Frame Drops und Soundbugs :/

stefan nur · 03.09.2016, 01:09

Hi!
seit einer weile hab ich das problem mit meinem Gaming Laptop
das bei Spielen die hohe performance bzw intensive Grafiken haben
die Frames droppen (das bild friert für ungf 0.01sec ein) und der Sound
buggt bei diesen Spielen ab und zu (audio fängt an kurz zu rauschen)
Ich weiß nicht wie ichs Detaillierter erklären kann

über fragen und vor allem Lösungsvorschläge würd ich mich sehr freuen

mfg
stefan

M-K-D-B · 03.09.2016, 16:38

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

stefan nur · 03.09.2016, 18:07

FRST.txt

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von Sonny (Administrator) auf MSI_SAMDAR (03-09-2016 18:42:15)
Gestartet von C:\Users\Sonny\Downloads
Geladene Profile: Sonny (Verfügbare Profile: Sonny)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-04-23] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347680 2015-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [40576 2013-08-29] (Creative Technology Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [RoccatIsku] => C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [536576 2013-10-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [249856 2014-01-23] (SteelSeries ApS)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [4946856 2014-10-16] (Steganos Software GmbH)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [uTorrent] => C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe [1988096 2016-09-03] (BitTorrent Inc.)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [PUSH Wallpaper] => C:\Program Files\PUSH Entertainment\Video Wallpaper\Launch Wallpaper.exe [330488 2010-05-27] ()
IFEO\chrome.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\databasecompare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dragon gaming center.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\itunes.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lightshot.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\spreadsheetcompare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\super charger.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-11-12]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{29CDA0F1-A6DA-44CC-9ABB-131A7D3D77AE}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7cf9bcf8-fdae-4c28-813c-13345f0ffd96}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8b10dfee-2a45-471c-b680-0146b9966fb7}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d7a64765-73bd-4a71-9a53-fb01d8d93b37}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130898378660324794&GUID=2EAF34BE-DF2E-AFE4-66B9-9D27FEBAE0D0
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130898378660370656&GUID=2EAF34BE-DF2E-AFE4-66B9-9D27FEBAE0D0
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-2802146430-1798650074-2620433185-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sonny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Extension: (BetterTTV) - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267\Extensions\firefox@betterttv.net.xpi [2016-07-21]
FF Extension: (ProxTube) - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267\Extensions\ich@maltegoetz.de.xpi [2016-08-25]
FF Extension: (Adblock Plus) - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-22]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon => nicht gefunden
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-04-27]

Chrome: 
=======
CHR Profile: C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-05-18]
CHR Extension: (Google Drive) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-21]
CHR Extension: (YouTube) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-21]
CHR Extension: (Adblock Plus) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-22]
CHR Extension: (Google-Suche) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-01-21]
CHR Extension: (ReChat for Twitch™) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2016-01-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Google Mail) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-01] ()
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-26] (CyberLink)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [243984 2016-03-29] (EasyAntiCheat Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144096 2015-11-12] (ELAN Microelectronics Corp.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
S4 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3806032 2015-10-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-05-02] (NVIDIA Corporation)
S4 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [321976 2014-10-16] (Steganos Software GmbH)
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-03-04] (Qualcomm Atheros) [Datei ist nicht signiert]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4368808 2015-10-14] (AVG Technologies CZ, s.r.o.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [81072 2014-02-21] (Qualcomm Atheros, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [20464 2013-11-12] (Windows (R) Win 7 DDK provider)
S3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [163536 2013-03-21] (Qualcomm Atheros, Inc.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-24] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [4107504 2015-09-24] (Intel Corporation)
S3 NETwNe64; C:\Windows\System32\drivers\Netwew02.sys [3505432 2015-03-23] (Intel Corporation)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2012-10-16] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [26496 2013-12-12] (SteelSeries Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-10-14] (TuneUp Software)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-03 18:42 - 2016-09-03 18:42 - 00026834 _____ C:\Users\Sonny\Downloads\FRST.txt
2016-09-03 18:41 - 2016-09-03 18:42 - 02397696 _____ (Farbar) C:\Users\Sonny\Downloads\FRST64.exe
2016-09-03 15:14 - 2016-09-03 15:17 - 559536890 ____R C:\Users\Sonny\Downloads\Boogeyman.zip
2016-09-03 15:14 - 2016-09-03 15:15 - 02325112 ____R (W3i, LLC) C:\Users\Sonny\Downloads\epicbot_520.exe
2016-09-03 05:00 - 2016-09-03 15:14 - 00000000 ____D C:\Users\Sonny\AppData\LocalLow\uTorrent
2016-09-03 02:32 - 2016-09-03 02:32 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-09-03 02:32 - 2016-09-03 02:32 - 00002210 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2016-09-03 02:32 - 2016-09-03 02:32 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\AVG
2016-09-03 02:32 - 2016-09-03 02:32 - 00000000 ____D C:\ProgramData\Avg
2016-09-03 02:32 - 2016-09-03 02:32 - 00000000 ____D C:\Program Files (x86)\AVG
2016-09-03 02:32 - 2015-10-14 11:05 - 00045992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2016-09-03 02:30 - 2016-09-03 02:32 - 00000000 ____D C:\Users\Sonny\AppData\Local\AvgSetupLog
2016-09-03 02:30 - 2016-09-03 02:32 - 00000000 ____D C:\Users\Sonny\AppData\Local\Avg
2016-09-01 19:42 - 2016-09-03 04:22 - 00000000 ____D C:\Users\Sonny\Desktop\fotos LUL
2016-09-01 10:56 - 2016-09-01 10:56 - 00000000 _____ C:\Users\Sonny\Desktop\anrufen 776750.txt
2016-08-31 11:12 - 2016-08-31 11:12 - 00000000 ____D C:\Users\Sonny\Desktop\hülln
2016-08-27 17:24 - 2016-08-27 17:24 - 00000000 ____D C:\Users\Sonny\Desktop\realtemp
2016-08-23 12:21 - 2016-08-23 12:21 - 00000000 ____D C:\WINDOWS\pss
2016-08-21 01:38 - 2016-08-21 01:38 - 00002019 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-08-21 01:38 - 2016-08-21 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-19 21:03 - 2016-08-19 21:03 - 00000222 _____ C:\Users\Sonny\Desktop\H1Z1 King of the Kill.url
2016-08-19 14:54 - 2016-08-19 14:54 - 00000000 ____D C:\Users\Sonny\Desktop\random
2016-08-19 14:44 - 2016-09-03 04:17 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-19 12:16 - 2016-09-03 04:17 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-19 12:13 - 2016-08-19 12:13 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-19 12:13 - 2016-08-19 12:13 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-19 12:13 - 2016-08-19 12:13 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-19 12:12 - 2016-07-15 20:29 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2016-08-19 12:12 - 2016-07-15 20:29 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2016-08-19 12:12 - 2016-07-15 20:14 - 06354944 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2016-08-19 12:12 - 2016-07-15 19:45 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2016-08-19 12:12 - 2016-07-15 19:29 - 05489664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2016-08-19 12:11 - 2016-08-19 12:11 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-19 12:10 - 2016-08-19 14:52 - 00000000 ____D C:\Users\Sonny\AppData\Local\ConnectedDevicesPlatform
2016-08-19 12:10 - 2016-08-19 12:10 - 00000020 ___SH C:\Users\Sonny\ntuser.ini
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files\MSBuild
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-19 12:07 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-19 12:07 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 ____D C:\ProgramData\USOShared
2016-08-19 11:50 - 2016-08-19 11:53 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-19 11:50 - 2016-08-19 11:53 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-19 11:44 - 2016-09-03 13:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-19 11:44 - 2016-09-03 13:32 - 00002868 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-08-19 11:44 - 2016-09-03 13:32 - 00002494 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2016-08-19 11:44 - 2016-09-03 12:41 - 00002420 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Gaming Center
2016-08-19 11:44 - 2016-09-03 04:15 - 00002196 _____ C:\WINDOWS\System32\Tasks\MSI_Reminder
2016-08-19 11:44 - 2016-09-03 04:12 - 00003712 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-19 11:44 - 2016-09-03 04:12 - 00003488 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-19 11:44 - 2016-08-19 11:44 - 00003304 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CBE7263C-E444-4178-9108-E09677EE42AD}
2016-08-19 11:44 - 2016-08-19 11:44 - 00003098 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-08-19 11:44 - 2016-08-19 11:44 - 00003084 _____ C:\WINDOWS\System32\Tasks\{801E4822-0C78-8E92-B7F4-3F027A1B897F}
2016-08-19 11:44 - 2016-08-19 11:44 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2802146430-1798650074-2620433185-1002
2016-08-19 11:44 - 2016-08-19 11:44 - 00002460 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-08-19 11:44 - 2016-08-19 11:44 - 00002380 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2802146430-1798650074-2620433185-500
2016-08-19 11:44 - 2016-08-19 11:44 - 00002242 _____ C:\WINDOWS\System32\Tasks\{62C4727E-EE8B-4CC4-ACF4-42684399E681}
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-19 11:44 - 2014-04-27 04:08 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1445490910-985070050-2736773077-500
2016-08-19 11:44 - 2013-11-13 22:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-538400136-2975241231-1352160326-500
2016-08-19 11:43 - 2016-08-19 11:44 - 00002982 _____ C:\WINDOWS\System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898
2016-08-19 11:43 - 2016-08-19 11:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Abelssoft
2016-08-19 11:33 - 2016-08-19 11:33 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-19 11:33 - 2016-08-19 11:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-08-19 11:33 - 2016-08-19 11:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-08-19 11:28 - 2016-08-19 11:35 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-19 11:25 - 2016-09-03 16:13 - 00000000 ____D C:\Users\Sonny
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Vorlagen
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Startmenü
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Netzwerkumgebung
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Lokale Einstellungen
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Eigene Dateien
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Druckumgebung
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Documents\Eigene Videos
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Documents\Eigene Musik
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Documents\Eigene Bilder
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\AppData\Local\Verlauf
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\AppData\Local\Anwendungsdaten
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Anwendungsdaten
2016-08-19 11:21 - 2016-09-03 17:07 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-19 11:21 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files\Intel
2016-08-19 11:21 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files\Elantech
2016-08-19 11:21 - 2016-08-19 11:21 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-08-19 11:21 - 2016-08-19 11:21 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-08-19 11:21 - 2016-05-27 15:50 - 00104584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-08-19 11:21 - 2016-05-27 15:50 - 00100488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-08-19 11:20 - 2016-08-19 11:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-19 11:20 - 2016-08-19 11:20 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-19 11:20 - 2016-08-19 11:20 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-19 11:20 - 2016-08-19 11:20 - 00000000 ____D C:\Program Files\Realtek
2016-08-19 11:20 - 2016-07-16 13:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 06452948 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-08-19 11:20 - 2016-06-03 05:59 - 06364216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 02455608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-19 11:20 - 2016-06-03 05:59 - 00534072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-19 11:19 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-19 11:19 - 2016-08-19 11:19 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-08-19 11:18 - 2016-09-03 16:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-19 11:18 - 2016-08-19 14:44 - 00342560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-19 11:18 - 2016-08-19 11:18 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-18 18:45 - 2016-08-18 20:07 - 00000096 _____ C:\Users\Sonny\Desktop\AliBaba evidence.txt
2016-08-11 02:55 - 2016-08-11 02:55 - 00002317 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-08-11 02:55 - 2016-08-11 02:55 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2016-08-10 15:17 - 2016-08-10 15:18 - 00000031 _____ C:\Users\Sonny\Desktop\nUMMERN.txt

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-03 18:42 - 2015-11-10 19:44 - 00000000 ____D C:\FRST
2016-09-03 17:07 - 2014-07-23 20:18 - 00000000 __SHD C:\Users\Sonny\IntelGraphicsProfiles
2016-09-03 16:13 - 2015-10-27 17:14 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-03 16:13 - 2014-08-20 20:12 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\uTorrent
2016-09-03 13:50 - 2016-07-20 01:24 - 00000000 ____D C:\Users\Sonny\AppData\Local\ElevatedDiagnostics
2016-09-03 13:47 - 2014-08-07 21:09 - 00000000 ____D C:\ProgramData\Oracle
2016-09-03 13:46 - 2015-09-05 09:56 - 00000000 ____D C:\Users\Sonny\.oracle_jre_usage
2016-09-03 13:46 - 2014-10-30 17:56 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-09-03 13:46 - 2014-10-30 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-03 13:46 - 2014-08-07 21:09 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-03 13:38 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-09-03 13:24 - 2016-01-21 16:17 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-03 13:24 - 2016-01-21 16:17 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-03 13:23 - 2016-07-16 13:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-03 04:38 - 2014-07-24 00:29 - 00000000 ____D C:\Users\Sonny\AppData\Local\CrashDumps
2016-09-03 04:22 - 2016-07-28 05:08 - 00000000 ____D C:\Users\Sonny\Desktop\slaM
2016-09-03 04:22 - 2016-07-20 01:42 - 00000000 ____D C:\Users\Sonny\Desktop\memes
2016-09-03 04:22 - 2016-06-01 20:58 - 00000000 ____D C:\Users\Sonny\.spawnpk
2016-09-03 04:22 - 2016-05-20 15:55 - 00000000 ____D C:\Users\Sonny\Desktop\k
2016-09-03 04:18 - 2016-03-29 02:04 - 00000000 ____D C:\Users\Sonny\.thumbnails
2016-09-03 04:18 - 2016-02-24 00:38 - 00000000 ____D C:\ProgramData\DriverGenius
2016-09-03 04:18 - 2014-12-23 13:23 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Skype
2016-09-03 04:18 - 2014-08-07 21:10 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\.minecraft
2016-09-03 04:18 - 2014-04-27 04:02 - 00000000 ____D C:\ProgramData\Temp
2016-09-03 04:17 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-03 04:17 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-03 04:17 - 2014-12-14 16:44 - 00000000 ____D C:\Users\Sonny\AppData\Local\Battle.net
2016-09-02 18:04 - 2014-12-14 16:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-09-02 12:43 - 2016-07-17 00:51 - 00568860 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-02 12:43 - 2016-07-17 00:51 - 00108388 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-02 12:43 - 2015-11-17 02:13 - 01599886 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-02 12:39 - 2015-11-17 02:10 - 00147656 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2016-09-01 21:43 - 2014-07-31 21:19 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\TS3Client
2016-08-26 12:50 - 2016-05-05 23:38 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-26 11:57 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-25 11:36 - 2016-01-19 22:16 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-08-21 17:08 - 2014-12-14 16:45 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-08-21 01:38 - 2015-11-15 03:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-20 15:52 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-20 13:54 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-20 13:52 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-20 02:22 - 2014-04-27 03:18 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-19 21:03 - 2014-08-14 18:31 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-19 14:46 - 2016-04-18 20:19 - 00000306 __RSH C:\ProgramData\ntuser.pol
2016-08-19 12:46 - 2014-07-23 20:18 - 00000000 ____D C:\Users\Sonny\AppData\Local\Packages
2016-08-19 12:16 - 2016-07-16 13:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-19 12:14 - 2015-11-17 02:39 - 00002439 _____ C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-19 12:14 - 2015-05-13 14:16 - 00000000 ___RD C:\Users\Sonny\OneDrive
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-19 12:12 - 2016-07-17 00:52 - 00000000 ____D C:\WINDOWS\OCR
2016-08-19 12:10 - 2014-07-23 20:15 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-19 12:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-08-19 12:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-08-19 11:54 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-19 11:54 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-19 11:54 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows NT
2016-08-19 11:53 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-19 11:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-19 11:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-19 11:50 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-19 11:44 - 2015-11-17 02:19 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-19 11:40 - 2014-04-27 03:25 - 01444596 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-08-19 11:36 - 2014-09-06 18:31 - 00000000 ____D C:\WINDOWS\SysWOW64\SupportAppZXH
2016-08-19 11:36 - 2013-11-13 21:33 - 00000000 ____D C:\WINDOWS\uk
2016-08-19 11:36 - 2013-11-13 21:33 - 00000000 ____D C:\WINDOWS\tr
2016-08-19 11:35 - 2016-08-02 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-08-19 11:35 - 2016-08-01 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-08-19 11:35 - 2016-07-26 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-19 11:35 - 2016-06-22 03:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-08-19 11:35 - 2016-06-19 02:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReMouse Standard
2016-08-19 11:35 - 2016-06-07 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-08-19 11:35 - 2016-06-01 08:41 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2016-08-19 11:35 - 2016-05-23 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GhostMouse
2016-08-19 11:35 - 2016-05-20 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-19 11:35 - 2016-05-06 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-08-19 11:35 - 2016-02-24 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
2016-08-19 11:35 - 2015-11-11 20:26 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-19 11:35 - 2015-10-30 20:44 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-19 11:35 - 2015-10-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-19 11:35 - 2015-06-14 01:20 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-08-19 11:35 - 2015-03-22 14:48 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
2016-08-19 11:35 - 2014-12-23 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-19 11:35 - 2014-12-22 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-08-19 11:35 - 2014-12-14 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-08-19 11:35 - 2014-12-14 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-08-19 11:35 - 2014-11-29 11:52 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-19 11:35 - 2014-11-29 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-19 11:35 - 2014-11-13 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2016-08-19 11:35 - 2014-11-12 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-08-19 11:35 - 2014-11-05 22:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-19 11:35 - 2014-11-02 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2016-08-19 11:35 - 2014-08-21 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Goat Simulator
2016-08-19 11:35 - 2014-07-31 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-08-19 11:35 - 2014-07-25 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2016-08-19 11:35 - 2014-04-27 04:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
2016-08-19 11:35 - 2014-04-27 03:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-08-19 11:35 - 2014-04-27 03:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-08-19 11:35 - 2014-04-27 03:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-19 11:35 - 2014-04-18 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2016-08-19 11:35 - 2013-11-13 21:33 - 00000000 ____D C:\WINDOWS\bg
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\sv
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\sl
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\sk
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\ru
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\ro
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\pl
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\nl
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\lv
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\lt
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\it
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\hu
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\hr
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\he
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\fr
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\fi
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\et
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\es
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\en
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\el
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\de
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\da
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\cs
2016-08-19 11:35 - 2013-11-13 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-08-19 11:35 - 2013-11-13 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2016-08-19 11:33 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-19 11:33 - 2015-10-30 08:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-08-19 11:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-08-19 11:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-19 11:30 - 2014-07-24 11:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-19 11:30 - 2014-04-27 03:20 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-08-19 11:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-08-19 11:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-19 11:29 - 2016-05-03 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PUSH Entertainment
2016-08-19 11:29 - 2016-03-10 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-08-19 11:29 - 2016-01-14 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-08-19 11:29 - 2016-01-14 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-08-19 11:29 - 2015-09-26 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roccat
2016-08-19 11:29 - 2014-04-27 03:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2016-08-19 11:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-19 11:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-19 11:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-19 11:28 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-19 11:27 - 2016-03-10 05:34 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-08-19 11:21 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-19 11:21 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-19 11:21 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-19 03:53 - 2014-07-23 21:16 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-18 22:49 - 2014-07-24 20:37 - 00000000 ____D C:\Users\Sonny\AppData\Local\NVIDIA Corporation
2016-08-18 22:49 - 2014-07-24 20:36 - 00000000 ____D C:\Users\Sonny\AppData\Local\NVIDIA
2016-08-18 14:37 - 2014-04-27 03:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-08-17 18:04 - 2014-11-15 17:55 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\TeamViewer
2016-08-13 23:14 - 2014-11-01 16:59 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-11 02:55 - 2014-04-27 03:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-11 00:44 - 2015-02-12 19:31 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-08-10 00:19 - 2014-07-24 11:47 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 00:16 - 2015-10-16 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-10 00:10 - 2013-08-22 15:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-08-08 23:40 - 2016-01-21 16:18 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2005-04-08 04:16 - 2015-02-28 23:03 - 0142572 ____H () C:\Users\Sonny\AppData\Roaming\Sonnylog.dat
2015-10-21 21:42 - 2015-10-21 21:42 - 1852453 _____ () C:\Users\Sonny\AppData\Local\curl.zip
2015-10-21 21:42 - 2015-10-21 21:42 - 0000002 _____ () C:\Users\Sonny\AppData\Local\OczLpK.vbs
2016-06-29 04:14 - 2016-06-29 04:14 - 0005871 _____ () C:\Users\Sonny\AppData\Local\recently-used.xbel
2015-03-23 19:53 - 2016-01-23 12:21 - 0007601 _____ () C:\Users\Sonny\AppData\Local\Resmon.ResmonCfg
2016-07-21 18:19 - 2016-07-21 18:19 - 1145382 _____ () C:\Users\Sonny\AppData\Local\Tempmusic.ogg
2015-06-20 16:06 - 2015-06-20 16:06 - 0000003 _____ () C:\Users\Sonny\AppData\Local\updater.log
2015-06-20 16:06 - 2015-10-02 12:12 - 0000424 _____ () C:\Users\Sonny\AppData\Local\UserProducts.xml

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Sonny\matrix_cl_CloudIn_LIVE.dat
C:\Users\Sonny\system32log.dat


Einige Dateien in TEMP:
====================
C:\Users\Sonny\AppData\Local\Temp\jre-8u101-windows-au.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-29 17:47

==================== Ende von FRST.txt ============================

stefan nur · 03.09.2016, 18:09

Adition.txt

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Sonny (03-09-2016 18:43:17)
Gestartet von C:\Users\Sonny\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-19 09:54:38)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2802146430-1798650074-2620433185-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2802146430-1798650074-2620433185-503 - Limited - Disabled)
Gast (S-1-5-21-2802146430-1798650074-2620433185-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2802146430-1798650074-2620433185-1004 - Limited - Enabled)
Sonny (S-1-5-21-2802146430-1798650074-2620433185-1002 - Administrator - Enabled) => C:\Users\Sonny

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

„Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\uTorrent) (Version: 3.4.8.42499 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.3.1.24857 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.3.3 - AVG Technologies) Hidden
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1402.2101 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1403.0501 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1403.0501 - Micro-Star International Co., Ltd.) Hidden
Driver Genius (HKLM-x32\...\Driver Genius_is1) (Version: 12.0 - Driver-Soft Inc.)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
ELAN Touchpad 15.13.3.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.3.1 - ELAN Microelectronic Corp.)
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1405.3) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 4.1.1) (Version: 4.1.1 - Riot Games)
League of Legends (x32 Version: 4.1.1 - Riot Games) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x64 de) (HKLM\...\Mozilla Firefox 48.0.2 (x64 de)) (Version: 48.0.2 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.4 - Steganos Software GmbH)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PUSH Entertainment - Video Wallpaper (HKLM\...\Video Wallpaper_is1) (Version: 2.23 - PUSH Entertainment)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{68DD86DD-8E02-4921-926B-B358D51EAF3A}) (Version: 1.1.41.1283 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
ReMouse Standard (HKLM-x32\...\ReMouse Standard_is1) (Version: Standard V3.5.3 - AutomaticSolution Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROCCAT Isku Keyboard Driver (HKLM-x32\...\{4ABAF918-A6BD-43D8-AE0B-5292034B14CB}) (Version:  - Roccat GmbH)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Savu Mouse (HKLM-x32\...\{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}) (Version: 1.1.9 - ROCCAT GmbH)
SCM (HKLM\...\{6692DCAF-A445-4C6B-AF31-3DD85FC06FBA}) (Version: 13.014.01026 - Application)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
ShellShock Live (HKLM-x32\...\Steam App 326460) (Version:  - kChamp Games)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.6 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.417.28061 - SteelSeries)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
The Culling (HKLM\...\Steam App 437220) (Version:  - Xaviant)
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {053C778D-06C1-4D62-84BD-39FA4870D03F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.)
Task: {0B88422E-0E67-4BD3-A774-324BB3D1E424} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {0E347E3E-A2F6-47A0-9EE4-8991DFFB1DF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {13C3F18E-4E5D-4062-810F-A6499B00FA47} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {18897757-D763-4018-98E4-F81AD458BCEB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1942A794-A36D-413F-AF1E-A7B01F4F3346} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {198AC17A-A1A9-477C-BC26-40D414306202} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {2FB68F56-273E-4B0A-B0CE-2C9585B6E939} - \bvxvexvbg -> Keine Datei <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {48AEA875-F19E-4CB3-85CC-44B1617E0B24} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {49990D9B-BE5E-4D67-BF21-53C5D3665991} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {655D8C8B-159C-4CA9-896F-F077CE442901} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {6862DC0E-FE87-4D8C-A983-2F1B630D7826} - \WPD\SqmUpload_S-1-5-21-2802146430-1798650074-2620433185-1002 -> Keine Datei <==== ACHTUNG
Task: {6BAEF6AB-D48E-4CDB-B1D8-032B9BA38F9C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {71F810AD-05B9-48D8-8F87-40070FF6A3C6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {779208B8-9886-4521-93FC-514FDB47C6FF} - System32\Tasks\MSI_Reminder => C:\Program Files (x86)\MSI\MSI Remind Manager\MSI Reminder.exe [2014-04-10] ()
Task: {94709565-896C-4D2D-A9DA-3B2774732943} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {94DB0CE4-15DD-4477-A79B-7BA671F09F10} - System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 => C:\Users\Sonny\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ACHTUNG
Task: {96988190-5ACB-4B27-8FDE-58A1B624E43B} - \CCleanerSkipUAC -> Keine Datei <==== ACHTUNG
Task: {9F42C4A6-5B67-4B0F-9CFC-175D1D6FA324} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B267233E-BE96-40DA-9032-9B05C1279146} - \ShopperProJSUpd -> Keine Datei <==== ACHTUNG
Task: {B3B77269-D008-49F1-9EC4-2AB878784C27} - System32\Tasks\{62C4727E-EE8B-4CC4-ACF4-42684399E681} => pcalua.exe -a C:\PROGRA~1\DIFX\D29FE547208FE130\DPInst.exe -c /u C:\Windows\System32\DriverStore\FileRepository\kb9xradiobtn.inf_amd64_50504636c90ca4e3\kb9xradiobtn.inf
Task: {B4D17AEA-31EE-4FCD-9D25-75C86FFEBC6F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {BDE262C3-2DF7-4D42-B38A-E3DE2A1AC283} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe
Task: {C957C991-800F-4BE0-A4FF-12E2CD98E32A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {D1CF2F54-65BE-4320-9872-038D8AA1132B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.)
Task: {DBE3E5FC-5900-4118-890B-1D8212D1A430} - System32\Tasks\{801E4822-0C78-8E92-B7F4-3F027A1B897F} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\9da82d49\e91fe5fd.dll" <==== ACHTUNG
Task: {DC24F3EE-D31D-42B7-9458-AF69BFC5BFD0} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)
Task: {E08773B5-39C4-4444-B05F-7B63F6E3B159} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E0C17C92-78F0-4BD3-A0F5-E7A706927361} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {E1C358B5-A440-477A-95F8-3146B442F679} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {E6ECFF46-EF98-41D6-A5E4-A838B550B329} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {E7F87DA8-918B-4017-B33A-D1E8E876C1AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EB6CD99B-C94C-4E36-99D4-C0743D42C9FA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {F65F27F3-44BD-4AAE-9844-07428DB301E4} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {F6E739F6-2C7A-4F9C-9A62-79C5832E2952} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {FA6C6C53-046E-4420-A351-88C1A17104D3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-20 07:38 - 2016-05-02 20:31 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-27 14:05 - 2016-05-02 20:31 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-20 07:38 - 2016-05-02 20:31 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-19 11:26 - 2016-05-02 20:31 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00959168 _____ () C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-08-19 12:47 - 2016-08-19 12:47 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-19 12:47 - 2016-08-19 12:47 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-19 12:47 - 2016-08-19 12:47 - 35290624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-04-02 17:25 - 2016-05-02 20:31 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-02 17:25 - 2016-05-02 20:31 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2014-04-27 03:41 - 2012-11-01 20:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-04-27 03:41 - 2012-11-01 20:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2015-03-31 16:41 - 2016-05-02 20:31 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-03 02:32 - 2015-04-07 15:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\sony.com -> sony.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-08-21 01:38 - 00000869 ____A C:\WINDOWS\system32\Drivers\etc\hosts


0.0.0.1	mssplus.mcafee.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: EslWireHelper => 2
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: OkayFreedom VPN Starter Service => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: Wecsvc => 3
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "ROCCAT Savu Gaming Mouse"
HKLM\...\StartupApproved\Run32: => "RoccatIsku"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\StartupFolder: => "AutoFuriousPk.lnk"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "SteelSeries Engine"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "OKAYFREEDOM_Agent"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "ESL Wire"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DF971B6E1C7E4227FED899F7F8727B7B"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "PUSH Wallpaper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{323F54F6-1022-4389-9475-0867806E2FA6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C3E280ED-211A-4320-82EC-A76F89431439}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{84F4DCC3-5FBA-4AC8-886F-07D9D826BD9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{E886D6A5-4473-4042-83E2-BD6A7EEA1D15}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{EF002034-43ED-4E47-AE38-8D8E2A298297}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{955472F1-5D68-4D89-BD24-EADBA675F4C8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{F22E429B-7106-45D4-9A5D-0D6D2A70162D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{9C7F7AD4-4141-4B32-80DB-C1E2670D189D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{8C3C60E1-55D8-43CF-AA5F-3AB8B6233801}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{96953C08-8D06-4B77-ADE1-8C8F780CF0B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{541C1507-5C78-4608-8C9F-9B4AC8F53CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{0A7A5E77-E3C8-4881-A544-17F3581297F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{DB7327BE-C3F5-405C-A510-F49E0E51E3F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{90F032A5-50AD-43E0-A83B-987132E7B06D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{568FB156-984F-4364-AF50-15DDF2E1DC4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [UDP Query User{2D1F931A-E2AF-46F8-BF41-C0C000A8D7C2}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{0793FF90-1FB8-4843-A039-53AB42BF70AC}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{39591338-63FA-468D-AB47-D7D037E66721}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{E15D65A5-9DF8-4DD5-9A5A-95E2B366EB35}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{683459A5-EF2D-4DB6-9160-74BBA21469BF}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{A6FCFAFD-3870-419A-9A5E-98EF9D36C78F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{462DB65D-E303-45A8-B7D1-08FF1C8AF7CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [UDP Query User{BC3969FC-6E5B-40AC-AFBA-EB0CAA42C221}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [TCP Query User{4332FFBC-2072-443A-9C7C-FCAB5C4ED8D7}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{7AFA1FBF-9C52-4DD3-AB57-BF9C9AB34774}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [TCP Query User{0395FAD8-DA84-42CA-B016-EF4DFA8724FE}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{D6AD0797-7A2F-4B57-9E07-E46B1131BCD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{87D424F9-131B-484A-B754-F2C12EEB6594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{E71047C8-96B5-427E-9ECD-9D53CB592396}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9BBCF2B4-2849-44F8-9F7D-C5AC4E6645D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C538D8F9-F3AF-49BF-9472-CA66BBD0287A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2E94D72F-A7C3-44E2-B0B4-9A0D5FB128A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{94ABB9C1-025E-44A0-B507-71EEA4DCCE46}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{918171DB-51FE-442E-A748-65C2209E1B43}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{7D235FA2-3169-4767-8B52-8581D90E8DFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{60117904-9765-4810-938F-4A06EAE14A5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{381B44DB-F887-4D40-9D0B-4018B07597B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{F33118C0-A503-48D2-853A-33D8517D79BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{8BE42A11-0D70-4452-BE76-06C717B8CDD6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{308A4354-6154-4460-811B-E7B0EB88FB13}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E6C3F48-D98E-40B1-B72A-6B6F6B411C20}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05482FAF-ADB3-489E-A641-40FC08C64E10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72C13B62-051B-4A27-BC4D-0324BD75AA18}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{46A93CBC-A60D-4E2F-9B9A-E25359E7CBFF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0B8F220F-16AA-41C3-81F8-6030BB7F697A}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [UDP Query User{68BB482A-48CF-4A6A-A077-6F1D6E8E35C8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E658F9F5-85B1-436B-8D90-769FF6BE0542}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{379BE65A-EA45-4BDF-9CE1-786C408AC218}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{3A508D5E-59BF-48F1-AE2F-3EBB161C4775}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{57AD8D68-AC15-4EAC-8ECC-8BFA22E6F067}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{14BC4668-0899-45AE-9C64-3CA242854F86}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{7C798BDB-6720-4409-9B9A-45BA2488A588}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{871CE9EA-FC2D-46E8-9CF5-038B68F6EE84}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D0DF9B70-BBE4-48C4-ACB4-389845387DA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{68B8F02F-74EC-4917-9703-CFAACB383528}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{4631B28B-ADA1-4C8D-B5FC-A994551BB76D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{84BFB907-2C19-4CC2-967E-2EEC581BE0F2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{88534048-92B0-4434-B900-7CC55D4D607A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{46B62EA1-692C-43BF-A543-925F26966896}] => (Allow) LPort=2869
FirewallRules: [{70C1D52C-B586-4EA1-98E9-020CFC70DF45}] => (Allow) LPort=1900
FirewallRules: [{4F25C021-11DD-41CD-BF58-AF46BB13C1CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{34A7734F-B00A-48D0-A83B-EAA1C2D616D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F2D7538C-E394-4AFD-AFAE-C68DBDB93E7F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{97985C29-EEF1-45B4-87D4-56E4EA95F891}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{59002A38-6D55-4C7E-987A-00B84BDD163B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B0E18A3D-6288-4728-995D-F6E8D08F074F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{87F560AE-BBF6-4483-81C7-B055D2D3188C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5A4BEE09-39DF-4CE7-B48B-5FB4948D9D32}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3FF015C5-2DED-4BBD-B4B9-7374E65B41FC}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{32FDCE01-2945-4FA9-B829-A5F4C26FB8C3}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [{38629923-47DD-456C-ACD6-3B4059308CF0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{78C09BC1-7EB7-4379-BC57-60C084592856}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{87000D62-B90C-4395-81D3-04E12D02D7D3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D52ECCFE-BBC8-4BFB-B57A-AC84EEF9DC44}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8A134117-682E-4AE1-8C65-58B89EBB8EE9}] => (Allow) C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A2417B52-3AB6-4329-8328-0CD63104072A}] => (Allow) C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{766E52DB-5914-4B0F-B91D-40D105E9E512}C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{6316FDDD-ACF3-474D-83CD-A15538E7C2EF}C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{429D1BD2-5F4C-418E-A896-DB06DEAC672C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{71AE5ACB-DD33-4093-966D-360624305C77}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9B0F9E29-F072-4C49-AB5D-C699A097B550}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E7B30437-E8BC-41D2-811D-971508B49E6D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{95E758E8-6327-46EF-9E46-A3F19F2D3C2B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3D7EAC98-4483-4264-A0EE-EAEEEC61801D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6144ABD9-6B89-4709-B5CD-793CAE422FC1}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{0D0160A4-1961-48A9-ABB5-82210565AB77}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{835FA948-A930-46D0-B0AB-367172FF2365}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{A59DFE90-68C8-4946-B47F-06F36EDB9B80}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{1A335CE4-A404-4EDE-8A78-1B214F0BCD9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F606F0F9-B84F-4323-BB4C-C1ED38AF3C5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{52592E1B-9B26-455C-942A-5C2B52556207}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D53A82D6-086F-460D-BD79-D24F0620DCCE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{85D611CD-514B-4DE7-942F-230AFAD6FBDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{40BD89CC-ACE0-4CA1-AF80-FA080F104BA4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ED491681-DE8D-43FB-BD07-BA83ACCB3191}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{536B782A-EBDF-4570-A1DC-A7CC9062E01E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F083E633-DD01-464E-BEEB-43B6669CFAD7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5731A13E-9B44-47A8-ACB5-FEA1C274BEEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{A6FFC7A4-1EDC-49E6-AA50-69B89C706BFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{2A960612-008E-4658-BD90-6D4CA38B739A}C:\users\sonny\appdata\local\temp\rar$exa0.338\boogeyman\boogeyman\binaries\win64\boogeyman.exe] => (Allow) C:\users\sonny\appdata\local\temp\rar$exa0.338\boogeyman\boogeyman\binaries\win64\boogeyman.exe
FirewallRules: [UDP Query User{3B0D71FD-DB89-4C85-B055-4AF82B24E6DC}C:\users\sonny\appdata\local\temp\rar$exa0.338\boogeyman\boogeyman\binaries\win64\boogeyman.exe] => (Allow) C:\users\sonny\appdata\local\temp\rar$exa0.338\boogeyman\boogeyman\binaries\win64\boogeyman.exe
FirewallRules: [TCP Query User{583C48EA-EB82-41CC-AEDB-FB8491044E3C}C:\users\sonny\appdata\local\temp\rar$exa0.814\boogeyman\boogeyman\binaries\win64\boogeyman.exe] => (Allow) C:\users\sonny\appdata\local\temp\rar$exa0.814\boogeyman\boogeyman\binaries\win64\boogeyman.exe
FirewallRules: [UDP Query User{A83B7FD5-EBCC-423F-8FC3-C9E8DC1E3EE2}C:\users\sonny\appdata\local\temp\rar$exa0.814\boogeyman\boogeyman\binaries\win64\boogeyman.exe] => (Allow) C:\users\sonny\appdata\local\temp\rar$exa0.814\boogeyman\boogeyman\binaries\win64\boogeyman.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/23/2016 11:52:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI_SAMDAR)
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/23/2016 11:37:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SteelSeriesEngine.exe, Version: 2.8.417.0, Zeitstempel: 0x52e131f7
Name des fehlerhaften Moduls: CliSecureRT64.dll, Version: 5.2.0.6, Zeitstempel: 0x4c993b3a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000012b0
ID des fehlerhaften Prozesses: 0x2518
Startzeit der fehlerhaften Anwendung: 0x01d1fd0421b7d3d8
Pfad der fehlerhaften Anwendung: C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
Pfad des fehlerhaften Moduls: C:\Users\Sonny\AppData\Local\Temp\fcaa5f9b-83be-462f-bb26-c1541883b2c0\CliSecureRT64.dll
Berichtskennung: ac168cf2-82ad-4857-af80-9eb46d19b2ca
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/23/2016 09:01:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm MSI Reminder.exe, Version 1.0.1404.901 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2170

Startzeit: 01d1fd04072f980e

Beendigungszeit: 94

Anwendungspfad: C:\Program Files (x86)\MSI\MSI Remind Manager\MSI Reminder.exe

Berichts-ID: 629175e3-68ff-11e6-857c-a08869908035

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (08/23/2016 03:38:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15532

Error: (08/23/2016 03:38:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15532

Error: (08/23/2016 03:38:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/22/2016 11:06:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dragon Gaming Center.exe, Version: 1.0.1403.501, Zeitstempel: 0x53181da4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.0, Zeitstempel: 0x57899809
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1b9c
Startzeit der fehlerhaften Anwendung: 0x01d1fcb90d527aef
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 6fc5216f-afff-4d13-808a-c40e0c4d97b5
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/22/2016 11:06:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Dragon Gaming Center.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidCastException
   bei GameCenter.CAudioSettings..ctor()
   bei GameCenter.Tab_Display.SaveSystemDefualt()
   bei GameCenter.Tab_InstantPlay.SaveSystemDefualt()
   bei GameCenter.MainWindow.saveSystemDefault()
   bei GameCenter.MainWindow.MainWindow_ContentRendered(System.Object, System.EventArgs)
   bei System.Windows.Window.OnContentRendered(System.EventArgs)
   bei System.Windows.Window.<PostContentRendered>b__198_0(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei GameCenter.App.Main()

Error: (08/22/2016 09:29:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (08/22/2016 09:29:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594


Systemfehler:
=============
Error: (09/02/2016 01:34:16 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1068" in DCOM, als der Dienst "netprofm" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (09/02/2016 01:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (09/02/2016 01:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Windows-Ereignisprotokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (09/02/2016 01:34:13 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1068" in DCOM, als der Dienst "netprofm" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (09/02/2016 01:34:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (09/02/2016 01:34:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Windows-Ereignisprotokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (09/02/2016 01:34:10 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1068" in DCOM, als der Dienst "netprofm" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (09/02/2016 01:34:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (09/02/2016 01:34:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Windows-Ereignisprotokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (09/02/2016 01:34:07 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1068" in DCOM, als der Dienst "netprofm" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{A47979D2-C419-11D9-A5B4-001185AD2B89}


CodeIntegrity:
===================================
  Date: 2016-08-20 15:48:17.373
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-20 15:48:16.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 7345.19 MB
Verfügbarer physikalischer RAM: 4910.04 MB
Summe virtueller Speicher: 23729.19 MB
Verfügbarer virtueller Speicher: 21336.27 MB

==================== Laufwerke ================================

Drive c: (OS_Install) (Fixed) (Total:585.61 GB) (Free:196.65 GB) NTFS
Drive d: (Data) (Fixed) (Total:325.59 GB) (Free:317.05 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 76D1827D)

Partition: GPT.

==================== Ende von Addition.txt ============================

stefan nur · 03.09.2016, 18:10

und die TSDD.file
aus irgeinem grund krieg ichs nich hin alle 3 files in einen Post zu kriegen

Code:

ATTFilter

18:44:28.0537 0x0cbc  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
18:44:28.0537 0x0cbc  UEFI system
18:44:31.0321 0x0cbc  ============================================================
18:44:31.0321 0x0cbc  Current date / time: 2016/09/03 18:44:31.0321
18:44:31.0321 0x0cbc  SystemInfo:
18:44:31.0321 0x0cbc  
18:44:31.0321 0x0cbc  OS Version: 10.0.14393 ServicePack: 0.0
18:44:31.0321 0x0cbc  Product type: Workstation
18:44:31.0321 0x0cbc  ComputerName: MSI_SAMDAR
18:44:31.0321 0x0cbc  UserName: Sonny
18:44:31.0321 0x0cbc  Windows directory: C:\WINDOWS
18:44:31.0321 0x0cbc  System windows directory: C:\WINDOWS
18:44:31.0321 0x0cbc  Running under WOW64
18:44:31.0321 0x0cbc  Processor architecture: Intel x64
18:44:31.0321 0x0cbc  Number of processors: 8
18:44:31.0321 0x0cbc  Page size: 0x1000
18:44:31.0321 0x0cbc  Boot type: Normal boot
18:44:31.0321 0x0cbc  CodeIntegrityOptions = 0x00000001
18:44:31.0321 0x0cbc  ============================================================
18:44:32.0528 0x0cbc  KLMD registered as C:\WINDOWS\system32\drivers\12653062.sys
18:44:32.0528 0x0cbc  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.0, osProperties = 0x19
18:44:33.0440 0x0cbc  System UUID: {10732CB3-B413-A1BD-9BC5-9E369D844DC4}
18:44:34.0035 0x0cbc  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:44:34.0038 0x0cbc  ============================================================
18:44:34.0038 0x0cbc  \Device\Harddisk0\DR0:
18:44:34.0038 0x0cbc  GPT partitions:
18:44:34.0038 0x0cbc  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {561D05A1-5BB1-45C4-9946-31D55578F5E7}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x12C000
18:44:34.0038 0x0cbc  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {CC045C0D-9D4E-43FE-AFCD-50619B17F6AE}, Name: EFI system partition, StartLBA 0x12C800, BlocksNum 0x96000
18:44:34.0039 0x0cbc  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {653368BC-2279-40E5-A851-686B15B0607A}, Name: Microsoft reserved partition, StartLBA 0x1C2800, BlocksNum 0x40000
18:44:34.0039 0x0cbc  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DA8B207D-F772-4BB9-9BA7-87D957D0348A}, Name: Basic data partition, StartLBA 0x202800, BlocksNum 0x49337800
18:44:34.0039 0x0cbc  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {805C0959-7E4D-4CED-95F7-73470EB8D454}, Name: , StartLBA 0x4953A000, BlocksNum 0xE1000
18:44:34.0039 0x0cbc  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2C56B739-4CBA-4A2A-9DE1-40F62ACF2DD2}, Name: Basic data partition, StartLBA 0x4961B000, BlocksNum 0x28B2F000
18:44:34.0039 0x0cbc  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4EB162E9-742C-4514-AFC5-756ECB853BA2}, Name: Basic data partition, StartLBA 0x7214A000, BlocksNum 0x25BC800
18:44:34.0039 0x0cbc  MBR partitions:
18:44:34.0039 0x0cbc  ============================================================
18:44:34.0080 0x0cbc  C: <-> \Device\Harddisk0\DR0\Partition4
18:44:34.0151 0x0cbc  D: <-> \Device\Harddisk0\DR0\Partition6
18:44:34.0151 0x0cbc  ============================================================
18:44:34.0151 0x0cbc  Initialize success
18:44:34.0151 0x0cbc  ============================================================
18:46:48.0061 0x1688  ============================================================
18:46:48.0061 0x1688  Scan started
18:46:48.0061 0x1688  Mode: Manual; 
18:46:48.0061 0x1688  ============================================================
18:46:48.0061 0x1688  KSN ping started
18:46:48.0147 0x1688  KSN ping finished: true
18:46:50.0189 0x1688  ================ Scan system memory ========================
18:46:50.0189 0x1688  System memory - ok
18:46:50.0189 0x1688  ================ Scan services =============================
18:46:50.0334 0x1688  1394ohci - ok
18:46:50.0336 0x1688  3ware - ok
18:46:50.0339 0x1688  ACPI - ok
18:46:50.0341 0x1688  AcpiDev - ok
18:46:50.0344 0x1688  acpiex - ok
18:46:50.0346 0x1688  acpipagr - ok
18:46:50.0356 0x1688  AcpiPmi - ok
18:46:50.0359 0x1688  acpitime - ok
18:46:50.0442 0x1688  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:46:50.0445 0x1688  AdobeFlashPlayerUpdateSvc - ok
18:46:50.0458 0x1688  ADP80XX - ok
18:46:50.0462 0x1688  AFD - ok
18:46:50.0465 0x1688  ahcache - ok
18:46:50.0483 0x1688  AJRouter - ok
18:46:50.0494 0x1688  ALG - ok
18:46:50.0496 0x1688  AmdK8 - ok
18:46:50.0498 0x1688  AmdPPM - ok
18:46:50.0500 0x1688  amdsata - ok
18:46:50.0503 0x1688  amdsbs - ok
18:46:50.0506 0x1688  amdxata - ok
18:46:50.0508 0x1688  AppID - ok
18:46:50.0510 0x1688  AppIDSvc - ok
18:46:50.0512 0x1688  Appinfo - ok
18:46:50.0640 0x1688  [ 3B3774C868868257533EC7E715BB6D53, 4AF1DADCEDBD80BE6EDEC696DF59E65B51D31E33F4C84413CA03C7BD959FF4E5 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:46:50.0642 0x1688  Apple Mobile Device Service - ok
18:46:50.0644 0x1688  applockerfltr - ok
18:46:50.0665 0x1688  AppReadiness - ok
18:46:50.0667 0x1688  AppXSvc - ok
18:46:50.0669 0x1688  arcsas - ok
18:46:50.0671 0x1688  AsyncMac - ok
18:46:50.0684 0x1688  atapi - ok
18:46:50.0687 0x1688  AudioEndpointBuilder - ok
18:46:50.0690 0x1688  Audiosrv - ok
18:46:50.0809 0x1688  [ 3FDBE5DF05A61B4418CF086CBDA4E93A, BFD2DA45C444258BA288F7A6374E86A8572217705B5128B342EE93D138A21830 ] avgsvc          C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
18:46:50.0821 0x1688  avgsvc - ok
18:46:50.0825 0x1688  AxInstSV - ok
18:46:50.0827 0x1688  b06bdrv - ok
18:46:50.0829 0x1688  BasicDisplay - ok
18:46:50.0832 0x1688  BasicRender - ok
18:46:50.0835 0x1688  bcmfn - ok
18:46:50.0838 0x1688  bcmfn2 - ok
18:46:50.0840 0x1688  BDESVC - ok
18:46:50.0860 0x1688  Beep - ok
18:46:50.0920 0x1688  [ E543472B75FC78B3205273AE1E8CFE5F, 97CCA65B2BD59DF45B069DE66522E768968CD03B377F797691429E14D448BE9F ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
18:46:50.0937 0x1688  BEService - ok
18:46:50.0956 0x1688  BFE - ok
18:46:50.0986 0x1688  [ B1EAED166CC8942F49B3391D5C2007DD, F07648493F68D22594FEAE746BF3B2BA2262707FE21216E87500E407FEDCC2CC ] BfLwf           C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys
18:46:50.0988 0x1688  BfLwf - ok
18:46:51.0004 0x1688  BITS - ok
18:46:51.0057 0x1688  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:46:51.0062 0x1688  Bonjour Service - ok
18:46:51.0082 0x1688  bowser - ok
18:46:51.0088 0x1688  BrokerInfrastructure - ok
18:46:51.0095 0x1688  Browser - ok
18:46:51.0105 0x1688  BthAvrcpTg - ok
18:46:51.0107 0x1688  BthHFEnum - ok
18:46:51.0110 0x1688  bthhfhid - ok
18:46:51.0118 0x1688  BthHFSrv - ok
18:46:51.0121 0x1688  BTHMODEM - ok
18:46:51.0128 0x1688  BTHPORT - ok
18:46:51.0130 0x1688  bthserv - ok
18:46:51.0132 0x1688  BTHUSB - ok
18:46:51.0187 0x1688  [ EAAE1737D2209701E203BA017F57E579, B0CA6FDE97DEBAF2FC6FDEA0BB1A0C4234A75133E64C7739B2392F85C1E69E22 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
18:46:51.0205 0x1688  btmhsf - ok
18:46:51.0249 0x1688  [ 6DD9550A2C5A94306275E0360903F7E2, 1F0C8AB0B76FE52EE461EBA6AE8B47A15AE9D3F7E119078F44292D00B9200B1C ] busenum         C:\WINDOWS\System32\drivers\SteelBus64.sys
18:46:51.0252 0x1688  busenum - ok
18:46:51.0285 0x1688  buttonconverter - ok
18:46:51.0288 0x1688  CapImg - ok
18:46:51.0328 0x1688  [ A5C16A0BE89EE409732178BEB62F7EA7, D4B993F63CFD9B487BD53B532AB9435084B4C752F2731E189FA1420D516A4E95 ] ccSet_NARA      C:\WINDOWS\system32\drivers\NARAx64\0405000.009\ccSetx64.sys
18:46:51.0330 0x1688  ccSet_NARA - ok
18:46:51.0358 0x1688  [ A5C16A0BE89EE409732178BEB62F7EA7, D4B993F63CFD9B487BD53B532AB9435084B4C752F2731E189FA1420D516A4E95 ] ccSet_NAT       C:\WINDOWS\system32\drivers\NATx64\010A000.009\ccSetx64.sys
18:46:51.0360 0x1688  ccSet_NAT - ok
18:46:51.0361 0x1688  cdfs - ok
18:46:51.0363 0x1688  CDPSvc - ok
18:46:51.0364 0x1688  CDPUserSvc - ok
18:46:51.0400 0x1688  cdrom - ok
18:46:51.0422 0x1688  CertPropSvc - ok
18:46:51.0435 0x1688  cht4iscsi - ok
18:46:51.0438 0x1688  cht4vbd - ok
18:46:51.0447 0x1688  circlass - ok
18:46:51.0450 0x1688  CLFS - ok
18:46:51.0452 0x1688  ClipSVC - ok
18:46:51.0506 0x1688  [ 0505BFD7D30036DCB39EAFC5ADF07437, 1FB8D9CCA42C1E0757FC744623A668BDA5EA8A1C74201A8BB1A3B056EB1D3DFC ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
18:46:51.0509 0x1688  CLKMSVC10_38F51D56 - ok
18:46:51.0527 0x1688  clreg - ok
18:46:51.0534 0x1688  CmBatt - ok
18:46:51.0543 0x1688  CNG - ok
18:46:51.0545 0x1688  cnghwassist - ok
18:46:51.0586 0x1688  CompositeBus - ok
18:46:51.0588 0x1688  COMSysApp - ok
18:46:51.0591 0x1688  condrv - ok
18:46:51.0607 0x1688  CoreMessagingRegistrar - ok
18:46:51.0660 0x1688  [ 00431929A879841E642A626DBD8311C6, E77C3CE24DA8748F96A0F6F8E410BAC484A6393EC969EF30D79E0D71FF36967A ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
18:46:51.0667 0x1688  cphs - ok
18:46:51.0690 0x1688  CryptSvc - ok
18:46:51.0692 0x1688  dam - ok
18:46:51.0697 0x1688  DcomLaunch - ok
18:46:51.0708 0x1688  DcpSvc - ok
18:46:51.0714 0x1688  defragsvc - ok
18:46:51.0716 0x1688  DeviceAssociationService - ok
18:46:51.0719 0x1688  DeviceInstall - ok
18:46:51.0722 0x1688  DevQueryBroker - ok
18:46:51.0732 0x1688  Dfsc - ok
18:46:51.0756 0x1688  [ D722BC26F7431A4DA9A183E56CA9FEE3, 86AB717431CB3DDAF6213A1CFE8DF3684080BAAD569731A90AA1AA198E97506D ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
18:46:51.0759 0x1688  dg_ssudbus - ok
18:46:51.0761 0x1688  Dhcp - ok
18:46:51.0790 0x1688  diagnosticshub.standardcollector.service - ok
18:46:51.0793 0x1688  DiagTrack - ok
18:46:51.0802 0x1688  disk - ok
18:46:51.0819 0x1688  DmEnrollmentSvc - ok
18:46:51.0822 0x1688  dmvsc - ok
18:46:51.0828 0x1688  dmwappushservice - ok
18:46:51.0831 0x1688  Dnscache - ok
18:46:51.0837 0x1688  dot3svc - ok
18:46:51.0839 0x1688  DPS - ok
18:46:51.0843 0x1688  drmkaud - ok
18:46:51.0845 0x1688  DsmSvc - ok
18:46:51.0848 0x1688  DsSvc - ok
18:46:51.0859 0x1688  DXGKrnl - ok
18:46:51.0862 0x1688  EapHost - ok
18:46:51.0865 0x1688  EasyAntiCheat - ok
18:46:51.0867 0x1688  ebdrv - ok
18:46:51.0871 0x1688  EFS - ok
18:46:51.0875 0x1688  EhStorClass - ok
18:46:51.0877 0x1688  EhStorTcgDrv - ok
18:46:51.0880 0x1688  embeddedmode - ok
18:46:51.0883 0x1688  EntAppSvc - ok
18:46:51.0885 0x1688  ErrDev - ok
18:46:51.0939 0x1688  [ 77A570F95FCD0931160D3044622FEA12, 2429D5E86C1C6EABAD38247A5ED631AB8F93AD0DA9944072333AFBC0B6CDA82C ] ETD             C:\WINDOWS\system32\DRIVERS\ETD.sys
18:46:51.0944 0x1688  ETD - ok
18:46:52.0021 0x1688  [ F4798F9C485234095DF08B766D13DA09, 85F907E73DA67A4BBA503425A7CB86E3FAA207F85FFE05E27F5682CE611F8FE6 ] ETDService      C:\Program Files\Elantech\ETDService.exe
18:46:52.0023 0x1688  ETDService - ok
18:46:52.0026 0x1688  EventSystem - ok
18:46:52.0028 0x1688  exfat - ok
18:46:52.0031 0x1688  fastfat - ok
18:46:52.0033 0x1688  Fax - ok
18:46:52.0036 0x1688  fdc - ok
18:46:52.0038 0x1688  fdPHost - ok
18:46:52.0040 0x1688  FDResPub - ok
18:46:52.0042 0x1688  fhsvc - ok
18:46:52.0064 0x1688  FileCrypt - ok
18:46:52.0067 0x1688  FileInfo - ok
18:46:52.0069 0x1688  Filetrace - ok
18:46:52.0071 0x1688  flpydisk - ok
18:46:52.0073 0x1688  FltMgr - ok
18:46:52.0076 0x1688  FontCache - ok
18:46:52.0186 0x1688  FontCache3.0.0.0 - ok
18:46:52.0193 0x1688  FrameServer - ok
18:46:52.0199 0x1688  FsDepends - ok
18:46:52.0201 0x1688  Fs_Rec - ok
18:46:52.0203 0x1688  fvevol - ok
18:46:52.0212 0x1688  gencounter - ok
18:46:52.0219 0x1688  genericusbfn - ok
18:46:52.0221 0x1688  GPIOClx0101 - ok
18:46:52.0258 0x1688  gpsvc - ok
18:46:52.0261 0x1688  GpuEnergyDrv - ok
18:46:52.0311 0x1688  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:46:52.0312 0x1688  gupdate - ok
18:46:52.0316 0x1688  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:46:52.0318 0x1688  gupdatem - ok
18:46:52.0321 0x1688  HDAudBus - ok
18:46:52.0323 0x1688  HidBatt - ok
18:46:52.0326 0x1688  HidBth - ok
18:46:52.0328 0x1688  hidi2c - ok
18:46:52.0330 0x1688  hidinterrupt - ok
18:46:52.0332 0x1688  HidIr - ok
18:46:52.0334 0x1688  hidserv - ok
18:46:52.0337 0x1688  HidUsb - ok
18:46:52.0356 0x1688  HomeGroupListener - ok
18:46:52.0362 0x1688  HomeGroupProvider - ok
18:46:52.0364 0x1688  HpSAMD - ok
18:46:52.0366 0x1688  HTTP - ok
18:46:52.0372 0x1688  HvHost - ok
18:46:52.0375 0x1688  hvservice - ok
18:46:52.0377 0x1688  hwpolicy - ok
18:46:52.0379 0x1688  hyperkbd - ok
18:46:52.0381 0x1688  i8042prt - ok
18:46:52.0384 0x1688  iagpio - ok
18:46:52.0386 0x1688  iai2c - ok
18:46:52.0388 0x1688  iaLPSS2i_GPIO2 - ok
18:46:52.0391 0x1688  iaLPSS2i_I2C - ok
18:46:52.0393 0x1688  iaLPSSi_GPIO - ok
18:46:52.0395 0x1688  iaLPSSi_I2C - ok
18:46:52.0447 0x1688  [ 62EECD3225EF2B5649780746928F5CF7, 974A5CCAFD0A514D45838F330121095195D57CF9295B5FD790F6E73A95A9C4C0 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
18:46:52.0465 0x1688  iaStorA - ok
18:46:52.0469 0x1688  iaStorAV - ok
18:46:52.0542 0x1688  [ F0EA089D3915C176CD9BC2837AC7E98C, 3D1B886284CF4C175BE5FA70841C9D1AE2CD8944487B6EDE329C3743B814CAA3 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:46:52.0542 0x1688  IAStorDataMgrSvc - ok
18:46:52.0545 0x1688  iaStorV - ok
18:46:52.0547 0x1688  ibbus - ok
18:46:52.0549 0x1688  ibtsiva - ok
18:46:52.0592 0x1688  [ 17CF9460BCF23BB4F96EAE3E160D7DB9, 68ABB485CBFCC22B9A5A5847557424937E5001086AB30EE5A717B18EDB81DE18 ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
18:46:52.0596 0x1688  ibtusb - ok
18:46:52.0618 0x1688  icssvc - ok
18:46:52.0796 0x1688  [ DCADFA880DF77BB103F7A034A4B33577, 4AA267EE18104AEBA40A98A1D2DE2E10F1BB84F6FB4C5496600A45C072E18EC9 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
18:46:52.0894 0x1688  igfx - ok
18:46:52.0921 0x1688  [ E1C55B9A0BC573F95CBB0FE981C390D2, C19BAB0E55DD23F0CC106D73DAA1154D359D8033E065832E41B9D710E241FCF0 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
18:46:52.0928 0x1688  igfxCUIService2.0.0.0 - ok
18:46:52.0950 0x1688  IKEEXT - ok
18:46:52.0957 0x1688  IndirectKmd - ok
18:46:52.0986 0x1688  [ F0F581A2299CB2BAB1DF2597BCDDB80F, EE485AF3049C87666BC6D6BFFC8A0EB4B95831D9061EB81848ECEE29C4232BF4 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
18:46:52.0987 0x1688  intaud_WaveExtensible - ok
18:46:53.0096 0x1688  [ 689F04285EF20E98B4F338AF7523A4C2, C2D1EB41382A346607BD91CDBFAEACBC4087EC8482312CBE2E6FBCB87E1B8320 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
18:46:53.0143 0x1688  IntcAzAudAddService - ok
18:46:53.0161 0x1688  [ 47577F77C8DD9CF4265B944CAFE1F172, A3F48F01ECFDF8E609D26754E517C06AD6382DA231F42BF64B6746D50F02FC6A ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
18:46:53.0167 0x1688  IntcDAud - ok
18:46:53.0200 0x1688  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:46:53.0209 0x1688  Intel(R) Capability Licensing Service Interface - ok
18:46:53.0237 0x1688  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
18:46:53.0247 0x1688  Intel(R) Capability Licensing Service TCP IP Interface - ok
18:46:53.0308 0x1688  [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:46:53.0310 0x1688  Intel(R) ME Service - ok
18:46:53.0312 0x1688  intelide - ok
18:46:53.0315 0x1688  intelpep - ok
18:46:53.0336 0x1688  intelppm - ok
18:46:53.0338 0x1688  iorate - ok
18:46:53.0397 0x1688  [ 44A9B60ECA9F6D760E0292E56127BCED, 1795EBC766D1F29D4F279967D7B08ADC2C673ABD7DD1BC157D2A05BCA6B65986 ] ipadtst         C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys
18:46:53.0397 0x1688  ipadtst - ok
18:46:53.0419 0x1688  IpFilterDriver - ok
18:46:53.0426 0x1688  iphlpsvc - ok
18:46:53.0428 0x1688  IPMIDRV - ok
18:46:53.0430 0x1688  IPNAT - ok
18:46:53.0464 0x1688  [ F4B68F7C1666A2A6CD1D37A08F1D6DF1, 63A3D85B07D10E6B3F4E84FDD6EA6C00F2756E1C9B3E57C11A2FFCD815E99946 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:46:53.0472 0x1688  iPod Service - ok
18:46:53.0475 0x1688  irda - ok
18:46:53.0478 0x1688  IRENUM - ok
18:46:53.0480 0x1688  irmon - ok
18:46:53.0503 0x1688  isapnp - ok
18:46:53.0506 0x1688  iScsiPrt - ok
18:46:53.0524 0x1688  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:46:53.0526 0x1688  jhi_service - ok
18:46:53.0529 0x1688  kbdclass - ok
18:46:53.0532 0x1688  kbdhid - ok
18:46:53.0547 0x1688  kdnic - ok
18:46:53.0586 0x1688  [ EB62EE6D52F0D6B76256DBE71C07E26F, D92F2D9B1779DC52918CB5D9F212F62F62E40F7EBB81A865F090B071BE69DE77 ] Ke2200          C:\WINDOWS\System32\drivers\e22w8x64.sys
18:46:53.0588 0x1688  Ke2200 - ok
18:46:53.0591 0x1688  KeyIso - ok
18:46:53.0636 0x1688  [ C05B34E971A4AA805241A2ED17D1DEA6, C175B2C1717F538ACF8A09A11FCF14B4407D5CB8FAF9114A0B64885B736595F9 ] KillerEth       C:\WINDOWS\System32\drivers\e2xw10x64.sys
18:46:53.0638 0x1688  KillerEth - ok
18:46:53.0641 0x1688  KSecDD - ok
18:46:53.0659 0x1688  KSecPkg - ok
18:46:53.0662 0x1688  ksthunk - ok
18:46:53.0668 0x1688  KtmRm - ok
18:46:53.0674 0x1688  LanmanServer - ok
18:46:53.0676 0x1688  LanmanWorkstation - ok
18:46:53.0680 0x1688  lfsvc - ok
18:46:53.0682 0x1688  LicenseManager - ok
18:46:53.0686 0x1688  lltdio - ok
18:46:53.0688 0x1688  lltdsvc - ok
18:46:53.0695 0x1688  lmhosts - ok
18:46:53.0752 0x1688  [ 3DE66F47365AA8CEB18B1EE272F4FEBA, 8DDD6AB4AEDE3B2FEA0D3B63DD24E3F3422D6ADE067756A3919FCED53C349167 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:46:53.0757 0x1688  LMS - ok
18:46:53.0761 0x1688  LSI_SAS - ok
18:46:53.0763 0x1688  LSI_SAS2i - ok
18:46:53.0766 0x1688  LSI_SAS3i - ok
18:46:53.0767 0x1688  LSI_SSS - ok
18:46:53.0771 0x1688  LSM - ok
18:46:53.0772 0x1688  luafv - ok
18:46:53.0789 0x1688  [ D8AD76AB13299C52D1D3C58FD3ADAF59, 293C6B7B1BAF391EE1CAAEBBA20F245351D6E85D381E63EA2F36171EAEEA18A4 ] ManyCam         C:\WINDOWS\system32\DRIVERS\mcvidrv.sys
18:46:53.0790 0x1688  ManyCam - ok
18:46:53.0808 0x1688  MapsBroker - ok
18:46:53.0835 0x1688  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
18:46:53.0838 0x1688  MBAMSwissArmy - ok
18:46:53.0852 0x1688  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\WINDOWS\system32\drivers\MBfilt64.sys
18:46:53.0853 0x1688  MBfilt - ok
18:46:53.0861 0x1688  [ F1CE49C11A9833A5D2EC32443A142064, 70BFA69B61304F7FD4193205B59019B489FE9CE1D3E961568DCACBE0C68EC7B5 ] mcaudrv_simple  C:\WINDOWS\system32\drivers\mcaudrv_x64.sys
18:46:53.0862 0x1688  mcaudrv_simple - ok
18:46:53.0919 0x1688  [ 6EF327DBB5DC9D6310ADE48CAB14959D, AFDC81E83E9EC9424C14431E531E976C419715754952D92BE2691186C55F0E9B ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe
18:46:53.0923 0x1688  McComponentHostService - ok
18:46:53.0945 0x1688  megasas - ok
18:46:53.0948 0x1688  megasr - ok
18:46:53.0966 0x1688  [ 034338E2F6F123727F7C351152B084AF, B1E120E838CC8A882FC0C4C5F6D6016E11DD3D067E31B27E532BAD11A5976230 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
18:46:53.0969 0x1688  MEIx64 - ok
18:46:54.0000 0x1688  MessagingService - ok
18:46:54.0083 0x1688  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files (x86)\SCM\MSIService.exe
18:46:54.0085 0x1688  Micro Star SCM - ok
18:46:54.0088 0x1688  mlx4_bus - ok
18:46:54.0111 0x1688  MMCSS - ok
18:46:54.0124 0x1688  Modem - ok
18:46:54.0139 0x1688  monitor - ok
18:46:54.0153 0x1688  mouclass - ok
18:46:54.0155 0x1688  mouhid - ok
18:46:54.0158 0x1688  mountmgr - ok
18:46:54.0161 0x1688  mpsdrv - ok
18:46:54.0170 0x1688  MpsSvc - ok
18:46:54.0173 0x1688  MRxDAV - ok
18:46:54.0176 0x1688  mrxsmb - ok
18:46:54.0179 0x1688  mrxsmb10 - ok
18:46:54.0182 0x1688  mrxsmb20 - ok
18:46:54.0193 0x1688  MsBridge - ok
18:46:54.0200 0x1688  MSDTC - ok
18:46:54.0206 0x1688  Msfs - ok
18:46:54.0209 0x1688  msgpiowin32 - ok
18:46:54.0211 0x1688  mshidkmdf - ok
18:46:54.0214 0x1688  mshidumdf - ok
18:46:54.0216 0x1688  msisadrv - ok
18:46:54.0226 0x1688  MSiSCSI - ok
18:46:54.0228 0x1688  msiserver - ok
18:46:54.0253 0x1688  [ B0762157B3CFF4D4782646F009EE8465, 57D48AE041E0528E5CA0F0A300CA32FF114A01750C9E3D49EFAC3EFD3E5E9AF8 ] MSI_SuperCharger C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
18:46:54.0256 0x1688  MSI_SuperCharger - ok
18:46:54.0259 0x1688  MSKSSRV - ok
18:46:54.0261 0x1688  MsLldp - ok
18:46:54.0263 0x1688  MSPCLOCK - ok
18:46:54.0265 0x1688  MSPQM - ok
18:46:54.0268 0x1688  MsRPC - ok
18:46:54.0271 0x1688  mssmbios - ok
18:46:54.0274 0x1688  MSTEE - ok
18:46:54.0276 0x1688  MTConfig - ok
18:46:54.0279 0x1688  Mup - ok
18:46:54.0281 0x1688  mvumis - ok
18:46:54.0340 0x1688  [ 8FA07AF404BC705FDEC03493644970B2, BF3B681AB11D830524607B3C5790B83A886B7CBDE397C3C7C9C96F79E2EC244D ] NAT             C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
18:46:54.0343 0x1688  NAT - ok
18:46:54.0346 0x1688  NativeWifiP - ok
18:46:54.0348 0x1688  NcaSvc - ok
18:46:54.0370 0x1688  NcbService - ok
18:46:54.0371 0x1688  NcdAutoSetup - ok
18:46:54.0375 0x1688  ndfltr - ok
18:46:54.0377 0x1688  NDIS - ok
18:46:54.0379 0x1688  NdisCap - ok
18:46:54.0381 0x1688  NdisImPlatform - ok
18:46:54.0384 0x1688  NdisTapi - ok
18:46:54.0386 0x1688  Ndisuio - ok
18:46:54.0388 0x1688  NdisVirtualBus - ok
18:46:54.0391 0x1688  NdisWan - ok
18:46:54.0393 0x1688  ndiswanlegacy - ok
18:46:54.0395 0x1688  ndproxy - ok
18:46:54.0397 0x1688  Ndu - ok
18:46:54.0399 0x1688  NetAdapterCx - ok
18:46:54.0402 0x1688  NetBIOS - ok
18:46:54.0405 0x1688  NetBT - ok
18:46:54.0407 0x1688  Netlogon - ok
18:46:54.0409 0x1688  Netman - ok
18:46:54.0412 0x1688  netprofm - ok
18:46:54.0419 0x1688  NetSetupSvc - ok
18:46:54.0459 0x1688  NetTcpPortSharing - ok
18:46:54.0567 0x1688  [ 30A8781DCB91BE52AE175581F00E48E7, 2BECA8D1F03D881CC2D41563925676633D1ACA11C9FBF44D648CA77F15CAE067 ] NETwNb64        C:\WINDOWS\System32\drivers\Netwbw02.sys
18:46:54.0617 0x1688  NETwNb64 - ok
18:46:54.0725 0x1688  [ 2010C652B758C3F3DAFBBC49BD57BB83, E8BDFFEEF18DF11119A61A7C44ED851D9698EA4A10867E82ABA197F9E3F116DB ] NETwNe64        C:\WINDOWS\System32\drivers\Netwew02.sys
18:46:54.0766 0x1688  NETwNe64 - ok
18:46:54.0805 0x1688  NgcCtnrSvc - ok
18:46:54.0807 0x1688  NgcSvc - ok
18:46:54.0813 0x1688  NlaSvc - ok
18:46:54.0953 0x1688  [ 4CA6E1F6A83D74A86850726475DC4462, 9BF8D917141A5736E72A9F51F827D24393509896E866F43FFB079F5BF8EF3F81 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:46:55.0005 0x1688  NOBU - ok
18:46:55.0025 0x1688  Npfs - ok
18:46:55.0027 0x1688  npggsvc - ok
18:46:55.0040 0x1688  npsvctrig - ok
18:46:55.0043 0x1688  nsi - ok
18:46:55.0045 0x1688  nsiproxy - ok
18:46:55.0048 0x1688  NTFS - ok
18:46:55.0071 0x1688  [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3   C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys
18:46:55.0072 0x1688  NTIOLib_1_0_3 - ok
18:46:55.0074 0x1688  Null - ok
18:46:55.0366 0x1688  [ 113505A56DAE1354960B7FF9E30E9AEA, 8A172BA5A06BA4949847A8F349128609AB324B3582707BECB9E786222BFE58D3 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
18:46:55.0525 0x1688  nvlddmkm - ok
18:46:55.0629 0x1688  [ AC1238F24FEEB03AE95F5571CCF947C7, 8EF702E51EE16E962B588D653EBD7360939FD3C83212786B8419DD9B700FE14B ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
18:46:55.0651 0x1688  NvNetworkService - ok
18:46:55.0671 0x1688  nvraid - ok
18:46:55.0687 0x1688  nvstor - ok
18:46:55.0746 0x1688  [ 04B34B3A4B336C680061B509274B4535, 999D045A5E250E355834C9414723D7E71921877D326FEF1076C44737028588C4 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
18:46:55.0747 0x1688  NvStreamKms - ok
18:46:55.0886 0x1688  [ C82120B1DCCC3BE72A5232280C1F6E21, 88C473E5683EF50A64E0317F28FFD9CA5A7A25347ED3A79250B1B10CC712F5A9 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
18:46:55.0928 0x1688  NvStreamNetworkSvc - ok
18:46:55.0993 0x1688  [ CA4DA69B1FCEF07F41B655725BF1C56A, 850D06C8EE23AA0B7C27EA3F6FB06854731E4BF1846AB66D6CAFFADEEAA87CE1 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
18:46:56.0023 0x1688  NvStreamSvc - ok
18:46:56.0080 0x1688  [ 334AD0B00C21E84B4CE3E20682D308BF, D17BC6D1B26AA10A1A4622AB36E3CDCBF35A9B9CA07CEC6FF865951FB45C9D03 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
18:46:56.0103 0x1688  nvsvc - ok
18:46:56.0144 0x1688  [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
18:46:56.0145 0x1688  nvvad_WaveExtensible - ok
18:46:56.0188 0x1688  [ 9130774B6AF49DA8AC51CC69BFA4A6E8, 886A72BBBE93DADB1437D01CEDA884EE4176C085574DCFDF6291A3E20CB5CDB7 ] OkayFreedom VPN Starter Service C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
18:46:56.0192 0x1688  OkayFreedom VPN Starter Service - ok
18:46:56.0215 0x1688  OneSyncSvc - ok
18:46:56.0289 0x1688  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:46:56.0292 0x1688  ose64 - ok
18:46:56.0310 0x1688  p2pimsvc - ok
18:46:56.0316 0x1688  p2psvc - ok
18:46:56.0321 0x1688  Parport - ok
18:46:56.0324 0x1688  partmgr - ok
18:46:56.0326 0x1688  PcaSvc - ok
18:46:56.0338 0x1688  pci - ok
18:46:56.0340 0x1688  pciide - ok
18:46:56.0342 0x1688  pcmcia - ok
18:46:56.0344 0x1688  pcw - ok
18:46:56.0346 0x1688  pdc - ok
18:46:56.0353 0x1688  PEAUTH - ok
18:46:56.0356 0x1688  percsas2i - ok
18:46:56.0358 0x1688  percsas3i - ok
18:46:56.0427 0x1688  PerfHost - ok
18:46:56.0442 0x1688  PhoneSvc - ok
18:46:56.0445 0x1688  PimIndexMaintenanceSvc - ok
18:46:56.0467 0x1688  pla - ok
18:46:56.0483 0x1688  PlugPlay - ok
18:46:56.0485 0x1688  PNRPAutoReg - ok
18:46:56.0488 0x1688  PNRPsvc - ok
18:46:56.0492 0x1688  PolicyAgent - ok
18:46:56.0500 0x1688  Power - ok
18:46:56.0503 0x1688  PptpMiniport - ok
18:46:56.0622 0x1688  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:46:56.0698 0x1688  PrintNotify - ok
18:46:56.0721 0x1688  Processor - ok
18:46:56.0723 0x1688  ProfSvc - ok
18:46:56.0728 0x1688  Psched - ok
18:46:56.0779 0x1688  [ AC64125A02ACC62B064EAD6EE4920D54, 04623CD0C6DF28892C499B54964B88765BD6A1F48CFC453DA1011A169D4B82D1 ] Qualcomm Atheros Killer Service V2 C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
18:46:56.0783 0x1688  Qualcomm Atheros Killer Service V2 - ok
18:46:56.0805 0x1688  QWAVE - ok
18:46:56.0808 0x1688  QWAVEdrv - ok
18:46:56.0810 0x1688  RasAcd - ok
18:46:56.0815 0x1688  RasAgileVpn - ok
18:46:56.0823 0x1688  RasAuto - ok
18:46:56.0825 0x1688  Rasl2tp - ok
18:46:56.0827 0x1688  RasMan - ok
18:46:56.0829 0x1688  RasPppoe - ok
18:46:56.0832 0x1688  RasSstp - ok
18:46:56.0834 0x1688  rdbss - ok
18:46:56.0846 0x1688  rdpbus - ok
18:46:56.0848 0x1688  RDPDR - ok
18:46:56.0852 0x1688  RdpVideoMiniport - ok
18:46:56.0854 0x1688  rdyboost - ok
18:46:56.0856 0x1688  ReFSv1 - ok
18:46:56.0866 0x1688  RemoteAccess - ok
18:46:56.0869 0x1688  RemoteRegistry - ok
18:46:56.0875 0x1688  RetailDemo - ok
18:46:56.0876 0x1688  RmSvc - ok
18:46:56.0879 0x1688  RpcEptMapper - ok
18:46:56.0884 0x1688  RpcLocator - ok
18:46:56.0886 0x1688  RpcSs - ok
18:46:56.0888 0x1688  rspndr - ok
18:46:56.0927 0x1688  [ F75C6FFD09A6C51E4B5166E05D97FD96, 12174DA89456347704455B1544C6E0FB54E55504E6C88F5E9962018D53D6F84D ] RTSPER          C:\WINDOWS\system32\DRIVERS\RtsPer.sys
18:46:56.0937 0x1688  RTSPER - ok
18:46:56.0957 0x1688  s3cap - ok
18:46:56.0985 0x1688  [ 6A75424A0D365CF924DF4887BE18A908, C04B1CBE3AA2799984BA9460BF0891457E5811B58230847F151B4265662F4E94 ] SAlphamBth      C:\WINDOWS\System32\drivers\SAlphabt64.sys
18:46:56.0986 0x1688  SAlphamBth - ok
18:46:56.0995 0x1688  [ BA61AC30012136452897855B9C623278, FD6338716DF5057C2DAD941932679DD0CB5EF7BA864BE3370B2D2CB5BC53D734 ] SAlphamHid      C:\WINDOWS\System32\drivers\SAlpham64.sys
18:46:56.0996 0x1688  SAlphamHid - ok
18:46:57.0009 0x1688  [ 666B8FAA62B38B31BFDCE056ADB07EF3, 3E06EC40922FE3D0F8D74AADD50BB4311BE53CA9B33C92B7DA1D3EF2FB2C80F9 ] SAlphaPS2       C:\WINDOWS\System32\drivers\SAlphaPS264.sys
18:46:57.0010 0x1688  SAlphaPS2 - ok
18:46:57.0013 0x1688  SamSs - ok
18:46:57.0030 0x1688  sbp2port - ok
18:46:57.0032 0x1688  SCardSvr - ok
18:46:57.0066 0x1688  [ A5C91E4A9B97665E5A10317C1625AFF9, 2B0B5F658AE259DF971112EA1A0266748E6092D08A49F48CE2872CB049B572D8 ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
18:46:57.0068 0x1688  SCDEmu - ok
18:46:57.0071 0x1688  ScDeviceEnum - ok
18:46:57.0086 0x1688  scfilter - ok
18:46:57.0088 0x1688  Schedule - ok
18:46:57.0091 0x1688  scmbus - ok
18:46:57.0093 0x1688  scmdisk0101 - ok
18:46:57.0106 0x1688  SCPolicySvc - ok
18:46:57.0109 0x1688  [ 0447065A6E10774EFCECFDD0EB970A79, 384A9AC72E756F96D43EE4B144A466564476AFD8778092C979116BB29A514433 ] ScpVBus         C:\WINDOWS\System32\drivers\ScpVBus.sys
18:46:57.0110 0x1688  ScpVBus - ok
18:46:57.0113 0x1688  sdbus - ok
18:46:57.0125 0x1688  SDRSVC - ok
18:46:57.0134 0x1688  sdstor - ok
18:46:57.0136 0x1688  seclogon - ok
18:46:57.0139 0x1688  SENS - ok
18:46:57.0150 0x1688  SensorDataService - ok
18:46:57.0153 0x1688  SensorService - ok
18:46:57.0156 0x1688  SensrSvc - ok
18:46:57.0158 0x1688  SerCx - ok
18:46:57.0161 0x1688  SerCx2 - ok
18:46:57.0164 0x1688  Serenum - ok
18:46:57.0166 0x1688  Serial - ok
18:46:57.0168 0x1688  sermouse - ok
18:46:57.0187 0x1688  SessionEnv - ok
18:46:57.0190 0x1688  sfloppy - ok
18:46:57.0210 0x1688  SharedAccess - ok
18:46:57.0219 0x1688  ShellHWDetection - ok
18:46:57.0237 0x1688  shpamsvc - ok
18:46:57.0240 0x1688  SiSRaid2 - ok
18:46:57.0244 0x1688  SiSRaid4 - ok
18:46:57.0301 0x1688  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:46:57.0305 0x1688  SkypeUpdate - ok
18:46:57.0324 0x1688  smphost - ok
18:46:57.0332 0x1688  SmsRouter - ok
18:46:57.0370 0x1688  SNMPTRAP - ok
18:46:57.0373 0x1688  spaceport - ok
18:46:57.0375 0x1688  SpbCx - ok
18:46:57.0378 0x1688  Spooler - ok
18:46:57.0380 0x1688  sppsvc - ok
18:46:57.0382 0x1688  srv - ok
18:46:57.0385 0x1688  srv2 - ok
18:46:57.0387 0x1688  srvnet - ok
18:46:57.0390 0x1688  SSDPSRV - ok
18:46:57.0393 0x1688  SstpSvc - ok
18:46:57.0415 0x1688  [ 36C3697CA09B23C77BDF95A6B0B57310, DAEF9CFBDE444A80FB41DA0BC5C3C4E1E4B535497A5EDA43EC8768A6EC42E4EA ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
18:46:57.0419 0x1688  ssudmdm - ok
18:46:57.0422 0x1688  StateRepository - ok
18:46:57.0495 0x1688  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:46:57.0514 0x1688  Steam Client Service - ok
18:46:57.0530 0x1688  stexstor - ok
18:46:57.0534 0x1688  stisvc - ok
18:46:57.0537 0x1688  storahci - ok
18:46:57.0541 0x1688  storflt - ok
18:46:57.0543 0x1688  stornvme - ok
18:46:57.0546 0x1688  storqosflt - ok
18:46:57.0549 0x1688  StorSvc - ok
18:46:57.0552 0x1688  storufs - ok
18:46:57.0555 0x1688  storvsc - ok
18:46:57.0558 0x1688  svsvc - ok
18:46:57.0561 0x1688  swenum - ok
18:46:57.0563 0x1688  swprv - ok
18:46:57.0574 0x1688  Synth3dVsc - ok
18:46:57.0578 0x1688  SysMain - ok
18:46:57.0589 0x1688  SystemEventsBroker - ok
18:46:57.0599 0x1688  TabletInputService - ok
18:46:57.0618 0x1688  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\WINDOWS\System32\drivers\tap0901.sys
18:46:57.0619 0x1688  tap0901 - ok
18:46:57.0622 0x1688  TapiSrv - ok
18:46:57.0642 0x1688  Tcpip - ok
18:46:57.0644 0x1688  Tcpip6 - ok
18:46:57.0648 0x1688  tcpipreg - ok
18:46:57.0653 0x1688  tdx - ok
18:46:57.0844 0x1688  [ E9D702580349582413503A28F8329B32, 405CEA2DB2B9EE9EF87E454375BEA6A3F6FB30B95BBD9F397129C73D4CCCC282 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
18:46:57.0927 0x1688  TeamViewer - ok
18:46:57.0936 0x1688  terminpt - ok
18:46:57.0958 0x1688  TermService - ok
18:46:57.0969 0x1688  Themes - ok
18:46:57.0987 0x1688  TieringEngineService - ok
18:46:57.0990 0x1688  tiledatamodelsvc - ok
18:46:57.0993 0x1688  TimeBrokerSvc - ok
18:46:57.0997 0x1688  TPM - ok
18:46:57.0999 0x1688  TrkWks - ok
18:46:58.0038 0x1688  TrustedInstaller - ok
18:46:58.0041 0x1688  tsusbflt - ok
18:46:58.0057 0x1688  TsUsbGD - ok
18:46:58.0183 0x1688  [ C8757FB7C986181F1A7D29B0FE5F20E2, 55FA4C6C9906396C5B73EC20D2ED78EB66A8D0DBBE433514B3AA71C520B6B640 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
18:46:58.0234 0x1688  TuneUp.UtilitiesSvc - ok
18:46:58.0250 0x1688  [ DB3C912A851FCA6358FED4D53DAA7E91, B35375EC9AF61D829489D9B278605E2098D6402419E79EB24C65D3B65816AEBC ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
18:46:58.0251 0x1688  TuneUpUtilitiesDrv - ok
18:46:58.0270 0x1688  tzautoupdate - ok
18:46:58.0272 0x1688  UASPStor - ok
18:46:58.0275 0x1688  UcmCx0101 - ok
18:46:58.0282 0x1688  UcmTcpciCx0101 - ok
18:46:58.0299 0x1688  UcmUcsi - ok
18:46:58.0309 0x1688  Ucx01000 - ok
18:46:58.0311 0x1688  UdeCx - ok
18:46:58.0314 0x1688  udfs - ok
18:46:58.0322 0x1688  UEFI - ok
18:46:58.0324 0x1688  Ufx01000 - ok
18:46:58.0327 0x1688  UfxChipidea - ok
18:46:58.0329 0x1688  ufxsynopsys - ok
18:46:58.0346 0x1688  UI0Detect - ok
18:46:58.0349 0x1688  umbus - ok
18:46:58.0351 0x1688  UmPass - ok
18:46:58.0354 0x1688  UmRdpService - ok
18:46:58.0360 0x1688  UnistoreSvc - ok
18:46:58.0364 0x1688  upnphost - ok
18:46:58.0367 0x1688  UrsChipidea - ok
18:46:58.0369 0x1688  UrsCx01000 - ok
18:46:58.0372 0x1688  UrsSynopsys - ok
18:46:58.0394 0x1688  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
18:46:58.0396 0x1688  USBAAPL64 - ok
18:46:58.0398 0x1688  usbccgp - ok
18:46:58.0401 0x1688  usbcir - ok
18:46:58.0403 0x1688  usbehci - ok
18:46:58.0406 0x1688  usbhub - ok
18:46:58.0408 0x1688  USBHUB3 - ok
18:46:58.0411 0x1688  usbohci - ok
18:46:58.0413 0x1688  usbprint - ok
18:46:58.0415 0x1688  usbser - ok
18:46:58.0419 0x1688  USBSTOR - ok
18:46:58.0421 0x1688  usbuhci - ok
18:46:58.0424 0x1688  USBXHCI - ok
18:46:58.0426 0x1688  UserDataSvc - ok
18:46:58.0450 0x1688  UserManager - ok
18:46:58.0453 0x1688  UsoSvc - ok
18:46:58.0455 0x1688  VaultSvc - ok
18:46:58.0483 0x1688  [ 87D4E923785CDFA655B53A78DD99BD2B, CCE460ED6C1292284B22B675CEDBB86CC3D329B15B1B9F77EA80AC7EDB774B65 ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
18:46:58.0486 0x1688  VBoxNetAdp - ok
18:46:58.0489 0x1688  vdrvroot - ok
18:46:58.0491 0x1688  vds - ok
18:46:58.0499 0x1688  VerifierExt - ok
18:46:58.0502 0x1688  vhdmp - ok
18:46:58.0504 0x1688  vhf - ok
18:46:58.0507 0x1688  vmbus - ok
18:46:58.0509 0x1688  VMBusHID - ok
18:46:58.0511 0x1688  vmgid - ok
18:46:58.0532 0x1688  vmicguestinterface - ok
18:46:58.0534 0x1688  vmicheartbeat - ok
18:46:58.0537 0x1688  vmickvpexchange - ok
18:46:58.0540 0x1688  vmicrdv - ok
18:46:58.0542 0x1688  vmicshutdown - ok
18:46:58.0544 0x1688  vmictimesync - ok
18:46:58.0547 0x1688  vmicvmsession - ok
18:46:58.0550 0x1688  vmicvss - ok
18:46:58.0552 0x1688  volmgr - ok
18:46:58.0555 0x1688  volmgrx - ok
18:46:58.0567 0x1688  volsnap - ok
18:46:58.0573 0x1688  volume - ok
18:46:58.0582 0x1688  vpci - ok
18:46:58.0584 0x1688  vsmraid - ok
18:46:58.0587 0x1688  VSS - ok
18:46:58.0590 0x1688  VSTXRAID - ok
18:46:58.0592 0x1688  vwifibus - ok
18:46:58.0594 0x1688  vwififlt - ok
18:46:58.0597 0x1688  vwifimp - ok
18:46:58.0600 0x1688  W32Time - ok
18:46:58.0602 0x1688  WacomPen - ok
18:46:58.0608 0x1688  WalletService - ok
18:46:58.0610 0x1688  wanarp - ok
18:46:58.0612 0x1688  wanarpv6 - ok
18:46:58.0615 0x1688  wbengine - ok
18:46:58.0618 0x1688  WbioSrvc - ok
18:46:58.0620 0x1688  wcifs - ok
18:46:58.0623 0x1688  Wcmsvc - ok
18:46:58.0625 0x1688  wcncsvc - ok
18:46:58.0627 0x1688  wcnfs - ok
18:46:58.0630 0x1688  WdBoot - ok
18:46:58.0632 0x1688  Wdf01000 - ok
18:46:58.0635 0x1688  WdFilter - ok
18:46:58.0637 0x1688  WdiServiceHost - ok
18:46:58.0640 0x1688  WdiSystemHost - ok
18:46:58.0642 0x1688  wdiwifi - ok
18:46:58.0645 0x1688  WdNisDrv - ok
18:46:58.0671 0x1688  WdNisSvc - ok
18:46:58.0691 0x1688  WebClient - ok
18:46:58.0693 0x1688  Wecsvc - ok
18:46:58.0696 0x1688  WEPHOSTSVC - ok
18:46:58.0698 0x1688  wercplsupport - ok
18:46:58.0701 0x1688  WerSvc - ok
18:46:58.0703 0x1688  WFPLWFS - ok
18:46:58.0706 0x1688  WiaRpc - ok
18:46:58.0708 0x1688  WIMMount - ok
18:46:58.0710 0x1688  WinDefend - ok
18:46:58.0715 0x1688  WindowsTrustedRT - ok
18:46:58.0718 0x1688  WindowsTrustedRTProxy - ok
18:46:58.0721 0x1688  WinHttpAutoProxySvc - ok
18:46:58.0760 0x1688  [ E815503BDE35026051EB701ACA72B296, 5541FBDA961B403F88BAF720840AB8DF2C96A382CDF97132A5C6A05A5F105E70 ] WINIO           C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys
18:46:58.0760 0x1688  WINIO - ok
18:46:58.0763 0x1688  WinMad - ok
18:46:58.0818 0x1688  Winmgmt - ok
18:46:58.0820 0x1688  WinRM - ok
18:46:58.0825 0x1688  WINUSB - ok
18:46:58.0828 0x1688  WinVerbs - ok
18:46:58.0842 0x1688  wisvc - ok
18:46:58.0845 0x1688  WlanSvc - ok
18:46:58.0847 0x1688  wlidsvc - ok
18:46:58.0850 0x1688  WmiAcpi - ok
18:46:58.0854 0x1688  wmiApSrv - ok
18:46:58.0873 0x1688  WMPNetworkSvc - ok
18:46:58.0884 0x1688  [ EDADABA8665AB5C51BF59C4E2566BA7E, C85337881856B466F61DFA1E69FC2FD8250085D299A5DE052BFA80C83FD5EFD0 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
18:46:58.0889 0x1688  Wof - ok
18:46:58.0893 0x1688  workfolderssvc - ok
18:46:58.0896 0x1688  WPDBusEnum - ok
18:46:58.0899 0x1688  WpdUpFltr - ok
18:46:58.0902 0x1688  WpnService - ok
18:46:58.0905 0x1688  WpnUserService - ok
18:46:58.0918 0x1688  ws2ifsl - ok
18:46:58.0925 0x1688  wscsvc - ok
18:46:58.0927 0x1688  WSearch - ok
18:46:58.0953 0x1688  wuauserv - ok
18:46:58.0962 0x1688  WudfPf - ok
18:46:58.0965 0x1688  WUDFRd - ok
18:46:58.0968 0x1688  wudfsvc - ok
18:46:58.0971 0x1688  WwanSvc - ok
18:46:58.0974 0x1688  XblAuthManager - ok
18:46:58.0977 0x1688  XblGameSave - ok
18:46:58.0983 0x1688  xboxgip - ok
18:46:58.0986 0x1688  XboxNetApiSvc - ok
18:46:58.0988 0x1688  xinputhid - ok
18:46:59.0014 0x1688  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\WINDOWS\System32\drivers\xusb21.sys
18:46:59.0017 0x1688  xusb21 - ok
18:46:59.0017 0x1688  ================ Scan global ===============================
18:46:59.0033 0x1688  [ Global ] - ok
18:46:59.0033 0x1688  ================ Scan MBR ==================================
18:46:59.0040 0x1688  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:46:59.0046 0x1688  \Device\Harddisk0\DR0 - ok
18:46:59.0046 0x1688  ================ Scan VBR ==================================
18:46:59.0047 0x1688  [ CF0FAC2514279D8B715B6C1A56296FCF ] \Device\Harddisk0\DR0\Partition1
18:46:59.0049 0x1688  \Device\Harddisk0\DR0\Partition1 - ok
18:46:59.0061 0x1688  [ 2C1DF5589B13584578E16955D8DA1244 ] \Device\Harddisk0\DR0\Partition2
18:46:59.0061 0x1688  \Device\Harddisk0\DR0\Partition2 - ok
18:46:59.0068 0x1688  [ 54CC4C5925FD26A23D6655B56E9FD50F ] \Device\Harddisk0\DR0\Partition3
18:46:59.0068 0x1688  \Device\Harddisk0\DR0\Partition3 - ok
18:46:59.0082 0x1688  [ 4B81DFDEE593916581F15BC8C209325A ] \Device\Harddisk0\DR0\Partition4
18:46:59.0082 0x1688  \Device\Harddisk0\DR0\Partition4 - ok
18:46:59.0106 0x1688  [ 2C02AE0493481B05A5888F75205BFC0A ] \Device\Harddisk0\DR0\Partition5
18:46:59.0108 0x1688  \Device\Harddisk0\DR0\Partition5 - ok
18:46:59.0116 0x1688  [ F8C180A9E9CE8F56188A1C9CF045E4E4 ] \Device\Harddisk0\DR0\Partition6
18:46:59.0117 0x1688  \Device\Harddisk0\DR0\Partition6 - ok
18:46:59.0132 0x1688  [ 3DB77100A0EFCFF295C9BFCED9D4C622 ] \Device\Harddisk0\DR0\Partition7
18:46:59.0133 0x1688  \Device\Harddisk0\DR0\Partition7 - ok
18:46:59.0133 0x1688  ================ Scan generic autorun ======================
18:46:59.0471 0x1688  [ 78D93C04E892F50D6264A05F4EBCE150, F24D26CAF44B81725AAE9FE84F24DB848BAA7857C89DC34C2E258617E886EE5B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:46:59.0719 0x1688  RTHDVCPL - ok
18:46:59.0729 0x1688  ETDCtrl - ok
18:46:59.0789 0x1688  [ 815F6E3727453C978FFD721B2BDF48A5, E33A85E8EF80C662C84F705080585B35A899F8E588E8481D48538BA1224B5E57 ] C:\Program Files (x86)\SCM\Radio Manager.exe
18:46:59.0795 0x1688  Radio Manager - ok
18:46:59.0815 0x1688  [ 0123AE1BC462CD5F7321E0249B0379E1, 60BDE9BE24B541576F8C929B32C672E9079535FE63D8FAC9B7AD5A50474A515C ] C:\Program Files (x86)\SCM\SCM.exe
18:46:59.0820 0x1688  SCM - ok
18:46:59.0838 0x1688  MBCfg64 - ok
18:46:59.0921 0x1688  [ FF4B6B134B3D40451440B868197C9C21, 066AA3625ABD7ECA6F6684999980094AE67299B83B026B879E40F7AB6E772459 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
18:46:59.0955 0x1688  NvBackend - ok
18:47:00.0041 0x1688  [ 36E62063607B123E9D5B222958B9AC1C, 53690BB53B0248383300DE6D303165F0F471A2F8868A09BAF38609DBEFCB8ADD ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
18:47:00.0066 0x1688  IAStorIcon - ok
18:47:00.0110 0x1688  [ 404A6E6550DB206EA6E9B1AC642102B2, 33CAF3CDEF820DFC97844BBCA56B95B6D31D1C682C69A29D14F7A0C9058AC8EF ] C:\Program Files\iTunes\iTunesHelper.exe
18:47:00.0113 0x1688  iTunesHelper - ok
18:47:00.0113 0x1688  WindowsDefender - ok
18:47:00.0150 0x1688  [ 4BA4EE813C494E70FF381DB39CEE3F39, 8AF9C9F680145FC2B2DC50317F708A27117BB240652E3EF3A728837DC7D5BB7B ] C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
18:47:00.0159 0x1688  Sound Blaster Cinema - ok
18:47:00.0199 0x1688  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
18:47:00.0201 0x1688  UpdReg - ok
18:47:00.0219 0x1688  [ C049C40CAEE8900130BD5F80B594CC7B, F54FC31662A9B8032B380793D534F34A0C63FED9C84DE313D17A61612EB31DC4 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
18:47:00.0221 0x1688  RemoteControl10 - ok
18:47:00.0248 0x1688  [ 7D2A9D5B29A486B55E54AD89B6BFBF23, B5483058BB3255139CBFCB67CA7735197FA6C72BC42F004E51F13C139962E71E ] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
18:47:00.0251 0x1688  BDRegion - ok
18:47:00.0303 0x1688  [ F4EC93E4A239F9A27777ED2416F6353D, 347A542146729682027039A92DF8E52FAE283E0DAAED873A59BA17BD1FF26416 ] C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
18:47:00.0319 0x1688  SUPER CHARGER - ok
18:47:00.0356 0x1688  [ 324EB08C7610095182D5D399ED1A0EB3, 23F0ECA2C830E2593D4325B60B4FCB1E1DF0601E483D4A2E17AB41EC0908F53C ] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
18:47:00.0360 0x1688  PWRISOVM.EXE - ok
18:47:00.0436 0x1688  [ E05782E0B697CADBBC17E78C67280B30, 87A142350F1BD9FF7ADDDBF80AC5C1EFDCE93F8E3142B95ACC8D85DDE77D42D8 ] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
18:47:00.0439 0x1688  Lightshot - ok
18:47:00.0524 0x1688  [ 07A3A88C8E8FD71EAA2B7F39134788DA, 0AAB731BF14B8A96FF6DB84CDD2579C1DFE5E56838EF3D92B03AE738E89A92D1 ] C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
18:47:00.0536 0x1688  ROCCAT Savu Gaming Mouse - ok
18:47:00.0591 0x1688  [ D0B1DA5382433AFBF52DE8815298EB0C, A326D01783359CCA1054210D82F17533638A9769A7A08C2BD0621DE016909359 ] C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE
18:47:00.0598 0x1688  RoccatIsku - ok
18:47:00.0650 0x1688  [ 69E6AA230410AF75DE5C81B77C63BBDF, 56D6B2823695EA116FBEB3F3F49FC1023359528BF6377069D7E320EC28AE6561 ] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
18:47:00.0666 0x1688  AvgUi - ok
18:47:00.0727 0x1688  [ 6EACC43D0542EF88226FB34B0B12EDB0, 6345E4B49D7F804F6DE042F981AB172822B6AB74C42209BEFB0582B019430884 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:47:00.0735 0x1688  SunJavaUpdateSched - ok
18:47:00.0815 0x1688  OneDriveSetup - ok
18:47:00.0816 0x1688  OneDriveSetup - ok
18:47:00.0897 0x1688  [ C1211F321EC4B74DB5BEF65E85AD7E6B, 1D615402CA66AEA3E3C20C2A48BB1BF5F9ED1FFFD5F824395FB337438C66E0A0 ] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
18:47:00.0900 0x1688  SteelSeries Engine - ok
18:47:01.0025 0x1688  [ CACBA0704C7A57948B61FA7836B1E133, 3141657246F95353B5043A16F9F0A99CAA26F078D3403A3933E0EB2DA9284186 ] C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
18:47:01.0092 0x1688  OKAYFREEDOM_Agent - ok
18:47:01.0260 0x1688  [ 33800FE47126B32E800255A973CC26D2, A0E5E8F4823CA257DB7B5C8516F69D00B780E7F08E0D77A75AA8E6FE33917DF2 ] C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe
18:47:01.0282 0x1688  uTorrent - ok
18:47:01.0308 0x1688  Skype - ok
18:47:01.0418 0x1688  [ ADF6C78FC95716CA45A68FD3DA1C1A78, 8250D47AC8C25A3A2DB8AB2148350F7086141F91DB317D0431DA545430B843F5 ] C:\Program Files (x86)\Steam\steam.exe
18:47:01.0458 0x1688  Steam - ok
18:47:01.0506 0x1688  [ 8A212F27F5C9FD5BD13EBC1900702F20, 21AEBD1263099F29678CD8EDFACF8AA4AFECFF66CC3B08FAC7A28456FC09B283 ] C:\Program Files\PUSH Entertainment\Video Wallpaper\Launch Wallpaper.exe
18:47:01.0510 0x1688  PUSH Wallpaper - ok
18:47:01.0511 0x1688  Waiting for KSN requests completion. In queue: 69
18:47:02.0522 0x1688  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.0 ), 0x61100 ( enabled : updated )
18:47:02.0524 0x1688  Win FW state via NFP2: enabled ( trusted )
18:47:02.0637 0x1688  ============================================================
18:47:02.0637 0x1688  Scan finished
18:47:02.0637 0x1688  ============================================================
18:47:02.0642 0x1680  Detected object count: 0
18:47:02.0642 0x1680  Actual detected object count: 0
18:47:10.0216 0x191c  ============================================================
18:47:10.0216 0x191c  Scan started
18:47:10.0216 0x191c  Mode: Manual; 
18:47:10.0216 0x191c  ============================================================
18:47:10.0216 0x191c  KSN ping started
18:47:10.0250 0x191c  KSN ping finished: true
18:47:10.0591 0x191c  ================ Scan system memory ========================
18:47:10.0591 0x191c  System memory - ok
18:47:10.0591 0x191c  ================ Scan services =============================
18:47:10.0736 0x191c  1394ohci - ok
18:47:10.0738 0x191c  3ware - ok
18:47:10.0740 0x191c  ACPI - ok
18:47:10.0743 0x191c  AcpiDev - ok
18:47:10.0745 0x191c  acpiex - ok
18:47:10.0748 0x191c  acpipagr - ok
18:47:10.0758 0x191c  AcpiPmi - ok
18:47:10.0760 0x191c  acpitime - ok
18:47:10.0844 0x191c  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:47:10.0847 0x191c  AdobeFlashPlayerUpdateSvc - ok
18:47:10.0851 0x191c  ADP80XX - ok
18:47:10.0855 0x191c  AFD - ok
18:47:10.0857 0x191c  ahcache - ok
18:47:10.0877 0x191c  AJRouter - ok
18:47:10.0887 0x191c  ALG - ok
18:47:10.0890 0x191c  AmdK8 - ok
18:47:10.0892 0x191c  AmdPPM - ok
18:47:10.0894 0x191c  amdsata - ok
18:47:10.0897 0x191c  amdsbs - ok
18:47:10.0899 0x191c  amdxata - ok
18:47:10.0901 0x191c  AppID - ok
18:47:10.0903 0x191c  AppIDSvc - ok
18:47:10.0906 0x191c  Appinfo - ok
18:47:11.0042 0x191c  [ 3B3774C868868257533EC7E715BB6D53, 4AF1DADCEDBD80BE6EDEC696DF59E65B51D31E33F4C84413CA03C7BD959FF4E5 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:47:11.0043 0x191c  Apple Mobile Device Service - ok
18:47:11.0072 0x191c  applockerfltr - ok
18:47:11.0133 0x191c  AppReadiness - ok
18:47:11.0136 0x191c  AppXSvc - ok
18:47:11.0138 0x191c  arcsas - ok
18:47:11.0140 0x191c  AsyncMac - ok
18:47:11.0153 0x191c  atapi - ok
18:47:11.0156 0x191c  AudioEndpointBuilder - ok
18:47:11.0158 0x191c  Audiosrv - ok
18:47:11.0227 0x191c  [ 3FDBE5DF05A61B4418CF086CBDA4E93A, BFD2DA45C444258BA288F7A6374E86A8572217705B5128B342EE93D138A21830 ] avgsvc          C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
18:47:11.0240 0x191c  avgsvc - ok
18:47:11.0263 0x191c  AxInstSV - ok
18:47:11.0265 0x191c  b06bdrv - ok
18:47:11.0267 0x191c  BasicDisplay - ok
18:47:11.0269 0x191c  BasicRender - ok
18:47:11.0274 0x191c  bcmfn - ok
18:47:11.0277 0x191c  bcmfn2 - ok
18:47:11.0279 0x191c  BDESVC - ok
18:47:11.0286 0x191c  Beep - ok
18:47:11.0346 0x191c  [ E543472B75FC78B3205273AE1E8CFE5F, 97CCA65B2BD59DF45B069DE66522E768968CD03B377F797691429E14D448BE9F ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
18:47:11.0362 0x191c  BEService - ok
18:47:11.0375 0x191c  BFE - ok
18:47:11.0405 0x191c  [ B1EAED166CC8942F49B3391D5C2007DD, F07648493F68D22594FEAE746BF3B2BA2262707FE21216E87500E407FEDCC2CC ] BfLwf           C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys
18:47:11.0406 0x191c  BfLwf - ok
18:47:11.0423 0x191c  BITS - ok
18:47:11.0475 0x191c  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:47:11.0480 0x191c  Bonjour Service - ok
18:47:11.0500 0x191c  bowser - ok
18:47:11.0506 0x191c  BrokerInfrastructure - ok
18:47:11.0509 0x191c  Browser - ok
18:47:11.0516 0x191c  BthAvrcpTg - ok
18:47:11.0518 0x191c  BthHFEnum - ok
18:47:11.0521 0x191c  bthhfhid - ok
18:47:11.0524 0x191c  BthHFSrv - ok
18:47:11.0526 0x191c  BTHMODEM - ok
18:47:11.0538 0x191c  BTHPORT - ok
18:47:11.0547 0x191c  bthserv - ok
18:47:11.0550 0x191c  BTHUSB - ok
18:47:11.0605 0x191c  [ EAAE1737D2209701E203BA017F57E579, B0CA6FDE97DEBAF2FC6FDEA0BB1A0C4234A75133E64C7739B2392F85C1E69E22 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
18:47:11.0622 0x191c  btmhsf - ok
18:47:11.0659 0x191c  [ 6DD9550A2C5A94306275E0360903F7E2, 1F0C8AB0B76FE52EE461EBA6AE8B47A15AE9D3F7E119078F44292D00B9200B1C ] busenum         C:\WINDOWS\System32\drivers\SteelBus64.sys
18:47:11.0662 0x191c  busenum - ok
18:47:11.0695 0x191c  buttonconverter - ok
18:47:11.0698 0x191c  CapImg - ok
18:47:11.0738 0x191c  [ A5C16A0BE89EE409732178BEB62F7EA7, D4B993F63CFD9B487BD53B532AB9435084B4C752F2731E189FA1420D516A4E95 ] ccSet_NARA      C:\WINDOWS\system32\drivers\NARAx64\0405000.009\ccSetx64.sys
18:47:11.0740 0x191c  ccSet_NARA - ok
18:47:11.0768 0x191c  [ A5C16A0BE89EE409732178BEB62F7EA7, D4B993F63CFD9B487BD53B532AB9435084B4C752F2731E189FA1420D516A4E95 ] ccSet_NAT       C:\WINDOWS\system32\drivers\NATx64\010A000.009\ccSetx64.sys
18:47:11.0770 0x191c  ccSet_NAT - ok
18:47:11.0772 0x191c  cdfs - ok
18:47:11.0775 0x191c  CDPSvc - ok
18:47:11.0795 0x191c  CDPUserSvc - ok
18:47:11.0799 0x191c  cdrom - ok
18:47:11.0801 0x191c  CertPropSvc - ok
18:47:11.0812 0x191c  cht4iscsi - ok
18:47:11.0815 0x191c  cht4vbd - ok
18:47:11.0824 0x191c  circlass - ok
18:47:11.0826 0x191c  CLFS - ok
18:47:11.0832 0x191c  ClipSVC - ok
18:47:11.0884 0x191c  [ 0505BFD7D30036DCB39EAFC5ADF07437, 1FB8D9CCA42C1E0757FC744623A668BDA5EA8A1C74201A8BB1A3B056EB1D3DFC ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
18:47:11.0887 0x191c  CLKMSVC10_38F51D56 - ok
18:47:11.0904 0x191c  clreg - ok
18:47:11.0910 0x191c  CmBatt - ok
18:47:11.0919 0x191c  CNG - ok
18:47:11.0922 0x191c  cnghwassist - ok
18:47:11.0964 0x191c  CompositeBus - ok
18:47:11.0966 0x191c  COMSysApp - ok
18:47:11.0969 0x191c  condrv - ok
18:47:11.0972 0x191c  CoreMessagingRegistrar - ok
18:47:12.0029 0x191c  [ 00431929A879841E642A626DBD8311C6, E77C3CE24DA8748F96A0F6F8E410BAC484A6393EC969EF30D79E0D71FF36967A ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
18:47:12.0035 0x191c  cphs - ok
18:47:12.0059 0x191c  CryptSvc - ok
18:47:12.0062 0x191c  dam - ok
18:47:12.0066 0x191c  DcomLaunch - ok
18:47:12.0077 0x191c  DcpSvc - ok
18:47:12.0083 0x191c  defragsvc - ok
18:47:12.0085 0x191c  DeviceAssociationService - ok
18:47:12.0087 0x191c  DeviceInstall - ok
18:47:12.0095 0x191c  DevQueryBroker - ok
18:47:12.0109 0x191c  Dfsc - ok
18:47:12.0133 0x191c  [ D722BC26F7431A4DA9A183E56CA9FEE3, 86AB717431CB3DDAF6213A1CFE8DF3684080BAAD569731A90AA1AA198E97506D ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
18:47:12.0135 0x191c  dg_ssudbus - ok
18:47:12.0138 0x191c  Dhcp - ok
18:47:12.0167 0x191c  diagnosticshub.standardcollector.service - ok
18:47:12.0169 0x191c  DiagTrack - ok
18:47:12.0179 0x191c  disk - ok
18:47:12.0188 0x191c  DmEnrollmentSvc - ok
18:47:12.0190 0x191c  dmvsc - ok
18:47:12.0193 0x191c  dmwappushservice - ok
18:47:12.0195 0x191c  Dnscache - ok
18:47:12.0198 0x191c  dot3svc - ok
18:47:12.0206 0x191c  DPS - ok
18:47:12.0208 0x191c  drmkaud - ok
18:47:12.0210 0x191c  DsmSvc - ok
18:47:12.0213 0x191c  DsSvc - ok
18:47:12.0220 0x191c  DXGKrnl - ok
18:47:12.0222 0x191c  EapHost - ok
18:47:12.0224 0x191c  EasyAntiCheat - ok
18:47:12.0226 0x191c  ebdrv - ok
18:47:12.0228 0x191c  EFS - ok
18:47:12.0231 0x191c  EhStorClass - ok
18:47:12.0233 0x191c  EhStorTcgDrv - ok
18:47:12.0242 0x191c  embeddedmode - ok
18:47:12.0244 0x191c  EntAppSvc - ok
18:47:12.0246 0x191c  ErrDev - ok
18:47:12.0282 0x191c  [ 77A570F95FCD0931160D3044622FEA12, 2429D5E86C1C6EABAD38247A5ED631AB8F93AD0DA9944072333AFBC0B6CDA82C ] ETD             C:\WINDOWS\system32\DRIVERS\ETD.sys
18:47:12.0287 0x191c  ETD - ok
18:47:12.0339 0x191c  [ F4798F9C485234095DF08B766D13DA09, 85F907E73DA67A4BBA503425A7CB86E3FAA207F85FFE05E27F5682CE611F8FE6 ] ETDService      C:\Program Files\Elantech\ETDService.exe
18:47:12.0341 0x191c  ETDService - ok
18:47:12.0344 0x191c  EventSystem - ok
18:47:12.0346 0x191c  exfat - ok
18:47:12.0348 0x191c  fastfat - ok
18:47:12.0351 0x191c  Fax - ok
18:47:12.0353 0x191c  fdc - ok
18:47:12.0355 0x191c  fdPHost - ok
18:47:12.0357 0x191c  FDResPub - ok
18:47:12.0359 0x191c  fhsvc - ok
18:47:12.0391 0x191c  FileCrypt - ok
18:47:12.0401 0x191c  FileInfo - ok
18:47:12.0403 0x191c  Filetrace - ok
18:47:12.0405 0x191c  flpydisk - ok
18:47:12.0407 0x191c  FltMgr - ok
18:47:12.0409 0x191c  FontCache - ok
18:47:12.0555 0x191c  FontCache3.0.0.0 - ok
18:47:12.0557 0x191c  FrameServer - ok
18:47:12.0559 0x191c  FsDepends - ok
18:47:12.0561 0x191c  Fs_Rec - ok
18:47:12.0563 0x191c  fvevol - ok
18:47:12.0566 0x191c  gencounter - ok
18:47:12.0568 0x191c  genericusbfn - ok
18:47:12.0570 0x191c  GPIOClx0101 - ok
18:47:12.0577 0x191c  gpsvc - ok
18:47:12.0580 0x191c  GpuEnergyDrv - ok
18:47:12.0629 0x191c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:47:12.0631 0x191c  gupdate - ok
18:47:12.0635 0x191c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:47:12.0637 0x191c  gupdatem - ok
18:47:12.0654 0x191c  HDAudBus - ok
18:47:12.0656 0x191c  HidBatt - ok
18:47:12.0658 0x191c  HidBth - ok
18:47:12.0662 0x191c  hidi2c - ok
18:47:12.0664 0x191c  hidinterrupt - ok
18:47:12.0667 0x191c  HidIr - ok
18:47:12.0669 0x191c  hidserv - ok
18:47:12.0671 0x191c  HidUsb - ok
18:47:12.0673 0x191c  HomeGroupListener - ok
18:47:12.0680 0x191c  HomeGroupProvider - ok
18:47:12.0682 0x191c  HpSAMD - ok
18:47:12.0684 0x191c  HTTP - ok
18:47:12.0691 0x191c  HvHost - ok
18:47:12.0693 0x191c  hvservice - ok
18:47:12.0695 0x191c  hwpolicy - ok
18:47:12.0698 0x191c  hyperkbd - ok
18:47:12.0700 0x191c  i8042prt - ok
18:47:12.0703 0x191c  iagpio - ok
18:47:12.0705 0x191c  iai2c - ok
18:47:12.0707 0x191c  iaLPSS2i_GPIO2 - ok
18:47:12.0709 0x191c  iaLPSS2i_I2C - ok
18:47:12.0711 0x191c  iaLPSSi_GPIO - ok
18:47:12.0713 0x191c  iaLPSSi_I2C - ok
18:47:12.0765 0x191c  [ 62EECD3225EF2B5649780746928F5CF7, 974A5CCAFD0A514D45838F330121095195D57CF9295B5FD790F6E73A95A9C4C0 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
18:47:12.0782 0x191c  iaStorA - ok
18:47:12.0786 0x191c  iaStorAV - ok
18:47:12.0861 0x191c  [ F0EA089D3915C176CD9BC2837AC7E98C, 3D1B886284CF4C175BE5FA70841C9D1AE2CD8944487B6EDE329C3743B814CAA3 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:47:12.0861 0x191c  IAStorDataMgrSvc - ok
18:47:12.0864 0x191c  iaStorV - ok
18:47:12.0866 0x191c  ibbus - ok
18:47:12.0869 0x191c  ibtsiva - ok
18:47:12.0911 0x191c  [ 17CF9460BCF23BB4F96EAE3E160D7DB9, 68ABB485CBFCC22B9A5A5847557424937E5001086AB30EE5A717B18EDB81DE18 ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
18:47:12.0915 0x191c  ibtusb - ok
18:47:12.0937 0x191c  icssvc - ok
18:47:13.0113 0x191c  [ DCADFA880DF77BB103F7A034A4B33577, 4AA267EE18104AEBA40A98A1D2DE2E10F1BB84F6FB4C5496600A45C072E18EC9 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
18:47:13.0204 0x191c  igfx - ok
18:47:13.0231 0x191c  [ E1C55B9A0BC573F95CBB0FE981C390D2, C19BAB0E55DD23F0CC106D73DAA1154D359D8033E065832E41B9D710E241FCF0 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
18:47:13.0238 0x191c  igfxCUIService2.0.0.0 - ok
18:47:13.0260 0x191c  IKEEXT - ok
18:47:13.0267 0x191c  IndirectKmd - ok
18:47:13.0296 0x191c  [ F0F581A2299CB2BAB1DF2597BCDDB80F, EE485AF3049C87666BC6D6BFFC8A0EB4B95831D9061EB81848ECEE29C4232BF4 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
18:47:13.0297 0x191c  intaud_WaveExtensible - ok
18:47:13.0405 0x191c  [ 689F04285EF20E98B4F338AF7523A4C2, C2D1EB41382A346607BD91CDBFAEACBC4087EC8482312CBE2E6FBCB87E1B8320 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
18:47:13.0451 0x191c  IntcAzAudAddService - ok
18:47:13.0470 0x191c  [ 47577F77C8DD9CF4265B944CAFE1F172, A3F48F01ECFDF8E609D26754E517C06AD6382DA231F42BF64B6746D50F02FC6A ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
18:47:13.0476 0x191c  IntcDAud - ok
18:47:13.0510 0x191c  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:47:13.0519 0x191c  Intel(R) Capability Licensing Service Interface - ok
18:47:13.0547 0x191c  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
18:47:13.0557 0x191c  Intel(R) Capability Licensing Service TCP IP Interface - ok
18:47:13.0611 0x191c  [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:47:13.0613 0x191c  Intel(R) ME Service - ok
18:47:13.0615 0x191c  intelide - ok
18:47:13.0617 0x191c  intelpep - ok
18:47:13.0638 0x191c  intelppm - ok
18:47:13.0641 0x191c  iorate - ok
18:47:13.0699 0x191c  [ 44A9B60ECA9F6D760E0292E56127BCED, 1795EBC766D1F29D4F279967D7B08ADC2C673ABD7DD1BC157D2A05BCA6B65986 ] ipadtst         C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys
18:47:13.0699 0x191c  ipadtst - ok
18:47:13.0721 0x191c  IpFilterDriver - ok
18:47:13.0728 0x191c  iphlpsvc - ok
18:47:13.0730 0x191c  IPMIDRV - ok
18:47:13.0733 0x191c  IPNAT - ok
18:47:13.0766 0x191c  [ F4B68F7C1666A2A6CD1D37A08F1D6DF1, 63A3D85B07D10E6B3F4E84FDD6EA6C00F2756E1C9B3E57C11A2FFCD815E99946 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:47:13.0773 0x191c  iPod Service - ok
18:47:13.0776 0x191c  irda - ok
18:47:13.0779 0x191c  IRENUM - ok
18:47:13.0781 0x191c  irmon - ok
18:47:13.0805 0x191c  isapnp - ok
18:47:13.0807 0x191c  iScsiPrt - ok
18:47:13.0826 0x191c  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:47:13.0828 0x191c  jhi_service - ok
18:47:13.0831 0x191c  kbdclass - ok
18:47:13.0833 0x191c  kbdhid - ok
18:47:13.0849 0x191c  kdnic - ok
18:47:13.0878 0x191c  [ EB62EE6D52F0D6B76256DBE71C07E26F, D92F2D9B1779DC52918CB5D9F212F62F62E40F7EBB81A865F090B071BE69DE77 ] Ke2200          C:\WINDOWS\System32\drivers\e22w8x64.sys
18:47:13.0881 0x191c  Ke2200 - ok
18:47:13.0884 0x191c  KeyIso - ok
18:47:13.0896 0x191c  [ C05B34E971A4AA805241A2ED17D1DEA6, C175B2C1717F538ACF8A09A11FCF14B4407D5CB8FAF9114A0B64885B736595F9 ] KillerEth       C:\WINDOWS\System32\drivers\e2xw10x64.sys
18:47:13.0898 0x191c  KillerEth - ok
18:47:13.0901 0x191c  KSecDD - ok
18:47:13.0920 0x191c  KSecPkg - ok
18:47:13.0922 0x191c  ksthunk - ok
18:47:13.0929 0x191c  KtmRm - ok
18:47:13.0934 0x191c  LanmanServer - ok
18:47:13.0937 0x191c  LanmanWorkstation - ok
18:47:13.0939 0x191c  lfsvc - ok
18:47:13.0941 0x191c  LicenseManager - ok
18:47:13.0944 0x191c  lltdio - ok
18:47:13.0946 0x191c  lltdsvc - ok
18:47:13.0955 0x191c  lmhosts - ok
18:47:14.0012 0x191c  [ 3DE66F47365AA8CEB18B1EE272F4FEBA, 8DDD6AB4AEDE3B2FEA0D3B63DD24E3F3422D6ADE067756A3919FCED53C349167 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:47:14.0016 0x191c  LMS - ok
18:47:14.0020 0x191c  LSI_SAS - ok
18:47:14.0023 0x191c  LSI_SAS2i - ok
18:47:14.0025 0x191c  LSI_SAS3i - ok
18:47:14.0027 0x191c  LSI_SSS - ok
18:47:14.0030 0x191c  LSM - ok
18:47:14.0032 0x191c  luafv - ok
18:47:14.0049 0x191c  [ D8AD76AB13299C52D1D3C58FD3ADAF59, 293C6B7B1BAF391EE1CAAEBBA20F245351D6E85D381E63EA2F36171EAEEA18A4 ] ManyCam         C:\WINDOWS\system32\DRIVERS\mcvidrv.sys
18:47:14.0050 0x191c  ManyCam - ok
18:47:14.0068 0x191c  MapsBroker - ok
18:47:14.0104 0x191c  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
18:47:14.0106 0x191c  MBAMSwissArmy - ok
18:47:14.0120 0x191c  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\WINDOWS\system32\drivers\MBfilt64.sys
18:47:14.0122 0x191c  MBfilt - ok
18:47:14.0130 0x191c  [ F1CE49C11A9833A5D2EC32443A142064, 70BFA69B61304F7FD4193205B59019B489FE9CE1D3E961568DCACBE0C68EC7B5 ] mcaudrv_simple  C:\WINDOWS\system32\drivers\mcaudrv_x64.sys
18:47:14.0131 0x191c  mcaudrv_simple - ok
18:47:14.0187 0x191c  [ 6EF327DBB5DC9D6310ADE48CAB14959D, AFDC81E83E9EC9424C14431E531E976C419715754952D92BE2691186C55F0E9B ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe
18:47:14.0191 0x191c  McComponentHostService - ok
18:47:14.0214 0x191c  megasas - ok
18:47:14.0216 0x191c  megasr - ok
18:47:14.0235 0x191c  [ 034338E2F6F123727F7C351152B084AF, B1E120E838CC8A882FC0C4C5F6D6016E11DD3D067E31B27E532BAD11A5976230 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
18:47:14.0238 0x191c  MEIx64 - ok
18:47:14.0269 0x191c  MessagingService - ok
18:47:14.0335 0x191c  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files (x86)\SCM\MSIService.exe
18:47:14.0337 0x191c  Micro Star SCM - ok
18:47:14.0340 0x191c  mlx4_bus - ok
18:47:14.0354 0x191c  MMCSS - ok
18:47:14.0356 0x191c  Modem - ok
18:47:14.0367 0x191c  monitor - ok
18:47:14.0370 0x191c  mouclass - ok
18:47:14.0373 0x191c  mouhid - ok
18:47:14.0375 0x191c  mountmgr - ok
18:47:14.0377 0x191c  mpsdrv - ok
18:47:14.0380 0x191c  MpsSvc - ok
18:47:14.0383 0x191c  MRxDAV - ok
18:47:14.0385 0x191c  mrxsmb - ok
18:47:14.0387 0x191c  mrxsmb10 - ok
18:47:14.0390 0x191c  mrxsmb20 - ok
18:47:14.0396 0x191c  MsBridge - ok
18:47:14.0403 0x191c  MSDTC - ok
18:47:14.0407 0x191c  Msfs - ok
18:47:14.0409 0x191c  msgpiowin32 - ok
18:47:14.0411 0x191c  mshidkmdf - ok
18:47:14.0414 0x191c  mshidumdf - ok
18:47:14.0416 0x191c  msisadrv - ok
18:47:14.0420 0x191c  MSiSCSI - ok
18:47:14.0422 0x191c  msiserver - ok
18:47:14.0446 0x191c  [ B0762157B3CFF4D4782646F009EE8465, 57D48AE041E0528E5CA0F0A300CA32FF114A01750C9E3D49EFAC3EFD3E5E9AF8 ] MSI_SuperCharger C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
18:47:14.0448 0x191c  MSI_SuperCharger - ok
18:47:14.0451 0x191c  MSKSSRV - ok
18:47:14.0453 0x191c  MsLldp - ok
18:47:14.0455 0x191c  MSPCLOCK - ok
18:47:14.0457 0x191c  MSPQM - ok
18:47:14.0459 0x191c  MsRPC - ok
18:47:14.0462 0x191c  mssmbios - ok
18:47:14.0465 0x191c  MSTEE - ok
18:47:14.0467 0x191c  MTConfig - ok
18:47:14.0469 0x191c  Mup - ok
18:47:14.0472 0x191c  mvumis - ok
18:47:14.0517 0x191c  [ 8FA07AF404BC705FDEC03493644970B2, BF3B681AB11D830524607B3C5790B83A886B7CBDE397C3C7C9C96F79E2EC244D ] NAT             C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
18:47:14.0520 0x191c  NAT - ok
18:47:14.0523 0x191c  NativeWifiP - ok
18:47:14.0525 0x191c  NcaSvc - ok
18:47:14.0547 0x191c  NcbService - ok
18:47:14.0549 0x191c  NcdAutoSetup - ok
18:47:14.0551 0x191c  ndfltr - ok
18:47:14.0553 0x191c  NDIS - ok
18:47:14.0556 0x191c  NdisCap - ok
18:47:14.0557 0x191c  NdisImPlatform - ok
18:47:14.0559 0x191c  NdisTapi - ok
18:47:14.0562 0x191c  Ndisuio - ok
18:47:14.0565 0x191c  NdisVirtualBus - ok
18:47:14.0567 0x191c  NdisWan - ok
18:47:14.0569 0x191c  ndiswanlegacy - ok
18:47:14.0571 0x191c  ndproxy - ok
18:47:14.0573 0x191c  Ndu - ok
18:47:14.0575 0x191c  NetAdapterCx - ok
18:47:14.0577 0x191c  NetBIOS - ok
18:47:14.0580 0x191c  NetBT - ok
18:47:14.0583 0x191c  Netlogon - ok
18:47:14.0590 0x191c  Netman - ok
18:47:14.0592 0x191c  netprofm - ok
18:47:14.0596 0x191c  NetSetupSvc - ok
18:47:14.0636 0x191c  NetTcpPortSharing - ok
18:47:14.0744 0x191c  [ 30A8781DCB91BE52AE175581F00E48E7, 2BECA8D1F03D881CC2D41563925676633D1ACA11C9FBF44D648CA77F15CAE067 ] NETwNb64        C:\WINDOWS\System32\drivers\Netwbw02.sys
18:47:14.0792 0x191c  NETwNb64 - ok
18:47:14.0901 0x191c  [ 2010C652B758C3F3DAFBBC49BD57BB83, E8BDFFEEF18DF11119A61A7C44ED851D9698EA4A10867E82ABA197F9E3F116DB ] NETwNe64        C:\WINDOWS\System32\drivers\Netwew02.sys
18:47:14.0941 0x191c  NETwNe64 - ok
18:47:14.0973 0x191c  NgcCtnrSvc - ok
18:47:14.0975 0x191c  NgcSvc - ok
18:47:14.0982 0x191c  NlaSvc - ok
18:47:15.0119 0x191c  [ 4CA6E1F6A83D74A86850726475DC4462, 9BF8D917141A5736E72A9F51F827D24393509896E866F43FFB079F5BF8EF3F81 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:47:15.0168 0x191c  NOBU - ok
18:47:15.0193 0x191c  Npfs - ok
18:47:15.0195 0x191c  npggsvc - ok
18:47:15.0208 0x191c  npsvctrig - ok
18:47:15.0210 0x191c  nsi - ok
18:47:15.0212 0x191c  nsiproxy - ok
18:47:15.0215 0x191c  NTFS - ok
18:47:15.0240 0x191c  [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3   C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys
18:47:15.0240 0x191c  NTIOLib_1_0_3 - ok
18:47:15.0242 0x191c  Null - ok
18:47:15.0533 0x191c  [ 113505A56DAE1354960B7FF9E30E9AEA, 8A172BA5A06BA4949847A8F349128609AB324B3582707BECB9E786222BFE58D3 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
18:47:15.0697 0x191c  nvlddmkm - ok
18:47:15.0830 0x191c  [ AC1238F24FEEB03AE95F5571CCF947C7, 8EF702E51EE16E962B588D653EBD7360939FD3C83212786B8419DD9B700FE14B ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
18:47:15.0851 0x191c  NvNetworkService - ok
18:47:15.0873 0x191c  nvraid - ok
18:47:15.0889 0x191c  nvstor - ok
18:47:15.0948 0x191c  [ 04B34B3A4B336C680061B509274B4535, 999D045A5E250E355834C9414723D7E71921877D326FEF1076C44737028588C4 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
18:47:15.0948 0x191c  NvStreamKms - ok
18:47:16.0025 0x191c  [ C82120B1DCCC3BE72A5232280C1F6E21, 88C473E5683EF50A64E0317F28FFD9CA5A7A25347ED3A79250B1B10CC712F5A9 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
18:47:16.0068 0x191c  NvStreamNetworkSvc - ok
18:47:16.0137 0x191c  [ CA4DA69B1FCEF07F41B655725BF1C56A, 850D06C8EE23AA0B7C27EA3F6FB06854731E4BF1846AB66D6CAFFADEEAA87CE1 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
18:47:16.0167 0x191c  NvStreamSvc - ok
18:47:16.0234 0x191c  [ 334AD0B00C21E84B4CE3E20682D308BF, D17BC6D1B26AA10A1A4622AB36E3CDCBF35A9B9CA07CEC6FF865951FB45C9D03 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
18:47:16.0255 0x191c  nvsvc - ok
18:47:16.0295 0x191c  [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
18:47:16.0297 0x191c  nvvad_WaveExtensible - ok
18:47:16.0340 0x191c  [ 9130774B6AF49DA8AC51CC69BFA4A6E8, 886A72BBBE93DADB1437D01CEDA884EE4176C085574DCFDF6291A3E20CB5CDB7 ] OkayFreedom VPN Starter Service C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
18:47:16.0345 0x191c  OkayFreedom VPN Starter Service - ok
18:47:16.0367 0x191c  OneSyncSvc - ok
18:47:16.0416 0x191c  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:47:16.0418 0x191c  ose64 - ok
18:47:16.0436 0x191c  p2pimsvc - ok
18:47:16.0443 0x191c  p2psvc - ok
18:47:16.0448 0x191c  Parport - ok
18:47:16.0450 0x191c  partmgr - ok
18:47:16.0452 0x191c  PcaSvc - ok
18:47:16.0464 0x191c  pci - ok
18:47:16.0466 0x191c  pciide - ok
18:47:16.0470 0x191c  pcmcia - ok
18:47:16.0472 0x191c  pcw - ok
18:47:16.0474 0x191c  pdc - ok
18:47:16.0488 0x191c  PEAUTH - ok
18:47:16.0491 0x191c  percsas2i - ok
18:47:16.0493 0x191c  percsas3i - ok
18:47:16.0562 0x191c  PerfHost - ok
18:47:16.0570 0x191c  PhoneSvc - ok
18:47:16.0572 0x191c  PimIndexMaintenanceSvc - ok
18:47:16.0576 0x191c  pla - ok
18:47:16.0585 0x191c  PlugPlay - ok
18:47:16.0637 0x191c  PNRPAutoReg - ok
18:47:16.0639 0x191c  PNRPsvc - ok
18:47:16.0661 0x191c  PolicyAgent - ok
18:47:16.0668 0x191c  Power - ok
18:47:16.0671 0x191c  PptpMiniport - ok
18:47:16.0791 0x191c  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:47:16.0831 0x191c  PrintNotify - ok
18:47:16.0856 0x191c  Processor - ok
18:47:16.0858 0x191c  ProfSvc - ok
18:47:16.0871 0x191c  Psched - ok
18:47:16.0923 0x191c  [ AC64125A02ACC62B064EAD6EE4920D54, 04623CD0C6DF28892C499B54964B88765BD6A1F48CFC453DA1011A169D4B82D1 ] Qualcomm Atheros Killer Service V2 C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
18:47:16.0927 0x191c  Qualcomm Atheros Killer Service V2 - ok
18:47:16.0949 0x191c  QWAVE - ok
18:47:16.0951 0x191c  QWAVEdrv - ok
18:47:16.0953 0x191c  RasAcd - ok
18:47:16.0956 0x191c  RasAgileVpn - ok
18:47:16.0966 0x191c  RasAuto - ok
18:47:16.0968 0x191c  Rasl2tp - ok
18:47:16.0971 0x191c  RasMan - ok
18:47:16.0973 0x191c  RasPppoe - ok
18:47:16.0975 0x191c  RasSstp - ok
18:47:16.0978 0x191c  rdbss - ok
18:47:16.0989 0x191c  rdpbus - ok
18:47:16.0991 0x191c  RDPDR - ok
18:47:16.0995 0x191c  RdpVideoMiniport - ok
18:47:16.0997 0x191c  rdyboost - ok
18:47:16.0999 0x191c  ReFSv1 - ok
18:47:17.0010 0x191c  RemoteAccess - ok
18:47:17.0012 0x191c  RemoteRegistry - ok
18:47:17.0018 0x191c  RetailDemo - ok
18:47:17.0021 0x191c  RmSvc - ok
18:47:17.0024 0x191c  RpcEptMapper - ok
18:47:17.0036 0x191c  RpcLocator - ok
18:47:17.0038 0x191c  RpcSs - ok
18:47:17.0041 0x191c  rspndr - ok
18:47:17.0079 0x191c  [ F75C6FFD09A6C51E4B5166E05D97FD96, 12174DA89456347704455B1544C6E0FB54E55504E6C88F5E9962018D53D6F84D ] RTSPER          C:\WINDOWS\system32\DRIVERS\RtsPer.sys
18:47:17.0089 0x191c  RTSPER - ok
18:47:17.0109 0x191c  s3cap - ok
18:47:17.0137 0x191c  [ 6A75424A0D365CF924DF4887BE18A908, C04B1CBE3AA2799984BA9460BF0891457E5811B58230847F151B4265662F4E94 ] SAlphamBth      C:\WINDOWS\System32\drivers\SAlphabt64.sys
18:47:17.0138 0x191c  SAlphamBth - ok
18:47:17.0147 0x191c  [ BA61AC30012136452897855B9C623278, FD6338716DF5057C2DAD941932679DD0CB5EF7BA864BE3370B2D2CB5BC53D734 ] SAlphamHid      C:\WINDOWS\System32\drivers\SAlpham64.sys
18:47:17.0149 0x191c  SAlphamHid - ok
18:47:17.0161 0x191c  [ 666B8FAA62B38B31BFDCE056ADB07EF3, 3E06EC40922FE3D0F8D74AADD50BB4311BE53CA9B33C92B7DA1D3EF2FB2C80F9 ] SAlphaPS2       C:\WINDOWS\System32\drivers\SAlphaPS264.sys
18:47:17.0162 0x191c  SAlphaPS2 - ok
18:47:17.0164 0x191c  SamSs - ok
18:47:17.0190 0x191c  sbp2port - ok
18:47:17.0192 0x191c  SCardSvr - ok
18:47:17.0226 0x191c  [ A5C91E4A9B97665E5A10317C1625AFF9, 2B0B5F658AE259DF971112EA1A0266748E6092D08A49F48CE2872CB049B572D8 ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
18:47:17.0228 0x191c  SCDEmu - ok
18:47:17.0243 0x191c  ScDeviceEnum - ok
18:47:17.0255 0x191c  scfilter - ok
18:47:17.0257 0x191c  Schedule - ok
18:47:17.0260 0x191c  scmbus - ok
18:47:17.0262 0x191c  scmdisk0101 - ok
18:47:17.0274 0x191c  SCPolicySvc - ok
18:47:17.0276 0x191c  [ 0447065A6E10774EFCECFDD0EB970A79, 384A9AC72E756F96D43EE4B144A466564476AFD8778092C979116BB29A514433 ] ScpVBus         C:\WINDOWS\System32\drivers\ScpVBus.sys
18:47:17.0278 0x191c  ScpVBus - ok
18:47:17.0281 0x191c  sdbus - ok
18:47:17.0283 0x191c  SDRSVC - ok
18:47:17.0286 0x191c  sdstor - ok
18:47:17.0288 0x191c  seclogon - ok
18:47:17.0291 0x191c  SENS - ok
18:47:17.0302 0x191c  SensorDataService - ok
18:47:17.0305 0x191c  SensorService - ok
18:47:17.0307 0x191c  SensrSvc - ok
18:47:17.0309 0x191c  SerCx - ok
18:47:17.0311 0x191c  SerCx2 - ok
18:47:17.0314 0x191c  Serenum - ok
18:47:17.0317 0x191c  Serial - ok
18:47:17.0319 0x191c  sermouse - ok
18:47:17.0324 0x191c  SessionEnv - ok
18:47:17.0327 0x191c  sfloppy - ok
18:47:17.0337 0x191c  SharedAccess - ok
18:47:17.0346 0x191c  ShellHWDetection - ok
18:47:17.0364 0x191c  shpamsvc - ok
18:47:17.0366 0x191c  SiSRaid2 - ok
18:47:17.0368 0x191c  SiSRaid4 - ok
18:47:17.0428 0x191c  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:47:17.0432 0x191c  SkypeUpdate - ok
18:47:17.0451 0x191c  smphost - ok
18:47:17.0459 0x191c  SmsRouter - ok
18:47:17.0472 0x191c  SNMPTRAP - ok
18:47:17.0474 0x191c  spaceport - ok
18:47:17.0477 0x191c  SpbCx - ok
18:47:17.0480 0x191c  Spooler - ok
18:47:17.0483 0x191c  sppsvc - ok
18:47:17.0485 0x191c  srv - ok
18:47:17.0488 0x191c  srv2 - ok
18:47:17.0490 0x191c  srvnet - ok
18:47:17.0492 0x191c  SSDPSRV - ok
18:47:17.0495 0x191c  SstpSvc - ok
18:47:17.0526 0x191c  [ 36C3697CA09B23C77BDF95A6B0B57310, DAEF9CFBDE444A80FB41DA0BC5C3C4E1E4B535497A5EDA43EC8768A6EC42E4EA ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
18:47:17.0529 0x191c  ssudmdm - ok
18:47:17.0532 0x191c  StateRepository - ok
18:47:17.0605 0x191c  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:47:17.0621 0x191c  Steam Client Service - ok
18:47:17.0625 0x191c  stexstor - ok
18:47:17.0627 0x191c  stisvc - ok
18:47:17.0630 0x191c  storahci - ok
18:47:17.0649 0x191c  storflt - ok
18:47:17.0652 0x191c  stornvme - ok
18:47:17.0654 0x191c  storqosflt - ok
18:47:17.0657 0x191c  StorSvc - ok
18:47:17.0658 0x191c  storufs - ok
18:47:17.0661 0x191c  storvsc - ok
18:47:17.0664 0x191c  svsvc - ok
18:47:17.0666 0x191c  swenum - ok
18:47:17.0668 0x191c  swprv - ok
18:47:17.0684 0x191c  Synth3dVsc - ok
18:47:17.0687 0x191c  SysMain - ok
18:47:17.0699 0x191c  SystemEventsBroker - ok
18:47:17.0709 0x191c  TabletInputService - ok
18:47:17.0728 0x191c  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\WINDOWS\System32\drivers\tap0901.sys
18:47:17.0730 0x191c  tap0901 - ok
18:47:17.0733 0x191c  TapiSrv - ok
18:47:17.0735 0x191c  Tcpip - ok
18:47:17.0737 0x191c  Tcpip6 - ok
18:47:17.0741 0x191c  tcpipreg - ok
18:47:17.0745 0x191c  tdx - ok
18:47:17.0922 0x191c  [ E9D702580349582413503A28F8329B32, 405CEA2DB2B9EE9EF87E454375BEA6A3F6FB30B95BBD9F397129C73D4CCCC282 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
18:47:18.0005 0x191c  TeamViewer - ok
18:47:18.0016 0x191c  terminpt - ok
18:47:18.0035 0x191c  TermService - ok
18:47:18.0046 0x191c  Themes - ok
18:47:18.0064 0x191c  TieringEngineService - ok
18:47:18.0066 0x191c  tiledatamodelsvc - ok
18:47:18.0069 0x191c  TimeBrokerSvc - ok
18:47:18.0074 0x191c  TPM - ok
18:47:18.0077 0x191c  TrkWks - ok
18:47:18.0115 0x191c  TrustedInstaller - ok
18:47:18.0118 0x191c  tsusbflt - ok
18:47:18.0134 0x191c  TsUsbGD - ok
18:47:18.0261 0x191c  [ C8757FB7C986181F1A7D29B0FE5F20E2, 55FA4C6C9906396C5B73EC20D2ED78EB66A8D0DBBE433514B3AA71C520B6B640 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
18:47:18.0313 0x191c  TuneUp.UtilitiesSvc - ok
18:47:18.0327 0x191c  [ DB3C912A851FCA6358FED4D53DAA7E91, B35375EC9AF61D829489D9B278605E2098D6402419E79EB24C65D3B65816AEBC ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
18:47:18.0328 0x191c  TuneUpUtilitiesDrv - ok
18:47:18.0347 0x191c  tzautoupdate - ok
18:47:18.0349 0x191c  UASPStor - ok
18:47:18.0351 0x191c  UcmCx0101 - ok
18:47:18.0354 0x191c  UcmTcpciCx0101 - ok
18:47:18.0368 0x191c  UcmUcsi - ok
18:47:18.0377 0x191c  Ucx01000 - ok
18:47:18.0380 0x191c  UdeCx - ok
18:47:18.0383 0x191c  udfs - ok
18:47:18.0390 0x191c  UEFI - ok
18:47:18.0393 0x191c  Ufx01000 - ok
18:47:18.0395 0x191c  UfxChipidea - ok
18:47:18.0398 0x191c  ufxsynopsys - ok
18:47:18.0414 0x191c  UI0Detect - ok
18:47:18.0416 0x191c  umbus - ok
18:47:18.0419 0x191c  UmPass - ok
18:47:18.0429 0x191c  UmRdpService - ok
18:47:18.0432 0x191c  UnistoreSvc - ok
18:47:18.0436 0x191c  upnphost - ok
18:47:18.0439 0x191c  UrsChipidea - ok
18:47:18.0441 0x191c  UrsCx01000 - ok
18:47:18.0444 0x191c  UrsSynopsys - ok
18:47:18.0471 0x191c  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
18:47:18.0473 0x191c  USBAAPL64 - ok
18:47:18.0475 0x191c  usbccgp - ok
18:47:18.0478 0x191c  usbcir - ok
18:47:18.0481 0x191c  usbehci - ok
18:47:18.0483 0x191c  usbhub - ok
18:47:18.0486 0x191c  USBHUB3 - ok
18:47:18.0488 0x191c  usbohci - ok
18:47:18.0492 0x191c  usbprint - ok
18:47:18.0495 0x191c  usbser - ok
18:47:18.0498 0x191c  USBSTOR - ok
18:47:18.0500 0x191c  usbuhci - ok
18:47:18.0503 0x191c  USBXHCI - ok
18:47:18.0506 0x191c  UserDataSvc - ok
18:47:18.0527 0x191c  UserManager - ok
18:47:18.0530 0x191c  UsoSvc - ok
18:47:18.0532 0x191c  VaultSvc - ok
18:47:18.0560 0x191c  [ 87D4E923785CDFA655B53A78DD99BD2B, CCE460ED6C1292284B22B675CEDBB86CC3D329B15B1B9F77EA80AC7EDB774B65 ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
18:47:18.0563 0x191c  VBoxNetAdp - ok
18:47:18.0566 0x191c  vdrvroot - ok
18:47:18.0568 0x191c  vds - ok
18:47:18.0571 0x191c  VerifierExt - ok
18:47:18.0574 0x191c  vhdmp - ok
18:47:18.0577 0x191c  vhf - ok
18:47:18.0580 0x191c  vmbus - ok
18:47:18.0582 0x191c  VMBusHID - ok
18:47:18.0584 0x191c  vmgid - ok
18:47:18.0600 0x191c  vmicguestinterface - ok
18:47:18.0602 0x191c  vmicheartbeat - ok
18:47:18.0605 0x191c  vmickvpexchange - ok
18:47:18.0607 0x191c  vmicrdv - ok
18:47:18.0610 0x191c  vmicshutdown - ok
18:47:18.0613 0x191c  vmictimesync - ok
18:47:18.0615 0x191c  vmicvmsession - ok
18:47:18.0618 0x191c  vmicvss - ok
18:47:18.0620 0x191c  volmgr - ok
18:47:18.0623 0x191c  volmgrx - ok
18:47:18.0625 0x191c  volsnap - ok
18:47:18.0629 0x191c  volume - ok
18:47:18.0631 0x191c  vpci - ok
18:47:18.0634 0x191c  vsmraid - ok
18:47:18.0637 0x191c  VSS - ok
18:47:18.0639 0x191c  VSTXRAID - ok
18:47:18.0641 0x191c  vwifibus - ok
18:47:18.0644 0x191c  vwififlt - ok
18:47:18.0647 0x191c  vwifimp - ok
18:47:18.0650 0x191c  W32Time - ok
18:47:18.0652 0x191c  WacomPen - ok
18:47:18.0660 0x191c  WalletService - ok
18:47:18.0663 0x191c  wanarp - ok
18:47:18.0665 0x191c  wanarpv6 - ok
18:47:18.0667 0x191c  wbengine - ok
18:47:18.0670 0x191c  WbioSrvc - ok
18:47:18.0673 0x191c  wcifs - ok
18:47:18.0675 0x191c  Wcmsvc - ok
18:47:18.0678 0x191c  wcncsvc - ok
18:47:18.0681 0x191c  wcnfs - ok
18:47:18.0684 0x191c  WdBoot - ok
18:47:18.0687 0x191c  Wdf01000 - ok
18:47:18.0697 0x191c  WdFilter - ok
18:47:18.0700 0x191c  WdiServiceHost - ok
18:47:18.0704 0x191c  WdiSystemHost - ok
18:47:18.0708 0x191c  wdiwifi - ok
18:47:18.0711 0x191c  WdNisDrv - ok
18:47:18.0731 0x191c  WdNisSvc - ok
18:47:18.0733 0x191c  WebClient - ok
18:47:18.0736 0x191c  Wecsvc - ok
18:47:18.0738 0x191c  WEPHOSTSVC - ok
18:47:18.0741 0x191c  wercplsupport - ok
18:47:18.0744 0x191c  WerSvc - ok
18:47:18.0747 0x191c  WFPLWFS - ok
18:47:18.0749 0x191c  WiaRpc - ok
18:47:18.0769 0x191c  WIMMount - ok
18:47:18.0770 0x191c  WinDefend - ok
18:47:18.0776 0x191c  WindowsTrustedRT - ok
18:47:18.0778 0x191c  WindowsTrustedRTProxy - ok
18:47:18.0781 0x191c  WinHttpAutoProxySvc - ok
18:47:18.0828 0x191c  [ E815503BDE35026051EB701ACA72B296, 5541FBDA961B403F88BAF720840AB8DF2C96A382CDF97132A5C6A05A5F105E70 ] WINIO           C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys
18:47:18.0829 0x191c  WINIO - ok
18:47:18.0850 0x191c  WinMad - ok
18:47:18.0882 0x191c  Winmgmt - ok
18:47:18.0904 0x191c  WinRM - ok
18:47:18.0911 0x191c  WINUSB - ok
18:47:18.0914 0x191c  WinVerbs - ok
18:47:18.0934 0x191c  wisvc - ok
18:47:18.0942 0x191c  WlanSvc - ok
18:47:18.0946 0x191c  wlidsvc - ok
18:47:18.0949 0x191c  WmiAcpi - ok
18:47:18.0954 0x191c  wmiApSrv - ok
18:47:18.0975 0x191c  WMPNetworkSvc - ok
18:47:18.0986 0x191c  [ EDADABA8665AB5C51BF59C4E2566BA7E, C85337881856B466F61DFA1E69FC2FD8250085D299A5DE052BFA80C83FD5EFD0 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
18:47:18.0989 0x191c  Wof - ok
18:47:18.0995 0x191c  workfolderssvc - ok
18:47:18.0997 0x191c  WPDBusEnum - ok
18:47:19.0001 0x191c  WpdUpFltr - ok
18:47:19.0004 0x191c  WpnService - ok
18:47:19.0007 0x191c  WpnUserService - ok
18:47:19.0012 0x191c  ws2ifsl - ok
18:47:19.0015 0x191c  wscsvc - ok
18:47:19.0018 0x191c  WSearch - ok
18:47:19.0022 0x191c  wuauserv - ok
18:47:19.0026 0x191c  WudfPf - ok
18:47:19.0029 0x191c  WUDFRd - ok
18:47:19.0032 0x191c  wudfsvc - ok
18:47:19.0035 0x191c  WwanSvc - ok
18:47:19.0038 0x191c  XblAuthManager - ok
18:47:19.0040 0x191c  XblGameSave - ok
18:47:19.0044 0x191c  xboxgip - ok
18:47:19.0047 0x191c  XboxNetApiSvc - ok
18:47:19.0049 0x191c  xinputhid - ok
18:47:19.0083 0x191c  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\WINDOWS\System32\drivers\xusb21.sys
18:47:19.0085 0x191c  xusb21 - ok
18:47:19.0086 0x191c  ================ Scan global ===============================
18:47:19.0116 0x191c  [ Global ] - ok
18:47:19.0116 0x191c  ================ Scan MBR ==================================
18:47:19.0134 0x191c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:47:19.0137 0x191c  \Device\Harddisk0\DR0 - ok
18:47:19.0138 0x191c  ================ Scan VBR ==================================
18:47:19.0139 0x191c  [ CF0FAC2514279D8B715B6C1A56296FCF ] \Device\Harddisk0\DR0\Partition1
18:47:19.0141 0x191c  \Device\Harddisk0\DR0\Partition1 - ok
18:47:19.0146 0x191c  [ 2C1DF5589B13584578E16955D8DA1244 ] \Device\Harddisk0\DR0\Partition2
18:47:19.0146 0x191c  \Device\Harddisk0\DR0\Partition2 - ok
18:47:19.0161 0x191c  [ 54CC4C5925FD26A23D6655B56E9FD50F ] \Device\Harddisk0\DR0\Partition3
18:47:19.0161 0x191c  \Device\Harddisk0\DR0\Partition3 - ok
18:47:19.0175 0x191c  [ 4B81DFDEE593916581F15BC8C209325A ] \Device\Harddisk0\DR0\Partition4
18:47:19.0176 0x191c  \Device\Harddisk0\DR0\Partition4 - ok
18:47:19.0199 0x191c  [ 2C02AE0493481B05A5888F75205BFC0A ] \Device\Harddisk0\DR0\Partition5
18:47:19.0200 0x191c  \Device\Harddisk0\DR0\Partition5 - ok
18:47:19.0209 0x191c  [ F8C180A9E9CE8F56188A1C9CF045E4E4 ] \Device\Harddisk0\DR0\Partition6
18:47:19.0211 0x191c  \Device\Harddisk0\DR0\Partition6 - ok
18:47:19.0234 0x191c  [ 3DB77100A0EFCFF295C9BFCED9D4C622 ] \Device\Harddisk0\DR0\Partition7
18:47:19.0235 0x191c  \Device\Harddisk0\DR0\Partition7 - ok
18:47:19.0236 0x191c  ================ Scan generic autorun ======================
18:47:19.0579 0x191c  [ 78D93C04E892F50D6264A05F4EBCE150, F24D26CAF44B81725AAE9FE84F24DB848BAA7857C89DC34C2E258617E886EE5B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:47:19.0738 0x191c  RTHDVCPL - ok
18:47:19.0749 0x191c  ETDCtrl - ok
18:47:19.0808 0x191c  [ 815F6E3727453C978FFD721B2BDF48A5, E33A85E8EF80C662C84F705080585B35A899F8E588E8481D48538BA1224B5E57 ] C:\Program Files (x86)\SCM\Radio Manager.exe
18:47:19.0813 0x191c  Radio Manager - ok
18:47:19.0834 0x191c  [ 0123AE1BC462CD5F7321E0249B0379E1, 60BDE9BE24B541576F8C929B32C672E9079535FE63D8FAC9B7AD5A50474A515C ] C:\Program Files (x86)\SCM\SCM.exe
18:47:19.0839 0x191c  SCM - ok
18:47:19.0857 0x191c  MBCfg64 - ok
18:47:19.0939 0x191c  [ FF4B6B134B3D40451440B868197C9C21, 066AA3625ABD7ECA6F6684999980094AE67299B83B026B879E40F7AB6E772459 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
18:47:19.0966 0x191c  NvBackend - ok
18:47:20.0050 0x191c  [ 36E62063607B123E9D5B222958B9AC1C, 53690BB53B0248383300DE6D303165F0F471A2F8868A09BAF38609DBEFCB8ADD ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
18:47:20.0051 0x191c  IAStorIcon - ok
18:47:20.0094 0x191c  [ 404A6E6550DB206EA6E9B1AC642102B2, 33CAF3CDEF820DFC97844BBCA56B95B6D31D1C682C69A29D14F7A0C9058AC8EF ] C:\Program Files\iTunes\iTunesHelper.exe
18:47:20.0096 0x191c  iTunesHelper - ok
18:47:20.0097 0x191c  WindowsDefender - ok
18:47:20.0135 0x191c  [ 4BA4EE813C494E70FF381DB39CEE3F39, 8AF9C9F680145FC2B2DC50317F708A27117BB240652E3EF3A728837DC7D5BB7B ] C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
18:47:20.0143 0x191c  Sound Blaster Cinema - ok
18:47:20.0184 0x191c  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
18:47:20.0185 0x191c  UpdReg - ok
18:47:20.0203 0x191c  [ C049C40CAEE8900130BD5F80B594CC7B, F54FC31662A9B8032B380793D534F34A0C63FED9C84DE313D17A61612EB31DC4 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
18:47:20.0205 0x191c  RemoteControl10 - ok
18:47:20.0233 0x191c  [ 7D2A9D5B29A486B55E54AD89B6BFBF23, B5483058BB3255139CBFCB67CA7735197FA6C72BC42F004E51F13C139962E71E ] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
18:47:20.0235 0x191c  BDRegion - ok
18:47:20.0289 0x191c  [ F4EC93E4A239F9A27777ED2416F6353D, 347A542146729682027039A92DF8E52FAE283E0DAAED873A59BA17BD1FF26416 ] C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
18:47:20.0301 0x191c  SUPER CHARGER - ok
18:47:20.0340 0x191c  [ 324EB08C7610095182D5D399ED1A0EB3, 23F0ECA2C830E2593D4325B60B4FCB1E1DF0601E483D4A2E17AB41EC0908F53C ] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
18:47:20.0345 0x191c  PWRISOVM.EXE - ok
18:47:20.0421 0x191c  [ E05782E0B697CADBBC17E78C67280B30, 87A142350F1BD9FF7ADDDBF80AC5C1EFDCE93F8E3142B95ACC8D85DDE77D42D8 ] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
18:47:20.0424 0x191c  Lightshot - ok
18:47:20.0485 0x191c  [ 07A3A88C8E8FD71EAA2B7F39134788DA, 0AAB731BF14B8A96FF6DB84CDD2579C1DFE5E56838EF3D92B03AE738E89A92D1 ] C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
18:47:20.0495 0x191c  ROCCAT Savu Gaming Mouse - ok
18:47:20.0551 0x191c  [ D0B1DA5382433AFBF52DE8815298EB0C, A326D01783359CCA1054210D82F17533638A9769A7A08C2BD0621DE016909359 ] C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE
18:47:20.0558 0x191c  RoccatIsku - ok
18:47:20.0610 0x191c  [ 69E6AA230410AF75DE5C81B77C63BBDF, 56D6B2823695EA116FBEB3F3F49FC1023359528BF6377069D7E320EC28AE6561 ] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
18:47:20.0623 0x191c  AvgUi - ok
18:47:20.0679 0x191c  [ 6EACC43D0542EF88226FB34B0B12EDB0, 6345E4B49D7F804F6DE042F981AB172822B6AB74C42209BEFB0582B019430884 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:47:20.0686 0x191c  SunJavaUpdateSched - ok
18:47:20.0767 0x191c  OneDriveSetup - ok
18:47:20.0768 0x191c  OneDriveSetup - ok
18:47:20.0807 0x191c  [ C1211F321EC4B74DB5BEF65E85AD7E6B, 1D615402CA66AEA3E3C20C2A48BB1BF5F9ED1FFFD5F824395FB337438C66E0A0 ] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
18:47:20.0810 0x191c  SteelSeries Engine - ok
18:47:20.0935 0x191c  [ CACBA0704C7A57948B61FA7836B1E133, 3141657246F95353B5043A16F9F0A99CAA26F078D3403A3933E0EB2DA9284186 ] C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
18:47:20.0991 0x191c  OKAYFREEDOM_Agent - ok
18:47:21.0153 0x191c  [ 33800FE47126B32E800255A973CC26D2, A0E5E8F4823CA257DB7B5C8516F69D00B780E7F08E0D77A75AA8E6FE33917DF2 ] C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe
18:47:21.0176 0x191c  uTorrent - ok
18:47:21.0201 0x191c  Skype - ok
18:47:21.0312 0x191c  [ ADF6C78FC95716CA45A68FD3DA1C1A78, 8250D47AC8C25A3A2DB8AB2148350F7086141F91DB317D0431DA545430B843F5 ] C:\Program Files (x86)\Steam\steam.exe
18:47:21.0346 0x191c  Steam - ok
18:47:21.0391 0x191c  [ 8A212F27F5C9FD5BD13EBC1900702F20, 21AEBD1263099F29678CD8EDFACF8AA4AFECFF66CC3B08FAC7A28456FC09B283 ] C:\Program Files\PUSH Entertainment\Video Wallpaper\Launch Wallpaper.exe
18:47:21.0395 0x191c  PUSH Wallpaper - ok
18:47:21.0399 0x191c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.0 ), 0x61100 ( enabled : updated )
18:47:21.0400 0x191c  Win FW state via NFP2: enabled ( trusted )
18:47:21.0485 0x191c  ============================================================
18:47:21.0485 0x191c  Scan finished
18:47:21.0485 0x191c  ============================================================
18:47:21.0489 0x09d0  Detected object count: 0
18:47:21.0489 0x09d0  Actual detected object count: 0
18:47:27.0172 0x0a20  Deinitialize success

M-K-D-B · 03.09.2016, 20:18

Servus,

bitte beachten:

Zitat:

Gestartet von C:\Users\Sonny\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Image File Execution Options Schlüssel
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Hosts-Datei
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

stefan nur · 04.09.2016, 01:02

adwcleaner

Code:

ATTFilter

# AdwCleaner v6.010 - Logfile created 04/09/2016 at 01:32:38
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-03.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Sonny - MSI_SAMDAR
# Running from : C:\Users\Sonny\Desktop\AdwCleaner_6.010.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\Software\OCS
[-] Key deleted: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\OCS
[#] Key deleted on reboot: HKCU\Software\OCS
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: " Image File Execution Options" keys deleted
:: "Prefetch" files deleted
:: Proxy settings cleared
:: Hosts file cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7196 Bytes] - [21/07/2016 18:50:10]
C:\AdwCleaner\AdwCleaner[C2].txt - [14565 Bytes] - [12/11/2015 23:57:58]
C:\AdwCleaner\AdwCleaner[C3].txt - [2120 Bytes] - [04/09/2016 01:32:38]
C:\AdwCleaner\AdwCleaner[R0].txt - [13385 Bytes] - [01/11/2014 17:10:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [11126 Bytes] - [01/11/2014 17:12:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [7555 Bytes] - [21/07/2016 18:47:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [13891 Bytes] - [12/11/2015 23:52:48]
C:\AdwCleaner\AdwCleaner[S3].txt - [13891 Bytes] - [12/11/2015 23:57:12]
C:\AdwCleaner\AdwCleaner[S4].txt - [2670 Bytes] - [04/09/2016 01:32:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2635 Bytes] ##########

FRST.txt

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von Sonny (Administrator) auf MSI_SAMDAR (04-09-2016 01:51:07)
Gestartet von C:\Users\Sonny\Desktop
Geladene Profile: Sonny &  (Verfügbare Profile: Sonny)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-04-23] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347680 2015-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [40576 2013-08-29] (Creative Technology Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [RoccatIsku] => C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [536576 2013-10-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [249856 2014-01-23] (SteelSeries ApS)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [4946856 2014-10-16] (Steganos Software GmbH)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [uTorrent] => C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe [1988096 2016-09-03] (BitTorrent Inc.)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [PUSH Wallpaper] => C:\Program Files\PUSH Entertainment\Video Wallpaper\Launch Wallpaper.exe [330488 2010-05-27] ()
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\RunOnce: [Uninstall C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [249856 2014-01-23] (SteelSeries ApS)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [4946856 2014-10-16] (Steganos Software GmbH)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe [1988096 2016-09-03] (BitTorrent Inc.)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PUSH Wallpaper] => C:\Program Files\PUSH Entertainment\Video Wallpaper\Launch Wallpaper.exe [330488 2010-05-27] ()
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\itunes.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\super charger.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-09-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-09-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-09-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-09-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-09-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-09-03] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-11-12]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{29CDA0F1-A6DA-44CC-9ABB-131A7D3D77AE}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7cf9bcf8-fdae-4c28-813c-13345f0ffd96}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8b10dfee-2a45-471c-b680-0146b9966fb7}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d7a64765-73bd-4a71-9a53-fb01d8d93b37}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130898378660324794&GUID=2EAF34BE-DF2E-AFE4-66B9-9D27FEBAE0D0
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130898378660370656&GUID=2EAF34BE-DF2E-AFE4-66B9-9D27FEBAE0D0
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-2802146430-1798650074-2620433185-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sonny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sonny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Extension: (BetterTTV) - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267\Extensions\firefox@betterttv.net.xpi [2016-07-21]
FF Extension: (ProxTube) - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267\Extensions\ich@maltegoetz.de.xpi [2016-08-25]
FF Extension: (Adblock Plus) - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-22]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon => nicht gefunden
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-04-27]

Chrome: 
=======
CHR Profile: C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-05-18]
CHR Extension: (Google Drive) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-21]
CHR Extension: (YouTube) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-21]
CHR Extension: (Adblock Plus) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-22]
CHR Extension: (Google-Suche) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-01-21]
CHR Extension: (ReChat for Twitch™) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2016-01-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Google Mail) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-01] ()
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-26] (CyberLink)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [243984 2016-03-29] (EasyAntiCheat Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144096 2015-11-12] (ELAN Microelectronics Corp.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
S4 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3806032 2015-10-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-05-02] (NVIDIA Corporation)
S4 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [321976 2014-10-16] (Steganos Software GmbH)
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-03-04] (Qualcomm Atheros) [Datei ist nicht signiert]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4368808 2015-10-14] (AVG Technologies CZ, s.r.o.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [81072 2014-02-21] (Qualcomm Atheros, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [20464 2013-11-12] (Windows (R) Win 7 DDK provider)
S3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [163536 2013-03-21] (Qualcomm Atheros, Inc.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-04] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [4107504 2015-09-24] (Intel Corporation)
S3 NETwNe64; C:\Windows\System32\drivers\Netwew02.sys [3505432 2015-03-23] (Intel Corporation)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2012-10-16] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [26496 2013-12-12] (SteelSeries Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-10-14] (TuneUp Software)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-04 01:51 - 2016-09-04 01:51 - 00027628 _____ C:\Users\Sonny\Desktop\FRST.txt
2016-09-04 01:43 - 2016-09-04 01:43 - 00003798 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2016-09-04 01:42 - 2016-09-04 01:42 - 00002922 _____ C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2016-09-04 00:55 - 2016-09-04 00:55 - 00000764 _____ C:\Users\Sonny\Desktop\JRT.txt
2016-09-04 00:51 - 2016-09-04 00:52 - 01610560 _____ (Malwarebytes) C:\Users\Sonny\Desktop\JRT.exe
2016-09-04 00:50 - 2016-09-04 00:50 - 00001185 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-09-04 00:50 - 2016-09-04 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-09-04 00:50 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-04 00:50 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-04 00:50 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-04 00:49 - 2016-09-04 00:50 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-09-04 00:49 - 2016-09-04 00:49 - 03826240 _____ C:\Users\Sonny\Desktop\AdwCleaner_6.010.exe
2016-09-04 00:48 - 2016-09-04 00:49 - 22851472 _____ (Malwarebytes ) C:\Users\Sonny\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-03 23:14 - 2016-09-03 23:14 - 00003332 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-03 18:44 - 2016-09-03 18:47 - 00186512 _____ C:\TDSSKiller.3.1.0.11_03.09.2016_18.44.28_log.txt
2016-09-03 18:44 - 2016-09-03 18:44 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Sonny\Downloads\tdsskiller.exe
2016-09-03 18:43 - 2016-09-03 18:44 - 00061094 _____ C:\Users\Sonny\Downloads\Addition.txt
2016-09-03 18:42 - 2016-09-03 18:44 - 00068184 _____ C:\Users\Sonny\Downloads\FRST.txt
2016-09-03 18:41 - 2016-09-03 18:42 - 02397696 _____ (Farbar) C:\Users\Sonny\Desktop\FRST64.exe
2016-09-03 15:14 - 2016-09-03 15:17 - 559536890 ____R C:\Users\Sonny\Downloads\Boogeyman.zip
2016-09-03 15:14 - 2016-09-03 15:15 - 02325112 ____R (W3i, LLC) C:\Users\Sonny\Downloads\epicbot_520.exe
2016-09-03 05:00 - 2016-09-03 15:14 - 00000000 ____D C:\Users\Sonny\AppData\LocalLow\uTorrent
2016-09-03 02:32 - 2016-09-03 02:32 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-09-03 02:32 - 2016-09-03 02:32 - 00002210 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2016-09-03 02:32 - 2016-09-03 02:32 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\AVG
2016-09-03 02:32 - 2016-09-03 02:32 - 00000000 ____D C:\ProgramData\Avg
2016-09-03 02:32 - 2016-09-03 02:32 - 00000000 ____D C:\Program Files (x86)\AVG
2016-09-03 02:32 - 2015-10-14 11:05 - 00045992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2016-09-03 02:30 - 2016-09-03 02:32 - 00000000 ____D C:\Users\Sonny\AppData\Local\AvgSetupLog
2016-09-03 02:30 - 2016-09-03 02:32 - 00000000 ____D C:\Users\Sonny\AppData\Local\Avg
2016-09-01 19:42 - 2016-09-03 04:22 - 00000000 ____D C:\Users\Sonny\Desktop\fotos LUL
2016-09-01 10:56 - 2016-09-01 10:56 - 00000000 _____ C:\Users\Sonny\Desktop\anrufen 776750.txt
2016-08-31 11:12 - 2016-08-31 11:12 - 00000000 ____D C:\Users\Sonny\Desktop\hülln
2016-08-27 17:24 - 2016-08-27 17:24 - 00000000 ____D C:\Users\Sonny\Desktop\realtemp
2016-08-23 12:21 - 2016-08-23 12:21 - 00000000 ____D C:\WINDOWS\pss
2016-08-21 01:38 - 2016-08-21 01:38 - 00002019 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-08-21 01:38 - 2016-08-21 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-19 21:03 - 2016-08-19 21:03 - 00000222 _____ C:\Users\Sonny\Desktop\H1Z1 King of the Kill.url
2016-08-19 14:54 - 2016-08-19 14:54 - 00000000 ____D C:\Users\Sonny\Desktop\random
2016-08-19 14:44 - 2016-09-03 04:17 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-19 12:16 - 2016-09-03 04:17 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-19 12:13 - 2016-08-19 12:13 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-19 12:13 - 2016-08-19 12:13 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-19 12:13 - 2016-08-19 12:13 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-19 12:12 - 2016-07-15 20:29 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2016-08-19 12:12 - 2016-07-15 20:29 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2016-08-19 12:12 - 2016-07-15 20:14 - 06354944 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2016-08-19 12:12 - 2016-07-15 19:45 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2016-08-19 12:12 - 2016-07-15 19:29 - 05489664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2016-08-19 12:11 - 2016-08-19 12:11 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-19 12:10 - 2016-08-19 14:52 - 00000000 ____D C:\Users\Sonny\AppData\Local\ConnectedDevicesPlatform
2016-08-19 12:10 - 2016-08-19 12:10 - 00000020 ___SH C:\Users\Sonny\ntuser.ini
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files\MSBuild
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-19 12:07 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-19 12:07 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 ____D C:\ProgramData\USOShared
2016-08-19 11:50 - 2016-08-19 11:53 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-19 11:50 - 2016-08-19 11:53 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-19 11:44 - 2016-09-04 01:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-19 11:44 - 2016-09-03 13:32 - 00002868 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-08-19 11:44 - 2016-09-03 13:32 - 00002494 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2016-08-19 11:44 - 2016-09-03 12:41 - 00002420 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Gaming Center
2016-08-19 11:44 - 2016-09-03 04:15 - 00002196 _____ C:\WINDOWS\System32\Tasks\MSI_Reminder
2016-08-19 11:44 - 2016-09-03 04:12 - 00003712 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-19 11:44 - 2016-09-03 04:12 - 00003488 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-19 11:44 - 2016-08-19 11:44 - 00003304 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CBE7263C-E444-4178-9108-E09677EE42AD}
2016-08-19 11:44 - 2016-08-19 11:44 - 00003098 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-08-19 11:44 - 2016-08-19 11:44 - 00003084 _____ C:\WINDOWS\System32\Tasks\{801E4822-0C78-8E92-B7F4-3F027A1B897F}
2016-08-19 11:44 - 2016-08-19 11:44 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2802146430-1798650074-2620433185-1002
2016-08-19 11:44 - 2016-08-19 11:44 - 00002460 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-08-19 11:44 - 2016-08-19 11:44 - 00002380 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2802146430-1798650074-2620433185-500
2016-08-19 11:44 - 2016-08-19 11:44 - 00002242 _____ C:\WINDOWS\System32\Tasks\{62C4727E-EE8B-4CC4-ACF4-42684399E681}
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-19 11:44 - 2014-04-27 04:08 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1445490910-985070050-2736773077-500
2016-08-19 11:44 - 2013-11-13 22:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-538400136-2975241231-1352160326-500
2016-08-19 11:43 - 2016-08-19 11:44 - 00002982 _____ C:\WINDOWS\System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898
2016-08-19 11:43 - 2016-08-19 11:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Abelssoft
2016-08-19 11:33 - 2016-08-19 11:33 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-19 11:33 - 2016-08-19 11:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-08-19 11:33 - 2016-08-19 11:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-08-19 11:28 - 2016-08-19 11:35 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-19 11:25 - 2016-09-03 19:47 - 00000000 ____D C:\Users\Sonny
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Vorlagen
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Startmenü
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Netzwerkumgebung
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Lokale Einstellungen
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Eigene Dateien
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Druckumgebung
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Documents\Eigene Videos
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Documents\Eigene Musik
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Documents\Eigene Bilder
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\AppData\Local\Verlauf
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\AppData\Local\Anwendungsdaten
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Anwendungsdaten
2016-08-19 11:21 - 2016-09-04 01:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-19 11:21 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files\Intel
2016-08-19 11:21 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files\Elantech
2016-08-19 11:21 - 2016-08-19 11:21 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-08-19 11:21 - 2016-08-19 11:21 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-08-19 11:21 - 2016-05-27 15:50 - 00104584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-08-19 11:21 - 2016-05-27 15:50 - 00100488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-08-19 11:20 - 2016-08-19 11:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-19 11:20 - 2016-08-19 11:20 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-19 11:20 - 2016-08-19 11:20 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-19 11:20 - 2016-08-19 11:20 - 00000000 ____D C:\Program Files\Realtek
2016-08-19 11:20 - 2016-07-16 13:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 06452948 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-08-19 11:20 - 2016-06-03 05:59 - 06364216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 02455608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-19 11:20 - 2016-06-03 05:59 - 00534072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-19 11:19 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-19 11:19 - 2016-08-19 11:19 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-08-19 11:18 - 2016-09-04 01:23 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-19 11:18 - 2016-08-19 14:44 - 00342560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-19 11:18 - 2016-08-19 11:18 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-18 18:45 - 2016-08-18 20:07 - 00000096 _____ C:\Users\Sonny\Desktop\AliBaba evidence.txt
2016-08-11 02:55 - 2016-08-11 02:55 - 00002317 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-08-11 02:55 - 2016-08-11 02:55 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2016-08-10 15:17 - 2016-08-10 15:18 - 00000031 _____ C:\Users\Sonny\Desktop\nUMMERN.txt

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-04 01:51 - 2015-11-10 19:44 - 00000000 ____D C:\FRST
2016-09-04 01:45 - 2015-07-10 01:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 01:37 - 2014-07-23 20:18 - 00000000 __SHD C:\Users\Sonny\IntelGraphicsProfiles
2016-09-04 01:33 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-09-04 01:32 - 2014-11-01 17:10 - 00000000 ____D C:\AdwCleaner
2016-09-04 00:18 - 2016-07-28 05:08 - 00000000 ____D C:\Users\Sonny\Desktop\slaM
2016-09-03 23:20 - 2015-10-27 17:14 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-03 23:14 - 2015-11-17 02:39 - 00002439 _____ C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-03 23:14 - 2015-05-13 14:16 - 00000000 ___RD C:\Users\Sonny\OneDrive
2016-09-03 23:14 - 2014-12-23 13:23 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Skype
2016-09-03 16:13 - 2014-08-20 20:12 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\uTorrent
2016-09-03 13:50 - 2016-07-20 01:24 - 00000000 ____D C:\Users\Sonny\AppData\Local\ElevatedDiagnostics
2016-09-03 13:47 - 2014-08-07 21:09 - 00000000 ____D C:\ProgramData\Oracle
2016-09-03 13:46 - 2015-09-05 09:56 - 00000000 ____D C:\Users\Sonny\.oracle_jre_usage
2016-09-03 13:46 - 2014-10-30 17:56 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-09-03 13:46 - 2014-10-30 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-03 13:46 - 2014-08-07 21:09 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-03 13:24 - 2016-01-21 16:17 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-03 13:24 - 2016-01-21 16:17 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-03 13:23 - 2016-07-16 13:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-03 04:38 - 2014-07-24 00:29 - 00000000 ____D C:\Users\Sonny\AppData\Local\CrashDumps
2016-09-03 04:22 - 2016-07-20 01:42 - 00000000 ____D C:\Users\Sonny\Desktop\memes
2016-09-03 04:22 - 2016-06-01 20:58 - 00000000 ____D C:\Users\Sonny\.spawnpk
2016-09-03 04:22 - 2016-05-20 15:55 - 00000000 ____D C:\Users\Sonny\Desktop\k
2016-09-03 04:18 - 2016-03-29 02:04 - 00000000 ____D C:\Users\Sonny\.thumbnails
2016-09-03 04:18 - 2014-08-07 21:10 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\.minecraft
2016-09-03 04:18 - 2014-04-27 04:02 - 00000000 ____D C:\ProgramData\Temp
2016-09-03 04:17 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-03 04:17 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-03 04:17 - 2014-12-14 16:44 - 00000000 ____D C:\Users\Sonny\AppData\Local\Battle.net
2016-09-02 18:04 - 2014-12-14 16:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-09-02 12:43 - 2016-07-17 00:51 - 00568860 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-02 12:43 - 2016-07-17 00:51 - 00108388 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-02 12:43 - 2015-11-17 02:13 - 01599886 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-02 12:39 - 2015-11-17 02:10 - 00147656 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2016-09-01 21:43 - 2014-07-31 21:19 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\TS3Client
2016-08-26 12:50 - 2016-05-05 23:38 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-26 11:57 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-25 11:36 - 2016-01-19 22:16 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-08-21 17:08 - 2014-12-14 16:45 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-08-21 01:38 - 2015-11-15 03:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-20 15:52 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-20 13:54 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-20 13:52 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-20 02:22 - 2014-04-27 03:18 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-19 21:03 - 2014-08-14 18:31 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-19 14:46 - 2016-04-18 20:19 - 00000306 __RSH C:\ProgramData\ntuser.pol
2016-08-19 12:46 - 2014-07-23 20:18 - 00000000 ____D C:\Users\Sonny\AppData\Local\Packages
2016-08-19 12:16 - 2016-07-16 13:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-19 12:12 - 2016-07-17 00:52 - 00000000 ____D C:\WINDOWS\OCR
2016-08-19 12:10 - 2014-07-23 20:15 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-19 12:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-08-19 12:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-08-19 11:54 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-19 11:54 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-19 11:54 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows NT
2016-08-19 11:53 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-19 11:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-19 11:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-19 11:50 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-19 11:44 - 2015-11-17 02:19 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-19 11:40 - 2014-04-27 03:25 - 01444596 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-08-19 11:36 - 2014-09-06 18:31 - 00000000 ____D C:\WINDOWS\SysWOW64\SupportAppZXH
2016-08-19 11:36 - 2013-11-13 21:33 - 00000000 ____D C:\WINDOWS\uk
2016-08-19 11:36 - 2013-11-13 21:33 - 00000000 ____D C:\WINDOWS\tr
2016-08-19 11:35 - 2016-08-02 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-08-19 11:35 - 2016-08-01 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-08-19 11:35 - 2016-07-26 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-19 11:35 - 2016-06-22 03:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-08-19 11:35 - 2016-06-19 02:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReMouse Standard
2016-08-19 11:35 - 2016-06-07 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-08-19 11:35 - 2016-06-01 08:41 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2016-08-19 11:35 - 2016-05-23 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GhostMouse
2016-08-19 11:35 - 2016-05-20 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-19 11:35 - 2016-05-06 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-08-19 11:35 - 2016-02-24 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
2016-08-19 11:35 - 2015-11-11 20:26 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-19 11:35 - 2015-10-30 20:44 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-19 11:35 - 2015-10-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-19 11:35 - 2015-06-14 01:20 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-08-19 11:35 - 2015-03-22 14:48 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
2016-08-19 11:35 - 2014-12-23 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-19 11:35 - 2014-12-22 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-08-19 11:35 - 2014-12-14 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-08-19 11:35 - 2014-12-14 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-08-19 11:35 - 2014-11-29 11:52 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-19 11:35 - 2014-11-29 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-19 11:35 - 2014-11-13 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2016-08-19 11:35 - 2014-11-12 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-08-19 11:35 - 2014-11-05 22:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-19 11:35 - 2014-11-02 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2016-08-19 11:35 - 2014-08-21 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Goat Simulator
2016-08-19 11:35 - 2014-07-31 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-08-19 11:35 - 2014-07-25 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2016-08-19 11:35 - 2014-04-27 04:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
2016-08-19 11:35 - 2014-04-27 03:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-08-19 11:35 - 2014-04-27 03:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-08-19 11:35 - 2014-04-27 03:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-19 11:35 - 2014-04-18 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2016-08-19 11:35 - 2013-11-13 21:33 - 00000000 ____D C:\WINDOWS\bg
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\sv
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\sl
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\sk
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\ru
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\ro
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\pl
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\nl
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\lv
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\lt
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\it
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\hu
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\hr
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\he
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\fr
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\fi
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\et
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\es
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\en
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\el
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\de
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\da
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\cs
2016-08-19 11:35 - 2013-11-13 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-08-19 11:35 - 2013-11-13 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2016-08-19 11:33 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-19 11:33 - 2015-10-30 08:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-08-19 11:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-08-19 11:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-19 11:30 - 2014-07-24 11:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-19 11:30 - 2014-04-27 03:20 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-08-19 11:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-08-19 11:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-19 11:29 - 2016-05-03 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PUSH Entertainment
2016-08-19 11:29 - 2016-03-10 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-08-19 11:29 - 2016-01-14 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-08-19 11:29 - 2016-01-14 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-08-19 11:29 - 2015-09-26 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roccat
2016-08-19 11:29 - 2014-04-27 03:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2016-08-19 11:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-19 11:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-19 11:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-19 11:28 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-19 11:27 - 2016-03-10 05:34 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-08-19 11:21 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-19 11:21 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-19 11:21 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-19 03:53 - 2014-07-23 21:16 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-18 22:49 - 2014-07-24 20:37 - 00000000 ____D C:\Users\Sonny\AppData\Local\NVIDIA Corporation
2016-08-18 22:49 - 2014-07-24 20:36 - 00000000 ____D C:\Users\Sonny\AppData\Local\NVIDIA
2016-08-18 14:37 - 2014-04-27 03:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-08-17 18:04 - 2014-11-15 17:55 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\TeamViewer
2016-08-13 23:14 - 2014-11-01 16:59 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-11 02:55 - 2014-04-27 03:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-11 00:44 - 2015-02-12 19:31 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-08-10 00:19 - 2014-07-24 11:47 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 00:16 - 2015-10-16 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-10 00:10 - 2013-08-22 15:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-08-08 23:40 - 2016-01-21 16:18 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2005-04-08 04:16 - 2015-02-28 23:03 - 0142572 ____H () C:\Users\Sonny\AppData\Roaming\Sonnylog.dat
2015-10-21 21:42 - 2015-10-21 21:42 - 1852453 _____ () C:\Users\Sonny\AppData\Local\curl.zip
2015-10-21 21:42 - 2015-10-21 21:42 - 0000002 _____ () C:\Users\Sonny\AppData\Local\OczLpK.vbs
2016-06-29 04:14 - 2016-06-29 04:14 - 0005871 _____ () C:\Users\Sonny\AppData\Local\recently-used.xbel
2015-03-23 19:53 - 2016-01-23 12:21 - 0007601 _____ () C:\Users\Sonny\AppData\Local\Resmon.ResmonCfg
2016-07-21 18:19 - 2016-07-21 18:19 - 1145382 _____ () C:\Users\Sonny\AppData\Local\Tempmusic.ogg
2015-06-20 16:06 - 2015-06-20 16:06 - 0000003 _____ () C:\Users\Sonny\AppData\Local\updater.log
2015-06-20 16:06 - 2015-10-02 12:12 - 0000424 _____ () C:\Users\Sonny\AppData\Local\UserProducts.xml

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Sonny\matrix_cl_CloudIn_LIVE.dat
C:\Users\Sonny\system32log.dat


Einige Dateien in TEMP:
====================
C:\Users\Sonny\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Sonny\AppData\Local\Temp\libeay32.dll
C:\Users\Sonny\AppData\Local\Temp\msvcr120.dll
C:\Users\Sonny\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-29 17:47

==================== Ende von FRST.txt ============================

stefan nur · 04.09.2016, 01:15

addition.txt

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Sonny (04-09-2016 01:52:08)
Gestartet von C:\Users\Sonny\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-19 09:54:38)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2802146430-1798650074-2620433185-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2802146430-1798650074-2620433185-503 - Limited - Disabled)
Gast (S-1-5-21-2802146430-1798650074-2620433185-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2802146430-1798650074-2620433185-1004 - Limited - Enabled)
Sonny (S-1-5-21-2802146430-1798650074-2620433185-1002 - Administrator - Enabled) => C:\Users\Sonny

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

„Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\uTorrent) (Version: 3.4.8.42499 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.8.42499 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.3.1.24857 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.3.3 - AVG Technologies) Hidden
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1402.2101 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1403.0501 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1403.0501 - Micro-Star International Co., Ltd.) Hidden
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
ELAN Touchpad 15.13.3.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.3.1 - ELAN Microelectronic Corp.)
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1405.3) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 4.1.1) (Version: 4.1.1 - Riot Games)
League of Legends (x32 Version: 4.1.1 - Riot Games) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x64 de) (HKLM\...\Mozilla Firefox 48.0.2 (x64 de)) (Version: 48.0.2 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.4 - Steganos Software GmbH)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PUSH Entertainment - Video Wallpaper (HKLM\...\Video Wallpaper_is1) (Version: 2.23 - PUSH Entertainment)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{68DD86DD-8E02-4921-926B-B358D51EAF3A}) (Version: 1.1.41.1283 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
ReMouse Standard (HKLM-x32\...\ReMouse Standard_is1) (Version: Standard V3.5.3 - AutomaticSolution Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROCCAT Isku Keyboard Driver (HKLM-x32\...\{4ABAF918-A6BD-43D8-AE0B-5292034B14CB}) (Version:  - Roccat GmbH)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Savu Mouse (HKLM-x32\...\{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}) (Version: 1.1.9 - ROCCAT GmbH)
SCM (HKLM\...\{6692DCAF-A445-4C6B-AF31-3DD85FC06FBA}) (Version: 13.014.01026 - Application)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
ShellShock Live (HKLM-x32\...\Steam App 326460) (Version:  - kChamp Games)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.6 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.417.28061 - SteelSeries)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
The Culling (HKLM\...\Steam App 437220) (Version:  - Xaviant)
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {053C778D-06C1-4D62-84BD-39FA4870D03F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.)
Task: {0B88422E-0E67-4BD3-A774-324BB3D1E424} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {0E347E3E-A2F6-47A0-9EE4-8991DFFB1DF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {13C3F18E-4E5D-4062-810F-A6499B00FA47} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {18897757-D763-4018-98E4-F81AD458BCEB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1942A794-A36D-413F-AF1E-A7B01F4F3346} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {198AC17A-A1A9-477C-BC26-40D414306202} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {2FB68F56-273E-4B0A-B0CE-2C9585B6E939} - \bvxvexvbg -> Keine Datei <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {48AEA875-F19E-4CB3-85CC-44B1617E0B24} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {49990D9B-BE5E-4D67-BF21-53C5D3665991} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {655D8C8B-159C-4CA9-896F-F077CE442901} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {6862DC0E-FE87-4D8C-A983-2F1B630D7826} - \WPD\SqmUpload_S-1-5-21-2802146430-1798650074-2620433185-1002 -> Keine Datei <==== ACHTUNG
Task: {6BAEF6AB-D48E-4CDB-B1D8-032B9BA38F9C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {71F810AD-05B9-48D8-8F87-40070FF6A3C6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {75AFAFC8-1C97-4B16-8888-A68FB347106A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-03] (Microsoft Corporation)
Task: {779208B8-9886-4521-93FC-514FDB47C6FF} - System32\Tasks\MSI_Reminder => C:\Program Files (x86)\MSI\MSI Remind Manager\MSI Reminder.exe [2014-04-10] ()
Task: {94709565-896C-4D2D-A9DA-3B2774732943} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {94DB0CE4-15DD-4477-A79B-7BA671F09F10} - System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 => C:\Users\Sonny\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ACHTUNG
Task: {96988190-5ACB-4B27-8FDE-58A1B624E43B} - \CCleanerSkipUAC -> Keine Datei <==== ACHTUNG
Task: {9F42C4A6-5B67-4B0F-9CFC-175D1D6FA324} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B267233E-BE96-40DA-9032-9B05C1279146} - \ShopperProJSUpd -> Keine Datei <==== ACHTUNG
Task: {B3B77269-D008-49F1-9EC4-2AB878784C27} - System32\Tasks\{62C4727E-EE8B-4CC4-ACF4-42684399E681} => pcalua.exe -a C:\PROGRA~1\DIFX\D29FE547208FE130\DPInst.exe -c /u C:\Windows\System32\DriverStore\FileRepository\kb9xradiobtn.inf_amd64_50504636c90ca4e3\kb9xradiobtn.inf
Task: {B4D17AEA-31EE-4FCD-9D25-75C86FFEBC6F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {BDE262C3-2DF7-4D42-B38A-E3DE2A1AC283} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe
Task: {C957C991-800F-4BE0-A4FF-12E2CD98E32A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {D1CF2F54-65BE-4320-9872-038D8AA1132B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.)
Task: {DBE3E5FC-5900-4118-890B-1D8212D1A430} - System32\Tasks\{801E4822-0C78-8E92-B7F4-3F027A1B897F} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\9da82d49\e91fe5fd.dll" <==== ACHTUNG
Task: {DC24F3EE-D31D-42B7-9458-AF69BFC5BFD0} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)
Task: {E08773B5-39C4-4444-B05F-7B63F6E3B159} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E0C17C92-78F0-4BD3-A0F5-E7A706927361} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {E1C358B5-A440-477A-95F8-3146B442F679} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {E6ECFF46-EF98-41D6-A5E4-A838B550B329} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {E7F87DA8-918B-4017-B33A-D1E8E876C1AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E935C442-D04C-4D3A-9CEF-B00EF8049A89} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-10-14] (AVG Technologies CZ, s.r.o.)
Task: {EB6CD99B-C94C-4E36-99D4-C0743D42C9FA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {ECD3923E-0E63-4EF2-832C-BAF2F0259D2E} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {F65F27F3-44BD-4AAE-9844-07428DB301E4} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {F6E739F6-2C7A-4F9C-9A62-79C5832E2952} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {FA6C6C53-046E-4420-A351-88C1A17104D3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-20 07:38 - 2016-05-02 20:31 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-27 14:05 - 2016-05-02 20:31 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-20 07:38 - 2016-05-02 20:31 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-19 11:26 - 2016-05-02 20:31 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-02 17:25 - 2016-05-02 20:31 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-02 17:25 - 2016-05-02 20:31 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-03 23:14 - 2016-09-03 23:14 - 01864384 _____ () C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-19 12:47 - 2016-08-19 12:47 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-19 12:47 - 2016-08-19 12:47 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-19 12:47 - 2016-08-19 12:47 - 35290624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2014-04-27 03:41 - 2012-11-01 20:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-04-27 03:41 - 2012-11-01 20:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2016-09-03 02:32 - 2015-04-07 15:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-03-31 16:41 - 2016-05-02 20:31 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-09-02 19:33 - 2016-06-07 14:59 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2016-09-03 14:05 - 2016-09-03 14:05 - 02409464 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.26\deploy\LoLLauncher.exe
2016-09-03 14:05 - 2016-09-03 14:05 - 04602872 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.66\deploy\LoLPatcher.exe
2016-09-03 14:05 - 2016-09-03 14:05 - 00449528 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.66\deploy\RiotLauncher.dll
2016-06-07 15:14 - 2016-06-07 15:14 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\LolClient.exe
2016-06-07 15:02 - 2016-06-07 15:02 - 04887216 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2016-06-07 15:02 - 2016-06-07 15:02 - 19397808 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\sony.com -> sony.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-09-04 01:32 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: EslWireHelper => 2
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: OkayFreedom VPN Starter Service => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: Wecsvc => 3
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "ROCCAT Savu Gaming Mouse"
HKLM\...\StartupApproved\Run32: => "RoccatIsku"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\StartupFolder: => "AutoFuriousPk.lnk"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "SteelSeries Engine"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "OKAYFREEDOM_Agent"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "ESL Wire"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DF971B6E1C7E4227FED899F7F8727B7B"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "PUSH Wallpaper"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "AutoFuriousPk.lnk"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SteelSeries Engine"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OKAYFREEDOM_Agent"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "ESL Wire"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DF971B6E1C7E4227FED899F7F8727B7B"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "PUSH Wallpaper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{323F54F6-1022-4389-9475-0867806E2FA6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C3E280ED-211A-4320-82EC-A76F89431439}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{84F4DCC3-5FBA-4AC8-886F-07D9D826BD9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{E886D6A5-4473-4042-83E2-BD6A7EEA1D15}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{EF002034-43ED-4E47-AE38-8D8E2A298297}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{955472F1-5D68-4D89-BD24-EADBA675F4C8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{F22E429B-7106-45D4-9A5D-0D6D2A70162D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{9C7F7AD4-4141-4B32-80DB-C1E2670D189D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{8C3C60E1-55D8-43CF-AA5F-3AB8B6233801}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{96953C08-8D06-4B77-ADE1-8C8F780CF0B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{541C1507-5C78-4608-8C9F-9B4AC8F53CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{0A7A5E77-E3C8-4881-A544-17F3581297F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{DB7327BE-C3F5-405C-A510-F49E0E51E3F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{90F032A5-50AD-43E0-A83B-987132E7B06D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{568FB156-984F-4364-AF50-15DDF2E1DC4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [UDP Query User{2D1F931A-E2AF-46F8-BF41-C0C000A8D7C2}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{0793FF90-1FB8-4843-A039-53AB42BF70AC}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{39591338-63FA-468D-AB47-D7D037E66721}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{E15D65A5-9DF8-4DD5-9A5A-95E2B366EB35}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{683459A5-EF2D-4DB6-9160-74BBA21469BF}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{A6FCFAFD-3870-419A-9A5E-98EF9D36C78F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{462DB65D-E303-45A8-B7D1-08FF1C8AF7CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [UDP Query User{BC3969FC-6E5B-40AC-AFBA-EB0CAA42C221}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [TCP Query User{4332FFBC-2072-443A-9C7C-FCAB5C4ED8D7}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{7AFA1FBF-9C52-4DD3-AB57-BF9C9AB34774}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [TCP Query User{0395FAD8-DA84-42CA-B016-EF4DFA8724FE}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{D6AD0797-7A2F-4B57-9E07-E46B1131BCD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{87D424F9-131B-484A-B754-F2C12EEB6594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{E71047C8-96B5-427E-9ECD-9D53CB592396}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9BBCF2B4-2849-44F8-9F7D-C5AC4E6645D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C538D8F9-F3AF-49BF-9472-CA66BBD0287A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2E94D72F-A7C3-44E2-B0B4-9A0D5FB128A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{94ABB9C1-025E-44A0-B507-71EEA4DCCE46}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{918171DB-51FE-442E-A748-65C2209E1B43}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{7D235FA2-3169-4767-8B52-8581D90E8DFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{60117904-9765-4810-938F-4A06EAE14A5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{381B44DB-F887-4D40-9D0B-4018B07597B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{F33118C0-A503-48D2-853A-33D8517D79BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{8BE42A11-0D70-4452-BE76-06C717B8CDD6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{308A4354-6154-4460-811B-E7B0EB88FB13}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E6C3F48-D98E-40B1-B72A-6B6F6B411C20}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05482FAF-ADB3-489E-A641-40FC08C64E10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72C13B62-051B-4A27-BC4D-0324BD75AA18}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{46A93CBC-A60D-4E2F-9B9A-E25359E7CBFF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0B8F220F-16AA-41C3-81F8-6030BB7F697A}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [UDP Query User{68BB482A-48CF-4A6A-A077-6F1D6E8E35C8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E658F9F5-85B1-436B-8D90-769FF6BE0542}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{379BE65A-EA45-4BDF-9CE1-786C408AC218}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{3A508D5E-59BF-48F1-AE2F-3EBB161C4775}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{57AD8D68-AC15-4EAC-8ECC-8BFA22E6F067}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{14BC4668-0899-45AE-9C64-3CA242854F86}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{7C798BDB-6720-4409-9B9A-45BA2488A588}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{871CE9EA-FC2D-46E8-9CF5-038B68F6EE84}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D0DF9B70-BBE4-48C4-ACB4-389845387DA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{68B8F02F-74EC-4917-9703-CFAACB383528}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{4631B28B-ADA1-4C8D-B5FC-A994551BB76D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{84BFB907-2C19-4CC2-967E-2EEC581BE0F2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{88534048-92B0-4434-B900-7CC55D4D607A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{46B62EA1-692C-43BF-A543-925F26966896}] => (Allow) LPort=2869
FirewallRules: [{70C1D52C-B586-4EA1-98E9-020CFC70DF45}] => (Allow) LPort=1900
FirewallRules: [{4F25C021-11DD-41CD-BF58-AF46BB13C1CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{34A7734F-B00A-48D0-A83B-EAA1C2D616D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F2D7538C-E394-4AFD-AFAE-C68DBDB93E7F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{97985C29-EEF1-45B4-87D4-56E4EA95F891}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{59002A38-6D55-4C7E-987A-00B84BDD163B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B0E18A3D-6288-4728-995D-F6E8D08F074F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{87F560AE-BBF6-4483-81C7-B055D2D3188C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5A4BEE09-39DF-4CE7-B48B-5FB4948D9D32}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3FF015C5-2DED-4BBD-B4B9-7374E65B41FC}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{32FDCE01-2945-4FA9-B829-A5F4C26FB8C3}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [{38629923-47DD-456C-ACD6-3B4059308CF0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{78C09BC1-7EB7-4379-BC57-60C084592856}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{87000D62-B90C-4395-81D3-04E12D02D7D3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D52ECCFE-BBC8-4BFB-B57A-AC84EEF9DC44}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8A134117-682E-4AE1-8C65-58B89EBB8EE9}] => (Allow) C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A2417B52-3AB6-4329-8328-0CD63104072A}] => (Allow) C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{766E52DB-5914-4B0F-B91D-40D105E9E512}C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{6316FDDD-ACF3-474D-83CD-A15538E7C2EF}C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{429D1BD2-5F4C-418E-A896-DB06DEAC672C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{71AE5ACB-DD33-4093-966D-360624305C77}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9B0F9E29-F072-4C49-AB5D-C699A097B550}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E7B30437-E8BC-41D2-811D-971508B49E6D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{95E758E8-6327-46EF-9E46-A3F19F2D3C2B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3D7EAC98-4483-4264-A0EE-EAEEEC61801D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6144ABD9-6B89-4709-B5CD-793CAE422FC1}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{0D0160A4-1961-48A9-ABB5-82210565AB77}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{835FA948-A930-46D0-B0AB-367172FF2365}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{A59DFE90-68C8-4946-B47F-06F36EDB9B80}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{1A335CE4-A404-4EDE-8A78-1B214F0BCD9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F606F0F9-B84F-4323-BB4C-C1ED38AF3C5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{52592E1B-9B26-455C-942A-5C2B52556207}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D53A82D6-086F-460D-BD79-D24F0620DCCE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{85D611CD-514B-4DE7-942F-230AFAD6FBDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{40BD89CC-ACE0-4CA1-AF80-FA080F104BA4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ED491681-DE8D-43FB-BD07-BA83ACCB3191}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{536B782A-EBDF-4570-A1DC-A7CC9062E01E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F083E633-DD01-464E-BEEB-43B6669CFAD7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5731A13E-9B44-47A8-ACB5-FEA1C274BEEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{A6FFC7A4-1EDC-49E6-AA50-69B89C706BFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe

==================== Wiederherstellungspunkte =========================

28-08-2016 01:28:35 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/04/2016 01:36:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/04/2016 12:59:11 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (09/04/2016 12:59:11 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (09/04/2016 12:59:11 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (09/04/2016 12:53:57 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\Sonny\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Beschreibung = JRT Pre-Junkware Removal; Fehler = 0x8004230f).

Error: (09/04/2016 12:53:52 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: 4194317
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{da8b207d-f772-4bb9-9ba7-87d957d0348a}\
   Ausführungskontext: Coordinator

Error: (09/04/2016 12:53:52 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: 4194317
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{da8b207d-f772-4bb9-9ba7-87d957d0348a}\
   Ausführungskontext: Coordinator

Error: (09/04/2016 12:53:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (09/04/2016 12:53:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (09/04/2016 12:53:49 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}


Systemfehler:
=============
Error: (09/04/2016 01:37:25 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/04/2016 01:32:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Norton Anti-Theft" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 01:32:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 01:32:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2016 01:32:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "AVG Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 01:32:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "AVG PC TuneUp Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 250 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 01:32:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2016 01:32:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Micro Star SCM" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2016 01:32:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2016 01:32:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-09-04 00:59:40.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-04 00:59:40.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 19:09:54.693
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 19:09:50.368
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-20 15:48:17.373
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-20 15:48:16.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 54%
Installierter physikalischer RAM: 7345.19 MB
Verfügbarer physikalischer RAM: 3348.75 MB
Summe virtueller Speicher: 23729.19 MB
Verfügbarer virtueller Speicher: 19666.28 MB

==================== Laufwerke ================================

Drive c: (OS_Install) (Fixed) (Total:585.61 GB) (Free:196.4 GB) NTFS
Drive d: (Data) (Fixed) (Total:325.59 GB) (Free:317.05 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 76D1827D)

Partition: GPT.

==================== Ende von Addition.txt ============================

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Sonny (Administrator) on 04/09/2016 at  0:52:42.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3 

Successfully deleted: C:\ProgramData\drivergenius (Folder) 
Successfully deleted: C:\Program Files (x86)\driver-soft (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\PERFORMANCEOPTIMIZER.EXE-23A96D70.pf (File) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/09/2016 at  0:55:07.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 04/09/2016
Suchlaufzeit: 01:50
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.09.03.08
Rootkit-Datenbank: v2016.08.15.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Sonny

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 371196
Abgelaufene Zeit: 14 Min., 22 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 5
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, In Quarantäne, [22a20c61702a7eb8927685483ac9b848], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2FB68F56-273E-4B0A-B0CE-2C9585B6E939}, In Quarantäne, [cafa5b12a5f57db96197a54a3dc69c64], 
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B267233E-BE96-40DA-9032-9B05C1279146}, In Quarantäne, [586c2b42efabab8ba5347d7282814bb5], 
PUP.Optional.BoBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E0C17C92-78F0-4BD3-A0F5-E7A706927361}, In Quarantäne, [467eef7e257563d39f32d1fcf30fbd43], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, In Quarantäne, [962e06671b7fc4720305755805feea16], 

Registrierungswerte: 5
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", In Quarantäne, [22a20c61702a7eb8927685483ac9b848]
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2FB68F56-273E-4B0A-B0CE-2C9585B6E939}|Path, \bvxvexvbg, In Quarantäne, [cafa5b12a5f57db96197a54a3dc69c64]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B267233E-BE96-40DA-9032-9B05C1279146}|Path, \ShopperProJSUpd, In Quarantäne, [586c2b42efabab8ba5347d7282814bb5]
PUP.Optional.BoBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E0C17C92-78F0-4BD3-A0F5-E7A706927361}|Path, \Run_Bobby_Browser, In Quarantäne, [467eef7e257563d39f32d1fcf30fbd43]
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", In Quarantäne, [962e06671b7fc4720305755805feea16]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 1
PUP.Optional.InstallIQ, C:\Users\Sonny\Downloads\epicbot_520.exe, In Quarantäne, [ecd8b1bc8d0dc274bc62aa825ea3b64a], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

M-K-D-B · 04.09.2016, 09:20

Servus,

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
Task: {0B88422E-0E67-4BD3-A774-324BB3D1E424} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {0E347E3E-A2F6-47A0-9EE4-8991DFFB1DF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {1942A794-A36D-413F-AF1E-A7B01F4F3346} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {2FB68F56-273E-4B0A-B0CE-2C9585B6E939} - \bvxvexvbg -> Keine Datei <==== ACHTUNG
Task: {48AEA875-F19E-4CB3-85CC-44B1617E0B24} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {6862DC0E-FE87-4D8C-A983-2F1B630D7826} - \WPD\SqmUpload_S-1-5-21-2802146430-1798650074-2620433185-1002 -> Keine Datei <==== ACHTUNG
Task: {6BAEF6AB-D48E-4CDB-B1D8-032B9BA38F9C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {94DB0CE4-15DD-4477-A79B-7BA671F09F10} - System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 => C:\Users\Sonny\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ACHTUNG
Task: {96988190-5ACB-4B27-8FDE-58A1B624E43B} - \CCleanerSkipUAC -> Keine Datei <==== ACHTUNG
Task: {9F42C4A6-5B67-4B0F-9CFC-175D1D6FA324} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B267233E-BE96-40DA-9032-9B05C1279146} - \ShopperProJSUpd -> Keine Datei <==== ACHTUNG
Task: {C957C991-800F-4BE0-A4FF-12E2CD98E32A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DBE3E5FC-5900-4118-890B-1D8212D1A430} - System32\Tasks\{801E4822-0C78-8E92-B7F4-3F027A1B897F} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\9da82d49\e91fe5fd.dll" <==== ACHTUNG
Task: {E0C17C92-78F0-4BD3-A0F5-E7A706927361} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {E1C358B5-A440-477A-95F8-3146B442F679} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {E6ECFF46-EF98-41D6-A5E4-A838B550B329} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {F6E739F6-2C7A-4F9C-9A62-79C5832E2952} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {FA6C6C53-046E-4420-A351-88C1A17104D3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
CMD: dir "C:\Program Files (x86)"
CMD: dir "C:\Program Files"
CMD: dir "C:\ProgramData"
CMD: dir "%appdata%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:regfind
Bobby_Browser
Bobby Browser
BobbyBrowser
ShopperPro
drivergenius
driver-soft
PERFORMANCEOPTIMIZER
PERFORMANCE OPTIMIZER

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von SystemLook,
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

stefan nur · 04.09.2016, 12:48

fixlog.txt

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Sonny (04-09-2016 13:33:13) Run:2
Gestartet von C:\Users\Sonny\Desktop
Geladene Profile: Sonny (Verfügbare Profile: Sonny)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
Task: {0B88422E-0E67-4BD3-A774-324BB3D1E424} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {0E347E3E-A2F6-47A0-9EE4-8991DFFB1DF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {1942A794-A36D-413F-AF1E-A7B01F4F3346} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {2FB68F56-273E-4B0A-B0CE-2C9585B6E939} - \bvxvexvbg -> Keine Datei <==== ACHTUNG
Task: {48AEA875-F19E-4CB3-85CC-44B1617E0B24} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {6862DC0E-FE87-4D8C-A983-2F1B630D7826} - \WPD\SqmUpload_S-1-5-21-2802146430-1798650074-2620433185-1002 -> Keine Datei <==== ACHTUNG
Task: {6BAEF6AB-D48E-4CDB-B1D8-032B9BA38F9C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {94DB0CE4-15DD-4477-A79B-7BA671F09F10} - System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 => C:\Users\Sonny\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ACHTUNG
Task: {96988190-5ACB-4B27-8FDE-58A1B624E43B} - \CCleanerSkipUAC -> Keine Datei <==== ACHTUNG
Task: {9F42C4A6-5B67-4B0F-9CFC-175D1D6FA324} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B267233E-BE96-40DA-9032-9B05C1279146} - \ShopperProJSUpd -> Keine Datei <==== ACHTUNG
Task: {C957C991-800F-4BE0-A4FF-12E2CD98E32A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DBE3E5FC-5900-4118-890B-1D8212D1A430} - System32\Tasks\{801E4822-0C78-8E92-B7F4-3F027A1B897F} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\9da82d49\e91fe5fd.dll" <==== ACHTUNG
Task: {E0C17C92-78F0-4BD3-A0F5-E7A706927361} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {E1C358B5-A440-477A-95F8-3146B442F679} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {E6ECFF46-EF98-41D6-A5E4-A838B550B329} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {F6E739F6-2C7A-4F9C-9A62-79C5832E2952} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {FA6C6C53-046E-4420-A351-88C1A17104D3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
CMD: dir "C:\Program Files (x86)"
CMD: dir "C:\Program Files"
CMD: dir "C:\ProgramData"
CMD: dir "%appdata%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         
*****************

Prozess erfolgreich geschlossen.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B88422E-0E67-4BD3-A774-324BB3D1E424}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B88422E-0E67-4BD3-A774-324BB3D1E424}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E347E3E-A2F6-47A0-9EE4-8991DFFB1DF9}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E347E3E-A2F6-47A0-9EE4-8991DFFB1DF9}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1942A794-A36D-413F-AF1E-A7B01F4F3346}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1942A794-A36D-413F-AF1E-A7B01F4F3346}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FB68F56-273E-4B0A-B0CE-2C9585B6E939}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FB68F56-273E-4B0A-B0CE-2C9585B6E939} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvexvbg => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48AEA875-F19E-4CB3-85CC-44B1617E0B24}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48AEA875-F19E-4CB3-85CC-44B1617E0B24}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6862DC0E-FE87-4D8C-A983-2F1B630D7826}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6862DC0E-FE87-4D8C-A983-2F1B630D7826}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2802146430-1798650074-2620433185-1002" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BAEF6AB-D48E-4CDB-B1D8-032B9BA38F9C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BAEF6AB-D48E-4CDB-B1D8-032B9BA38F9C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94DB0CE4-15DD-4477-A79B-7BA671F09F10}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94DB0CE4-15DD-4477-A79B-7BA671F09F10}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3c91fcc2-ce59-42b3-b901-f68079520898" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96988190-5ACB-4B27-8FDE-58A1B624E43B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96988190-5ACB-4B27-8FDE-58A1B624E43B}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F42C4A6-5B67-4B0F-9CFC-175D1D6FA324}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F42C4A6-5B67-4B0F-9CFC-175D1D6FA324}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B267233E-BE96-40DA-9032-9B05C1279146}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B267233E-BE96-40DA-9032-9B05C1279146} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C957C991-800F-4BE0-A4FF-12E2CD98E32A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C957C991-800F-4BE0-A4FF-12E2CD98E32A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBE3E5FC-5900-4118-890B-1D8212D1A430}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBE3E5FC-5900-4118-890B-1D8212D1A430}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{801E4822-0C78-8E92-B7F4-3F027A1B897F} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{801E4822-0C78-8E92-B7F4-3F027A1B897F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0C17C92-78F0-4BD3-A0F5-E7A706927361}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0C17C92-78F0-4BD3-A0F5-E7A706927361} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1C358B5-A440-477A-95F8-3146B442F679}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1C358B5-A440-477A-95F8-3146B442F679}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6ECFF46-EF98-41D6-A5E4-A838B550B329}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6ECFF46-EF98-41D6-A5E4-A838B550B329}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6E739F6-2C7A-4F9C-9A62-79C5832E2952}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6E739F6-2C7A-4F9C-9A62-79C5832E2952}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA6C6C53-046E-4420-A351-88C1A17104D3}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA6C6C53-046E-4420-A351-88C1A17104D3}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt

========= dir "C:\Program Files (x86)" =========

 Datentr„ger in Laufwerk C: ist OS_Install
 Volumeseriennummer: 0C83-E95D

 Verzeichnis von C:\Program Files (x86)

04/09/2016  00:54    <DIR>          .
04/09/2016  00:54    <DIR>          ..
15/11/2014  19:12    <DIR>          7-Zip
20/05/2016  13:07    <DIR>          Apple Software Update
03/09/2016  02:32    <DIR>          AVG
02/09/2016  18:04    <DIR>          Battle.net
10/02/2016  19:15    <DIR>          Bonjour
01/11/2014  17:04    <DIR>          CHIP Updater
03/09/2016  13:46    <DIR>          Common Files
27/04/2014  03:41    <DIR>          Creative
27/04/2014  04:02    <DIR>          CyberLink
29/06/2016  18:00    <DIR>          Diablo III
22/12/2014  22:13    <DIR>          Dotjosh Studios
11/01/2016  21:02    <DIR>          GameforgeLive
23/05/2016  09:55    <DIR>          GhostMouse
21/01/2016  16:17    <DIR>          Google
21/08/2016  17:08    <DIR>          Hearthstone
22/03/2015  14:48    <DIR>          HyperCam 2
17/11/2015  02:03    <DIR>          Intel
17/07/2016  00:50    <DIR>          Internet Explorer
20/05/2016  13:09    <DIR>          iTunes
03/09/2016  13:46    <DIR>          Java
04/09/2016  00:50    <DIR>           Malwarebytes Anti-Malware 
20/07/2016  01:36    <DIR>          Microsoft
05/11/2014  22:43    <DIR>          Microsoft Analysis Services
16/11/2014  13:47    <DIR>          Microsoft ASP.NET
13/11/2013  04:59    <DIR>          Microsoft Office
13/11/2013  21:29    <DIR>          Microsoft SkyDrive
05/11/2014  22:46    <DIR>          Microsoft SQL Server
13/11/2013  21:31    <DIR>          Microsoft SQL Server Compact Edition
19/08/2016  11:28    <DIR>          Microsoft.NET
10/08/2016  00:16    <DIR>          Mozilla Firefox
19/01/2016  13:57    <DIR>          Mozilla Maintenance Service
19/08/2016  12:08    <DIR>          MSBuild
27/04/2014  04:05    <DIR>          MSI
01/06/2016  11:03    <DIR>          MSI Afterburner
11/08/2016  02:55    <DIR>          NCSOFT
04/02/2016  18:55    <DIR>          NCWest
13/11/2013  20:58    <DIR>          Norton Anti-Theft
13/11/2013  21:00    <DIR>          Norton Online Backup ARA
17/11/2015  02:03    <DIR>          NortonInstaller
18/08/2016  14:37    <DIR>          NVIDIA Corporation
14/06/2015  01:20    <DIR>          OBS
02/11/2014  20:07    <DIR>          OkayFreedom
26/08/2016  12:50    <DIR>          Overwatch
23/07/2014  20:49    <DIR>          Pando Networks
15/01/2016  22:05    <DIR>          PlayBns.com
22/12/2014  22:19    <DIR>          PowerISO
24/02/2016  00:51    <DIR>          Realtek
19/08/2016  12:08    <DIR>          Reference Assemblies
19/06/2016  02:56    <DIR>          ReMouse Standard
26/09/2015  17:11    <DIR>          ROCCAT
24/06/2016  00:58    <DIR>          Rockstar Games
06/09/2014  23:38    <DIR>          SCM
02/08/2016  05:13    <DIR>          Skillbrains
21/10/2015  18:49    <DIR>          Skype
04/09/2016  12:54    <DIR>          Steam
13/11/2013  21:00    <DIR>          Symantec
13/11/2013  21:04    <DIR>          SymSilent
12/04/2016  19:22    <DIR>          TeamSpeak 3 Client
13/08/2016  23:14    <DIR>          TeamViewer
10/03/2016  05:33    <DIR>          Ubisoft
26/07/2016  12:42    <DIR>          VideoLAN
11/11/2015  20:26    <DIR>          VS Revo Group
17/07/2016  00:50    <DIR>          Windows Defender
13/11/2013  21:31    <DIR>          Windows Live
19/08/2016  11:29    <DIR>          Windows Mail
19/08/2016  11:29    <DIR>          Windows Media Player
16/07/2016  13:47    <DIR>          Windows Multimedia Platform
16/07/2016  13:47    <DIR>          Windows NT
19/08/2016  11:29    <DIR>          Windows Photo Viewer
16/07/2016  13:47    <DIR>          Windows Portable Devices
16/07/2016  13:47    <DIR>          WindowsPowerShell
22/12/2014  22:20    <DIR>          WinRAR
11/08/2016  00:44    <DIR>          World of Warcraft
               0 Datei(en),              0 Bytes
              75 Verzeichnis(se), 209,081,417,728 Bytes frei

========= Ende von CMD: =========


========= dir "C:\Program Files" =========

 Datentr„ger in Laufwerk C: ist OS_Install
 Volumeseriennummer: 0C83-E95D

 Verzeichnis von C:\Program Files

19/08/2016  11:28    <DIR>          .
19/08/2016  11:28    <DIR>          ..
12/11/2014  19:51    <DIR>          7-Zip
10/02/2016  19:15    <DIR>          Bonjour
19/08/2016  11:28    <DIR>          Common Files
27/04/2014  03:24    <DIR>          DIFX
19/08/2016  11:28    <DIR>          Elantech
14/06/2015  02:14    <DIR>          EslWire
12/04/2016  01:08    <DIR>          GIMP 2
19/08/2016  11:28    <DIR>          Intel
17/07/2016  00:50    <DIR>          Internet Explorer
20/05/2016  13:09    <DIR>          iPod
20/05/2016  13:09    <DIR>          iTunes
21/08/2016  01:38    <DIR>          McAfee Security Scan
05/11/2014  22:43    <DIR>          Microsoft Analysis Services
05/11/2014  22:45    <DIR>          Microsoft Office
05/11/2014  22:46    <DIR>          Microsoft SQL Server
19/08/2016  11:28    <DIR>          Microsoft.NET
10/06/2016  18:26    <DIR>          MotioninJoy
25/08/2016  11:36    <DIR>          Mozilla Firefox
19/08/2016  12:08    <DIR>          MSBuild
19/08/2016  11:28    <DIR>          NVIDIA Corporation
14/06/2015  01:20    <DIR>          OBS
12/04/2016  00:51    <DIR>          paint.net
03/05/2016  00:51    <DIR>          PUSH Entertainment
27/04/2014  03:25    <DIR>          Qualcomm Atheros
19/08/2016  11:20    <DIR>          Realtek
19/08/2016  12:08    <DIR>          Reference Assemblies
24/06/2016  00:58    <DIR>          Rockstar Games
27/04/2014  03:36    <DIR>          SteelSeries
17/07/2016  00:50    <DIR>          Windows Defender
19/08/2016  11:28    <DIR>          Windows Mail
19/08/2016  11:28    <DIR>          Windows Media Player
16/07/2016  13:47    <DIR>          Windows Multimedia Platform
19/08/2016  11:54    <DIR>          Windows NT
19/08/2016  11:28    <DIR>          Windows Photo Viewer
16/07/2016  13:47    <DIR>          Windows Portable Devices
16/07/2016  13:47    <DIR>          WindowsPowerShell
29/11/2014  11:52    <DIR>          WinRAR
13/11/2013  21:01    <DIR>          WinZip
               0 Datei(en),              0 Bytes
              40 Verzeichnis(se), 209,081,409,536 Bytes frei

========= Ende von CMD: =========


========= dir "C:\ProgramData" =========

 Datentr„ger in Laufwerk C: ist OS_Install
 Volumeseriennummer: 0C83-E95D

 Verzeichnis von C:\ProgramData

17/03/2016  22:28    <DIR>          .mono
12/08/2015  20:31    <DIR>          Apple
12/08/2015  20:33    <DIR>          Apple Computer
03/09/2016  02:32    <DIR>          Avg
24/02/2016  03:24    <DIR>          Battle.net
14/12/2014  16:44    <DIR>          Blizzard Entertainment
11/01/2016  20:57    <DIR>          boost_interprocess
16/07/2016  13:47    <DIR>          Comms
27/04/2014  03:41    <DIR>          Creative
02/10/2014  21:55    <DIR>          CyberLink
27/04/2014  03:25    <DIR>          Downloaded Installations
15/10/2014  09:07    <DIR>          Intel
14/10/2014  21:11    <DIR>          Intel(R) Update Manager
27/04/2014  03:19    <DIR>          Intel.sav
28/02/2015  22:48    <DIR>          Malwarebytes
12/11/2015  23:59    <DIR>          Malwarebytes' Anti-Malware (portable)
11/01/2015  02:37    <DIR>          McAfee
26/07/2015  01:55    <DIR>          McAfee Security Scan
19/08/2016  02:20    <DIR>          Microsoft Help
19/08/2016  12:13    <DIR>          Microsoft OneDrive
13/11/2013  21:29    <DIR>          Microsoft SkyDrive
23/07/2014  20:31    <DIR>          Mozilla
17/11/2015  02:03    <DIR>          Norton
19/08/2016  11:20    <DIR>          NVIDIA
19/08/2016  11:29    <DIR>          NVIDIA Corporation
03/09/2016  13:47    <DIR>          Oracle
14/03/2016  21:02    <DIR>          Origin
20/08/2016  02:22    <DIR>          Package Cache
27/04/2014  03:26    <DIR>          Qualcomm
19/08/2016  11:33    <DIR>          regid.1991-06.com.microsoft
23/07/2014  20:51    <DIR>          Riot Games
27/04/2014  03:19    <DIR>          Roaming
26/09/2015  17:11    <DIR>          ROCCAT
06/08/2014  17:19    <DIR>          SIX Networks
24/12/2014  11:42    <DIR>          Skype
16/07/2016  13:47    <DIR>          SoftwareDistribution
11/11/2015  20:34    <DIR>          SplitMediaLabs
22/12/2014  14:50    <DIR>          Steam
27/04/2014  03:36    <DIR>          SteelSeries
07/08/2014  21:09    <DIR>          Sun
13/11/2013  21:00    <DIR>          Symantec
03/09/2016  04:18    <DIR>          Temp
19/08/2016  11:54    <DIR>          USOPrivate
19/08/2016  11:54    <DIR>          USOShared
13/11/2013  21:03    <DIR>          WinZip
01/11/2014  16:59    <DIR>          XDMessagingv4
               0 Datei(en),              0 Bytes
              46 Verzeichnis(se), 209,081,405,440 Bytes frei

========= Ende von CMD: =========


========= dir "%appdata%" =========

 Datentr„ger in Laufwerk C: ist OS_Install
 Volumeseriennummer: 0C83-E95D

 Verzeichnis von C:\Users\Sonny\AppData\Roaming

03/09/2016  02:32    <DIR>          .
03/09/2016  02:32    <DIR>          ..
03/09/2016  04:18    <DIR>          .minecraft
17/03/2016  22:28    <DIR>          .mono
19/05/2016  04:15    <DIR>          .tribot
01/11/2014  16:59    <DIR>          Abelssoft
23/07/2014  20:18    <DIR>          Adobe
12/08/2015  21:03    <DIR>          Apple Computer
04/09/2016  12:41    <DIR>          AVG
15/01/2016  00:17    <DIR>          Awesomium
22/06/2016  13:30    <DIR>          Battle.net
28/09/2014  09:09    <DIR>          CyberLink
17/01/2016  15:55    <DIR>          DevPro, LLC
02/08/2016  20:55    <DIR>          DS4Windows
12/01/2016  01:56    <DIR>          fizzy
30/05/2016  13:04    <DIR>          Geek Uninstaller
16/04/2015  20:52    <DIR>          Identities
23/07/2014  20:18    <DIR>          Intel
23/07/2014  20:20    <DIR>          Intel Corporation
06/09/2014  18:39    <DIR>          Internet-Manager
07/03/2015  12:40    <DIR>          IuYv16QPGagrb81X
14/12/2014  11:14    <DIR>          java
30/09/2015  13:10    <DIR>          LolClient
23/07/2014  20:25    <DIR>          Macromedia
18/04/2014  19:55    <DIR>          MotioninJoy
23/07/2014  20:31    <DIR>          Mozilla
23/12/2014  19:33    <DIR>          NVIDIA
19/05/2016  04:14    <DIR>          obf.u
08/05/2016  06:47    <DIR>          OBS
22/02/2016  21:27    <DIR>          Origin
13/11/2015  08:59    <DIR>          PowerISO
05/12/2015  18:35    <DIR>          RenPy
18/11/2014  15:58    <DIR>          RIFT
07/06/2016  14:57    <DIR>          Riot Games
09/07/2016  01:04    <DIR>          RSBot
17/12/2015  14:05    <DIR>          Shooter
06/08/2014  17:19    <DIR>          SIX Networks
03/09/2016  23:14    <DIR>          Skype
16/10/2015  18:04    <DIR>          Steam
23/07/2014  20:20    <DIR>          SteelSeries
04/11/2014  15:33    <DIR>          Steganos
02/11/2014  20:08    <DIR>          Steganos VPN
05/09/2015  09:56    <DIR>          Sun
17/08/2016  18:04    <DIR>          TeamViewer
19/11/2014  15:55    <DIR>          TERA
01/09/2016  21:43    <DIR>          TS3Client
29/03/2015  23:55    <DIR>          Unity
03/09/2016  16:13    <DIR>          uTorrent
03/05/2016  00:51    <DIR>          Video Wallpaper
26/07/2016  12:43    <DIR>          vlc
28/09/2014  10:12    <DIR>          WebApp
10/07/2015  03:05    <DIR>          WinDir
27/06/2016  01:47    <DIR>          windows
29/11/2014  11:52    <DIR>          WinRAR
               0 Datei(en),              0 Bytes
              54 Verzeichnis(se), 209,081,405,440 Bytes frei

========= Ende von CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 366984 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17006132 B
Java, Flash, Steam htmlcache => 380464897 B
Windows/system/drivers => 24595302 B
Edge => 536483 B
Chrome => 504115 B
Firefox => 377280833 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 8160 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 19775710 B
Sonny => 234345785 B

RecycleBin => 0 B
EmptyTemp: => 1006 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 13:33:47 ====

systemlook

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 13:39 on 04/09/2016 by Sonny
Administrator - Elevation successful

========== regfind ==========

Searching for "Bobby_Browser"
No data found.

Searching for "Bobby Browser"
No data found.

Searching for "BobbyBrowser"
No data found.

Searching for "ShopperPro"
No data found.

Searching for "drivergenius"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Driver-Soft\DriverGenius]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Driver-Soft\DriverGenius]
"InstallPath"="C:\Program Files (x86)\Driver-Soft\DriverGenius"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Driver-Soft\DriverGenius]
"DownloadPath"="C:\ProgramData\DriverGenius\Downloads"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"15"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius\Driver Genius.lnk C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"15"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius\Driver Genius.lnk C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe"

Searching for "driver-soft"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Driver-Soft]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Driver-Soft\DriverGenius]
"InstallPath"="C:\Program Files (x86)\Driver-Soft\DriverGenius"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"15"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius\Driver Genius.lnk C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"15"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius\Driver Genius.lnk C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe"

Searching for "PERFORMANCEOPTIMIZER"
[HKEY_CURRENT_USER\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\AVG\AWL\PerformanceOptimizer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D29872565300696488192D034F9E98EC]
"4AEACFF193132ED42B841723098987C8"="C:\Program Files (x86)\AVG\AVG PC TuneUp\PerformanceOptimizer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D29872565300696488192D034F9E98EC\4AEACFF193132ED42B841723098987C8]
"File"="PerformanceOptimizer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\AWL\PerformanceOptimizer]
[HKEY_USERS\S-1-5-21-2802146430-1798650074-2620433185-1002\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\AVG\AWL\PerformanceOptimizer]
[HKEY_USERS\S-1-5-21-2802146430-1798650074-2620433185-1002_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\AVG\AWL\PerformanceOptimizer]

Searching for "PERFORMANCE OPTIMIZER"
No data found.

-= EOF =-

frst.txt

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von Sonny (Administrator) auf MSI_SAMDAR (04-09-2016 13:42:55)
Gestartet von C:\Users\Sonny\Desktop
Geladene Profile: Sonny (Verfügbare Profile: Sonny)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Sonny\Desktop\SystemLook_x64.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-04-23] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347680 2015-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [40576 2013-08-29] (Creative Technology Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [RoccatIsku] => C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [536576 2013-10-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [204560 2016-08-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [249856 2014-01-23] (SteelSeries ApS)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [4946856 2014-10-16] (Steganos Software GmbH)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [uTorrent] => C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe [1988096 2016-09-03] (BitTorrent Inc.)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\Run: [PUSH Wallpaper] => C:\Program Files\PUSH Entertainment\Video Wallpaper\Launch Wallpaper.exe [330488 2010-05-27] ()
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\RunOnce: [Uninstall C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\super charger.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-09-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-09-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-09-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-09-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-09-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-09-03] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-11-12]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{29CDA0F1-A6DA-44CC-9ABB-131A7D3D77AE}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7cf9bcf8-fdae-4c28-813c-13345f0ffd96}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8b10dfee-2a45-471c-b680-0146b9966fb7}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d7a64765-73bd-4a71-9a53-fb01d8d93b37}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130898378660324794&GUID=2EAF34BE-DF2E-AFE4-66B9-9D27FEBAE0D0
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130898378660370656&GUID=2EAF34BE-DF2E-AFE4-66B9-9D27FEBAE0D0
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-2802146430-1798650074-2620433185-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sonny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Extension: (BetterTTV) - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267\Extensions\firefox@betterttv.net.xpi [2016-07-21]
FF Extension: (ProxTube) - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267\Extensions\ich@maltegoetz.de.xpi [2016-08-25]
FF Extension: (Adblock Plus) - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\34rdqvxz.default-1469118447267\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-22]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon => nicht gefunden
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-04-27]

Chrome: 
=======
CHR Profile: C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-05-18]
CHR Extension: (Google Drive) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-21]
CHR Extension: (YouTube) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-21]
CHR Extension: (Adblock Plus) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-22]
CHR Extension: (Google-Suche) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-01-21]
CHR Extension: (ReChat for Twitch™) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2016-01-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Google Mail) - C:\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-08-18] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-01] ()
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-26] (CyberLink)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [243984 2016-03-29] (EasyAntiCheat Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144096 2015-11-12] (ELAN Microelectronics Corp.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
S4 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3806032 2015-10-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-05-02] (NVIDIA Corporation)
S4 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [321976 2014-10-16] (Steganos Software GmbH)
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-03-04] (Qualcomm Atheros) [Datei ist nicht signiert]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4878096 2016-08-19] (AVG Technologies CZ, s.r.o.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [81072 2014-02-21] (Qualcomm Atheros, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [20464 2013-11-12] (Windows (R) Win 7 DDK provider)
S3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [163536 2013-03-21] (Qualcomm Atheros, Inc.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [4107504 2015-09-24] (Intel Corporation)
S3 NETwNe64; C:\Windows\System32\drivers\Netwew02.sys [3505432 2015-03-23] (Intel Corporation)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2012-10-16] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [26496 2013-12-12] (SteelSeries Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-08-19] (AVG Netherlands B.V.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-04 13:39 - 2016-09-04 13:41 - 00005734 _____ C:\Users\Sonny\Desktop\SystemLook.txt
2016-09-04 13:39 - 2016-09-04 13:39 - 00165376 _____ C:\Users\Sonny\Desktop\SystemLook_x64.exe
2016-09-04 13:33 - 2016-09-04 13:33 - 00024869 _____ C:\Users\Sonny\Desktop\Fixlog.txt
2016-09-04 13:01 - 2016-09-04 13:01 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2016-09-04 03:36 - 2016-09-04 12:40 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2016-09-04 03:36 - 2016-09-04 12:40 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2016-09-04 02:07 - 2016-09-04 02:07 - 00003251 _____ C:\Users\Sonny\Desktop\mbam.txt
2016-09-04 01:52 - 2016-09-04 01:55 - 00066254 _____ C:\Users\Sonny\Desktop\Addition.txt
2016-09-04 01:51 - 2016-09-04 13:43 - 00025469 _____ C:\Users\Sonny\Desktop\FRST.txt
2016-09-04 01:43 - 2016-09-04 01:43 - 00003798 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2016-09-04 01:42 - 2016-09-04 01:42 - 00002922 _____ C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2016-09-04 00:55 - 2016-09-04 00:55 - 00000764 _____ C:\Users\Sonny\Desktop\JRT.txt
2016-09-04 00:51 - 2016-09-04 00:52 - 01610560 _____ (Malwarebytes) C:\Users\Sonny\Desktop\JRT.exe
2016-09-04 00:50 - 2016-09-04 00:50 - 00001185 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-09-04 00:50 - 2016-09-04 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-09-04 00:50 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-04 00:50 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-04 00:50 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-04 00:49 - 2016-09-04 00:50 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-09-04 00:49 - 2016-09-04 00:49 - 03826240 _____ C:\Users\Sonny\Desktop\AdwCleaner_6.010.exe
2016-09-04 00:48 - 2016-09-04 00:49 - 22851472 _____ (Malwarebytes ) C:\Users\Sonny\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-03 23:14 - 2016-09-03 23:14 - 00003332 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-03 18:44 - 2016-09-03 18:47 - 00186512 _____ C:\TDSSKiller.3.1.0.11_03.09.2016_18.44.28_log.txt
2016-09-03 18:44 - 2016-09-03 18:44 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Sonny\Downloads\tdsskiller.exe
2016-09-03 18:43 - 2016-09-03 18:44 - 00061094 _____ C:\Users\Sonny\Downloads\Addition.txt
2016-09-03 18:42 - 2016-09-03 18:44 - 00068184 _____ C:\Users\Sonny\Downloads\FRST.txt
2016-09-03 18:41 - 2016-09-03 18:42 - 02397696 _____ (Farbar) C:\Users\Sonny\Desktop\FRST64.exe
2016-09-03 15:14 - 2016-09-03 15:17 - 559536890 ____R C:\Users\Sonny\Downloads\Boogeyman.zip
2016-09-03 05:00 - 2016-09-03 15:14 - 00000000 ____D C:\Users\Sonny\AppData\LocalLow\uTorrent
2016-09-03 02:32 - 2016-09-04 12:41 - 00002550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-09-03 02:32 - 2016-09-04 12:41 - 00002538 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2016-09-03 02:32 - 2016-09-04 12:41 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\AVG
2016-09-03 02:32 - 2016-09-03 02:32 - 00000000 ____D C:\ProgramData\Avg
2016-09-03 02:32 - 2016-09-03 02:32 - 00000000 ____D C:\Program Files (x86)\AVG
2016-09-03 02:32 - 2016-08-19 16:35 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2016-09-03 02:30 - 2016-09-03 02:32 - 00000000 ____D C:\Users\Sonny\AppData\Local\AvgSetupLog
2016-09-03 02:30 - 2016-09-03 02:32 - 00000000 ____D C:\Users\Sonny\AppData\Local\Avg
2016-09-01 19:42 - 2016-09-03 04:22 - 00000000 ____D C:\Users\Sonny\Desktop\fotos LUL
2016-09-01 10:56 - 2016-09-01 10:56 - 00000000 _____ C:\Users\Sonny\Desktop\anrufen 776750.txt
2016-08-31 11:12 - 2016-08-31 11:12 - 00000000 ____D C:\Users\Sonny\Desktop\hülln
2016-08-27 17:24 - 2016-08-27 17:24 - 00000000 ____D C:\Users\Sonny\Desktop\realtemp
2016-08-23 12:21 - 2016-08-23 12:21 - 00000000 ____D C:\WINDOWS\pss
2016-08-21 01:38 - 2016-08-21 01:38 - 00002019 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-08-21 01:38 - 2016-08-21 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-19 21:03 - 2016-08-19 21:03 - 00000222 _____ C:\Users\Sonny\Desktop\H1Z1 King of the Kill.url
2016-08-19 14:54 - 2016-08-19 14:54 - 00000000 ____D C:\Users\Sonny\Desktop\random
2016-08-19 14:44 - 2016-09-03 04:17 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-19 12:16 - 2016-09-03 04:17 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-19 12:13 - 2016-08-19 12:13 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-19 12:13 - 2016-08-19 12:13 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-19 12:13 - 2016-08-19 12:13 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-19 12:13 - 2016-08-19 12:13 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-19 12:13 - 2016-08-19 12:13 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-19 12:12 - 2016-07-15 20:29 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2016-08-19 12:12 - 2016-07-15 20:29 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2016-08-19 12:12 - 2016-07-15 20:14 - 06354944 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2016-08-19 12:12 - 2016-07-15 19:45 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2016-08-19 12:12 - 2016-07-15 19:29 - 05489664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2016-08-19 12:11 - 2016-08-19 12:11 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-19 12:10 - 2016-08-19 14:52 - 00000000 ____D C:\Users\Sonny\AppData\Local\ConnectedDevicesPlatform
2016-08-19 12:10 - 2016-08-19 12:10 - 00000020 ___SH C:\Users\Sonny\ntuser.ini
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files\MSBuild
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-19 12:08 - 2016-08-19 12:08 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-19 12:07 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-19 12:07 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-19 12:07 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2016-08-19 11:54 - 2016-08-19 11:54 - 00000000 ____D C:\ProgramData\USOShared
2016-08-19 11:50 - 2016-08-19 11:53 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-19 11:50 - 2016-08-19 11:53 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-19 11:44 - 2016-09-04 13:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-19 11:44 - 2016-09-03 13:32 - 00002868 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-08-19 11:44 - 2016-09-03 13:32 - 00002494 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2016-08-19 11:44 - 2016-09-03 12:41 - 00002420 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Gaming Center
2016-08-19 11:44 - 2016-09-03 04:15 - 00002196 _____ C:\WINDOWS\System32\Tasks\MSI_Reminder
2016-08-19 11:44 - 2016-09-03 04:12 - 00003712 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-19 11:44 - 2016-09-03 04:12 - 00003488 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-19 11:44 - 2016-08-19 11:44 - 00003304 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CBE7263C-E444-4178-9108-E09677EE42AD}
2016-08-19 11:44 - 2016-08-19 11:44 - 00003098 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-08-19 11:44 - 2016-08-19 11:44 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2802146430-1798650074-2620433185-1002
2016-08-19 11:44 - 2016-08-19 11:44 - 00002460 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-08-19 11:44 - 2016-08-19 11:44 - 00002380 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2802146430-1798650074-2620433185-500
2016-08-19 11:44 - 2016-08-19 11:44 - 00002242 _____ C:\WINDOWS\System32\Tasks\{62C4727E-EE8B-4CC4-ACF4-42684399E681}
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2016-08-19 11:44 - 2016-08-19 11:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-19 11:44 - 2014-04-27 04:08 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1445490910-985070050-2736773077-500
2016-08-19 11:44 - 2013-11-13 22:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-538400136-2975241231-1352160326-500
2016-08-19 11:43 - 2016-08-19 11:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Abelssoft
2016-08-19 11:33 - 2016-08-19 11:33 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-19 11:33 - 2016-08-19 11:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-08-19 11:33 - 2016-08-19 11:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-08-19 11:28 - 2016-08-19 11:35 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-19 11:25 - 2016-09-04 03:36 - 00000000 ____D C:\Users\Sonny
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Vorlagen
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Startmenü
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Netzwerkumgebung
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Lokale Einstellungen
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Eigene Dateien
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Druckumgebung
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Documents\Eigene Videos
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Documents\Eigene Musik
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Documents\Eigene Bilder
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\AppData\Local\Verlauf
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\AppData\Local\Anwendungsdaten
2016-08-19 11:25 - 2016-08-19 11:25 - 00000000 _SHDL C:\Users\Sonny\Anwendungsdaten
2016-08-19 11:21 - 2016-09-04 13:35 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-19 11:21 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files\Intel
2016-08-19 11:21 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files\Elantech
2016-08-19 11:21 - 2016-08-19 11:21 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-08-19 11:21 - 2016-08-19 11:21 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-08-19 11:21 - 2016-05-27 15:50 - 00104584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-08-19 11:21 - 2016-05-27 15:50 - 00100488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-08-19 11:20 - 2016-08-19 11:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-19 11:20 - 2016-08-19 11:20 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-19 11:20 - 2016-08-19 11:20 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-19 11:20 - 2016-08-19 11:20 - 00000000 ____D C:\Program Files\Realtek
2016-08-19 11:20 - 2016-07-16 13:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 06452948 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-08-19 11:20 - 2016-06-03 05:59 - 06364216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 02455608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-19 11:20 - 2016-06-03 05:59 - 00534072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-19 11:19 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-19 11:19 - 2016-08-19 11:19 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-08-19 11:18 - 2016-09-04 01:23 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-19 11:18 - 2016-08-19 14:44 - 00342560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-19 11:18 - 2016-08-19 11:18 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-18 18:45 - 2016-08-18 20:07 - 00000096 _____ C:\Users\Sonny\Desktop\AliBaba evidence.txt
2016-08-11 02:55 - 2016-08-11 02:55 - 00002317 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-08-11 02:55 - 2016-08-11 02:55 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2016-08-10 15:17 - 2016-08-10 15:18 - 00000031 _____ C:\Users\Sonny\Desktop\nUMMERN.txt

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-04 13:42 - 2015-11-10 19:44 - 00000000 ____D C:\FRST
2016-09-04 13:38 - 2016-07-17 00:51 - 00585622 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-04 13:38 - 2016-07-17 00:51 - 00112944 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-04 13:38 - 2015-11-17 02:13 - 01630296 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-04 13:35 - 2014-07-23 20:18 - 00000000 __SHD C:\Users\Sonny\IntelGraphicsProfiles
2016-09-04 13:34 - 2016-07-16 13:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-09-04 13:34 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-09-04 13:33 - 2016-04-12 01:09 - 00000000 ____D C:\Users\Sonny\AppData\LocalLow\Temp
2016-09-04 12:54 - 2015-10-27 17:14 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-04 12:49 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-04 12:41 - 2014-07-23 20:15 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-04 01:45 - 2015-07-10 01:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 01:32 - 2014-11-01 17:10 - 00000000 ____D C:\AdwCleaner
2016-09-04 00:18 - 2016-07-28 05:08 - 00000000 ____D C:\Users\Sonny\Desktop\slaM
2016-09-03 23:14 - 2015-11-17 02:39 - 00002439 _____ C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-03 23:14 - 2015-05-13 14:16 - 00000000 ___RD C:\Users\Sonny\OneDrive
2016-09-03 23:14 - 2014-12-23 13:23 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Skype
2016-09-03 16:13 - 2014-08-20 20:12 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\uTorrent
2016-09-03 13:50 - 2016-07-20 01:24 - 00000000 ____D C:\Users\Sonny\AppData\Local\ElevatedDiagnostics
2016-09-03 13:47 - 2014-08-07 21:09 - 00000000 ____D C:\ProgramData\Oracle
2016-09-03 13:46 - 2015-09-05 09:56 - 00000000 ____D C:\Users\Sonny\.oracle_jre_usage
2016-09-03 13:46 - 2014-10-30 17:56 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-09-03 13:46 - 2014-10-30 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-03 13:46 - 2014-08-07 21:09 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-03 13:24 - 2016-01-21 16:17 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-03 13:24 - 2016-01-21 16:17 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-03 13:23 - 2016-07-16 13:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-03 04:38 - 2014-07-24 00:29 - 00000000 ____D C:\Users\Sonny\AppData\Local\CrashDumps
2016-09-03 04:22 - 2016-07-20 01:42 - 00000000 ____D C:\Users\Sonny\Desktop\memes
2016-09-03 04:22 - 2016-06-01 20:58 - 00000000 ____D C:\Users\Sonny\.spawnpk
2016-09-03 04:22 - 2016-05-20 15:55 - 00000000 ____D C:\Users\Sonny\Desktop\k
2016-09-03 04:18 - 2016-03-29 02:04 - 00000000 ____D C:\Users\Sonny\.thumbnails
2016-09-03 04:18 - 2014-08-07 21:10 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\.minecraft
2016-09-03 04:18 - 2014-04-27 04:02 - 00000000 ____D C:\ProgramData\Temp
2016-09-03 04:17 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-03 04:17 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-03 04:17 - 2014-12-14 16:44 - 00000000 ____D C:\Users\Sonny\AppData\Local\Battle.net
2016-09-02 18:04 - 2014-12-14 16:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-09-02 12:39 - 2015-11-17 02:10 - 00147656 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2016-09-01 21:43 - 2014-07-31 21:19 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\TS3Client
2016-08-26 12:50 - 2016-05-05 23:38 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-25 11:36 - 2016-01-19 22:16 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-08-21 17:08 - 2014-12-14 16:45 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-08-21 01:38 - 2015-11-15 03:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-20 15:52 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-20 13:54 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-20 13:52 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-20 02:22 - 2014-04-27 03:18 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-19 21:03 - 2014-08-14 18:31 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-19 14:46 - 2016-04-18 20:19 - 00000306 __RSH C:\ProgramData\ntuser.pol
2016-08-19 12:46 - 2014-07-23 20:18 - 00000000 ____D C:\Users\Sonny\AppData\Local\Packages
2016-08-19 12:16 - 2016-07-16 13:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-19 12:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-19 12:12 - 2016-07-17 00:52 - 00000000 ____D C:\WINDOWS\OCR
2016-08-19 12:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-08-19 12:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-08-19 11:54 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-19 11:54 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-19 11:54 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows NT
2016-08-19 11:53 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-19 11:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-19 11:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-19 11:50 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-19 11:44 - 2015-11-17 02:19 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-19 11:40 - 2014-04-27 03:25 - 01444596 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-08-19 11:36 - 2014-09-06 18:31 - 00000000 ____D C:\WINDOWS\SysWOW64\SupportAppZXH
2016-08-19 11:36 - 2013-11-13 21:33 - 00000000 ____D C:\WINDOWS\uk
2016-08-19 11:36 - 2013-11-13 21:33 - 00000000 ____D C:\WINDOWS\tr
2016-08-19 11:35 - 2016-08-02 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-08-19 11:35 - 2016-08-01 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-08-19 11:35 - 2016-07-26 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-19 11:35 - 2016-06-22 03:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-08-19 11:35 - 2016-06-19 02:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReMouse Standard
2016-08-19 11:35 - 2016-06-07 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-08-19 11:35 - 2016-06-01 08:41 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2016-08-19 11:35 - 2016-05-23 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GhostMouse
2016-08-19 11:35 - 2016-05-20 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-19 11:35 - 2016-05-06 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-08-19 11:35 - 2016-02-24 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
2016-08-19 11:35 - 2015-11-11 20:26 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-19 11:35 - 2015-10-30 20:44 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-19 11:35 - 2015-10-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-19 11:35 - 2015-06-14 01:20 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-08-19 11:35 - 2015-03-22 14:48 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
2016-08-19 11:35 - 2014-12-23 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-19 11:35 - 2014-12-22 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-08-19 11:35 - 2014-12-14 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-08-19 11:35 - 2014-12-14 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-08-19 11:35 - 2014-11-29 11:52 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-19 11:35 - 2014-11-29 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-19 11:35 - 2014-11-13 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2016-08-19 11:35 - 2014-11-12 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-08-19 11:35 - 2014-11-05 22:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-19 11:35 - 2014-11-02 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2016-08-19 11:35 - 2014-08-21 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Goat Simulator
2016-08-19 11:35 - 2014-07-31 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-08-19 11:35 - 2014-07-25 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2016-08-19 11:35 - 2014-04-27 04:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
2016-08-19 11:35 - 2014-04-27 03:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-08-19 11:35 - 2014-04-27 03:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-08-19 11:35 - 2014-04-27 03:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-19 11:35 - 2014-04-18 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2016-08-19 11:35 - 2013-11-13 21:33 - 00000000 ____D C:\WINDOWS\bg
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\sv
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\sl
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\sk
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\ru
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\ro
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\pl
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\nl
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\lv
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\lt
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\it
2016-08-19 11:35 - 2013-11-13 21:32 - 00000000 ____D C:\WINDOWS\hu
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\hr
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\he
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\fr
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\fi
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\et
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\es
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\en
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\el
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\de
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\da
2016-08-19 11:35 - 2013-11-13 21:31 - 00000000 ____D C:\WINDOWS\cs
2016-08-19 11:35 - 2013-11-13 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-08-19 11:35 - 2013-11-13 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2016-08-19 11:33 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-19 11:33 - 2015-10-30 08:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-08-19 11:31 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-08-19 11:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-08-19 11:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-08-19 11:30 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-08-19 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-19 11:30 - 2014-07-24 11:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-19 11:30 - 2014-04-27 03:20 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-08-19 11:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-08-19 11:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-19 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-19 11:29 - 2016-05-03 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PUSH Entertainment
2016-08-19 11:29 - 2016-03-10 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-08-19 11:29 - 2016-01-14 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-08-19 11:29 - 2016-01-14 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-08-19 11:29 - 2015-09-26 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roccat
2016-08-19 11:29 - 2014-04-27 03:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2016-08-19 11:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-19 11:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-19 11:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-19 11:28 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-19 11:27 - 2016-03-10 05:34 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-08-19 11:21 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-19 11:21 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-19 11:21 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-19 03:53 - 2014-07-23 21:16 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-18 22:49 - 2014-07-24 20:37 - 00000000 ____D C:\Users\Sonny\AppData\Local\NVIDIA Corporation
2016-08-18 22:49 - 2014-07-24 20:36 - 00000000 ____D C:\Users\Sonny\AppData\Local\NVIDIA
2016-08-18 14:37 - 2014-04-27 03:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-08-17 18:04 - 2014-11-15 17:55 - 00000000 ____D C:\Users\Sonny\AppData\Roaming\TeamViewer
2016-08-13 23:14 - 2014-11-01 16:59 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-11 02:55 - 2014-04-27 03:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-11 00:44 - 2015-02-12 19:31 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-08-10 00:19 - 2014-07-24 11:47 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 00:16 - 2015-10-16 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-10 00:10 - 2013-08-22 15:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-08-08 23:40 - 2016-01-21 16:18 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2005-04-08 04:16 - 2015-02-28 23:03 - 0142572 ____H () C:\Users\Sonny\AppData\Roaming\Sonnylog.dat
2015-10-21 21:42 - 2015-10-21 21:42 - 1852453 _____ () C:\Users\Sonny\AppData\Local\curl.zip
2015-10-21 21:42 - 2015-10-21 21:42 - 0000002 _____ () C:\Users\Sonny\AppData\Local\OczLpK.vbs
2016-06-29 04:14 - 2016-06-29 04:14 - 0005871 _____ () C:\Users\Sonny\AppData\Local\recently-used.xbel
2015-03-23 19:53 - 2016-01-23 12:21 - 0007601 _____ () C:\Users\Sonny\AppData\Local\Resmon.ResmonCfg
2016-07-21 18:19 - 2016-07-21 18:19 - 1145382 _____ () C:\Users\Sonny\AppData\Local\Tempmusic.ogg
2015-06-20 16:06 - 2015-06-20 16:06 - 0000003 _____ () C:\Users\Sonny\AppData\Local\updater.log
2015-06-20 16:06 - 2015-10-02 12:12 - 0000424 _____ () C:\Users\Sonny\AppData\Local\UserProducts.xml

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Sonny\matrix_cl_CloudIn_LIVE.dat
C:\Users\Sonny\system32log.dat


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-29 17:47

==================== Ende von FRST.txt ============================

stefan nur · 04.09.2016, 12:49

addition.txt

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Sonny (04-09-2016 13:43:49)
Gestartet von C:\Users\Sonny\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-19 09:54:38)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2802146430-1798650074-2620433185-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2802146430-1798650074-2620433185-503 - Limited - Disabled)
Gast (S-1-5-21-2802146430-1798650074-2620433185-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2802146430-1798650074-2620433185-1004 - Limited - Enabled)
Sonny (S-1-5-21-2802146430-1798650074-2620433185-1002 - Administrator - Enabled) => C:\Users\Sonny

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

„Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\uTorrent) (Version: 3.4.8.42499 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.52.2.34122 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.52.2 - AVG Technologies) Hidden
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1402.2101 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1403.0501 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1403.0501 - Micro-Star International Co., Ltd.) Hidden
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
ELAN Touchpad 15.13.3.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.3.1 - ELAN Microelectronic Corp.)
FMW 1 (Version: 1.122.3 - AVG Technologies) Hidden
Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1405.3) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 4.1.1) (Version: 4.1.1 - Riot Games)
League of Legends (x32 Version: 4.1.1 - Riot Games) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x64 de) (HKLM\...\Mozilla Firefox 48.0.2 (x64 de)) (Version: 48.0.2 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.4 - Steganos Software GmbH)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PUSH Entertainment - Video Wallpaper (HKLM\...\Video Wallpaper_is1) (Version: 2.23 - PUSH Entertainment)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.41.1283 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{68DD86DD-8E02-4921-926B-B358D51EAF3A}) (Version: 1.1.41.1283 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
ReMouse Standard (HKLM-x32\...\ReMouse Standard_is1) (Version: Standard V3.5.3 - AutomaticSolution Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROCCAT Isku Keyboard Driver (HKLM-x32\...\{4ABAF918-A6BD-43D8-AE0B-5292034B14CB}) (Version:  - Roccat GmbH)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Savu Mouse (HKLM-x32\...\{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}) (Version: 1.1.9 - ROCCAT GmbH)
SCM (HKLM\...\{6692DCAF-A445-4C6B-AF31-3DD85FC06FBA}) (Version: 13.014.01026 - Application)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
ShellShock Live (HKLM-x32\...\Steam App 326460) (Version:  - kChamp Games)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.6 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.417.28061 - SteelSeries)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
The Culling (HKLM\...\Steam App 437220) (Version:  - Xaviant)
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {053C778D-06C1-4D62-84BD-39FA4870D03F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.)
Task: {13C3F18E-4E5D-4062-810F-A6499B00FA47} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {18897757-D763-4018-98E4-F81AD458BCEB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {198AC17A-A1A9-477C-BC26-40D414306202} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {2FB68F56-273E-4B0A-B0CE-2C9585B6E939} - kein Dateipfad
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {49990D9B-BE5E-4D67-BF21-53C5D3665991} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {655D8C8B-159C-4CA9-896F-F077CE442901} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {71F810AD-05B9-48D8-8F87-40070FF6A3C6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {75AFAFC8-1C97-4B16-8888-A68FB347106A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-03] (Microsoft Corporation)
Task: {779208B8-9886-4521-93FC-514FDB47C6FF} - System32\Tasks\MSI_Reminder => C:\Program Files (x86)\MSI\MSI Remind Manager\MSI Reminder.exe [2014-04-10] ()
Task: {7A336A2C-BA99-406A-B2FA-ABAB2D625287} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-08-19] (AVG Technologies CZ, s.r.o.)
Task: {94709565-896C-4D2D-A9DA-3B2774732943} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B267233E-BE96-40DA-9032-9B05C1279146} - kein Dateipfad
Task: {B3B77269-D008-49F1-9EC4-2AB878784C27} - System32\Tasks\{62C4727E-EE8B-4CC4-ACF4-42684399E681} => pcalua.exe -a C:\PROGRA~1\DIFX\D29FE547208FE130\DPInst.exe -c /u C:\Windows\System32\DriverStore\FileRepository\kb9xradiobtn.inf_amd64_50504636c90ca4e3\kb9xradiobtn.inf
Task: {B4D17AEA-31EE-4FCD-9D25-75C86FFEBC6F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {BDE262C3-2DF7-4D42-B38A-E3DE2A1AC283} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe
Task: {D1CF2F54-65BE-4320-9872-038D8AA1132B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.)
Task: {DC24F3EE-D31D-42B7-9458-AF69BFC5BFD0} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)
Task: {E08773B5-39C4-4444-B05F-7B63F6E3B159} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E0C17C92-78F0-4BD3-A0F5-E7A706927361} - kein Dateipfad
Task: {E7F87DA8-918B-4017-B33A-D1E8E876C1AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E935C442-D04C-4D3A-9CEF-B00EF8049A89} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {EB6CD99B-C94C-4E36-99D4-C0743D42C9FA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {ECD3923E-0E63-4EF2-832C-BAF2F0259D2E} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {F65F27F3-44BD-4AAE-9844-07428DB301E4} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-19 11:20 - 2016-06-03 05:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-20 07:38 - 2016-05-02 20:31 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-27 14:05 - 2016-05-02 20:31 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-20 07:38 - 2016-05-02 20:31 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-02 14:52 - 2016-05-02 20:31 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-19 11:26 - 2016-05-02 20:31 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-02 17:25 - 2016-05-02 20:31 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-02 17:25 - 2016-05-02 20:31 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-03 23:14 - 2016-09-03 23:14 - 01864384 _____ () C:\Users\Sonny\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-19 12:13 - 2016-08-19 12:13 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-19 12:47 - 2016-08-19 12:47 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-19 12:47 - 2016-08-19 12:47 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-19 12:47 - 2016-08-19 12:47 - 35290624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2014-04-27 03:41 - 2012-11-01 20:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-04-27 03:41 - 2012-11-01 20:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2016-09-04 13:39 - 2016-09-04 13:39 - 00165376 _____ () C:\Users\Sonny\Desktop\SystemLook_x64.exe
2015-03-31 16:41 - 2016-05-02 20:31 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-03 02:32 - 2016-09-04 03:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\sony.com -> sony.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-09-04 01:32 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: EslWireHelper => 2
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: OkayFreedom VPN Starter Service => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: Wecsvc => 3
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "ROCCAT Savu Gaming Mouse"
HKLM\...\StartupApproved\Run32: => "RoccatIsku"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\StartupFolder: => "AutoFuriousPk.lnk"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "SteelSeries Engine"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "OKAYFREEDOM_Agent"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "ESL Wire"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DF971B6E1C7E4227FED899F7F8727B7B"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2802146430-1798650074-2620433185-1002\...\StartupApproved\Run: => "PUSH Wallpaper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{323F54F6-1022-4389-9475-0867806E2FA6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C3E280ED-211A-4320-82EC-A76F89431439}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{84F4DCC3-5FBA-4AC8-886F-07D9D826BD9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{E886D6A5-4473-4042-83E2-BD6A7EEA1D15}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{EF002034-43ED-4E47-AE38-8D8E2A298297}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{955472F1-5D68-4D89-BD24-EADBA675F4C8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{F22E429B-7106-45D4-9A5D-0D6D2A70162D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{9C7F7AD4-4141-4B32-80DB-C1E2670D189D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{8C3C60E1-55D8-43CF-AA5F-3AB8B6233801}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{96953C08-8D06-4B77-ADE1-8C8F780CF0B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{541C1507-5C78-4608-8C9F-9B4AC8F53CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{0A7A5E77-E3C8-4881-A544-17F3581297F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{DB7327BE-C3F5-405C-A510-F49E0E51E3F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{90F032A5-50AD-43E0-A83B-987132E7B06D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{568FB156-984F-4364-AF50-15DDF2E1DC4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [UDP Query User{2D1F931A-E2AF-46F8-BF41-C0C000A8D7C2}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{0793FF90-1FB8-4843-A039-53AB42BF70AC}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{39591338-63FA-468D-AB47-D7D037E66721}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{E15D65A5-9DF8-4DD5-9A5A-95E2B366EB35}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{683459A5-EF2D-4DB6-9160-74BBA21469BF}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{A6FCFAFD-3870-419A-9A5E-98EF9D36C78F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{462DB65D-E303-45A8-B7D1-08FF1C8AF7CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [UDP Query User{BC3969FC-6E5B-40AC-AFBA-EB0CAA42C221}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [TCP Query User{4332FFBC-2072-443A-9C7C-FCAB5C4ED8D7}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{7AFA1FBF-9C52-4DD3-AB57-BF9C9AB34774}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [TCP Query User{0395FAD8-DA84-42CA-B016-EF4DFA8724FE}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{D6AD0797-7A2F-4B57-9E07-E46B1131BCD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{87D424F9-131B-484A-B754-F2C12EEB6594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{E71047C8-96B5-427E-9ECD-9D53CB592396}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9BBCF2B4-2849-44F8-9F7D-C5AC4E6645D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C538D8F9-F3AF-49BF-9472-CA66BBD0287A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2E94D72F-A7C3-44E2-B0B4-9A0D5FB128A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{94ABB9C1-025E-44A0-B507-71EEA4DCCE46}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{918171DB-51FE-442E-A748-65C2209E1B43}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{7D235FA2-3169-4767-8B52-8581D90E8DFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{60117904-9765-4810-938F-4A06EAE14A5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{381B44DB-F887-4D40-9D0B-4018B07597B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{F33118C0-A503-48D2-853A-33D8517D79BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{8BE42A11-0D70-4452-BE76-06C717B8CDD6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{308A4354-6154-4460-811B-E7B0EB88FB13}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E6C3F48-D98E-40B1-B72A-6B6F6B411C20}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05482FAF-ADB3-489E-A641-40FC08C64E10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72C13B62-051B-4A27-BC4D-0324BD75AA18}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{46A93CBC-A60D-4E2F-9B9A-E25359E7CBFF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0B8F220F-16AA-41C3-81F8-6030BB7F697A}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [UDP Query User{68BB482A-48CF-4A6A-A077-6F1D6E8E35C8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E658F9F5-85B1-436B-8D90-769FF6BE0542}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{379BE65A-EA45-4BDF-9CE1-786C408AC218}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{3A508D5E-59BF-48F1-AE2F-3EBB161C4775}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{57AD8D68-AC15-4EAC-8ECC-8BFA22E6F067}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{14BC4668-0899-45AE-9C64-3CA242854F86}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{7C798BDB-6720-4409-9B9A-45BA2488A588}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{871CE9EA-FC2D-46E8-9CF5-038B68F6EE84}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D0DF9B70-BBE4-48C4-ACB4-389845387DA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{68B8F02F-74EC-4917-9703-CFAACB383528}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{4631B28B-ADA1-4C8D-B5FC-A994551BB76D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{84BFB907-2C19-4CC2-967E-2EEC581BE0F2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{88534048-92B0-4434-B900-7CC55D4D607A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{46B62EA1-692C-43BF-A543-925F26966896}] => (Allow) LPort=2869
FirewallRules: [{70C1D52C-B586-4EA1-98E9-020CFC70DF45}] => (Allow) LPort=1900
FirewallRules: [{4F25C021-11DD-41CD-BF58-AF46BB13C1CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{34A7734F-B00A-48D0-A83B-EAA1C2D616D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F2D7538C-E394-4AFD-AFAE-C68DBDB93E7F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{97985C29-EEF1-45B4-87D4-56E4EA95F891}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{59002A38-6D55-4C7E-987A-00B84BDD163B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B0E18A3D-6288-4728-995D-F6E8D08F074F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{87F560AE-BBF6-4483-81C7-B055D2D3188C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5A4BEE09-39DF-4CE7-B48B-5FB4948D9D32}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3FF015C5-2DED-4BBD-B4B9-7374E65B41FC}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{32FDCE01-2945-4FA9-B829-A5F4C26FB8C3}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [{38629923-47DD-456C-ACD6-3B4059308CF0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{78C09BC1-7EB7-4379-BC57-60C084592856}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{87000D62-B90C-4395-81D3-04E12D02D7D3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D52ECCFE-BBC8-4BFB-B57A-AC84EEF9DC44}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8A134117-682E-4AE1-8C65-58B89EBB8EE9}] => (Allow) C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A2417B52-3AB6-4329-8328-0CD63104072A}] => (Allow) C:\Users\Sonny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{766E52DB-5914-4B0F-B91D-40D105E9E512}C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{6316FDDD-ACF3-474D-83CD-A15538E7C2EF}C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{429D1BD2-5F4C-418E-A896-DB06DEAC672C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{71AE5ACB-DD33-4093-966D-360624305C77}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9B0F9E29-F072-4C49-AB5D-C699A097B550}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E7B30437-E8BC-41D2-811D-971508B49E6D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{95E758E8-6327-46EF-9E46-A3F19F2D3C2B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3D7EAC98-4483-4264-A0EE-EAEEEC61801D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6144ABD9-6B89-4709-B5CD-793CAE422FC1}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{0D0160A4-1961-48A9-ABB5-82210565AB77}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{835FA948-A930-46D0-B0AB-367172FF2365}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{A59DFE90-68C8-4946-B47F-06F36EDB9B80}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{1A335CE4-A404-4EDE-8A78-1B214F0BCD9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F606F0F9-B84F-4323-BB4C-C1ED38AF3C5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{52592E1B-9B26-455C-942A-5C2B52556207}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D53A82D6-086F-460D-BD79-D24F0620DCCE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{85D611CD-514B-4DE7-942F-230AFAD6FBDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{40BD89CC-ACE0-4CA1-AF80-FA080F104BA4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ED491681-DE8D-43FB-BD07-BA83ACCB3191}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{536B782A-EBDF-4570-A1DC-A7CC9062E01E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F083E633-DD01-464E-BEEB-43B6669CFAD7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5731A13E-9B44-47A8-ACB5-FEA1C274BEEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{A6FFC7A4-1EDC-49E6-AA50-69B89C706BFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe

==================== Wiederherstellungspunkte =========================

28-08-2016 01:28:35 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/04/2016 01:36:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/04/2016 12:59:11 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (09/04/2016 12:59:11 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (09/04/2016 12:59:11 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (09/04/2016 12:53:57 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\Sonny\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Beschreibung = JRT Pre-Junkware Removal; Fehler = 0x8004230f).

Error: (09/04/2016 12:53:52 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: 4194317
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{da8b207d-f772-4bb9-9ba7-87d957d0348a}\
   Ausführungskontext: Coordinator

Error: (09/04/2016 12:53:52 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: 4194317
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{da8b207d-f772-4bb9-9ba7-87d957d0348a}\
   Ausführungskontext: Coordinator

Error: (09/04/2016 12:53:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (09/04/2016 12:53:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (09/04/2016 12:53:49 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}


Systemfehler:
=============
Error: (09/04/2016 01:35:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/04/2016 01:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "AVG Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 01:33:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2016 01:33:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2016 01:33:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2016 01:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 01:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "AVG PC TuneUp Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 250 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 01:33:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Micro Star SCM" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2016 01:33:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2016 01:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Norton Anti-Theft" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-09-04 00:59:40.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-04 00:59:40.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 19:09:54.693
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 19:09:50.368
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-20 15:48:17.373
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-20 15:48:16.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 7345.19 MB
Verfügbarer physikalischer RAM: 4377.28 MB
Summe virtueller Speicher: 23729.19 MB
Verfügbarer virtueller Speicher: 20796.46 MB

==================== Laufwerke ================================

Drive c: (OS_Install) (Fixed) (Total:585.61 GB) (Free:195.45 GB) NTFS
Drive d: (Data) (Fixed) (Total:325.59 GB) (Free:317.05 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 76D1827D)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B · 05.09.2016, 08:37

Servus,

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Users\Sonny\AppData\Roaming\IuYv16QPGagrb81X
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Driver-Soft
Task: {2FB68F56-273E-4B0A-B0CE-2C9585B6E939} - kein Dateipfad
Task: {B267233E-BE96-40DA-9032-9B05C1279146} - kein Dateipfad
Task: {E0C17C92-78F0-4BD3-A0F5-E7A706927361} - kein Dateipfad
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

stefan nur · 05.09.2016, 11:52

fixlog:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von Sonny (05-09-2016 11:40:46) Run:3
Gestartet von C:\Users\Sonny\Desktop
Geladene Profile: Sonny (Verfügbare Profile: Sonny)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Users\Sonny\AppData\Roaming\IuYv16QPGagrb81X
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Driver-Soft
Task: {2FB68F56-273E-4B0A-B0CE-2C9585B6E939} - kein Dateipfad
Task: {B267233E-BE96-40DA-9032-9B05C1279146} - kein Dateipfad
Task: {E0C17C92-78F0-4BD3-A0F5-E7A706927361} - kein Dateipfad
EmptyTemp:
end
*****************

Prozess erfolgreich geschlossen.
C:\Users\Sonny\AppData\Roaming\IuYv16QPGagrb81X => erfolgreich verschoben
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Driver-Soft => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Driver-Soft => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FB68F56-273E-4B0A-B0CE-2C9585B6E939}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B267233E-BE96-40DA-9032-9B05C1279146}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0C17C92-78F0-4BD3-A0F5-E7A706927361}" => Schlüssel erfolgreich entfernt

=========== EmptyTemp: ==========

BITS transfer queue => 4412308 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12760626 B
Java, Flash, Steam htmlcache => 26181026 B
Windows/system/drivers => 1276214 B
Edge => 0 B
Chrome => 0 B
Firefox => 388487153 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 6714 B
Sonny => 36863232 B

RecycleBin => 0 B
EmptyTemp: => 448.2 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 11:40:59 ====

warum soll ich nichts löschen? was is denn der zweck vom scan

hitmanpro

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : MSI_SAMDAR
   Windows . . . . . . . : 10.0.0.14393.X64/8
   User name . . . . . . : MSI_SAMDAR\Sonny
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-09-05 12:05:10
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 15m 58s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 7

   Objects scanned . . . : 2,213,551
   Files scanned . . . . : 101,604
   Remnants scanned  . . : 732,056 files / 1,379,891 keys

Malware _____________________________________________________________________

   C:\Users\Sonny\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe
      Size . . . . . . . : 3,644,272 bytes
      Age  . . . . . . . : 297.1 days (2015-11-13 08:59:27)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : CECB4343061204AC03391F8AD6D4F6726ECBF2B4417DFA366C5967FA3F74B1E9
      Product  . . . . . : PowerISO Setup
      Publisher  . . . . : Power Software Ltd
      Description  . . . : PowerISO Setup
      Version  . . . . . : 6.5.0.0
      Copyright  . . . . : Copyright(c) 2004-2016
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > HitmanPro  . . . . : App/DealPly-AU
      Fuzzy  . . . . . . : 101.0


Suspicious files ____________________________________________________________

   C:\Users\Sonny\AppData\Local\PunkBuster\APB\pb\pbcl.dll
      Size . . . . . . . : 1,018,416 bytes
      Age  . . . . . . . : 615.4 days (2014-12-30 02:56:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : BE5E9B9749DA372459DF60E1E836D74873048B041E3E740137EBAD32C3F98D2B
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Sonny\AppData\Local\PunkBuster\APB\pb\pbclold.dll
      Size . . . . . . . : 1,018,416 bytes
      Age  . . . . . . . : 653.7 days (2014-11-21 20:03:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : BE5E9B9749DA372459DF60E1E836D74873048B041E3E740137EBAD32C3F98D2B
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Sonny\AppData\Local\PunkBuster\APB\pb\PnkBstrK.sys
      Size . . . . . . . : 139,904 bytes
      Age  . . . . . . . : 653.7 days (2014-11-21 20:03:18)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 5FFC3A37106249E619700B233D73AC3024B5902A76A6FCEA687B7123DD8D68AD
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Sonny\Desktop\FRST64.exe
      Size . . . . . . . : 2,397,696 bytes
      Age  . . . . . . . : 1.7 days (2016-09-03 18:41:59)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EFF67DD0CB40498753A49A710C08A3A6376C7DE296D23B8AEF5D4221A6017692
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\WINDOWS\SysWoW64\GameMon.des
      Size . . . . . . . : 3,806,032 bytes
      Age  . . . . . . . : 234.5 days (2016-01-15 00:16:22)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 18AB5387AA6DE2B86FB4EEDC6A068729D595F64E7F359ED5D88DA5A7CE4A6212
      Product  . . . . . : nProtect Game Monitor
      Publisher  . . . . : INCA Internet Co., Ltd.
      Description  . . . : nProtect Game Monitor Rev 2313
      Version  . . . . . : 2015.10.14.1
      RSA Key Size . . . : 2048
      Service  . . . . . : npggsvc
      LanguageID . . . . : 1042
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 25.0
         The file name extension of this program is not common.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\

M-K-D-B · 05.09.2016, 13:01

Servus,

gut gemacht.

Zitat:

Zitat von stefan nur

warum soll ich nichts löschen? was is denn der zweck vom scan

Weil es sich um Fehlalarme handeln könnte und dann legitime Dateien/Ordner/etc. gelöscht werden würden
Weil manche Funde auf die Quarantäne von bereits verwendenen Tools zeigen und damit schon außer Gefecht sind. Diese zu löschen wäre absolut sinnfrei.

Zitat:

Zitat von stefan nur

was is denn der zweck vom scan

Überreste von Schadsoftware finden

Es fehlen noch ESET und FRST.

stefan nur · 05.09.2016, 14:00

ESET :

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3de482ec8996d1449ddfc37597c88783
# end=init
# utc_time=2016-09-05 09:53:06
# local_time=2016-09-05 11:53:06 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 30651
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3de482ec8996d1449ddfc37597c88783
# end=updated
# utc_time=2016-09-05 09:55:04
# local_time=2016-09-05 11:55:04 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3de482ec8996d1449ddfc37597c88783
# engine=30651
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-09-05 12:56:21
# local_time=2016-09-05 02:56:21 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 61365 4410797 0 0
# scanned=365891
# found=88
# cleaned=0
# scan_time=10876
sh=8BCDF3D37DA1852EDFFC3640620CC34ED2F155E8 ft=1 fh=ce8d932a6520315d vn="Variante von Win32/Adware.Adposhel.G Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\ProgramData\9da82d49\e91fe5fd.dll.vir"
sh=0FB724865515624082A38FAD53CBE4BEDAA1735A ft=1 fh=f938c8f81da27d54 vn="Variante von Win32/Adware.ConvertAd.ABW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\00000000-1445361232-0000-0000-448A5B44E892\rnsc657B.exe.vir"
sh=E3C00E8AA20B0BE545DB08111971E54407750FE6 ft=1 fh=47ec64d8691d69c3 vn="NSIS/TrojanDownloader.Adload.BL Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\gze3012.exe.vir"
sh=15ED5B6C5946E85E7A5C77F4A7689E4E76CCBAFB ft=1 fh=c71c0011fe889422 vn="Win32/Thinknice.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=8FF07C7F0E7320A1EB53CADD4D30D3154FF33BBA ft=1 fh=f622fe8cae001c0b vn="Win64/Thinknice.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=55B49E6175EC153F5F6D595F7E36CF04D61C70AC ft=1 fh=c71c0011122aac36 vn="Win32/Thinknice.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=571717AF7E0D8E84B482DFD7ADBC7A0A50F40A79 ft=0 fh=0000000000000000 vn="JS/Lightning.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\web\js\xagainit.js.vir"
sh=019273ADFAF31F36E1297FB2DB6AD8B3D4EF8966 ft=0 fh=0000000000000000 vn="JS/Lightning.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\xagainit.js.vir"
sh=ABE61DFB4D7BC60E0B5FC055BF39337AA068B8D8 ft=0 fh=0000000000000000 vn="JS/Lightning.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\8iq92rbq.default\Extensions\faststartff@gmail.com\chrome\content\index.html.vir"
sh=4383C6E4FDCA1422F195521CDF41A241BC4DC0AB ft=0 fh=0000000000000000 vn="JS/Lightning.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\8iq92rbq.default\Extensions\faststartff@gmail.com\chrome\content\js\js.js.vir"
sh=42F28DA037F556ABCAB46C07305C7C0030C44F2F ft=0 fh=0000000000000000 vn="JS/Lightning.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\8iq92rbq.default\Extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js.vir"
sh=40A9D3BEA42B052037CEE6799461413FAE30C4FF ft=0 fh=0000000000000000 vn="JS/Lightning.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\8iq92rbq.default\Extensions\faststartff@gmail.com\chrome\content\js\pack\common.js.vir"
sh=DEB9D0A1BE36DEA3215C458DC3722ACF622A20FB ft=0 fh=0000000000000000 vn="JS/Lightning.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\8iq92rbq.default\Extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js.vir"
sh=504FB0C9D4BCDB5A26A80F08F92D5E4169243B15 ft=1 fh=c7900a4dec9db414 vn="Variante von Win32/Adware.ConvertAd.AEX Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nsdB5CE.tmp.xBAD"
sh=ADB6ABC5CBECE859182B5032DEA175A7F76EF379 ft=1 fh=134fcde36fa89f8c vn="Variante von Win32/Adware.ConvertAd.ACB.gen Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nsp3F6B.tmp.xBAD"
sh=E74A8D49B9214920A7ADC978C2D4EAC1F1460B74 ft=1 fh=04f15592e21ed83f vn="Variante von Win32/Adware.ConvertAd.ACB.gen Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nspF2B6.tmp.xBAD"
sh=A901074F923EFA09A7E4413D55EF30C8FCBD0322 ft=1 fh=eb841dc825cb1c22 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\DMR\dmr_72.exe.xBAD"
sh=87BAC9D18750AF6FDAF013CE5325914979C5A72A ft=1 fh=4d6154421bc357fe vn="Variante von Win32/InstallCore.ACL evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\ns6C7051C9\4F9ABF7C_stp\CreateShortcut.dll.xBAD"
sh=A5BE0C1A6877CFECACE44C10F7A77AE1925F9292 ft=1 fh=5b8d6bde69b054c1 vn="Variante von Win32/InstallCore.ACL evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\ns6C7051C9\6BD96D0D_stp\TaskScheduler.dll.xBAD"
sh=23DFE11C19F1C88DFCC9AA0D46FFB2013402C5F7 ft=1 fh=c71c0011fa91fe3e vn="Variante von Win32/Toolbar.CrossRider.CM evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\cezgufrd.dll.xBAD"
sh=ADED330884B86CFD119BEB03A5414C940C09AB87 ft=1 fh=30672d4887200e79 vn="Variante von Win32/Toolbar.CrossRider.BW evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\phodw.dll.xBAD"
sh=FA14CDEDC3BCBCB1C8B8487D47BE1E628A930503 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\102.js.xBAD"
sh=937BEB5AC1F53E7FF1E3EB0BCA48BA7AF2D3664F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\104.js.xBAD"
sh=F4868E75E21D37FCBC9A5871B6B120EB3E4600DF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\14.js.xBAD"
sh=C10E64DC01896B43B0C89F53376D4164453BC74E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\178.js.xBAD"
sh=9CB942D538CEA821683BC9D832014E8EC5FDE2EC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\179.js.xBAD"
sh=80C90D030EA66EA5346FBF5214670595E3375CAD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\180.js.xBAD"
sh=0987FB3F0C956A9578B1C3D050189BB99A017FC2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\184.js.xBAD"
sh=4BCC541E7A14BF89B1633A1BC794E6848B831E80 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\200.js.xBAD"
sh=4A456E8397DFF5CBB4FF25D8B9710C41A42AFCC3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\223.js.xBAD"
sh=877349BAD187BE3A07174EA0A6F16A375474C639 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\231.js.xBAD"
sh=776290247C80F20D24E4BA8F99F13F2D5578ECC8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\232.js.xBAD"
sh=F3C19FB08E08EEDA6008DFA8175DEDEA51DE1BFA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\234.js.xBAD"
sh=69F3441DAAA26144ABB42DB33386C549E9F2231D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\242.js.xBAD"
sh=BEB05642C41381F387B0C8BE3BD0E336A89DB84E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.Q evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\246.js.xBAD"
sh=2DE5AADF0BB2BF572B147C4E8F62CAAF44C60A75 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\252.js.xBAD"
sh=3CA5653E6B858F15992AC689F06C8456A94B0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\253.js.xBAD"
sh=C7574CAC8611C5FBBE4AE2127C4CA0E2FB58DB69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\273.js.xBAD"
sh=18A20E25B540EE4327ACC0859A5778B050529B53 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\277.js.xBAD"
sh=5443843013D026E8A114EDEC837671DAC84F4AEA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\281.js.xBAD"
sh=397EC598B400D3A2111C9C0EEA7D85464774BBD7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\288.js.xBAD"
sh=7A0B43CC3BD069AE9B149EB8F4BEEB6F097837DB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\300.js.xBAD"
sh=35E8D6275113D6714473490A116CF414F6AA6368 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\311.js.xBAD"
sh=097FE11FE5038AF11A89B1B2A63F79B9EACE86FF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\334.js.xBAD"
sh=F830C45582EA30AA81037DD511D6657BAC6D3470 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\335.js.xBAD"
sh=DAFE26CC2D17C59CC7CA0B0563A50C6215781167 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\339.js.xBAD"
sh=B6C5BA5027BB472F2E638D3ADBCDB4E46DA77D1B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\348.js.xBAD"
sh=8431E5A1EAC103CC3A0097EEAFF1B8D06FF39B52 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\357.js.xBAD"
sh=40C8C98FF8B403FE50791CF29F02FBA28068FD89 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.L evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\376.js.xBAD"
sh=81A6DC2B3E4EB2A7B58E592A3E86C0C858936E87 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\380.js.xBAD"
sh=46785AF9F3FDFD7BA7E68C918CA9B2BFD5FE81CE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\385.js.xBAD"
sh=8C03AF269B9B3748482016ABD7F8FDF2BE562177 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\390.js.xBAD"
sh=B11A64AE212C15C25C435BCE4C67235DDECCE883 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\391.js.xBAD"
sh=E2C88897AD00452927EC05929A1505DACAEEFB1E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\419.js.xBAD"
sh=08A2BB08725C99F79A889C6C7CB9C7DD6306E0B6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\424.js.xBAD"
sh=A12014C968F464836DC0C10A70D977673DFA088E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Local\Temp\nswEDB6.tmp\{B9ACB687-EDCE-43A5-9578-44A48433963D}\plugins\91.js.xBAD"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Roaming\3c2jDM05M6ay9rgGcf.xBAD"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Roaming\8k4zjaU.xBAD"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Roaming\nAuWsaaA3Qnn.xBAD"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Roaming\PciD5z2oV9Hq4LK.xBAD"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Roaming\Tx2a5WctpJVeCncNO2s5iTUEFLl.xBAD"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Roaming\tYyezAYRvk8jt.xBAD"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Roaming\yR3gyuB665QVn2tdcFm0JVBk.xBAD"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\AppData\Roaming\ZkvbwFI.xBAD"
sh=9958550255192FCC3D111CCA213A8507F3A43CE3 ft=0 fh=0000000000000000 vn="JS/Adware.OkayFreedom.A Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Desktop\Alte Firefox-Daten\8iq92rbq.default\extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi.xBAD"
sh=8814F35440264553A63A592D0A1EBF4E748D0872 ft=1 fh=744e3c8b419054c5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\7 Zip 32 Bit - CHIP-Installer.exe.xBAD"
sh=5C6983B3FDBCAA45979A3039C607995D3F813B87 ft=1 fh=d17e411445ba40bb vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\Bandicam - CHIP-Installer.exe.xBAD"
sh=5A4C21A65B60E407D37E65352FAA14595FCA101F ft=1 fh=4bef93f6f5cd2036 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\Blockify - CHIP-Installer.exe.xBAD"
sh=24F1CC17A326945BF071DEBF02F5809521467143 ft=0 fh=0000000000000000 vn="Variante von MSIL/FakeTool.HM Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\Darkorbit Hack v.2.55.zip.xBAD"
sh=D58E7BC59198CC94FA5EEED01049BC621A6F99E4 ft=1 fh=bd207fa3779f8737 vn="Variante von Win32/UniBlue.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\driverscanner.exe.xBAD"
sh=0E59E06CF166E8BD89FC06277E65886535BA0E22 ft=1 fh=f857231acfe66eb4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe.xBAD"
sh=625857BDC4DA7A5BEE999E8BE7F31E2112ABBB1B ft=1 fh=d7c13d122a1f6894 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\MotioninJoy - CHIP-Installer.exe.xBAD"
sh=C31288AD07B76AA2CA302A370F2E2BDB7A165681 ft=1 fh=a62e094c232442d1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\Resource Hacker - CHIP-Installer.exe.xBAD"
sh=5C48204CD61F937B64A3916562208A9A6D13A9EC ft=0 fh=0000000000000000 vn="Variante von Java/Adwind.MH Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\RSBot-6058.jar.xBAD"
sh=5E05411F34C4E6119EEC9C0E171878B7578D72B2 ft=1 fh=e54bda30b9910101 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\ShellExView - CHIP-Installer.exe.xBAD"
sh=6D4453EA888CC15EB784D5A68341C525FC26F371 ft=1 fh=fd51312158fb6b8d vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\Skype - CHIP-Installer.exe.xBAD"
sh=3396C41A9B092704643AF4BA75BE5D809A720881 ft=1 fh=606cbf97e4e75157 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\SoftEther VPN Client - CHIP-Installer.exe.xBAD"
sh=186BF6B94203009484FA4C2E9D2E52764FE39103 ft=1 fh=906f839edd58b535 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\TeamViewer - CHIP-Installer.exe.xBAD"
sh=F69B708BAA723F00058FCBEB95AD7ED451AB3597 ft=1 fh=51dc34a13973cf56 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\uTorrent.exe.xBAD"
sh=DA9ED783137B5968971C4AC1422C76B3D628B766 ft=1 fh=73057acc53c29ac1 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\uTorrent891.exe.xBAD"
sh=BE0775BD8EF12BA7872F98E06B6B16180ED766F8 ft=1 fh=29d678da2f41f286 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\Downloads\Virtual Audio Cable - CHIP-Installer.exe.xBAD"
sh=EDD453DF5B8E668297451AA81C5E060D807AC594 ft=0 fh=0000000000000000 vn="Variante von MSIL/FakeTool.HM Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\Sonny\SkyDrive\Dokumente\Darkorbit Hack v.2.55\Darkorbit Hack v2.55.zip.xBAD"
sh=504FB0C9D4BCDB5A26A80F08F92D5E4169243B15 ft=1 fh=c7900a4dec9db414 vn="Variante von Win32/Adware.ConvertAd.AEX Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\Temp\6FDD.tmp.xBAD"
sh=504FB0C9D4BCDB5A26A80F08F92D5E4169243B15 ft=1 fh=c7900a4dec9db414 vn="Variante von Win32/Adware.ConvertAd.AEX Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\Temp\FF9.tmp.xBAD"
sh=F309A86E6DD8EC5DC11B1D44B7D1FCB1F13E12CC ft=1 fh=18a765023cc6d786 vn="Variante von Win32/DealPly.BX evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Sonny\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe"