608177-3768278189-544877735-1001 - Administrator - Enabled) => C:\Users\dbirn_000
DefaultAccount (S-1-5-21-528608177-3768278189-544877735-503 - Limited - Disabled)
Gast (S-1-5-21-528608177-3768278189-544877735-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.17 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Android_Driver (HKLM-x32\...\Android_Driver) (Version: V2.5.0.1 - Android Communication Equipment Co. Ltd.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Biblical Hebrew (Tiro) (HKLM\...\{E0793C01-4DBA-4B42-8145-D564303823C0}) (Version: 1.0.3.40 - Tiro Typeworks)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ACHTUNG
calibre 64bit (HKLM\...\{32019BE2-E62F-48CF-B274-2521588B83D8}) (Version: 2.54.0 - Kovid Goyal)
Canon Generic PCL6 Driver Uninstaller (HKLM\...\Canon Generic PCL6 Driver) (Version: 6, 3, 0, 0 - Canon Inc.)
CarotDAV (HKLM-x32\...\{14332F8B-A439-4FBF-9931-F54D027141C5}) (Version: 1.12.8 - Rei Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP)
Citavi 5 (Beta) (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.5.1 - Swiss Academic Software)
Compress (HKLM-x32\...\ZipTool) (Version: 1.1.14.18 - ) <==== ACHTUNG
Coptic Unicode (HKLM\...\{2C35A685-D449-4BF0-8592-7CFA4E088906}) (Version: 1.0.3.40 - Center for the Tebtunis Papyri)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Deutsch (Orientalistik) (HKLM\...\{87F25695-4C02-4CD9-89C8-29D60083E31A}) (Version: 1.0.3.40 - Institut für Iranistik)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.47.146 - OSToto Co., Ltd.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
EditPad Pro 7 DEMO 7.4.1 (HKLM\...\EditPad Pro 7) (Version: DEMO 7.4.1 - Just Great Software)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.51 - Lenovo)
Energy Manager (x32 Version: 1.0.1.51 - Lenovo) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.43.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.52.0.0 - SEIKO EPSON CORPORATION)
Evernote v. 6.0.6 (HKLM-x32\...\{FC4A0E2E-0CD3-11E6-B80E-005056951CAD}) (Version: 6.0.6.1769 - Evernote Corp.)
Flixster Video (HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\44adf2ca8644bf21) (Version: 2.6.1.520 - Flixster Video)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
GitHub (HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\5f7eb300e2ea4ebf) (Version: 3.2.0.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\{B9A82C41-4F48-3C15-8A84-1A84582BE03E}) (Version: 52.0.2743.116 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Driver Update Utility 2.6 (x32 Version: 2.6.0.32 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4474 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{4F4D1244-12E7-4D6C-803D-3B16C13E8912}) (Version: 4.2.41.2633 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{bc883058-299e-461f-8e52-4f1dbb355f86}) (Version: 19.0.1 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.0.129 - ClientConnect LTD) <==== ACHTUNG
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10120.11116 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E9325F15-6339-45E8-9DC4-C2D44B623039}) (Version: 2.5.1.0224 - PointGrab)
Lenovo Motion Control (x32 Version: 2.5.1.0224 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.4 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.062.00 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.12271 - Lenovo)
Lenovo Yoga 2 Demo (HKLM-x32\...\{03C682A4-05CD-4D22-B50A-B9C3C5F2B137}) (Version: 1.0.7 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
LibreOffice 5.1.3.2 (HKLM-x32\...\{5F7475A1-6240-4753-BE3E-61499621EC42}) (Version: 5.1.3.2 - The Document Foundation)
Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.20.102.05220 (HKLM-x32\...\{1EBB91B3-B277-3438-6125-C1C0281E02C7}) (Version: 2.20.102.05220 - Sony)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (日本語) (HKLM-x32\...\{9A330858-0CD6-4FB3-8C57-0F1BB58012B0}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (日本語) (HKLM-x32\...\{903C5477-BA28-4CFC-8BE4-62E3C328D4DD}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - ar-sa (HKLM\...\O365ProPlusRetail - ar-sa) (Version: 16.0.6741.2056 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6741.2056 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6741.2056 - Microsoft Corporation)
Microsoft Office 365 ProPlus - he-il (HKLM\...\O365ProPlusRetail - he-il) (Version: 16.0.6741.2056 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 en-US)) (Version: 45.2.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
MySQL Connector C++ 1.1.7 (HKLM\...\{A4310FCD-95D5-49B7-91BA-9A079F07B167}) (Version: 1.1.7 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{BC065B80-343B-44E1-BB8B-A04950CC1284}) (Version: 5.1.39 - Oracle Corporation)
MySQL Connector Net 6.9.8 (HKLM-x32\...\{D01DF7C8-6F2D-46BC-923B-418233EB1D14}) (Version: 6.9.8 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{ABC3A516-54E3-414B-B501-762E7FB2F9D5}) (Version: 6.1.6 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{17E48BE8-F0F8-42B6-82D3-7A5840694D79}) (Version: 5.3.6 - Oracle Corporation)
MySQL Documents 5.7 (HKLM-x32\...\{0644B6AB-5B66-4C4E-8E06-53A53F8C3E51}) (Version: 5.7.13 - Oracle Corporation)
MySQL Examples and Samples 5.7 (HKLM-x32\...\{027883CB-53AB-4470-AC35-B00883E5C1EF}) (Version: 5.7.13 - Oracle Corporation)
MySQL Fabric 1.5.6 & MySQL Utilities 1.5.6 (HKLM-x32\...\{C914EB85-F0E6-4150-9FA0-99B716A15EAF}) (Version: 1.5.6 - Oracle Corporation)
MySQL For Excel 1.3.6 (HKLM-x32\...\{DC8733F3-63A6-43F4-8C38-637071FB6D5F}) (Version: 1.3.6 - Oracle)
MySQL for Visual Studio 1.2.6 (HKLM-x32\...\{D885AD96-9178-4CF2-836C-33AE57A57427}) (Version: 1.2.6 - Oracle)
MySQL Installer - Community (HKLM-x32\...\{C7258570-0186-4AA6-B00E-0B0D405350A7}) (Version: 1.4.16.0 - Oracle Corporation)
MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Version: 1.1.6 - Oracle)
MySQL Server 5.7 (HKLM\...\{0A627D96-1AD0-497A-ACC4-D1A3BA2D328B}) (Version: 5.7.13 - Oracle Corporation)
MySQL Workbench 6.3 CE (HKLM\...\{59958BAC-A61D-4A23-8082-CC2FDF17937F}) (Version: 6.3.6 - Oracle Corporation)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
NWZ-E580 WALKMAN Guide (HKLM-x32\...\{1D6FB94F-E8B4-4CBF-B0FD-D566506CBEF6}) (Version: 2.2.0.05230 - Sony Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.24 (HKLM\...\{BA15D402-19CA-493E-958B-170A0C446F25}) (Version: 5.0.24 - Oracle Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
PDF24 Creator 7.6.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pokki (HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\Pokki) (Version: 0.269.2.471 - Pokki)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25424 - Microsoft Corporation) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
shamela library (HKLM-x32\...\shamela library2.11) (Version:  - )
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.3 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The SWORD Project (HKLM-x32\...\The SWORD Project) (Version: 1.5.9 - The Crosswire Bible Society)
Thin2000 USB Display Adapter (HKLM\...\{6DB3D05C-C836-444B-8F82-4ABDB8FFC640}) (Version: 1.1.316.0 - Fresco Logic)
trotux - Uninstall (HKLM-x32\...\{76B7B400-5B55-4DF3-BF44-EC2C328A8869}) (Version:  - ) <==== ACHTUNG
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.35.0 - Microsoft Corporation) Hidden
UC浏览器 (HKLM-x32\...\UCBrowser) (Version: 5.6.14087.902 - 广州市动景计算机科技有限公司) <==== ACHTUNG
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 14.0.25424 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25424 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xiphos (HKLM-x32\...\Xiphos) (Version:  - )
XMind 7 (Update 1) (v3.6.1) (HKLM-x32\...\XMind_is1) (Version: 3.6.1.201512240104 - XMind Ltd.)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.014.0106 - Lenovo)
Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-528608177-3768278189-544877735-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\dbirn_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {018663A7-CC05-410C-A7E4-AD033A9991F2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-07-22] (Microsoft Corporation)
Task: {03896D04-23AB-4F74-A27D-B1B71EE41E2C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
Task: {041E8069-32EA-47AC-8DD8-176688803EF8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-18] (Dropbox, Inc.)
Task: {0539D606-BE2C-49DB-9D21-91633875603D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {0A5BAE61-28A6-470A-B80F-3DCEF055AA35} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {11B40DDB-CF58-490F-9F8B-FBEA6F836C24} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {1C60935B-E8CD-4D42-9D91-3C8DF17FA26E} - System32\Tasks\{AC26FD83-02AC-48C9-B1EC-943F64688AE4} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.112/ar/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {291A1459-A3EE-4358-B13A-E4866EAB39F2} - System32\Tasks\GoogleUpdateTaskMachineUA1d0d9f35b7f3b7c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
Task: {2A9D94F8-4AFD-4C85-B410-20488D9256F3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {2E15D842-1401-48E0-A922-0CEC5D4C7E9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
Task: {3104FFA1-9D17-4B5D-B8BA-8BC8227A4C0B} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2014-09-03] (Oracle Corporation)
Task: {32E2BB15-7753-4297-99C2-7AA0E3D102D7} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe control iMControllerService 128
Task: {34A1438D-E7CC-4782-B0C9-289771B7036B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-22] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {3A873B78-91AD-43A4-AA79-AEED57F466D5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {3BA2F199-83E2-46B0-8EE7-57BEFBF04A94} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {3DC70892-029B-44A1-954A-13A6BBBACD0D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {3F47B2DE-AC11-4DB7-AF0B-232DAAFFDABD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-18] (Dropbox, Inc.)
Task: {453260BA-22C0-4E3C-9F39-09B4A1A43EAE} - System32\Tasks\EPSON XP-610 Series Update {FCB9B395-BD41-487E-83F4-E5EDC1023F67} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {477CD3D2-1B1D-46D0-A3DE-69C663A10FD2} - System32\Tasks\EPSON XP-610 Series Invitation {229C7B40-79E8-41C8-8EBE-0DE79613F010} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {4AF0469B-4023-450C-BF6D-D9FD343DA494} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {5BE91AA6-4313-4E4B-9C09-33DBE53D8152} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {66CF1148-E40D-475E-A1E8-18C82B1F1C5F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {771AE7F3-5A51-48C1-B495-467EA5FA8AF1} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ACHTUNG
Task: {79A713CA-CF8B-4660-9306-72F65FC33CB7} - System32\Tasks\MySQL\Installer\ManifestUpdate => c:\program files (x86)\mysql\mysql installer for windows\mysqlinstallerconsole.exe [2016-04-30] (Oracle Corporation)
Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {7DBFD2B0-30B0-4BFD-BB43-2CD846CC3E0C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {7E86872C-1FAB-4B36-8352-E081A9A0B548} - System32\Tasks\{2BA78B0B-9FE5-4555-B3DA-63AF616A7EE5} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.18.0.112&amp;LastError=404
Task: {7FAB3871-06DC-4FAF-A6A6-9C8EE3F067C9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {8403E4CC-6C77-4C2C-A281-C704C8B6357C} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-07-28] (IObit)
Task: {870CCEAD-F913-4663-B183-6716D8EB2682} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-22] (Microsoft Corporation)
Task: {87153ED0-9FB2-40AE-B481-31FCD962651B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {88DFF413-01CA-4354-B4E9-EE2308C061D6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation)
Task: {8E45B6FF-BE20-4EA4-86FF-65D74F4B62B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {94EE7316-F145-4A30-91FD-BA530597F52E} - System32\Tasks\{9D1D3036-8091-4543-A35F-F893AE231A6C} => pcalua.exe -a E:\Poetry.exe -d E:\
Task: {963821EF-879E-4883-8166-54D6696254BA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-07-16] (Microsoft Corporation)
Task: {9918B0E6-7054-41E0-B53B-BA5635D882BF} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {9A0C091B-C443-4878-A3C7-2588EF8D518D} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {A40B591A-ACCC-4055-8AEB-737BBF94E9BA} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {AE057EA2-5C7A-4DDE-B96A-248E0B024A5C} - System32\Tasks\tasklist => C:\Users\dbirn_000\AppData\Roaming\UPUpdata\service72564.exe [2016-08-15] () <==== ACHTUNG
Task: {B4620CD9-4CA0-443B-86F2-5FCBD8FED7ED} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation)
Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-07-16] (Microsoft Corporation)
Task: {C8EA1773-75DB-4731-AB7C-83F4902F5245} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {CD19BC8A-E9FE-49ED-92A5-0E1194F69F00} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {E1F750CC-A106-492B-9992-4994AC2D89F3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {E5082108-7C2A-49D7-BE74-290296ED9E8B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {E5607DCC-ABA7-4E24-AFC8-ABB754238F94} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-08-02] (UCWeb Inc) <==== ACHTUNG
Task: {E91B8136-BE82-42E5-A7D5-0CE39F0495AC} - System32\Tasks\EPSON XP-610 Series Invitation {FCB9B395-BD41-487E-83F4-E5EDC1023F67} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {ECCF9BF3-E2EA-4806-9660-BA462E72D398} - System32\Tasks\Driver Booster SkipUAC (dbirn_000) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-07-28] (IObit)
Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {F21C5111-75BF-4882-AEFA-6491528A6A0B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {F39FE085-86A7-40C4-99F6-A01A093DCDEF} - System32\Tasks\EPSON XP-610 Series Update {229C7B40-79E8-41C8-8EBE-0DE79613F010} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {FD909DAD-F8E9-4B70-96A9-23F77D36402C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {229C7B40-79E8-41C8-8EBE-0DE79613F010}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {FCB9B395-BD41-487E-83F4-E5EDC1023F67}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {229C7B40-79E8-41C8-8EBE-0DE79613F010}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE:/EXE:{229C7B40-79E8-41C8-8EBE-0DE79613F010} /F:Update WORKGROUP\PIRISTIBULUS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {FCB9B395-BD41-487E-83F4-E5EDC1023F67}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE:/EXE:{FCB9B395-BD41-487E-83F4-E5EDC1023F67} /F:Update WORKGROUP\PIRISTIBULUS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0d9f35b7f3b7c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ACHTUNG

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1471276034&a=1065788&src=sh&uuid=a1be2e46-a3e3-4b5a-93e9-cf969b3c71a6"
ShortcutWithArgument: C:\Users\dbirn_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1471276034&a=1065788&src=sh&uuid=a1be2e46-a3e3-4b5a-93e9-cf969b3c71a6"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1471276034&a=1065788&src=sh&uuid=a1be2e46-a3e3-4b5a-93e9-cf969b3c71a6"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safesurfs.net/?ssid=1471276034&a=1065788&src=sh&uuid=a1be2e46-a3e3-4b5a-93e9-cf969b3c71a6"

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-09-18 12:06 - 2014-09-18 12:06 - 00034304 _____ () C:\WINDOWS\System32\ssm1mlm.dll
2016-06-30 16:43 - 2016-07-03 07:04 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-08-15 17:52 - 2016-08-15 17:52 - 00244224 _____ () C:\Program Files (x86)\04905D8E-1471276344-11E4-B57F-68F7284155E1\jnsf589C.tmp
2016-05-25 09:33 - 2016-05-25 09:33 - 39702016 _____ () C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
2016-08-15 17:52 - 2016-08-15 17:52 - 00138240 _____ () C:\Program Files (x86)\04905D8E-1471276344-11E4-B57F-68F7284155E1\hnst6DCB.tmp
2014-12-19 07:09 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-08-15 17:05 - 2016-08-15 17:05 - 00270848 _____ () C:\Program Files (x86)\04905D8E-1471276344-11E4-B57F-68F7284155E1\knsr42CF.tmpfs
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2014-12-19 07:07 - 2014-01-06 16:14 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2016-08-15 18:12 - 2016-08-02 08:39 - 00899984 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2014-12-19 07:09 - 2014-12-19 07:09 - 00062224 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-06-12 16:50 - 2016-07-14 05:33 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-04 18:26 - 2016-08-04 18:26 - 00959168 _____ () C:\Users\dbirn_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-06-30 20:15 - 2016-07-03 16:14 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-08-15 18:17 - 2015-11-30 12:17 - 00165792 _____ () C:\Program Files\ZipTool\JZipExt.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-10 13:33 - 2016-08-02 10:15 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-10 13:34 - 2016-08-02 10:01 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-10 13:34 - 2016-08-02 09:53 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-10 13:34 - 2016-08-02 09:53 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-10 13:34 - 2016-08-02 09:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-10 13:34 - 2016-08-02 09:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-13 12:54 - 2016-08-13 12:55 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-13 12:54 - 2016-08-13 12:55 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-13 12:54 - 2016-08-13 12:55 - 35290624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-08-15 17:57 - 2016-08-15 17:57 - 01831424 _____ () C:\Users\dbirn_000\AppData\Roaming\UPUpdata\service72564.exe
2014-12-19 07:09 - 2014-12-19 07:09 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-12-19 07:09 - 2014-12-19 07:09 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2015-12-07 10:15 - 2015-12-07 10:15 - 00419328 _____ () C:\Windows\System32\flvga_tray.exe
2016-07-08 17:07 - 2016-06-08 18:07 - 00458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-07-08 17:07 - 2016-06-08 18:18 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-07-08 17:07 - 2016-06-08 18:17 - 00188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2016-07-08 17:07 - 2016-06-08 18:12 - 00416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-07-08 17:07 - 2016-06-08 18:15 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-07-08 17:07 - 2016-06-08 18:16 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-07-08 17:07 - 2016-06-08 18:16 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-07-08 17:07 - 2016-06-08 18:16 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-07-08 17:07 - 2016-06-08 18:17 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-07-08 17:07 - 2016-06-08 18:17 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-07-08 17:07 - 2016-06-08 18:16 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-07-08 17:07 - 2016-06-08 18:15 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2016-08-15 18:12 - 2016-08-02 08:39 - 02093968 _____ () C:\Program Files (x86)\UCBrowser\Application\5.6.14087.902\UCAgent.exe
2014-12-19 07:09 - 2014-12-19 07:09 - 00161792 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2016-08-15 17:06 - 2016-08-15 17:06 - 00334336 _____ () C:\Users\dbirn_000\AppData\Local\Temp\nsj79A8.tmp
2016-08-16 09:42 - 2016-08-16 09:42 - 00706048 _____ () C:\Users\dbirn_000\AppData\Local\Temp\is-RA0ET.tmp\8DBF.tmp
2016-08-16 09:42 - 2016-08-16 09:42 - 00888320 _____ () C:\Users\dbirn_000\AppData\Local\Temp\is-607HM.tmp\setup.exe
2016-08-16 09:42 - 2016-08-16 09:43 - 00080466 _____ () C:\WINDOWS\Temp\8DAE.tmp
2016-08-16 09:42 - 2016-08-16 09:43 - 01650176 _____ () C:\WINDOWS\Temp\8DC0.tmp
2015-12-26 10:59 - 2015-12-26 10:59 - 00158720 _____ () C:\Users\dbirn_000\AppData\Local\04905D8E-1471340577-11E4-B57F-68F7284155E1\qnsvAF9F.tmp
2016-07-21 09:30 - 2016-07-21 09:30 - 00239016 _____ () c:\program files (x86)\ludashi\lpi\hpsvc.dll
2016-08-05 01:08 - 2016-07-28 10:22 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2016-08-05 01:08 - 2016-07-28 10:21 - 00186640 _____ () c:\program files (x86)\ostotosoft\drivertalent\CrashCatch.dll
2016-08-05 01:08 - 2016-07-28 10:22 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2016-08-05 01:08 - 2016-07-28 10:22 - 00174760 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2016-08-05 01:08 - 2016-07-28 10:22 - 00103776 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2016-08-05 01:08 - 2016-07-28 10:22 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2016-08-15 18:17 - 2015-11-30 12:16 - 00114080 _____ () c:\program files\ziptool\ziphost.dll
2016-08-15 18:17 - 2015-11-30 12:17 - 00085920 _____ () c:\program files\ziptool\ZipUpdater\ZipUpdate.dll
2016-08-15 18:16 - 2015-11-30 12:15 - 00261536 _____ () c:\program files\ziptool\CheckUpdate.dll
2016-08-15 18:17 - 2015-11-30 12:17 - 00084384 _____ () c:\program files\ziptool\ZipSubmit\ZipSubmit.dll
2016-08-15 18:17 - 2015-11-30 12:15 - 00164768 _____ () c:\program files\ziptool\substat.dll
2016-08-15 18:17 - 2015-11-30 12:16 - 00095648 _____ () c:\program files\ziptool\ZipPlug.dll
2016-08-15 18:17 - 2015-11-30 12:16 - 00164256 _____ () c:\program files\ziptool\wchsubstat.dll
2016-08-15 18:17 - 2015-11-30 12:15 - 00244640 _____ () c:\program files\ziptool\tipsdll.dll
2014-02-24 17:39 - 2014-02-24 17:39 - 00013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2014-12-19 07:09 - 2014-12-19 07:09 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\3200\TransitionLib.dll
2014-12-19 07:09 - 2014-12-19 07:09 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2016-08-04 18:25 - 2016-08-04 18:25 - 00679624 _____ () C:\Users\dbirn_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll
2016-04-27 18:48 - 2016-04-27 18:48 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2016-04-27 18:48 - 2016-04-27 18:48 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-08-18 20:46 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\Cyberlink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-01-14 00:40 - 2016-06-30 04:25 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-08-07 22:08 - 2016-06-30 04:25 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-08-07 22:08 - 2016-06-30 04:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-08-07 22:08 - 2016-06-30 04:25 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-01-14 00:40 - 2016-06-30 04:25 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-01-14 00:40 - 2016-06-30 04:25 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-01-14 00:40 - 2016-08-01 23:27 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-01-14 00:40 - 2016-06-30 04:25 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-08-07 22:08 - 2016-08-01 23:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-01-14 00:40 - 2016-06-30 04:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-08-07 22:08 - 2016-08-01 23:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-08-07 22:08 - 2016-08-01 23:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-07 22:08 - 2016-06-30 04:25 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-08-07 22:08 - 2016-06-30 04:27 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-01-14 00:40 - 2016-08-01 23:27 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-08-07 22:08 - 2016-08-01 23:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-12 18:23 - 2016-08-01 23:27 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 18:23 - 2016-08-01 23:27 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 18:23 - 2016-08-01 23:27 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-01-14 00:40 - 2016-06-30 04:25 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-07 22:08 - 2016-06-30 04:26 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-08-07 22:08 - 2016-08-01 23:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-01-14 00:40 - 2016-08-01 23:27 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 18:23 - 2016-08-01 23:27 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-08-07 22:08 - 2016-06-30 04:28 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-08-07 22:08 - 2016-08-01 23:27 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-08-07 22:08 - 2016-08-01 23:17 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-08-07 22:08 - 2016-08-01 23:27 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-08-07 22:08 - 2016-08-01 23:27 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-01-14 00:40 - 2016-06-30 04:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 03929392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 01972016 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-01-14 00:40 - 2016-06-30 04:27 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-17 18:25 - 2016-08-01 23:27 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00168248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-08-07 22:08 - 2016-08-01 23:27 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-04-01 13:03 - 2016-02-19 10:42 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2016-04-01 13:03 - 2016-02-19 10:42 - 00052256 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2014-12-19 06:43 - 2013-08-08 22:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\sharepoint.com -> hxxps://goetheuniversitaet-files.sharepoint.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-08-15 17:48 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-528608177-3768278189-544877735-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\StartupApproved\Run: => "Skype"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [{4DB224A3-94E3-453A-A030-08D3FF9D15A8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{80EED59F-E13A-47A1-AECF-D478587CF409}] => (Allow) LPort=3306
FirewallRules: [{DAE11010-5EA0-4A2A-A6F1-D6CB7E0D5425}] => (Allow) LPort=3306
FirewallRules: [{656A5292-5631-472E-A271-6A3A49ACC59C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{AA32AE9C-CE27-4C61-87B8-BB407CBDD900}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{A43FE604-02BD-4FFB-9577-66CAADDCBF19}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{840EDD12-1209-49E6-8555-844E48EE0122}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5E1A218A-635B-4CB8-AF9B-1C6F253518E6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0F0123B9-6FAD-48AC-9F0E-A23833D214D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A64CEE23-10F8-43F4-B227-D6809588E046}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BCFDAC2F-B443-4D1E-AE6E-9AD1E561216B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{5D4DEA57-A561-43CC-80D3-9C3E1B2154D5}C:\program files (x86)\lenovo\shareit\shareit.exe] => (Allow) C:\program files (x86)\lenovo\shareit\shareit.exe
FirewallRules: [TCP Query User{2909C1B9-AE63-4459-81D9-37A76796D390}C:\program files (x86)\lenovo\shareit\shareit.exe] => (Allow) C:\program files (x86)\lenovo\shareit\shareit.exe
FirewallRules: [{004A748F-1D35-4697-8341-1A8296E08B96}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{0790CD0D-1A8B-4C76-AF8F-4C8ABFB56110}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{A7E7B1B1-2E13-481D-9782-471C94577532}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [TCP Query User{64BD4B83-408C-40DF-B964-9F1B71995FF4}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{086E4D84-BC53-4890-A727-E841FE7258C6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{1210F36E-F578-4E77-816D-1F57D96F1004}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{BFABB84B-D4E8-4312-8299-E2AB2DBC2610}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{338FF24D-830C-461C-8F8A-DED2923F2099}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{3EDF574D-188C-4225-B9FD-542C16808735}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{91DC4D1B-B48B-4669-9183-D862D6D85CDB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [UDP Query User{BB0A5AA7-F6C7-4C2B-97B4-3D9072AD36E5}C:\program files (x86)\crosswire\xiphos\bin\xiphos.exe] => (Allow) C:\program files (x86)\crosswire\xiphos\bin\xiphos.exe
FirewallRules: [TCP Query User{4AC1D5B9-AB64-41E7-947C-7B0055FF09A1}C:\program files (x86)\crosswire\xiphos\bin\xiphos.exe] => (Allow) C:\program files (x86)\crosswire\xiphos\bin\xiphos.exe
FirewallRules: [UDP Query User{5C5FEC34-6A84-4807-A11C-DDE79DDEA4DC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B9C5DA54-9269-4377-B07B-AE65E86213AB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7F4FD72C-5F76-4CFC-A90E-F376FBB3B58D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{07A05875-430C-4432-8E83-834EACB94B03}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{34FD207F-BA00-4600-BA2F-4CA52EA73B6B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{20835D07-81A3-46D8-8443-97A89FDBAB98}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{56C81FA7-6C8D-4B73-B369-16BC4677F51A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B61A2A74-05CD-472D-BD6A-85296E7AA534}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{65322B39-634B-4EBD-BA63-E3DA99602DBD}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [UDP Query User{9BF5EF60-7D04-4BDC-AB09-37CC1C596EB7}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [{ECE4BD84-2DE9-43AA-8D19-BEC758D272BF}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{335BEBE3-06CB-421A-AE74-ECD98C8DDE12}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{689C82C1-BE66-4285-B4DA-67D21CBAAA56}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{F7BB30B3-87F0-4883-ABD0-65DD473CF736}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{15D3B083-E3F7-4168-9CD9-968DAD58E56D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E6356DD8-3DE7-4E83-AF20-481E8AAEFE1E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{32C62DEB-73FD-4F07-8A91-27782F3FBA40}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C29AC9C7-445B-43A6-A322-D291600B47A1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D364888D-ADC1-4891-9C7F-1D3DBE3D2F04}] => (Allow) C:\Users\dbirn_000\AppData\Local\Temp\30569\inst_buychannel_37.exe
FirewallRules: [{782312C8-40BD-4927-8E2A-82BC623CC77D}] => (Allow) C:\Users\dbirn_000\AppData\Local\Temp\30569\inst_buychannel_37.exe
FirewallRules: [{A4314284-1E40-4749-AED6-51DA0AB28BFD}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{845A04E6-EF74-4B93-A4DD-31116D5A7FB8}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{6CAA563F-16C8-4D1E-B4C7-7CBEACBD1972}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{599935BE-E5F9-4B10-B0B6-A0F1FF94CF67}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
FirewallRules: [{E1FE44A8-F718-4536-A1F0-33825635DCF6}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
FirewallRules: [{8D4AD8D2-E1DF-4F40-9B29-F4E596D6F830}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\mininews.exe
FirewallRules: [{DEC0C474-86A0-49C7-BDEE-77EA13BD5F02}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\mininews.exe

==================== Wiederherstellungspunkte =========================

09-08-2016 18:39:36 Installed Evernote v. 6.0.6
11-08-2016 21:08:12 Windows Modules Installer

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/16/2016 09:37:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PIRISTIBULUS)
Description: Activation of application Weather.TheWeatherChannelforLenovo_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/16/2016 09:22:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PIRISTIBULUS)
Description: Activation of application Weather.TheWeatherChannelforLenovo_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/16/2016 09:09:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PIRISTIBULUS)
Description: Activation of application Weather.TheWeatherChannelforLenovo_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/16/2016 09:07:38 AM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPService
ServiceMainThread:  NotifyServiceStatusRunning() failed.

Error: (08/16/2016 09:07:38 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyConfigTDPService
NotifyServiceStatusRunning:  DeviceIoControl() failed.
Last error = [0x0000001f]

Error: (08/16/2016 09:07:35 AM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfProcessorParticipantService
ServiceMain:  ServiceStart() failed.

Error: (08/16/2016 09:07:35 AM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfProcessorParticipantService
ServiceStart:  ConnectToDptfProcessorDriver() failed.

Error: (08/16/2016 09:07:35 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfProcessorParticipantService
ConnectToDptfProcessorDriver:  SetupDiEnumDeviceInterfaces() failed.
Last error = [0x00000103]

Error: (08/15/2016 09:10:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PIRISTIBULUS)
Description: Activation of application Weather.TheWeatherChannelforLenovo_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/15/2016 08:55:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PIRISTIBULUS)
Description: Activation of application Weather.TheWeatherChannelforLenovo_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


Systemfehler:
=============
Error: (08/16/2016 09:07:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2016 09:07:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2016 09:07:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2016 09:07:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SCService service failed to start due to the following error: 
%%2 = The system cannot find the file specified.

Error: (08/16/2016 09:07:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PCSUService service failed to start due to the following error: 
%%2 = The system cannot find the file specified.

Error: (08/15/2016 06:20:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/15/2016 06:05:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Double Spaced Firewall service terminated unexpectedly. It has done this 1 time(s).

Error: (08/15/2016 06:02:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Document Portal service terminated unexpectedly. It has done this 1 time(s).

Error: (08/15/2016 06:01:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/15/2016 05:57:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The MPC Core Protect Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


CodeIntegrity:
===================================
  Date: 2016-08-16 09:44:18.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-16 09:44:18.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-16 09:44:18.157
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-16 09:11:58.102
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-16 09:11:58.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-16 09:11:58.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-16 09:10:04.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-16 09:10:04.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-16 09:10:04.063
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-16 09:07:32.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dtsch-or.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 8104.27 MB
Verfügbarer physikalischer RAM: 4629.49 MB
Summe virtueller Speicher: 16808.27 MB
Verfügbarer virtueller Speicher: 13170.57 MB

==================== Laufwerke ================================

Drive c: (Windows8_OS) (Fixed) (Total:435.25 GB) (Free:154.63 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.56 GB) NTFS
Drive e: (RECOVERY) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: BCEDD300)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 960 MB) (Disk ID: 75CB61DA)
Partition 1: (Active) - (Size=960 MB) - (Type=0C)

==================== Ende von Addition.txt ============================

FRST.txt ist ca. 4500 Zeichen zu groß. Soll ich es aufspalten?

Piristibulus · 16.08.2016, 09:19

FRST.txt Teil 1:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
durchgeführt von dbirn_000 (Administrator) auf PIRISTIBULUS (16-08-2016 09:43:16)
Gestartet von C:\Users\dbirn_000\Desktop
Geladene Profile: dbirn_000 (Verfügbare Profile: dbirn_000)
Platform: Windows 10 Home Version 1607 (X64) Sprache: German (Germany)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(CANON INC.) C:\Program Files\Canon\DIAS\CnxDIAS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
() C:\Program Files (x86)\04905D8E-1471276344-11E4-B57F-68F7284155E1\jnsf589C.tmp
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lenovo Group Limited) C:\Program Files\lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
() C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files (x86)\04905D8E-1471276344-11E4-B57F-68F7284155E1\hnst6DCB.tmp
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\04905D8E-1471276344-11E4-B57F-68F7284155E1\knsr42CF.tmpfs
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\UCBrowser\Application\UCService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Users\dbirn_000\AppData\Roaming\UPUpdata\service72564.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
() C:\Windows\System32\flvga_tray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\UCBrowser\Application\5.6.14087.902\UCAgent.exe
(Lenovo Group Limited) C:\Program Files\lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11607.1001.32.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\dbirn_000\AppData\Local\Temp\nsj79A8.tmp
(                                                            ) C:\Windows\Temp\8DBF.tmp
() C:\Users\dbirn_000\AppData\Local\Temp\is-RA0ET.tmp\8DBF.tmp
() C:\Users\dbirn_000\AppData\Local\Temp\is-607HM.tmp\setup.exe
(oET3UIo) C:\Program Files (x86)\mpck\otutnetwork.exe
(mobilepcstarterkit                                          ) C:\Users\dbirn_000\AppData\Local\Temp\XDYY1Y9Z8P.exe
() C:\Users\dbirn_000\AppData\Local\Temp\is-02OPB.tmp\XDYY1Y9Z8P.tmp
() C:\Windows\Temp\8DAE.tmp
() C:\Windows\Temp\8DC0.tmp
() C:\Users\dbirn_000\AppData\Local\04905D8E-1471340577-11E4-B57F-68F7284155E1\qnsvAF9F.tmp


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13656792 2013-10-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-12-19] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-12-19] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59923440 2014-12-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-12-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [flvga_tray64] => C:\WINDOWS\system32\flvga_tray.exe [419328 2015-12-07] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3934720 2016-04-30] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-10-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23546672 2016-08-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [213536 2016-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\RunOnce: [OTUTPRODUCT_B64AS] => C:\Program Files (x86)\mpck\otutnetwork.exe [436736 2016-08-16] (oET3UIo)
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\Run: [Power2GoExpress8] => 0
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29502592 2016-07-14] (Skype Technologies S.A.)
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\Run: [QGuan10in1] => C:\Users\dbirn_000\AppData\Roaming\UPUpdata\service72564.exe [1831424 2016-08-15] ()
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\Run: [ComputerZ-Tray] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe [2949032 2016-07-21] ()
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\MountPoints2: {42c56f07-5a60-11e6-82d2-28b2bde3bab5} - "F:\Auto.exe" 
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\MountPoints2: {42c56f63-5a60-11e6-82d2-28b2bde3bab5} - "F:\Auto.exe" 
HKU\S-1-5-21-528608177-3768278189-544877735-1001\...\MountPoints2: {71511bf0-58b1-11e6-82d1-28b2bde3bab5} - "F:\Auto.exe" 
AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-05-12] (ClientConnect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-05-12] (ClientConnect LTD)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => C:\Program Files\ZipTool\JZipExt.dll [2015-11-30] ()
ShellIconOverlayIdentifiers: [MyOverlayIcon] -> {B41B3408-923F-4B8B-85F2-146C509FA18C} => C:\Program Files (x86)\Wivotain\Jzidom\Arlyanafu.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
Startup: C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-08-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-08-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

AutoConfigURL: [S-1-5-21-528608177-3768278189-544877735-1001] => hxxp://stoppblock.org/wpad.dat?207b35475f43c97b15e20097d83e76ef14487478
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{01b2b75e-ab82-46d7-a263-47201a5fd4c1}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{64b1ba4c-1a6f-4f06-b6da-75db365bd513}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{cff56bc8-b1cc-49de-b274-e4ff70e674f4}: [NameServer] 141.2.22.74,141.2.149.10
ManualProxies: 0hxxp://stoppblock.org/wpad.dat?207b35475f43c97b15e20097d83e76ef14487478

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-528608177-3768278189-544877735-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-528608177-3768278189-544877735-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-528608177-3768278189-544877735-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-528608177-3768278189-544877735-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-28] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-04-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-28] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default
FF Homepage: hxxps://wiki.de.dariah.eu/display/TextGrid/Download
hxxps://de.dariah.eu/fachwissenschaftliche-dienste
hxxps://textgrid.de/download
hxxp://www.creativebloq.com/wireframes/top-wireframing-tools-11121302
hxxps://moqups.com/
hxxps://wiki.de.dariah.eu/display/publicde/Cluster+6%3A+Annotieren%2C+analysieren%2C+visualisieren
hxxps://de.dariah.eu/fellowshipprogramm
hxxp://www.rehaverein-schwanheim.de/kurszeiten.html
hxxps://islamichumanities.org/resources/
hxxp://www.culingtec.uni-leipzig.de/ESU_C_T/node/718
hxxps://www.leihwagenversicherung.de/mietwagen-versicherungspakete.html
hxxps://www.microsoft.com/en-us/windows/features
hxxps://www.bkk-mobil-oil.de/gesundheit/gesund-leben/reisen/vor-der-reise.html
hxxp://www.iobit.com/en/install/db/?name=db&ver=3.5.0.788&lan=&to=install
hxxps://islaamiclibrary.wordpress.com/2009/03/01/thecomprehensivelibrary/
hxxp://onlinelibrary.wiley.com/doi/10.1111/1467-9809.12383/full
hxxps://evernote.com/logged-out/?var=collect&logout&uid=64732601
hxxp://search.proquest.com/docview/301390299
hxxp://www.icn.uni-hamburg.de/narrbib/wissenschaftstheorie-hermeneutik-literaturwissenschaft-anmerkungen-zu-einem-unterbliebenen
hxxps://www.zotero.org/
hxxps://www.academia.edu/
hxxp://www.nltk.org/
hxxp://nealcaren.web.unc.edu/an-introduction-to-text-analysis-with-python-part-1/
hxxps://digitalresearchtools.pbworks.com/w/page/17801682/Linguistic%20Tools
hxxp://www.nltk.org/book/ch01.html
hxxp://omz-software.com/pythonista/docs/ios/linguistictagger.html
hxxps://github.com/maximromanov/mARkdown
hxxp://iti-corpus.github.io/
hxxps://www.google.de/search?q=%22troubleshooting+history+is+taking+up+disk+space%22&ie=utf-8&oe=utf-8&client=firefox-b&gfe_rd=cr&ei=MZmvV8qaLKje8gexxJfwBQ#q=%22troubleshooting+history+is+taking+up+disk+space%22+windows+10
hxxp://www.deutschlandradiokultur.de/sein-und-streit-ganze-sendung-was-laesst-sich.2162.de.html?dram%3Aarticle_id=363052
hxxps://www.academia.edu/27712290/%D7%9E%D7%91%D7%A0%D7%94_%D7%9E%D7%A0%D7%94%D7%9C%D7%99_%D7%9E%D7%AA%D7%A7%D7%95%D7%A4%D7%AA_%D7%94%D7%91%D7%A8%D7%96%D7%9C_%D7%91_%D7%91%D7%A2%D7%99%D7%A8_%D7%93%D7%95%D7%93
hxxps://www.microsoft.com/security/scanner/en-us/default.aspx
hxxp://wikitravel.org/en/Okinawa
hxxp://www.huji.ac.il/dataj/controller/ihoker/MOP-STAFF_LINK?sno=360297&Save_t=
hxxps://www.google.de/search?q=language+bar+hotkeys+always+get+changed+windows+10&ie=utf-8&oe=utf-8&client=firefox-b&gfe_rd=cr&ei=cLmwV7-tJMGo8wfDx4yAAQ#q=%22language+hotkeys%22+keep+changing+windows+10
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-528608177-3768278189-544877735-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)
FF user.js: detected! => C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\user.js [2016-06-08]
FF Extension: Youtube Converter MP3 - C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2016-03-15]
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\extensions\2020Player_IKEA@2020Technologies.com [2016-05-24]
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-13]
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-08-08] [ist nicht signiert]
FF Extension: MEGA - C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\Extensions\firefox@mega.co.nz.xpi [2016-08-03]
FF Extension: Alpheios Greek Tools - C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\Extensions\{0f1d7e06-6ce8-40b0-83f0-9783ee65ab9b} [2016-07-10]
FF Extension: Alpheios Basic Libraries - C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\Extensions\{4816253c-3208-49d8-9557-0745a5508299} [2016-07-10]
FF Extension: Yahoo! Toolbar - C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-06-09] [ist nicht signiert]
FF Extension: Alpheios Latin Tools - C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\Extensions\{7dd2b42f-3db8-4833-88c4-5a9e3788017b} [2016-07-10]
FF Extension: Download YouTube Videos as MP4 - C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-03-21]
FF Extension: web Service Pro - C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\Extensions\{c28656bf-0652-430c-86ad-2902a3fa6a79}.xpi [2016-02-25] [ist nicht signiert]
FF Extension: html5 helper - C:\Users\dbirn_000\AppData\Roaming\Mozilla\Firefox\Profiles\vdhjm1sm.default\Extensions\{d67277da-b590-4f51-9f7f-0aed4b540554}.xpi [2016-05-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-01-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.de/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=firefox%20often%20not%20responding","hxxps://support.mozilla.org/en-US/kb/warning-unresponsive-script","hxxps://support.mozilla.org/en-US/kb/firefox-uses-too-many-cpu-resources-how-fix","hxxps://support.mozilla.org/en-US/kb/firefox-uses-too-much-memory-ram","hxxp://www.technobezz.com/fix-firefox-responding-error/"
CHR Profile: C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-24]
CHR Extension: (Google Docs) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-24]
CHR Extension: (Google Drive) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-14]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-07]
CHR Extension: (YouTube) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-14]
CHR Extension: (Google Search) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-14]
CHR Extension: (Citavi Picker (Beta)) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaandldnbchhjimdfnaagaaidgebplgj [2016-08-08]
CHR Extension: (Google Sheets) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-24]
CHR Extension: (uSelect iDownload) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc [2016-07-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-24]
CHR Extension: (Gmail) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-19]
CHR Extension: (Chrome Media Router) - C:\Users\dbirn_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-13]
CHR HKLM-x32\...\Chrome\Extension: [eaandldnbchhjimdfnaagaaidgebplgj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-06-23]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159832 2016-08-12] (Adobe Systems, Incorporated)
R2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [5225312 2014-11-20] (CANON INC.)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [337408 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_6e768; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_6e768; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-03] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2535752 2014-05-12] (ClientConnect LTD)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-18] (Dropbox, Inc.)
R2 ddmgr; C:\WINDOWS\system32\ddmgr.exe [1659040 2015-12-07] (OSBASE)
R2 dowidoly; C:\Program Files (x86)\04905D8E-1471276344-11E4-B57F-68F7284155E1\jnsf589C.tmp [244224 2016-08-15] () [Datei ist nicht signiert]
S2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 FrameServer; C:\Windows\system32\FrameServer.dll [803840 2016-07-16] (Microsoft Corporation)
R2 HpSvc; C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll [239016 2016-07-21] ()
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373736 2016-07-14] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [59216 2016-07-01] (Lenovo Group Limited)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [172200 2016-07-28] ()
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-12-19] (Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-12-19] (Lenovo)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-08-15] (DotC United Inc)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 MySQLpearstem; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [39702016 2016-05-25] () [Datei ist nicht signiert]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-24] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-24] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2014-12-19] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2014-12-19] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 rijufoze; C:\Program Files (x86)\04905D8E-1471276344-11E4-B57F-68F7284155E1\hnst6DCB.tmp [138240 2016-08-15] () [Datei ist nicht signiert]
R3 RmSvc; C:\Windows\System32\RMapi.dll [141312 2016-07-16] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2016-04-30] (Synaptics Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [899984 2016-08-02] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-07-16] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-07-16] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-17] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [614912 2016-07-16] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_6e768; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_6e768; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-12-19] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)
R2 zigipyro; C:\Users\dbirn_000\AppData\Local\04905D8E-1471340577-11E4-B57F-68F7284155E1\qnsvAF9F.tmp [158720 2015-12-26] () [Datei ist nicht signiert]
R2 ziphost; c:\program files\ziptool\ziphost.dll [114080 2015-11-30] ()
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 Jzidom Module; "C:\Program Files (x86)\Wivotain\Jzidom\Jzidommdlzoqerthershaviry.exe" {511AFE50-C2D8-48D5-87EB-B2BCFEC5572C} [X]
S2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [X]
R2 runywonezbt; C:\Program Files (x86)\04905D8E-1471276344-11E4-B57F-68F7284155E1\knsr42CF.tmpfs [X]
S2 SCService; "C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 ComputerZ_x64; C:\Program Files (x86)\LuDaShi\ComputerZ_x64.sys [49152 2016-06-27] (ludashi.com)
R4 ddkmd; C:\WINDOWS\system32\drivers\ddkmd.sys [254456 2015-12-07] (OSBASE)
R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [16888 2015-12-07] (OSBASE)
S3 DM9USB; C:\Windows\System32\drivers\dm9usb.sys [71416 2012-03-12] (DAVICOM Semiconductor, Inc.                                                    )
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52200 2016-04-30] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [50664 2016-04-30] (Intel Corporation)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31832 2016-06-12] (ELAN Microelectronic Corp.)
S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [194184 2015-12-07] ()
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-07-16] (Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-30] (REALiX(tm))
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
S3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
S3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [45920 2016-07-16] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185896 2016-05-05] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-08-15] (DotC United Inc)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3520264 2016-05-03] (Intel Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [413912 2016-04-30] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3066072 2016-04-30] (Realtek Semiconductor Corp.)
S3 rtux64w10; C:\Windows\System32\drivers\rtux64w10.sys [350464 2016-07-21] (Realtek                                                                )
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-04-30] (Synaptics Incorporated)
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [192864 2016-06-28] (Oracle Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-07-16] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [149432 2015-05-20] (MBB)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZipProtect; c:\program files\ziptool\ZipProtect64.sys [886512 2015-12-14] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVCx32: HpSvc -> C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll ()

 ============================

Piristibulus · 16.08.2016, 09:20

Teil 2:

Code:

ATTFilter

==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-16 09:43 - 2016-08-16 09:43 - 00051246 _____ C:\Users\dbirn_000\Desktop\FRST.txt
2016-08-16 09:42 - 2016-08-16 09:43 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\04905D8E-1471340577-11E4-B57F-68F7284155E1
2016-08-16 09:42 - 2016-08-16 09:43 - 00000000 ____D C:\Program Files (x86)\mpck
2016-08-16 09:14 - 2016-08-16 09:43 - 00000000 ____D C:\FRST
2016-08-16 09:14 - 2016-08-16 09:14 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\MCorp
2016-08-16 09:14 - 2016-08-08 03:54 - 01611776 _____ C:\Users\dbirn_000\AppData\Roaming\ucdlr.exe
2016-08-16 09:08 - 2016-08-15 22:16 - 02394624 _____ (Farbar) C:\Users\dbirn_000\Desktop\FRST64.exe
2016-08-16 09:07 - 2016-08-16 09:07 - 00001809 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-08-16 09:07 - 2016-08-16 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-08-15 18:18 - 2016-08-15 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compress
2016-08-15 18:17 - 2016-08-15 18:17 - 01474568 _____ C:\Users\dbirn_000\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2016-08-15 18:17 - 2016-08-15 18:17 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\lockhomepage
2016-08-15 18:16 - 2016-08-15 18:19 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Ludashi
2016-08-15 18:16 - 2016-08-15 18:18 - 00000000 ____D C:\Program Files\ZipTool
2016-08-15 18:16 - 2016-08-15 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
2016-08-15 18:16 - 2016-08-15 18:16 - 00000000 ____D C:\Program Files (x86)\LDSGameCenter
2016-08-15 18:16 - 2016-02-18 10:10 - 05267952 _____ () C:\Users\dbirn_000\AppData\Roaming\ziptool_wc-9015_setup.exe
2016-08-15 18:14 - 2016-08-16 09:07 - 00000492 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2016-08-15 18:14 - 2016-08-15 18:15 - 00003518 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2016-08-15 18:13 - 2016-08-15 19:16 - 00000000 ____D C:\Program Files (x86)\LuDaShi
2016-08-15 18:12 - 2016-08-15 18:12 - 00001606 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2016-08-15 18:12 - 2016-08-15 18:12 - 00001594 _____ C:\Users\Public\Desktop\UC浏览器.lnk
2016-08-15 18:12 - 2016-08-15 18:12 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\UCBrowser
2016-08-15 18:12 - 2016-08-15 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-08-15 18:12 - 2016-08-02 08:39 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
2016-08-15 18:11 - 2016-08-15 18:12 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-08-15 17:58 - 2016-08-15 18:05 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\app
2016-08-15 17:57 - 2016-08-16 09:07 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-08-15 17:57 - 2016-08-15 17:57 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-08-15 17:57 - 2016-08-15 17:57 - 00003152 _____ C:\WINDOWS\System32\Tasks\tasklist
2016-08-15 17:57 - 2016-08-15 17:57 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\UPUpdata
2016-08-15 17:52 - 2016-08-15 17:52 - 00000000 ____D C:\Program Files (x86)\04905D8E-1471276344-11E4-B57F-68F7284155E1
2016-08-15 17:52 - 2016-08-15 17:48 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-08-15 17:48 - 2016-08-16 09:07 - 00000374 _____ C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
2016-08-15 17:48 - 2016-08-16 09:07 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-08-15 17:48 - 2016-08-15 17:48 - 00002832 _____ C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator
2016-08-15 17:48 - 2016-08-15 17:48 - 00001128 _____ C:\Users\dbirn_000\Desktop\PC Speed Up.lnk
2016-08-15 17:48 - 2016-08-15 17:48 - 00000000 ____D C:\Users\dbirn_000\Documents\PCSpeedUp
2016-08-15 17:48 - 2016-08-15 17:48 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\Iwighghaceied
2016-08-15 17:48 - 2016-08-15 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2016-08-15 17:48 - 2016-08-15 17:48 - 00000000 ____D C:\Program Files\Caster
2016-08-15 15:35 - 2016-08-15 15:35 - 08119845 _____ C:\Users\dbirn_000\Downloads\PPN345203674_0058___log18.pdf
2016-08-15 14:54 - 2016-08-15 14:54 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk
2016-08-15 14:54 - 2016-08-15 14:54 - 00001239 _____ C:\Users\Public\Desktop\Zotero Standalone.lnk
2016-08-15 14:54 - 2016-08-15 14:54 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Zotero
2016-08-15 14:54 - 2016-08-15 14:54 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\Zotero
2016-08-15 14:54 - 2016-08-15 14:54 - 00000000 ____D C:\Program Files (x86)\Zotero Standalone
2016-08-15 14:29 - 2016-08-15 14:29 - 04115070 _____ C:\Users\dbirn_000\Downloads\Jacob Perkins-Python Text Processing with NLTK 2.0 Cookbook_ Use Python's NLTK suite of libraries to maximize your Natural Language Processing capabilities-Packt Publishing (2010).pdf
2016-08-15 14:25 - 2016-08-15 15:13 - 05647925 _____ C:\Users\dbirn_000\Downloads\Steven Bird, Ewan Klein, Edward Loper-Natural Language Processing with Python_ Analyzing Text with the Natural Language Toolkit-O'Reilly Media (2009).pdf
2016-08-15 14:25 - 2016-08-15 14:26 - 01969647 _____ C:\Users\dbirn_000\Downloads\Jacob Perkins-Python 3 Text Processing with NLTK 3 Cookbook_ Over 80 practical recipes on natural language processing techniques using Python's NLTK 3.0-Packt Publishing (2014).pdf
2016-08-15 13:35 - 2016-08-15 13:35 - 01110872 _____ C:\Users\dbirn_000\AppData\LocalLow\eff79D4.001
2016-08-15 13:35 - 2016-08-15 13:35 - 00095952 _____ C:\Users\dbirn_000\AppData\LocalLow\eff79D4.004
2016-08-15 13:35 - 2016-08-15 13:35 - 00055908 _____ C:\Users\dbirn_000\AppData\LocalLow\eff79D4.002
2016-08-15 13:35 - 2016-08-15 13:35 - 00054352 _____ C:\Users\dbirn_000\AppData\LocalLow\eff79D4.006
2016-08-15 13:35 - 2016-08-15 13:35 - 00050080 _____ C:\Users\dbirn_000\AppData\LocalLow\eff79D4.003
2016-08-15 13:35 - 2016-08-15 13:35 - 00044740 _____ C:\Users\dbirn_000\AppData\LocalLow\eff79D4.007
2016-08-15 13:35 - 2016-08-15 13:35 - 00042520 _____ C:\Users\dbirn_000\AppData\LocalLow\eff79D4.008
2016-08-15 13:35 - 2016-08-15 13:35 - 00014076 _____ C:\Users\dbirn_000\AppData\LocalLow\eff79D4.005
2016-08-15 13:32 - 2016-08-15 13:32 - 01787973 _____ C:\Users\dbirn_000\Downloads\mARkdown - al-Raqmiyyāt_ Digital Islamic History.pdf
2016-08-15 11:26 - 2016-08-15 11:26 - 00000000 ___HD C:\OneDriveTemp
2016-08-14 17:34 - 2016-08-14 17:36 - 05723977 _____ C:\Users\dbirn_000\Downloads\(Studies in Language Companion Series volume 12) Harm Pinkster (editor)-Latin Linguistics and Linguistic Theory (Studies in Language Companion Series, 12)-John Benjamins Publishing Company (1983).pdf.part
2016-08-13 15:21 - 2016-08-13 15:21 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\ElevatedDiagnostics
2016-08-12 13:42 - 2016-08-12 13:42 - 00000000 ____D C:\Users\dbirn_000\Documents\OneNote Notebooks
2016-08-12 12:15 - 2016-08-12 12:15 - 00000163 _____ C:\Users\dbirn_000\.gitconfig
2016-08-12 12:10 - 2016-08-12 12:10 - 00000000 ____D C:\Temp
2016-08-12 11:33 - 2016-08-12 11:34 - 00000000 ____D C:\Users\dbirn_000\.ssh
2016-08-12 11:33 - 2016-08-12 11:33 - 00001477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPad Pro 7.lnk
2016-08-12 11:33 - 2016-08-12 11:33 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\JGsoft
2016-08-12 11:33 - 2016-08-12 11:33 - 00000000 ____D C:\Program Files\Just Great Software
2016-08-12 11:30 - 2016-08-12 13:37 - 00000000 ____D C:\Users\dbirn_000\Documents\GitHub
2016-08-12 11:30 - 2016-08-12 11:41 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\GitHub
2016-08-12 11:30 - 2016-08-12 11:35 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\GitHub
2016-08-12 11:30 - 2016-08-12 11:30 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2016-08-12 11:17 - 2016-08-12 13:41 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\Deployment
2016-08-12 11:07 - 2016-08-12 11:07 - 00849200 _____ C:\Users\dbirn_000\Desktop\SteuerIdentifikation_Birnstiel.pdf
2016-08-12 11:06 - 2016-08-12 11:06 - 00000000 ____D C:\Users\dbirn_000\Downloads\SteuerRyu
2016-08-11 11:19 - 2016-08-11 11:19 - 00915212 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.00b
2016-08-11 11:19 - 2016-08-11 11:19 - 00219524 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.009
2016-08-11 11:19 - 2016-08-11 11:19 - 00217044 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.008
2016-08-11 11:19 - 2016-08-11 11:19 - 00202180 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.006
2016-08-11 11:19 - 2016-08-11 11:19 - 00180792 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.00a
2016-08-11 11:19 - 2016-08-11 11:19 - 00176132 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.007
2016-08-11 11:19 - 2016-08-11 11:19 - 00077548 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.003
2016-08-11 11:19 - 2016-08-11 11:19 - 00051104 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.001
2016-08-11 11:19 - 2016-08-11 11:19 - 00047204 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.005
2016-08-11 11:19 - 2016-08-11 11:19 - 00045360 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.004
2016-08-11 11:19 - 2016-08-11 11:19 - 00045084 _____ C:\Users\dbirn_000\AppData\LocalLow\effA150.002
2016-08-11 11:18 - 2016-08-11 11:18 - 00077548 _____ C:\Users\dbirn_000\AppData\LocalLow\eff9B29.003
2016-08-11 11:18 - 2016-08-11 11:18 - 00059092 _____ C:\Users\dbirn_000\AppData\LocalLow\eff9B29.007
2016-08-11 11:18 - 2016-08-11 11:18 - 00055604 _____ C:\Users\dbirn_000\AppData\LocalLow\eff9B29.002
2016-08-11 11:18 - 2016-08-11 11:18 - 00052492 _____ C:\Users\dbirn_000\AppData\LocalLow\eff9B29.008
2016-08-11 11:18 - 2016-08-11 11:18 - 00051900 _____ C:\Users\dbirn_000\AppData\LocalLow\eff9B29.006
2016-08-11 11:18 - 2016-08-11 11:18 - 00045692 _____ C:\Users\dbirn_000\AppData\LocalLow\eff9B29.004
2016-08-11 11:18 - 2016-08-11 11:18 - 00039272 _____ C:\Users\dbirn_000\AppData\LocalLow\eff9B29.005
2016-08-11 10:17 - 2016-08-11 10:17 - 00059092 _____ C:\Users\dbirn_000\AppData\LocalLow\effBD18.007
2016-08-11 10:17 - 2016-08-11 10:17 - 00052492 _____ C:\Users\dbirn_000\AppData\LocalLow\effBD18.008
2016-08-11 10:17 - 2016-08-11 10:17 - 00051900 _____ C:\Users\dbirn_000\AppData\LocalLow\effBD18.006
2016-08-11 10:17 - 2016-08-11 10:17 - 00045692 _____ C:\Users\dbirn_000\AppData\LocalLow\effBD18.004
2016-08-11 10:17 - 2016-08-11 10:17 - 00039272 _____ C:\Users\dbirn_000\AppData\LocalLow\effBD18.005
2016-08-11 10:16 - 2016-08-11 10:16 - 00915212 _____ C:\Users\dbirn_000\AppData\LocalLow\eff8D80.00b
2016-08-11 10:16 - 2016-08-11 10:16 - 00219524 _____ C:\Users\dbirn_000\AppData\LocalLow\eff8D80.009
2016-08-11 10:16 - 2016-08-11 10:16 - 00217044 _____ C:\Users\dbirn_000\AppData\LocalLow\eff8D80.008
2016-08-11 10:16 - 2016-08-11 10:16 - 00202180 _____ C:\Users\dbirn_000\AppData\LocalLow\eff8D80.006
2016-08-11 10:16 - 2016-08-11 10:16 - 00180792 _____ C:\Users\dbirn_000\AppData\LocalLow\eff8D80.00a
2016-08-11 10:16 - 2016-08-11 10:16 - 00176132 _____ C:\Users\dbirn_000\AppData\LocalLow\eff8D80.007
2016-08-11 10:16 - 2016-08-11 10:16 - 00047204 _____ C:\Users\dbirn_000\AppData\LocalLow\eff8D80.005
2016-08-11 10:16 - 2016-08-11 10:16 - 00045360 _____ C:\Users\dbirn_000\AppData\LocalLow\eff8D80.004
2016-08-10 14:32 - 2016-08-10 14:32 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-10 13:34 - 2016-08-02 10:48 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 13:34 - 2016-08-02 10:44 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 13:34 - 2016-08-02 10:44 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-10 13:34 - 2016-08-02 10:20 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-10 13:34 - 2016-08-02 09:58 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 13:34 - 2016-08-02 09:55 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 13:34 - 2016-08-02 06:51 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 13:34 - 2016-08-02 06:37 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-10 13:34 - 2016-08-02 06:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-10 13:34 - 2016-08-02 06:27 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-10 13:34 - 2016-08-02 06:25 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-10 13:34 - 2016-08-02 06:25 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 13:34 - 2016-08-02 06:23 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-10 13:34 - 2016-08-02 06:13 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-10 13:34 - 2016-08-02 06:09 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-10 13:33 - 2016-08-02 10:58 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 13:33 - 2016-08-02 10:53 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 13:33 - 2016-08-02 10:52 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 13:33 - 2016-08-02 10:48 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-10 13:33 - 2016-08-02 10:23 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 13:33 - 2016-08-02 10:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-10 13:33 - 2016-08-02 10:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-10 13:33 - 2016-08-02 10:20 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-10 13:33 - 2016-08-02 10:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-10 13:33 - 2016-08-02 10:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-10 13:33 - 2016-08-02 10:14 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-10 13:33 - 2016-08-02 10:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 13:33 - 2016-08-02 10:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-10 13:33 - 2016-08-02 10:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-10 13:33 - 2016-08-02 10:11 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-10 13:33 - 2016-08-02 10:10 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-10 13:33 - 2016-08-02 10:09 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-10 13:33 - 2016-08-02 10:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 13:33 - 2016-08-02 10:07 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-10 13:33 - 2016-08-02 10:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-10 13:33 - 2016-08-02 10:00 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-10 13:33 - 2016-08-02 09:59 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 13:33 - 2016-08-02 09:57 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 13:33 - 2016-08-02 09:56 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-10 13:33 - 2016-08-02 09:56 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 13:33 - 2016-08-02 09:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-10 13:33 - 2016-08-02 09:55 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 13:33 - 2016-08-02 09:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-10 13:33 - 2016-08-02 06:56 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 13:33 - 2016-08-02 06:47 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-10 13:33 - 2016-08-02 06:39 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-10 13:33 - 2016-08-02 06:37 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-10 13:33 - 2016-08-02 06:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-10 13:33 - 2016-08-02 06:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-10 13:33 - 2016-08-02 06:28 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 13:33 - 2016-08-02 06:26 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 13:33 - 2016-08-02 06:26 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-10 13:33 - 2016-08-02 06:16 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 13:33 - 2016-08-02 06:13 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 13:33 - 2016-08-02 06:12 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-09 18:45 - 2016-08-09 18:47 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Skype
2016-08-09 18:45 - 2016-08-09 18:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-09 18:45 - 2016-08-09 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-09 18:43 - 2016-08-09 18:43 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\Evernote
2016-08-09 18:40 - 2016-08-09 18:40 - 00000000 ____D C:\Users\dbirn_000\AppData\LocalLow\Evernote
2016-08-09 18:40 - 2016-08-09 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-08-09 18:40 - 2016-08-09 18:40 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-08-08 15:25 - 2016-08-08 15:25 - 00569425 _____ C:\Users\dbirn_000\Downloads\eLearning-Workshopprogramm_WiSe_1617.pdf
2016-08-07 22:08 - 2016-08-07 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-05 01:10 - 2016-08-05 01:10 - 00000000 ____D C:\Users\Public\Thunder Network
2016-08-05 01:10 - 2016-08-05 01:10 - 00000000 ____D C:\ProgramData\Thunder Network
2016-08-05 01:08 - 2016-08-05 01:13 - 00000000 ____D C:\ProgramData\DriverTalent
2016-08-05 01:08 - 2016-08-05 01:08 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\DriverTalent
2016-08-05 01:08 - 2016-08-05 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent
2016-08-05 01:08 - 2016-08-05 01:08 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft
2016-08-05 01:08 - 2016-08-05 01:08 - 00000000 ____D C:\OSTotoFolder
2016-08-05 00:27 - 2016-08-05 00:27 - 00000568 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-08-04 18:51 - 2016-08-04 18:16 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-04 18:48 - 2016-08-04 18:48 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-04 18:48 - 2016-08-04 18:48 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-04 18:48 - 2016-08-04 18:48 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-04 18:48 - 2016-08-04 18:48 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-04 18:48 - 2016-08-04 18:48 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-04 18:48 - 2016-08-04 17:59 - 00000000 ____D C:\Windows.old
2016-08-04 18:45 - 2016-07-15 20:29 - 07702016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0011.dll
2016-08-04 18:45 - 2016-07-15 20:29 - 02454528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0011.dll
2016-08-04 18:45 - 2016-07-15 20:25 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70011.dll
2016-08-04 18:45 - 2016-07-15 20:24 - 07417344 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0011.dll
2016-08-04 18:45 - 2016-07-15 19:40 - 07253504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0011.dll
2016-08-04 18:45 - 2016-07-15 19:40 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70011.dll
2016-08-04 18:45 - 2016-05-25 15:39 - 00002060 _____ C:\WINDOWS\system32\noise.jpn
2016-08-04 18:45 - 2016-05-25 12:10 - 00002060 _____ C:\WINDOWS\SysWOW64\noise.jpn
2016-08-04 18:44 - 2016-07-15 20:29 - 01722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000d.dll
2016-08-04 18:44 - 2016-07-15 20:27 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000d.dll
2016-08-04 18:44 - 2016-07-15 20:24 - 02295296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS7.dll
2016-08-04 18:44 - 2016-07-15 19:45 - 01722880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000d.dll
2016-08-04 18:44 - 2016-07-15 19:43 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000d.dll
2016-08-04 18:44 - 2016-07-15 19:40 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS7.dll
2016-08-04 18:40 - 2016-07-15 20:29 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2016-08-04 18:40 - 2016-07-15 20:29 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2016-08-04 18:40 - 2016-07-15 20:14 - 06354944 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2016-08-04 18:40 - 2016-07-15 19:45 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2016-08-04 18:40 - 2016-07-15 19:29 - 05489664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2016-08-04 18:39 - 2016-07-15 20:28 - 08229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0008.dll
2016-08-04 18:38 - 2016-07-15 20:28 - 16735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0001.dll
2016-08-04 18:37 - 2016-08-04 18:37 - 00000000 ____D C:\WINDOWS\system32\he
2016-08-04 18:37 - 2016-07-15 20:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2016-08-04 18:37 - 2016-07-15 20:28 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2016-08-04 18:37 - 2016-07-15 20:28 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2016-08-04 18:37 - 2016-07-15 20:26 - 00376320 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2016-08-04 18:37 - 2016-07-15 20:26 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2016-08-04 18:37 - 2016-07-15 20:25 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2016-08-04 18:37 - 2016-07-15 20:23 - 14388224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2016-08-04 18:37 - 2016-07-15 20:22 - 00429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2016-08-04 18:37 - 2016-07-15 20:22 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2016-08-04 18:37 - 2016-07-15 20:19 - 01323520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2016-08-04 18:37 - 2016-07-15 20:16 - 05850624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2016-08-04 18:37 - 2016-07-15 20:16 - 04969472 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2016-08-04 18:37 - 2016-07-15 20:15 - 06582784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2016-08-04 18:37 - 2016-07-15 20:14 - 02485760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2016-08-04 18:37 - 2016-07-15 20:13 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2016-08-04 18:37 - 2016-07-15 20:13 - 01198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2016-08-04 18:37 - 2016-07-15 20:13 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2016-08-04 18:37 - 2016-07-15 20:12 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2016-08-04 18:37 - 2016-07-15 20:12 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2016-08-04 18:37 - 2016-07-15 20:11 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2016-08-04 18:37 - 2016-07-15 19:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2016-08-04 18:37 - 2016-07-15 19:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2016-08-04 18:37 - 2016-07-15 19:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2016-08-04 18:37 - 2016-07-15 19:42 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2016-08-04 18:37 - 2016-07-15 19:41 - 00355840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2016-08-04 18:37 - 2016-07-15 19:41 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2016-08-04 18:37 - 2016-07-15 19:39 - 11670528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2016-08-04 18:37 - 2016-07-15 19:38 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2016-08-04 18:37 - 2016-07-15 19:37 - 01935360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2016-08-04 18:37 - 2016-07-15 19:37 - 01074176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2016-08-04 18:37 - 2016-07-15 19:35 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2016-08-04 18:37 - 2016-07-15 19:32 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2016-08-04 18:37 - 2016-07-15 19:32 - 03701248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2016-08-04 18:37 - 2016-07-15 19:31 - 04977664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2016-08-04 18:37 - 2016-07-15 19:29 - 00953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2016-08-04 18:37 - 2016-07-15 19:29 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2016-08-04 18:37 - 2016-07-15 19:29 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2016-08-04 18:37 - 2016-07-15 19:28 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2016-08-04 18:37 - 2016-07-15 19:28 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2016-08-04 18:37 - 2016-07-15 19:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2016-08-04 18:35 - 2016-08-04 18:35 - 00000000 ____D C:\WINDOWS\system32\ar
2016-08-04 18:32 - 2016-08-16 09:13 - 00668630 _____ C:\WINDOWS\system32\perfh008.dat
2016-08-04 18:32 - 2016-08-16 09:13 - 00191042 _____ C:\WINDOWS\system32\perfc008.dat
2016-08-04 18:32 - 2016-08-04 18:32 - 00376726 _____ C:\WINDOWS\system32\perfi008.dat
2016-08-04 18:32 - 2016-08-04 18:32 - 00047288 _____ C:\WINDOWS\system32\perfd008.dat
2016-08-04 18:32 - 2016-08-04 18:32 - 00000000 ____D C:\WINDOWS\SysWOW64\el
2016-08-04 18:32 - 2016-08-04 18:32 - 00000000 ____D C:\WINDOWS\system32\el
2016-08-04 18:28 - 2016-08-16 09:13 - 00333030 _____ C:\WINDOWS\system32\perfh011.dat
2016-08-04 18:28 - 2016-08-16 09:13 - 00164772 _____ C:\WINDOWS\system32\perfc011.dat
2016-08-04 18:28 - 2016-08-04 18:28 - 00000000 ____D C:\WINDOWS\SysWOW64\ja
2016-08-04 18:28 - 2016-08-04 18:28 - 00000000 ____D C:\WINDOWS\system32\ja
2016-08-04 18:28 - 2016-08-04 18:27 - 00144476 _____ C:\WINDOWS\system32\perfi011.dat
2016-08-04 18:28 - 2016-08-04 18:27 - 00033362 _____ C:\WINDOWS\system32\perfd011.dat
2016-08-04 18:27 - 2016-08-04 18:27 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\lzhfldr2.dll
2016-08-04 18:27 - 2016-08-04 18:27 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lzhfldr2.dll
2016-08-04 18:25 - 2016-08-04 18:25 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-04 18:23 - 2016-08-04 18:29 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\ConnectedDevicesPlatform
2016-08-04 18:23 - 2016-08-04 18:23 - 00000020 ___SH C:\Users\dbirn_000\ntuser.ini
2016-08-04 18:22 - 2016-08-04 18:22 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-04 18:21 - 2016-08-04 18:37 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-08-04 18:21 - 2016-08-04 18:21 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-04 18:21 - 2016-08-04 18:21 - 00000000 ____D C:\Program Files\MSBuild
2016-08-04 18:21 - 2016-08-04 18:21 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-04 18:21 - 2016-08-04 17:59 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-04 18:20 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-04 18:20 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-04 18:20 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-04 18:20 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-04 18:20 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-04 18:20 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-04 18:16 - 2016-08-04 18:16 - 00000000 ____D C:\ProgramData\USOShared
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2016-08-04 18:15 - 2016-08-04 18:15 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2016-08-04 18:14 - 2016-08-04 18:15 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-04 18:14 - 2016-08-04 18:15 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-04 18:09 - 2016-08-16 09:10 - 00003036 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (dbirn_000)
2016-08-04 18:09 - 2016-08-16 09:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-04 18:09 - 2016-08-09 18:38 - 00003384 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-08-04 18:09 - 2016-08-04 18:09 - 00003496 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Update {229C7B40-79E8-41C8-8EBE-0DE79613F010}
2016-08-04 18:09 - 2016-08-04 18:09 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-08-04 18:09 - 2016-08-04 18:09 - 00003474 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0d9f35b7f3b7c
2016-08-04 18:09 - 2016-08-04 18:09 - 00003318 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Invitation {229C7B40-79E8-41C8-8EBE-0DE79613F010}
2016-08-04 18:09 - 2016-08-04 18:09 - 00003308 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-08-04 18:09 - 2016-08-04 18:09 - 00003300 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-04 18:09 - 2016-08-04 18:09 - 00003272 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Update {FCB9B395-BD41-487E-83F4-E5EDC1023F67}
2016-08-04 18:09 - 2016-08-04 18:09 - 00003220 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-04 18:09 - 2016-08-04 18:09 - 00003098 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-08-04 18:09 - 2016-08-04 18:09 - 00003086 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Invitation {FCB9B395-BD41-487E-83F4-E5EDC1023F67}
2016-08-04 18:09 - 2016-08-04 18:09 - 00003080 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-08-04 18:09 - 2016-08-04 18:09 - 00002810 _____ C:\WINDOWS\System32\Tasks\MySQLNotifierTask
2016-08-04 18:09 - 2016-08-04 18:09 - 00002808 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-528608177-3768278189-544877735-1001
2016-08-04 18:09 - 2016-08-04 18:09 - 00002316 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-528608177-3768278189-544877735-500
2016-08-04 18:09 - 2016-08-04 18:09 - 00002292 _____ C:\WINDOWS\System32\Tasks\{2BA78B0B-9FE5-4555-B3DA-63AF616A7EE5}
2016-08-04 18:09 - 2016-08-04 18:09 - 00002286 _____ C:\WINDOWS\System32\Tasks\{AC26FD83-02AC-48C9-B1EC-943F64688AE4}
2016-08-04 18:09 - 2016-08-04 18:09 - 00002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-08-04 18:09 - 2016-08-04 18:09 - 00002180 _____ C:\WINDOWS\System32\Tasks\{9D1D3036-8091-4543-A35F-F893AE231A6C}
2016-08-04 18:09 - 2016-08-04 18:09 - 00002110 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2016-08-04 18:09 - 2016-08-04 18:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\MySQL
2016-08-04 18:09 - 2016-08-04 18:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-08-04 18:09 - 2016-08-04 18:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-08-04 18:09 - 2016-08-04 18:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2016-08-04 18:09 - 2014-04-03 20:35 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1050727674-2070356693-977449066-500
2016-08-04 18:07 - 2016-08-04 18:07 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-04 18:07 - 2016-08-04 18:07 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-08-04 18:07 - 2016-08-04 18:07 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki
2016-08-04 18:07 - 2016-08-04 18:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-08-04 18:07 - 2016-08-04 18:07 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-08-04 18:07 - 2016-08-04 18:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki
2016-08-04 18:07 - 2016-08-04 18:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-08-04 17:55 - 2016-08-04 18:07 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-04 17:54 - 2016-08-16 09:13 - 03350822 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-04 17:54 - 2016-08-16 09:07 - 00000000 ____D C:\Users\dbirn_000
2016-08-04 17:54 - 2016-08-04 17:54 - 02441288 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\Vorlagen
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\Startmenü
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\Netzwerkumgebung
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\Lokale Einstellungen
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\Eigene Dateien
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\Druckumgebung
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\Documents\Eigene Videos
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\Documents\Eigene Musik
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\Documents\Eigene Bilder
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\AppData\Local\Verlauf
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\AppData\Local\Anwendungsdaten
2016-08-04 17:54 - 2016-08-04 17:54 - 00000000 _SHDL C:\Users\dbirn_000\Anwendungsdaten
2016-08-04 17:53 - 2016-08-16 09:07 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-04 17:53 - 2016-08-05 01:23 - 00000000 ____D C:\Program Files\Intel
2016-08-04 17:53 - 2016-08-05 00:27 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-08-04 17:53 - 2016-08-04 17:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-08-04 17:53 - 2016-08-04 17:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-08-04 17:53 - 2016-08-04 17:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfManager_01011.Wdf
2016-08-04 17:53 - 2016-08-04 17:53 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-04 17:53 - 2016-08-04 17:53 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-04 17:53 - 2016-08-04 17:53 - 00000000 ____D C:\Program Files\Synaptics
2016-08-04 17:53 - 2016-08-04 17:53 - 00000000 ____D C:\Program Files\Realtek
2016-08-04 17:53 - 2016-08-04 17:53 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-08-04 17:53 - 2016-07-14 05:34 - 00103960 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-08-04 17:53 - 2016-07-14 05:34 - 00099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-08-04 17:52 - 2016-08-16 09:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-04 17:52 - 2016-08-10 15:52 - 01397392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-04 17:52 - 2016-08-04 17:52 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-04 17:52 - 2016-07-16 13:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-07-28 19:34 - 2016-07-28 19:34 - 00000000 ____D C:\Users\dbirn_000\AppData\LocalLow\Temp
2016-07-28 19:17 - 2016-07-28 19:17 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-07-28 19:17 - 2016-07-28 19:17 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-07-28 18:34 - 2016-07-28 18:34 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\MySQL
2016-07-28 18:19 - 2016-07-28 18:23 - 00000000 ____D C:\Program Files\MySQL
2016-07-28 13:51 - 2016-07-28 13:51 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-07-28 13:51 - 2016-07-28 13:51 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-07-28 01:29 - 2016-07-28 18:22 - 00000469 _____ C:\WINDOWS\ODBCINST.INI
2016-07-28 00:50 - 2016-07-28 00:51 - 00000000 ____D C:\Users\dbirn_000\Documents\Visual Studio 2015
2016-07-28 00:45 - 2016-07-28 00:45 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-07-28 00:41 - 2016-08-04 18:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2016-07-28 00:36 - 2016-07-28 00:36 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-07-28 00:36 - 2016-07-28 00:36 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-07-28 00:35 - 2016-07-28 00:35 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-07-28 00:35 - 2016-07-28 00:35 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-07-28 00:34 - 2016-07-28 00:41 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-07-28 00:32 - 2016-07-28 00:32 - 00000000 ____D C:\ProgramData\Microsoft DNX
2016-07-28 00:32 - 2016-07-28 00:32 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-07-28 00:28 - 2016-07-28 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-07-28 00:25 - 2016-07-28 00:26 - 00000000 ____D C:\Program Files\IIS Express
2016-07-28 00:25 - 2016-07-28 00:26 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-07-28 00:24 - 2016-07-28 00:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-07-28 00:22 - 2016-08-04 17:59 - 00000000 ____D C:\Program Files\IIS
2016-07-28 00:22 - 2016-07-28 00:22 - 00000000 ____D C:\ProgramData\NuGet
2016-07-28 00:22 - 2016-07-28 00:22 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-07-28 00:22 - 2016-07-28 00:22 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-07-28 00:22 - 2016-07-28 00:22 - 00000000 ____D C:\Program Files (x86)\IIS
2016-07-28 00:21 - 2016-08-04 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-07-28 00:20 - 2016-08-04 18:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-07-28 00:20 - 2016-07-28 00:20 - 00001509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-07-28 00:20 - 2016-07-28 00:20 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-07-28 00:18 - 2016-08-04 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-07-28 00:17 - 2016-07-28 00:17 - 00000000 ____D C:\WINDOWS\symbols
2016-07-28 00:17 - 2016-07-28 00:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-07-28 00:16 - 2016-08-04 18:07 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2016-07-28 00:16 - 2016-07-28 00:43 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-07-28 00:16 - 2016-07-28 00:43 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-07-28 00:16 - 2016-07-28 00:16 - 00001518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-07-28 00:15 - 2016-08-04 18:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-07-28 00:15 - 2016-08-04 18:07 - 00000000 ____D C:\WINDOWS\system32\1033
2016-07-28 00:15 - 2016-07-28 00:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
2016-07-28 00:14 - 2016-07-28 00:41 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-07-28 00:14 - 2016-07-28 00:17 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-07-27 14:25 - 2016-08-04 18:07 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-07-27 14:25 - 2016-07-27 14:25 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\Package Cache
2016-07-27 14:16 - 2016-08-04 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2016-07-27 14:16 - 2016-07-28 18:29 - 00000000 ____D C:\ProgramData\MySQL
2016-07-27 14:16 - 2016-07-28 18:23 - 00000000 ____D C:\Program Files (x86)\MySQL
2016-07-27 00:27 - 2016-07-27 00:27 - 00000000 ____D C:\Users\dbirn_000\MediathekView
2016-07-25 15:39 - 2016-07-27 14:14 - 00000000 ____D C:\Users\dbirn_000\Downloads\CIDCO_CRM
2016-07-21 08:40 - 2016-07-21 08:40 - 00083200 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2016-07-18 00:11 - 2016-07-18 00:13 - 123576081 _____ C:\Users\dbirn_000\Downloads\eXist-db-setup-2.2.jar
2016-07-18 00:11 - 2016-07-18 00:12 - 109598839 _____ C:\Users\dbirn_000\Downloads\eXist-db-2.2.dmg
2016-07-17 01:55 - 2016-08-04 16:59 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-17 00:58 - 2016-07-17 00:58 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\quickassist.exe
2016-07-17 00:57 - 2016-07-16 13:43 - 00033498 _____ C:\WINDOWS\Core.xml
2016-07-17 00:52 - 2016-08-04 18:47 - 00000000 ____D C:\WINDOWS\OCR
2016-07-17 00:51 - 2016-08-16 09:13 - 00622244 _____ C:\WINDOWS\system32\perfh007.dat
2016-07-17 00:51 - 2016-08-16 09:13 - 00198304 _____ C:\WINDOWS\system32\perfc007.dat
2016-07-17 00:51 - 2016-07-17 00:51 - 00000000 ____D C:\WINDOWS\SKB
2016-07-17 00:51 - 2016-07-17 00:50 - 00305594 _____ C:\WINDOWS\system32\perfi007.dat
2016-07-17 00:51 - 2016-07-17 00:50 - 00040390 _____ C:\WINDOWS\system32\perfd007.dat
2016-07-17 00:50 - 2016-08-04 18:37 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-07-17 00:50 - 2016-08-04 18:37 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-07-17 00:50 - 2016-08-04 18:00 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-07-17 00:50 - 2016-08-04 18:00 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-07-17 00:50 - 2016-08-04 18:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-07-17 00:50 - 2016-08-04 18:00 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-07-17 00:50 - 2016-08-04 18:00 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-07-17 00:50 - 2016-08-04 18:00 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-07-17 00:50 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-07-17 00:50 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\de
2016-07-17 00:50 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-07-17 00:50 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\de
2016-07-17 00:50 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\0409
2016-07-17 00:50 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\DigitalLocker

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-16 09:14 - 2015-08-19 00:49 - 00000000 ___RD C:\Users\dbirn_000\Dropbox
2016-08-16 09:07 - 2015-08-18 17:28 - 00000000 __SHD C:\Users\dbirn_000\IntelGraphicsProfiles
2016-08-15 17:49 - 2016-02-12 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-15 17:49 - 2016-01-14 18:33 - 00000000 ____D C:\Users\dbirn_000\Documents\Anki
2016-08-15 17:48 - 2015-08-20 13:42 - 00000000 ___HD C:\Users\dbirn_000\AppData\Roaming\Nitro PDF
2016-08-15 17:47 - 2015-08-18 22:15 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-15 17:47 - 2015-08-18 21:58 - 00001437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-15 17:39 - 2016-01-14 11:38 - 00000000 ____D C:\Users\dbirn_000\Documents\Citavi 5
2016-08-15 13:15 - 2016-04-07 00:54 - 00000000 ____D C:\Users\dbirn_000\Downloads\DowloadsAcademia
2016-08-15 11:26 - 2015-08-18 17:35 - 00000000 ___RD C:\Users\dbirn_000\OneDrive
2016-08-15 11:14 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-08-14 20:52 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-14 20:13 - 2016-04-07 00:54 - 00000000 ____D C:\Users\dbirn_000\Downloads\DownloadsLibGen
2016-08-14 16:38 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-13 12:55 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-12 11:00 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-11 21:08 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 21:41 - 2015-08-18 17:28 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\Packages
2016-08-10 17:45 - 2015-08-19 00:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 15:51 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 15:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-10 15:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-10 15:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-10 15:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-10 15:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-10 15:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-10 15:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 15:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-10 14:32 - 2016-01-14 01:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 14:20 - 2016-01-14 01:19 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 13:20 - 2015-08-18 21:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-09 18:45 - 2016-03-18 16:22 - 00000000 ____D C:\ProgramData\Skype
2016-08-09 18:38 - 2016-04-30 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-08-09 17:37 - 2016-05-05 18:40 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\MyPhoneExplorer
2016-08-08 18:14 - 2016-01-14 11:37 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2016-08-08 18:14 - 2016-01-14 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2016-08-08 18:13 - 2016-01-14 11:36 - 00000000 ____D C:\Users\dbirn_000\AppData\Local\Downloaded Installations
2016-08-07 22:08 - 2015-08-18 22:42 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-05 01:23 - 2014-12-19 06:47 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-05 00:07 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-04 23:11 - 2016-05-20 00:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-04 19:58 - 2016-04-30 21:04 - 00000000 ____D C:\ProgramData\ProductData
2016-08-04 18:51 - 2016-07-16 13:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-04 18:37 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-04 18:37 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\servicing
2016-08-04 18:32 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-08-04 18:32 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-08-04 18:32 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-08-04 18:32 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Com
2016-08-04 18:26 - 2016-02-29 00:36 - 00002386 _____ C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-04 18:16 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-04 18:15 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows NT
2016-08-04 18:15 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-04 18:14 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-04 18:14 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-04 18:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-04 18:09 - 2016-02-28 18:41 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-04 18:08 - 2016-07-16 13:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-04 18:07 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-04 18:07 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-08-04 18:07 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-04 18:07 - 2016-07-08 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-08-04 18:07 - 2016-07-03 01:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-08-04 18:07 - 2016-07-03 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\כלי Office 2016
2016-08-04 18:07 - 2016-06-18 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
2016-08-04 18:07 - 2016-06-11 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
2016-08-04 18:07 - 2016-05-05 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2016-08-04 18:07 - 2016-04-09 02:10 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flixster Video
2016-08-04 18:07 - 2016-04-05 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\المكتبة الشاملة
2016-08-04 18:07 - 2016-04-04 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiphos
2016-08-04 18:07 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SWORD Project
2016-08-04 18:07 - 2016-03-28 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WALKMAN Guide
2016-08-04 18:07 - 2016-03-27 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-04 18:07 - 2016-03-27 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-04 18:07 - 2016-03-12 23:44 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-04 18:07 - 2016-03-12 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-04 18:07 - 2016-02-27 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
2016-08-04 18:07 - 2016-02-27 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2016-08-04 18:07 - 2016-02-02 13:20 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfraRecorder
2016-08-04 18:07 - 2016-02-02 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2016-08-04 18:07 - 2016-01-19 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-08-04 18:07 - 2016-01-19 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-08-04 18:07 - 2016-01-16 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-04 18:07 - 2016-01-14 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView
2016-08-04 18:07 - 2016-01-14 11:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-04 18:07 - 2016-01-14 03:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2016-08-04 18:07 - 2015-10-30 20:44 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-04 18:07 - 2015-10-30 08:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-04 18:07 - 2015-08-18 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-04 18:07 - 2015-08-18 22:15 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-04 18:07 - 2015-08-18 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-04 18:07 - 2015-08-18 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-08-04 18:07 - 2015-08-18 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-08-04 18:07 - 2015-08-18 20:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 4
2016-08-04 18:07 - 2015-08-18 20:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2016-08-04 18:07 - 2014-12-19 07:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Photo Master
2016-08-04 18:07 - 2014-12-19 07:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10
2016-08-04 18:07 - 2014-12-19 07:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-08-04 18:07 - 2014-12-19 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-04 18:07 - 2014-12-19 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-08-04 18:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\IME
2016-08-04 18:00 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-08-04 18:00 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-08-04 18:00 - 2016-05-24 13:27 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-08-04 18:00 - 2016-05-23 01:21 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-08-04 18:00 - 2016-03-23 14:38 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-08-04 18:00 - 2016-02-27 13:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2016-08-04 18:00 - 2014-12-19 06:51 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-08-04 18:00 - 2014-12-19 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-08-04 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-08-04 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-08-04 17:59 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-04 17:59 - 2016-04-01 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2016-08-04 17:59 - 2016-03-28 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-08-04 17:59 - 2016-02-27 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-08-04 17:59 - 2014-12-19 07:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail
2016-08-04 17:55 - 2016-04-11 17:48 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android
2016-08-04 17:54 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-04 17:53 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-04 17:53 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-04 17:17 - 2016-02-22 18:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-04 16:47 - 2015-08-18 22:42 - 00000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-04 16:42 - 2015-08-18 17:42 - 00000945 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {FCB9B395-BD41-487E-83F4-E5EDC1023F67}.job
2016-08-04 16:42 - 2015-08-18 17:42 - 00000759 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {FCB9B395-BD41-487E-83F4-E5EDC1023F67}.job
2016-08-04 16:30 - 2015-08-18 22:20 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0d9f35b7f3b7c.job
2016-08-04 16:25 - 2015-08-18 22:15 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-04 16:20 - 2016-05-04 00:20 - 00000945 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {229C7B40-79E8-41C8-8EBE-0DE79613F010}.job
2016-08-04 16:20 - 2016-05-04 00:20 - 00000759 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {229C7B40-79E8-41C8-8EBE-0DE79613F010}.job
2016-08-04 12:30 - 2015-08-18 22:15 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-03 22:47 - 2015-08-18 22:42 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-03 15:08 - 2016-06-16 10:08 - 00000000 ____D C:\Users\dbirn_000\Documents\Custom Office Templates
2016-08-03 11:03 - 2016-04-05 00:02 - 00464000 _____ C:\WINDOWS\system32\perfh001.dat
2016-08-03 11:03 - 2016-04-05 00:02 - 00078708 _____ C:\WINDOWS\system32\perfc001.dat
2016-08-03 11:03 - 2016-02-28 18:10 - 00435280 _____ C:\WINDOWS\system32\perfh00D.dat
2016-08-03 11:03 - 2016-02-28 18:10 - 00078450 _____ C:\WINDOWS\system32\perfc00D.dat
2016-08-02 15:27 - 2016-01-22 13:59 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\vlc
2016-07-30 14:32 - 2016-07-03 01:28 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Oracle
2016-07-28 19:36 - 2016-01-19 12:50 - 00000000 ____D C:\Users\dbirn_000\AppData\Roaming\Epson
2016-07-28 19:17 - 2014-12-19 06:44 - 00000000 ____D C:\ProgramData\Intel
2016-07-28 19:17 - 2014-12-19 06:43 - 00000000 ____D C:\Program Files (x86)\Intel
2016-07-28 18:57 - 2016-03-27 16:41 - 00000000 ____D C:\ProgramData\Oracle
2016-07-28 18:55 - 2016-03-27 16:41 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-28 18:54 - 2016-02-27 13:44 - 00000000 ___HD C:\Users\dbirn_000\.oracle_jre_usage
2016-07-28 18:53 - 2016-03-27 16:41 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-07-27 21:25 - 2016-01-14 19:00 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-27 14:16 - 2016-07-03 01:38 - 00000000 ____D C:\Users\dbirn_000\Software
2016-07-27 00:27 - 2016-03-27 16:50 - 00000000 ___HD C:\Users\dbirn_000\.mediathek3
2016-07-26 18:55 - 2016-05-28 18:50 - 00000000 ____D C:\Users\dbirn_000\Downloads\OtherDownloads
2016-07-23 17:56 - 2016-02-02 12:09 - 00000000 ____D C:\Users\dbirn_000\Downloads\NewBookScan
2016-07-22 15:17 - 2015-08-18 17:31 - 00000000 ___HD C:\Users\dbirn_000\AppData\Local\Lenovo
2016-07-22 12:13 - 2014-12-19 07:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-21 08:40 - 2016-05-05 18:42 - 00350464 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rtux64w10.sys
2016-07-19 18:16 - 2016-03-12 23:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-19 13:06 - 2016-07-03 02:00 - 00000000 ____D C:\Users\dbirn_000\.VirtualBox
2016-07-17 00:57 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SystemApps
2016-07-17 00:56 - 2016-07-16 13:44 - 02549760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkAnalysisLegacyCom.dll
2016-07-17 00:56 - 2016-07-16 13:44 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2016-07-17 00:56 - 2016-07-16 13:44 - 00268552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpendp.dll
2016-07-17 00:56 - 2016-07-16 13:44 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2016-07-17 00:56 - 2016-07-16 13:44 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfdts.dll
2016-07-17 00:56 - 2016-07-16 13:44 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 03584000 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkAnalysisLegacyCom.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsCpl.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsCpl.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mblctr.exe
2016-07-17 00:56 - 2016-07-16 13:43 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SnippingTool.exe
2016-07-17 00:56 - 2016-07-16 13:43 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2016-07-17 00:56 - 2016-07-16 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00298536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpendp.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrreg.exe
2016-07-17 00:56 - 2016-07-16 13:43 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinput.exe
2016-07-17 00:56 - 2016-07-16 13:43 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsClassExtension.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DFDWiz.exe
2016-07-17 00:56 - 2016-07-16 13:43 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RotMgr.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrcomp.exe
2016-07-17 00:56 - 2016-07-16 13:43 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetppui.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00029536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2016-07-17 00:56 - 2016-07-16 13:43 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorPerformanceEvents.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorCustomAdbAlgorithm.dll
2016-07-17 00:56 - 2016-07-16 13:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2016-07-17 00:56 - 2016-07-16 13:41 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\terminpt.sys
2016-07-17 00:56 - 2016-07-16 13:41 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2016-07-17 00:51 - 2016-07-16 13:44 - 12039168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0007.dll
2016-07-17 00:51 - 2016-07-16 13:44 - 12039168 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0007.dll
2016-07-17 00:51 - 2016-07-16 13:44 - 02083328 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0007.dll
2016-07-17 00:51 - 2016-07-16 13:44 - 01997312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0007.dll
2016-07-17 00:51 - 2016-07-16 13:43 - 11602432 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0007.dll
2016-07-17 00:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-07-17 00:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-07-17 00:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\setup

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-08-16 09:14 - 2016-08-08 03:54 - 1611776 _____ () C:\Users\dbirn_000\AppData\Roaming\ucdlr.exe
2016-08-15 18:16 - 2016-02-18 10:10 - 5267952 _____ () C:\Users\dbirn_000\AppData\Roaming\ziptool_wc-9015_setup.exe
2016-04-21 12:34 - 2016-04-21 12:34 - 0003584 _____ () C:\Users\dbirn_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-15 21:20 - 2016-06-15 21:20 - 0000017 _____ () C:\Users\dbirn_000\AppData\Local\resmon.resmoncfg
2016-08-04 17:53 - 2016-08-04 17:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\dbirn_000\AppData\Local\Temp\2UJUgehsRH.exe
C:\Users\dbirn_000\AppData\Local\Temp\4PbGHxNmSi.exe
C:\Users\dbirn_000\AppData\Local\Temp\B1B.tmp.exe
C:\Users\dbirn_000\AppData\Local\Temp\BI5R6F2ELP.exe
C:\Users\dbirn_000\AppData\Local\Temp\fL4dYHfHaS.exe
C:\Users\dbirn_000\AppData\Local\Temp\ludashisetup.exe
C:\Users\dbirn_000\AppData\Local\Temp\nsf212F.tmp.exe
C:\Users\dbirn_000\AppData\Local\Temp\PqY4Go5L1S.exe
C:\Users\dbirn_000\AppData\Local\Temp\sdf8CA8.exe
C:\Users\dbirn_000\AppData\Local\Temp\sdfFBD2.exe
C:\Users\dbirn_000\AppData\Local\Temp\X8ON6CB31V.exe
C:\Users\dbirn_000\AppData\Local\Temp\XDYY1Y9Z8P.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-14 21:16

==================== Ende von FRST.txt

cosinus · 16.08.2016, 09:37

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Body Text Feathering

Compress

Lenovo Browser Guard

trotux - Uninstall

UC浏览器
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Piristibulus · 16.08.2016, 09:44

Vielen Dank,
auch hier wieder meine Frage: muss das Programm online?

Ich sehe, dass der befallene Rechner ständig versucht weitere Sachen zu unternehmen (z.B. Fenster geht auf, gibt sich als Lenovo Energy Manager aus, etc.).

Da würde ich es lieber über einem USB Stick installieren.

cosinus · 16.08.2016, 09:46

unsere tools brauchen idR einen Zugang ins Internet

Piristibulus · 16.08.2016, 10:41

OK, vielen Dank!
Ich habe Revo Uninstaller laufen lassen. keine Reste
Body Text Feathering keine Reste

Compress Reste gefunden, mehrmals alle ausgewählt und gelöscht, + Meldung „ausgewählte aber nicht entfernte Dateien werden beim nächsten Systemstart entfernt“
Lenovo Browser Guard keine Reste
trotux - Uninstall Reste gefunden, alle ausgewählt und gelöscht
UC浏览器hier musste ich zunächst neu starten, weil sich das Programm aufgehängt hatte und über Task Manager geschlossen werden musste. Reste gefunden, mehrfach alle ausgewählt und gelöscht, + Meldung „ausgewählte aber nicht entfernte Dateien werden beim nächsten Systemstart entfernt“. (Ein Shortcut in der Taskleiste ist immer noch da).

cosinus · 16.08.2016, 10:49

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Piristibulus · 16.08.2016, 16:25

So, ich habe das Tool laufen lassen.

Ich habe es normal und nicht als Admin ausgeführt.
Beim ersten Durchlauf erschienen immer noch pop-ups wie "„Energy Manager User“ verwendeten noch weitere Apps , installieren", habe es immer weggeklickt.

Nach dem Neustart hatte ich war arabisches auf dem Desktop, der chinesische Link im Task Bar war weg, es gab und gibt weiterhin Shortcuts auf dem Desktop zu PC Spee Up und MPC Cleaner.

Beim zweiten Durchlauf von MBAR war ich nach dem ich die Datenbank aktualisiert und Scan geklickt hatte, kurz draussen, als ich wieder reinkam, hatte der PC neugestartet. Danach habe ich es erneut probiert.

Ein Installationsfenster für "Threadapp" ging auf, hab es weggeklickt, kurz nach dem Start von MBAR (nach dem Aktualisieren der Datenbank/bei Scan) trat ein Blue Screen Error auf.

Dann Neustart - Threadapp wegklicken - MBAR starten - blue screen

Danach Neustart - Threadapp - weggeklickt -> gewartet bluescreen.

Es kamen dabei immer Meldungen über resets der default apps für Bilder, MP3, MP4 etc.

Die Blue Screen Message ist PAGE_FAULT_IN_NON_PAGED_AREA

Daher habe ich keine Ahnung, ob der zweite Durchlauf erfolgt war, aber ich denke eher nicht.

Hier ist einstweilen das Logfile, vermutlich des ersten Durchlaufs:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.08.16.06
  rootkit: v2016.08.15.01

Windows 10 x64 NTFS
Internet Explorer 11.51.14393.0
dbirn_000 :: PIRISTIBULUS [administrator]

16/08/2016 13:37:43
mbar-log-2016-08-16 (13-37-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 695393
Time elapsed: 1 hour(s), 43 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{F6368126-6E4B-4323-BB0C-56C3CB44D005}|AutoConfigUrl (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://stoppblock.org/wpad.dat?207b35475f43c97b15e20097d83e76ef14487478 -> Delete on reboot. [c7ff94b703971c1a9c681f9530d413ed]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES| (Hijack.AutoConfigURL.PrxySvrRST) -> Data: 0hxxp://stoppblock.org/wpad.dat?207b35475f43c97b15e20097d83e76ef14487478 -> Delete on reboot. [facc8cbf5c3e41f558a9456fc53f31cf]
HKU\S-1-5-21-528608177-3768278189-544877735-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://stoppblock.org/wpad.dat?207b35475f43c97b15e20097d83e76ef14487478 -> Delete on reboot. [ac1a69e2059566d0fc064e6621e3639d]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 13
C:\WINDOWS\SYSTEM32\drivers\MPCKpt.sys (PUP.Optional.MorePowerfulCleaner) -> Delete on reboot. [b66a551d00e41d5416f4cb5497926238]
C:\$Recycle.Bin\S-1-5-21-528608177-3768278189-544877735-1001\$RWZYZ9V\uninstall.exe (Adware.Agent) -> Delete on reboot. [f7cf99b246543105bc1794d769996799]
C:\Users\dbirn_000\AppData\Local\Temp\fL4dYHfHaS.exe (Trojan.Agent) -> Delete on reboot. [1caa0645039734028dc23e8f8b79c33d]
C:\Windows\Temp\8DC1.tmp (Adware.ConvertAd) -> Delete on reboot. [61650b40d4c604322fa571fa1ee4f30d]
C:\Users\dbirn_000\AppData\Local\Temp\1.tmp.exe (Trojan.Agent.E) -> Delete on reboot. [f1d594b71e7cc175934116a910f3be42]
C:\Users\dbirn_000\AppData\Local\Temp\2.tmp.exe (Trojan.Agent.E) -> Delete on reboot. [8244a2a9544683b32ea66e51d92a48b8]
C:\Users\dbirn_000\AppData\Local\Temp\3.tmp.exe (Trojan.Agent.E) -> Delete on reboot. [14b2fe4d3e5c2c0a0ec607b8a75c01ff]
C:\Users\dbirn_000\AppData\Local\Temp\4.tmp.exe (Trojan.Agent.E) -> Delete on reboot. [794da1aa89117cba587c3f8028db7987]
C:\Users\dbirn_000\AppData\Local\Temp\5.tmp.exe (Trojan.Agent.E) -> Delete on reboot. [7c4a91ba2c6ede58b22286399a6940c0]
C:\Users\dbirn_000\AppData\Local\Temp\6.tmp.exe (Trojan.Agent.E) -> Delete on reboot. [8a3c16352971c27474608936b1523bc5]
C:\Users\dbirn_000\AppData\Local\Temp\7.tmp.exe (Trojan.Agent.E) -> Delete on reboot. [854197b41e7cde58ddf74a75ff047c84]
C:\Users\dbirn_000\AppData\Local\Temp\8.tmp.exe (Trojan.Agent.E) -> Delete on reboot. [b5114704ebaf51e52ca84e71a65d08f8]
C:\Users\dbirn_000\AppData\Local\Temp\9.tmp.exe (Trojan.Agent.E) -> Delete on reboot. [53737dce1486e65006cee2ddcc37758b]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 16.08.2016, 21:10

MBAR wiederholen

Piristibulus · 16.08.2016, 21:35

Habe es mehrfach versucht ...
Aber immer bekomme ich nach ein paar Sekungen einen Blue Scree und der PC stürzt ab.
:-(

16.08.2016, 08:39	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 10 / Installation von unerwünschten Programmen hört nicht auf/Defender geht nicht ja, sollte es __________________ Logfiles bitte immer in CODE-Tags posten

16.08.2016, 09:46	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 10 / Installation von unerwünschten Programmen hört nicht auf/Defender geht nicht unsere tools brauchen idR einen Zugang ins Internet __________________ Logfiles bitte immer in CODE-Tags posten

16.08.2016, 21:10	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 10 / Installation von unerwünschten Programmen hört nicht auf/Defender geht nicht MBAR wiederholen __________________ Logfiles bitte immer in CODE-Tags posten

Windows 10 / Installation von unerwünschten Programmen hört nicht auf/Defender geht nicht

Plagegeister aller Art und deren Bekämpfung: Windows 10 / Installation von unerwünschten Programmen hört nicht auf/Defender geht nicht