Laptop wurde infiziert, 100% Datenträger und Chrome öffnet werbung

helpme156 · 19.11.2016, 20:32

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2016 01
durchgeführt von ducanh (Administrator) auf VIP (19-11-2016 20:29:16)
Gestartet von C:\Users\ducanh\Desktop
Geladene Profile: ducanh (Verfügbare Profile: ducanh & Administrator)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\ducanh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\ducanh\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\ducanh\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\ducanh\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\ducanh\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IO3O LLC) C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2016-01-25] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2198872 2014-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2015-12-04] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-28] (Apple Inc.)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-14] (COMODO)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896608 2015-12-01] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [Spotify Web Helper] => C:\Users\ducanh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-13] (Spotify Ltd)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [Spotify] => C:\Users\ducanh\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-13] (Spotify Ltd)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\RunOnce: [Application Restart #5] => C:\Users\ducanh\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resou (Der Dateneintrag hat 607 mehr Zeichen).
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\MountPoints2: {4002a6a9-1392-11e5-8288-a08869bf085f} - "G:\HTC_Sync_Manager_PC.exe" 
ShellExecuteHooks:  - {2B5FE6D2-A5AB-11E6-AA81-64006A5CFC23} - C:\Users\ducanh\AppData\Roaming\Phuvighqerley\Chaqury.dll Keine Datei [ ]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-05-12]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-12-04]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Who Is On My Wifi.lnk [2016-08-30]
ShortcutTarget: Who Is On My Wifi.lnk -> C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe (IO3O LLC)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4BDC64C7-1BFA-40ED-BBD8-617C53B4CA6F}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{BB2EEAC3-52F6-42A4-8DFE-2CDFECA0FAF2}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DC171AA7-770F-4C4A-9599-6C9E21E36C8C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131237249141147113&GUID=DDE61BD2-0B14-9938-4ABA-529488C50ADF
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> {A1646118-552A-42A1-A4E7-A43AB3F0603F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001 -> DefaultScope {ABAA9DAC-E150-11E4-825E-A08869BF085F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001 -> {ABAA9DAC-E150-11E4-825E-A08869BF085F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

FireFox:
========
FF ProfilePath: C:\Users\ducanh\AppData\Roaming\TomTom\HOME\Profiles\27zmdx5y.default [2016-04-15]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-11-02] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2016-01-14] [ist nicht signiert]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "","hxxp://www.google.de/","hxxp://homepage-web.com/?s=hp&m=start"
CHR Profile: C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default [2016-11-19]
CHR Extension: (ProxFlow) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-10-11]
CHR Extension: (Google Trang trình bày) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-12]
CHR Extension: (Google Tài liệu) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-12]
CHR Extension: (Google Drive) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-28]
CHR Extension: (Adblock cho Youtube™) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-05]
CHR Extension: (Google Search) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (__MSG_appName__) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg [2016-11-16]
CHR Extension: (Google Bảng tính) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-12]
CHR Extension: (HP SimplePass) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2016-06-05]
CHR Extension: (Dấu trang iCloud) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-05-16]
CHR Extension: (Google Tài liệu ngoại tuyến) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Thanh toán trên cửa hàng Chrome trực tuyến) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR Profile: C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-19]
CHR Extension: (ProxFlow) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-11-16]
CHR Extension: (Google Trang trình bày) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-16]
CHR Extension: (Google Tài liệu) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-16]
CHR Extension: (Google Drive) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-16]
CHR Extension: (YouTube) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-16]
CHR Extension: (Adblock Plus) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-16]
CHR Extension: (Adblock cho Youtube™) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-11-16]
CHR Extension: (Adblocker for Youtube™) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg [2016-11-16]
CHR Extension: (Google Bảng tính) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-16]
CHR Extension: (HP SimplePass) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2016-11-16]
CHR Extension: (Google Tài liệu ngoại tuyến) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-16]
CHR Extension: (Skype) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-16]
CHR Extension: (Thanh toán trên cửa hàng Chrome trực tuyến) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-16]
CHR Extension: (Gmail) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-16]
CHR Extension: (Chrome Media Router) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433760 2015-12-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413280 2015-12-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855648 2015-12-01] (BlueStack Systems, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-09-15] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-09-14] (COMODO)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [315376 2016-01-25] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-04-22] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20539168 2014-03-28] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [Datei ist nicht signiert]
S2 Pleketherderbotion; C:\WINDOWS\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
S2 Pleketherderbotion; C:\WINDOWS\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2016-01-25] (Realtek Semiconductor)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2015-12-04] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-04-22] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146016 2015-12-01] (BlueStack Systems)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [32224 2016-08-31] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [853904 2016-08-31] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [45592 2016-08-31] (COMODO)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [162512 2014-02-14] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [138560 2016-08-31] (COMODO)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [38432 2015-12-04] (SoftEther Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3497752 2015-04-16] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [40392 2014-03-28] (NVIDIA Corporation)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [506072 2016-06-15] (Realsil Semiconductor Corporation)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51232 2015-12-04] (SoftEther Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R1 XQHDrv; C:\WINDOWS\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-19 20:29 - 2016-11-19 20:29 - 00030518 _____ C:\Users\ducanh\Desktop\FRST.txt
2016-11-19 14:46 - 2016-11-19 14:46 - 00003583 _____ C:\Users\ducanh\Desktop\Fixlog.txt
2016-11-19 14:46 - 2016-11-19 14:46 - 00000000 ____D C:\Users\ducanh\Desktop\FRST-OlderVersion
2016-11-19 14:45 - 2016-11-19 20:29 - 00000000 ____D C:\FRST
2016-11-18 21:21 - 2016-11-19 13:14 - 00000000 ____D C:\Users\ducanh\Downloads\FRST-OlderVersion
2016-11-17 22:29 - 2016-11-19 00:52 - 00000544 _____ C:\Users\ducanh\Desktop\JRT.txt
2016-11-17 22:18 - 2016-11-17 22:18 - 01631928 _____ (Malwarebytes) C:\Users\ducanh\Desktop\JRT.exe
2016-11-17 21:40 - 2016-11-18 16:42 - 00000000 ____D C:\AdwCleaner
2016-11-17 21:40 - 2016-11-17 21:40 - 03910208 _____ C:\Users\ducanh\Downloads\AdwCleaner_6.030.exe
2016-11-16 21:49 - 2016-11-16 21:50 - 00250840 _____ C:\TDSSKiller.3.1.0.12_16.11.2016_21.49.49_log.txt
2016-11-16 21:49 - 2016-11-16 21:49 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ducanh\Downloads\tdsskiller (2).exe
2016-11-16 21:38 - 2016-11-16 21:49 - 00849254 _____ C:\TDSSKiller.3.1.0.12_16.11.2016_21.38.19_log.txt
2016-11-16 21:38 - 2016-11-16 21:38 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ducanh\Downloads\tdsskiller (1).exe
2016-11-16 21:34 - 2016-11-16 21:38 - 00248970 _____ C:\TDSSKiller.3.1.0.12_16.11.2016_21.34.25_log.txt
2016-11-16 21:34 - 2016-11-16 21:34 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ducanh\Downloads\tdsskiller.exe
2016-11-16 14:31 - 2016-11-17 21:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-16 14:31 - 2016-11-16 20:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-16 14:31 - 2016-11-16 14:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-16 14:30 - 2016-11-16 21:32 - 00000000 ____D C:\Users\ducanh\Desktop\mbar
2016-11-16 14:30 - 2016-11-16 20:38 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-16 14:30 - 2016-11-16 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ducanh\Downloads\mbar-1.09.3.1001.exe
2016-11-16 14:04 - 2016-11-16 14:04 - 00014652 _____ C:\Users\ducanh\Desktop\virus.htm
2016-11-16 02:51 - 2016-11-18 21:23 - 00039428 _____ C:\Users\ducanh\Downloads\Addition.txt
2016-11-16 02:32 - 2016-11-19 13:16 - 00102900 _____ C:\Users\ducanh\Downloads\FRST.txt
2016-11-16 02:31 - 2016-11-16 02:53 - 00000000 ___HD C:\VTRoot
2016-11-16 02:30 - 2016-11-19 14:47 - 00055446 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2016-11-16 02:30 - 2016-11-19 14:46 - 02413056 _____ (Farbar) C:\Users\ducanh\Desktop\FRST64.exe
2016-11-16 01:43 - 2016-11-16 01:43 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-11-16 01:21 - 2016-11-16 01:21 - 00001141 _____ C:\Users\ducanh\Desktop\Battle.net.lnk
2016-11-16 00:23 - 2016-11-16 00:23 - 00000000 ____D C:\NVIDIA Corporation
2016-11-16 00:20 - 2016-11-19 20:15 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2016-11-16 00:20 - 2016-11-16 00:20 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2016-11-16 00:20 - 2016-11-16 00:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2016-11-16 00:20 - 2016-11-16 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-11-16 00:19 - 2016-11-16 00:19 - 00000000 ____D C:\Program Files\COMODO
2016-11-16 00:17 - 2016-11-16 00:18 - 00000000 ____D C:\ProgramData\Comodo
2016-11-16 00:17 - 2016-11-16 00:17 - 71955456 _____ (COMODO) C:\Users\ducanh\Downloads\cispremium_only_installer.exe
2016-11-16 00:17 - 2016-11-16 00:17 - 00000000 ____D C:\ProgramData\Shared Space
2016-11-16 00:13 - 2016-11-17 22:11 - 00000008 __RSH C:\Users\ducanh\ntuser.pol
2016-11-16 00:10 - 2016-11-17 22:11 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-16 00:07 - 2016-11-16 00:07 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\ducanh\Documents\libeay32.dll
2016-11-16 00:07 - 2016-11-16 00:07 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\ducanh\Documents\ssleay32.dll
2016-11-16 00:06 - 2016-11-16 00:30 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-11-15 23:58 - 2016-11-16 00:01 - 73981120 _____ (NVIDIA Corporation) C:\Users\ducanh\Documents\GeForce_Experience_v3.1.0.52.exe
2016-11-14 19:03 - 2016-11-18 23:49 - 00000000 ____D C:\Users\ducanh\AppData\Roaming\TS3Client
2016-11-14 19:03 - 2016-11-14 19:03 - 00000986 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-11-14 19:03 - 2016-11-14 19:03 - 00000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-11-14 19:03 - 2016-11-14 19:03 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-11-14 01:53 - 2016-11-14 01:53 - 00000219 _____ C:\Users\ducanh\Desktop\Counter-Strike Global Offensive.url
2016-11-09 16:40 - 2016-10-27 19:28 - 25763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 16:39 - 2016-11-02 21:48 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 16:39 - 2016-11-02 21:48 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 16:39 - 2016-11-02 15:03 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 16:39 - 2016-11-02 15:00 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 16:39 - 2016-10-27 19:53 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-11-09 16:39 - 2016-10-27 19:51 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 16:39 - 2016-10-27 19:37 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-11-09 16:39 - 2016-10-27 19:19 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 16:39 - 2016-10-27 19:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 16:39 - 2016-10-27 19:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 16:39 - 2016-10-27 19:05 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 16:39 - 2016-10-27 18:57 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 16:39 - 2016-10-27 18:49 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-11-09 16:39 - 2016-10-27 18:47 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-11-09 16:39 - 2016-10-27 18:46 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-11-09 16:39 - 2016-10-27 18:46 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-11-09 16:39 - 2016-10-27 18:44 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-11-09 16:39 - 2016-10-27 18:17 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 16:39 - 2016-10-27 18:16 - 02920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 16:39 - 2016-10-27 18:03 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 16:39 - 2016-10-27 17:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 16:39 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 16:39 - 2016-10-25 15:11 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 16:39 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-11-09 16:39 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-11-09 16:39 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 16:39 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-11-09 16:39 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 16:39 - 2016-10-22 17:57 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 16:39 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 16:39 - 2016-10-22 17:51 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 16:39 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-11-09 16:39 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-11-09 16:39 - 2016-10-22 17:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-11-09 16:39 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 16:39 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-11-09 16:39 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 16:39 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 16:39 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 16:39 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 16:39 - 2016-10-13 20:06 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 16:39 - 2016-10-13 20:06 - 01124376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 16:39 - 2016-10-12 09:01 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 16:39 - 2016-10-11 21:21 - 00497448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 16:39 - 2016-10-11 21:21 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 16:39 - 2016-10-11 19:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 16:39 - 2016-10-11 18:47 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 16:39 - 2016-10-11 17:55 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 16:39 - 2016-10-10 22:17 - 00444248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 16:39 - 2016-10-10 22:17 - 00333656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 16:39 - 2016-10-09 23:59 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 16:39 - 2016-10-09 00:12 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-11-09 16:39 - 2016-10-08 23:53 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 16:39 - 2016-10-08 23:21 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 16:39 - 2016-10-08 23:18 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-11-09 16:39 - 2016-10-08 23:07 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 16:39 - 2016-10-08 23:02 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-11-09 16:39 - 2016-10-08 22:49 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 16:39 - 2016-10-08 22:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 16:39 - 2016-10-08 02:34 - 01660040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 16:39 - 2016-10-08 02:34 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 16:39 - 2016-10-04 21:39 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 16:39 - 2016-10-04 21:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 16:39 - 2016-10-04 21:08 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 16:39 - 2016-10-04 21:08 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 16:39 - 2016-09-09 23:52 - 00921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-11-09 16:39 - 2016-09-09 23:14 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2016-11-09 16:39 - 2016-09-09 15:15 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-11-09 16:39 - 2016-09-09 15:09 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-11-09 16:39 - 2016-09-09 15:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-11-09 16:39 - 2016-09-09 15:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-11-09 16:39 - 2016-09-09 15:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-11-09 16:39 - 2016-09-09 14:38 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 16:39 - 2016-09-03 19:20 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsidsc.dll
2016-11-09 16:39 - 2016-09-03 19:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2016-11-09 16:39 - 2016-09-03 18:21 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsidsc.dll
2016-11-09 16:39 - 2016-09-03 17:12 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-11-09 16:39 - 2016-09-03 17:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-11-09 16:39 - 2016-09-03 16:58 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-11-09 16:39 - 2016-09-02 15:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-11-09 16:39 - 2016-09-02 15:05 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-11-09 16:39 - 2016-09-01 15:33 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-11-09 16:39 - 2016-09-01 15:33 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-11-09 16:39 - 2016-09-01 15:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-11-09 16:39 - 2016-08-30 15:11 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 16:39 - 2016-08-30 03:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-11-09 16:39 - 2016-08-30 03:18 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-11-09 16:39 - 2016-08-30 03:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-11-09 16:39 - 2016-08-30 03:03 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-11-09 16:39 - 2016-08-22 14:34 - 01628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-11-01 19:36 - 2016-11-01 19:36 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-01 19:36 - 2016-11-01 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-01 19:35 - 2016-11-01 19:36 - 00000000 ____D C:\Program Files\iTunes
2016-11-01 19:35 - 2016-11-01 19:35 - 00000000 ____D C:\Program Files\iPod
2016-10-31 17:03 - 2016-10-31 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-10-25 17:34 - 2016-10-25 17:34 - 00000000 ____D C:\Users\ducanh\AppData\Local\Arktos Entertainment
2016-10-25 17:25 - 2016-10-25 17:25 - 00000000 ____D C:\Users\ducanh\Documents\FredaikisAB
2016-10-25 17:25 - 2016-10-25 17:25 - 00000000 ____D C:\Users\ducanh\AppData\Local\FredaikisAB
2016-10-25 17:23 - 2016-10-25 17:23 - 00000000 ____D C:\Users\ducanh\Desktop\a
2016-10-23 16:50 - 2016-10-23 16:50 - 00000000 ____D C:\Users\ducanh\Desktop\gamer mu
2016-10-23 16:49 - 2016-10-23 16:52 - 00000000 ____D C:\Users\ducanh\Documents\gamer mu
2016-10-23 16:49 - 2016-10-23 16:49 - 00000000 ____D C:\Users\ducanh\Documents\Neuer Ordner
2016-10-23 02:14 - 2016-11-16 14:51 - 00000000 ___RD C:\Users\ducanh\Desktop\dfgg

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-19 20:29 - 2014-06-06 14:31 - 00000000 ____D C:\Users\ducanh\Documents\Youcam
2016-11-19 20:28 - 2016-05-16 01:52 - 00000000 ___RD C:\Users\ducanh\iCloudDrive
2016-11-19 20:28 - 2016-02-16 19:11 - 00000000 ____D C:\Users\ducanh\AppData\Local\Spotify
2016-11-19 20:28 - 2016-01-27 17:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-19 20:28 - 2015-04-12 16:33 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-19 20:13 - 2015-04-12 16:33 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-19 16:30 - 2015-04-16 21:12 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-11-19 16:26 - 2015-12-04 19:52 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-11-19 16:25 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-19 16:24 - 2016-02-16 19:11 - 00000000 ____D C:\Users\ducanh\AppData\Roaming\Spotify
2016-11-19 14:47 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-11-19 13:12 - 2016-08-30 21:20 - 00000000 ____D C:\wifidata
2016-11-18 22:31 - 2016-08-30 21:01 - 00003160 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForducanh
2016-11-18 22:31 - 2016-08-30 21:01 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForducanh.job
2016-11-17 22:36 - 2015-04-12 16:35 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4038466168-2714463032-1615967804-1001
2016-11-17 22:18 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-11-17 22:15 - 2015-04-19 10:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-17 22:11 - 2015-04-12 16:24 - 00000000 ____D C:\Users\ducanh
2016-11-17 21:41 - 2015-04-12 16:44 - 00000000 ____D C:\Users\ducanh\AppData\Local\CrashDumps
2016-11-16 02:45 - 2014-05-12 19:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-16 00:51 - 2016-02-21 13:42 - 00000000 ____D C:\Wooxy
2016-11-16 00:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-16 00:50 - 2015-12-03 18:40 - 00000000 ____D C:\Boom
2016-11-16 00:39 - 2015-04-16 21:12 - 00000000 ____D C:\Program Files (x86)\AutoIt3
2016-11-16 00:38 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-16 00:23 - 2015-04-12 16:49 - 00000000 ____D C:\NVIDIA
2016-11-16 00:23 - 2015-04-12 16:34 - 00002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-16 00:15 - 2015-05-01 18:40 - 00000000 ____D C:\Users\ducanh\AppData\Roaming\Skype
2016-11-16 00:08 - 2016-10-09 22:41 - 00000000 ____D C:\Program Files (x86)\InfestationNewZ
2016-11-16 00:08 - 2016-08-30 21:20 - 00000000 ____D C:\Program Files (x86)\IO3O LLC
2016-11-16 00:08 - 2016-04-28 15:54 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-11-16 00:08 - 2016-04-20 23:52 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-11-16 00:08 - 2016-04-15 23:11 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-11-16 00:08 - 2016-01-16 21:32 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-11-16 00:08 - 2016-01-14 18:16 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-11-16 00:08 - 2016-01-14 16:50 - 00000000 ____D C:\Program Files (x86)\HP
2016-11-16 00:08 - 2015-12-26 19:53 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-16 00:08 - 2015-12-14 16:03 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2016-11-16 00:08 - 2015-11-29 01:20 - 00000000 ____D C:\Program Files (x86)\Boom
2016-11-16 00:08 - 2015-11-02 23:59 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2016-11-16 00:08 - 2015-11-02 23:50 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2016-11-16 00:08 - 2015-11-02 23:49 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2016-11-16 00:08 - 2015-10-20 19:05 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-11-16 00:08 - 2015-10-20 18:59 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-16 00:08 - 2015-06-21 19:42 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-11-16 00:08 - 2015-06-21 19:40 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2016-11-16 00:08 - 2015-06-21 19:40 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2016-11-16 00:08 - 2015-06-11 22:03 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-11-16 00:08 - 2015-05-01 18:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-16 00:08 - 2015-05-01 14:34 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2016-11-16 00:08 - 2015-04-20 00:03 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2016-11-16 00:08 - 2015-04-12 22:17 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-16 00:08 - 2015-04-12 16:54 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-11-16 00:08 - 2015-04-12 16:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-16 00:08 - 2014-07-20 23:42 - 00000000 ____D C:\csmtalk
2016-11-16 00:08 - 2014-07-20 12:39 - 00000000 ____D C:\Temp
2016-11-16 00:08 - 2014-05-12 19:43 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-11-16 00:08 - 2014-05-12 19:36 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-11-16 00:08 - 2014-05-12 19:36 - 00000000 ____D C:\Program Files (x86)\WildGames
2016-11-16 00:08 - 2014-05-12 19:34 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-11-16 00:08 - 2014-05-12 19:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-16 00:08 - 2014-05-12 19:18 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-11-16 00:08 - 2014-05-12 19:17 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-11-16 00:08 - 2014-05-12 19:12 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-16 00:08 - 2014-05-06 20:59 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-11-16 00:08 - 2014-05-06 20:59 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-11-16 00:08 - 2014-05-06 20:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-16 00:08 - 2014-05-06 20:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-16 00:08 - 2014-05-06 20:50 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-11-16 00:08 - 2014-04-02 10:50 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-16 00:08 - 2014-04-02 10:50 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 ____D C:\PerfLogs
2016-11-15 23:58 - 2013-08-22 14:25 - 00000223 _____ C:\WINDOWS\win.ini
2016-11-15 23:37 - 2014-05-12 19:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-15 12:28 - 2014-05-07 06:28 - 00787018 _____ C:\WINDOWS\system32\perfh007.dat
2016-11-15 12:28 - 2014-05-07 06:28 - 00170888 _____ C:\WINDOWS\system32\perfc007.dat
2016-11-15 12:28 - 2014-03-18 10:53 - 01924576 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-15 01:17 - 2015-04-12 16:34 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 17:06 - 2016-01-27 17:07 - 00000000 ____D C:\Users\ducanh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-11 00:41 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-10 16:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 14:18 - 2013-08-22 15:44 - 00378816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-10 00:25 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-11-09 18:57 - 2015-04-22 08:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 18:54 - 2015-04-22 08:31 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 16:52 - 2016-04-13 16:09 - 00000000 ____D C:\Users\ducanh\Desktop\PBE
2016-11-03 19:52 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-01 20:41 - 2016-03-19 17:12 - 00000000 ____D C:\Users\ducanh\AppData\LocalLow\Smartly Dressed Games
2016-11-01 19:35 - 2015-04-12 16:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-10-29 21:13 - 2015-04-12 16:33 - 00000000 ____D C:\Users\ducanh\AppData\Local\Google
2016-10-28 22:04 - 2013-08-22 16:38 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 22:04 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-28 16:31 - 2015-05-01 18:40 - 00000000 ____D C:\ProgramData\Skype
2016-10-28 02:22 - 2015-05-08 15:38 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-23 02:15 - 2016-10-09 13:27 - 00000000 ____D C:\Users\ducanh\Desktop\fkkkkkkkkkk
2016-10-23 02:10 - 2016-09-05 22:49 - 00001002 _____ C:\Users\ducanh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk
2016-10-23 02:09 - 2016-09-05 22:49 - 03003904 _____ (Microsoft Corporation) C:\Users\ducanh\Downloads\ipadians.exe
2016-10-20 22:35 - 2014-06-21 21:48 - 00000000 ____D C:\Users\ducanh\Desktop\Originals

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-25 18:10 - 2015-11-25 18:17 - 0002633 _____ () C:\Users\ducanh\AppData\Roaming\droid4xinstaller.log
2016-05-10 14:09 - 2016-05-10 14:09 - 0007608 _____ () C:\Users\ducanh\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-11-19 16:35

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-11-2016 01
durchgeführt von ducanh (19-11-2016 20:31:10)
Gestartet von C:\Users\ducanh\Desktop
Windows 8.1 (Update) (X64) (2015-04-12 15:26:00)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4038466168-2714463032-1615967804-500 - Administrator - Disabled) => C:\Users\Administrator
ducanh (S-1-5-21-4038466168-2714463032-1615967804-1001 - Administrator - Enabled) => C:\Users\ducanh
Gast (S-1-5-21-4038466168-2714463032-1615967804-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4038466168-2714463032-1615967804-1003 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: COMODO Antivirus (Enabled - Out of date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\{D080F290-4B2A-4C67-9757-63DA0C6E8855}) (Version: 2.0.0.1011 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP)
COMODO Internet Security Premium (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 8.4.0.5165 - COMODO Security Solutions Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.4.6127 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free YouTube Download version 3.2.59.616 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.59.616 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hỗ trợ Ứng dụng Apple (32 bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Hỗ trợ Ứng dụng Apple (64 bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4BBA238C-9E5D-40F9-8AC6-FACB736752B9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.34.7 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
Infestation New Z (HKLM-x32\...\Infestation New Z) (Version: v26.01.16 Beta - Fredaikis AB)
Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.46 - Softex Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{c1a7f0cd-91ec-424a-8edf-e0606e915765}) (Version: 17.16.0002.2705 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{8B4EA042-9E21-46FB-8286-225F4D51CC52}) (Version: 4.2.41.2710 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{33AD9A5D-209C-4D2A-91BB-C1F3B4BF87A3}) (Version: 17.0.1407.02 - Intel Corporation)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead (HKLM\...\Steam App 500) (Version:  - Valve)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MyDriveConnect 4.0.7.2442 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.7.2442 - TomTom)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 4 (HKLM\...\Steam App 349040) (Version:  - CyberConnect2 Co. Ltd.)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.22 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.8.315 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Social2Search (HKLM\...\d57653e819183b317db1095a42c99dc6) (Version: 11.12.1.77 (i1.0) - Social2Search) <==== ACHTUNG
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.19.9599 - SoftEther VPN Project)
Spotify (HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
UniKey 4.0 RC2 (build 1101) (HKLM-x32\...\{AC006985-A51F-42AC-A7E9-5E66D8AC8063}_is1) (Version:  - Pham Kim Long)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Warface (HKLM\...\Steam App 291480) (Version:  - Crytek)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Who Is On My Wifi version 4.0.0 (HKLM-x32\...\{010D45A1-093D-4534-8147-4E10E80F81CC}_is1) (Version: 4.0.0 - IO3O LLC)
WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0A7EACC3-DEAE-4B6E-9DD1-B6EF8757BDDB} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.)
Task: {25AFB360-0501-453E-B66B-942CBCD209A6} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-02] (Hewlett-Packard)
Task: {262E31D1-4BC7-42F2-810C-47E4CE191273} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-14] (COMODO)
Task: {2C8B0ECD-BB47-42A5-936C-A8DD005607D5} - \Ckucosp Core -> Keine Datei <==== ACHTUNG
Task: {2E0E4990-D6CA-4B3F-90E3-C53BBB2EA1C9} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-02] (Hewlett-Packard)
Task: {490ACCF5-5986-4FBA-89BB-59A80068417A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12] (Google Inc.)
Task: {4C55E198-6AA8-4231-9608-CE0D9EFC2219} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {815B3BEA-45AB-4DEF-A4EE-4DBEF2B686EC} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {86332851-384A-4B5F-8499-401DE9423E9E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {8BEBFA66-B6B8-4EFD-8FFC-A63F78C13EBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {9548583C-07A4-4D26-970D-7B7BB77D570F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {9751F857-8DFA-4B1C-B96C-EF4766B6AAB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {988FF597-F2E1-4F14-ABB9-006C4887B2E8} - System32\Tasks\{DA8E6507-0DF1-41D5-AB60-6D254E02F562} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
Task: {A40A56D7-E576-4DA0-818A-2323683A7217} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {B5FABC50-B368-461E-ACCB-410EC6B77A38} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {BAFB62B2-E8DE-40BC-8FC9-7E7028D05F22} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {BF5A4D78-AD90-4CFE-ACAE-4851D3C0C96D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12] (Google Inc.)
Task: {C958479A-1F6D-4E7B-A5B5-114E93DB467D} - System32\Tasks\HPCeeScheduleForducanh => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {D3424280-2D97-41CF-84CC-7955A5092B96} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {EE5AB25E-8C16-41E2-9FBA-AA8170CF0D96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {F3568130-C271-40EF-AC99-BDE3D504FC29} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-02] (Hewlett-Packard)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForducanh.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\ducanh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\ducanh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-05-12 19:21 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2016-03-16 11:25 - 2016-03-16 11:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-11-15 01:17 - 2016-11-08 22:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 01:17 - 2016-11-08 22:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2014-05-12 19:13 - 2013-12-10 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-01-27 17:24 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-27 17:24 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-27 17:24 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-27 17:24 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-27 17:24 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-27 17:23 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-27 17:23 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-27 17:23 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-27 17:23 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-27 17:23 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-27 17:23 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 14:59 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-16 19:11 - 2016-11-13 15:23 - 51776112 _____ () C:\Users\ducanh\AppData\Roaming\Spotify\libcef.dll
2016-02-16 19:11 - 2016-11-13 15:23 - 01803888 _____ () C:\Users\ducanh\AppData\Roaming\Spotify\libglesv2.dll
2016-02-16 19:11 - 2016-11-13 15:23 - 00086128 _____ () C:\Users\ducanh\AppData\Roaming\Spotify\libegl.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-08-30 21:20 - 2015-07-09 11:26 - 00839680 _____ () C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\System.Data.SQLite.dll
2016-10-13 23:37 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\ducanh:Heroes & Generals [38]
AlternateDataStreams: C:\Users\ducanh\Desktop\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\AdwCleaner_6.030.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\AdwCleaner_6.030.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\mbar-1.09.3.1001.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\mbar-1.09.3.1001.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller (2).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller (2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller.exe:$CmdZnID [26]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2015-12-07 21:58 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ducanh\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\StartupApproved\Run: => "Skype"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5FD27008-3998-46BB-90B6-3044A679D7A0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{64F99A8C-0877-4B8C-94CE-390678F196D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E9824D4A-D2B9-4603-88DD-9D56AC1FEEC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8318E001-968B-4E8B-B17F-15FDE8954A84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E661CB3D-9069-4F87-A514-EC4D8B6F4088}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0920AF33-0DFE-4A94-A7C1-63FE973AC765}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2A275877-CB2D-4E34-A912-B976EC447341}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{396C0FA5-1015-42CA-9895-03D56641FF4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{082F1F63-8E15-431E-B321-4DBB5C5B9D56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95A44F63-5CFD-4E3E-88E5-4C665149614D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B5942159-CBB5-4928-9D64-B7815B446120}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{62A8800F-1117-49C0-AD8B-5BA97820C29C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{76F28D64-EBEC-456E-A8D9-503CDF2EB27D}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{B711A844-DC15-4414-95BE-3FA7897FB2C7}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{E74A733F-BEAA-476E-9114-150E3C14580E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9156F99C-8455-4C89-A59F-B80AD9CD8B0F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E21E1587-5C8F-480D-932B-2B77CFDE28BE}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{10C5B7F5-93B8-434B-AA1F-0A1C9031B5FC}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{76A9F238-5454-4462-8B76-749BFD216B86}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{15C931F1-6174-4C65-B36A-B53C8FA5446A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D614E9CD-5AF0-4D8C-ADCF-D0A3A3CBA7D9}C:\users\ducanh\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\ducanh\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{45281AB2-57C6-40DA-952D-0BC19F57C46C}] => (Allow) C:\Program Files (x86)\Droid4X\Droid4X.exe
FirewallRules: [{D8DC9170-2FA1-402E-9D5C-6907DBF9578D}] => (Allow) C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe
FirewallRules: [{C0951403-CA57-4A47-B041-4099A689E3E3}] => (Allow) C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
FirewallRules: [{85BA7E11-3AC1-4B62-9C6A-A2384EA9611F}] => (Allow) C:\Boom\ca.exe
FirewallRules: [{367AEB9A-0BB0-4C4E-A795-6C81A2990669}] => (Allow) C:\Boom\ca.exe
FirewallRules: [{FB2064E3-BD41-4CE6-A627-6655F4CC3EA2}] => (Allow) C:\Boom\nmcosrv.exe
FirewallRules: [{85B63B22-A0EF-48F7-B7C5-738BE83463B9}] => (Allow) C:\Boom\nmcosrv.exe
FirewallRules: [{D31C5AD3-7853-48D2-AD3A-3035A6D503E7}] => (Allow) C:\Program Files (x86)\Boom\ca.exe
FirewallRules: [{93EA3A94-BC0F-4152-AFFC-799A3061ADE7}] => (Allow) C:\Program Files (x86)\Boom\ca.exe
FirewallRules: [{41263AB9-849C-4D24-8F97-0A41C1F2403D}] => (Allow) C:\Program Files (x86)\Boom\nmcosrv.exe
FirewallRules: [{9DAB86AD-92FF-4BF8-BF33-38059B62327A}] => (Allow) C:\Program Files (x86)\Boom\nmcosrv.exe
FirewallRules: [{F9F6192B-03EA-48CF-A1C5-62BEF33A20AC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{FC378735-65A8-40D2-9D47-36EF65CA149E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{0E5F91E2-C802-45EC-B715-DFB6C960AE20}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{439FBE5B-9690-4221-8657-0CD1BB8AF005}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{9A06B6DC-85D5-49F0-82A1-A943F92BAA8F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{7D8DA4FC-676F-4284-ADDD-24CA9ADF3DE0}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{C3B6062E-B56A-4ABB-A84F-8C34A2D8E1DE}] => (Allow) C:\Boom\nmcosrv.exe
FirewallRules: [{2470A7F5-F78C-4814-9D37-E76E36716462}] => (Allow) C:\Boom\nmcosrv.exe
FirewallRules: [{382B10B0-19C0-4AE0-AAF8-7D98F533CB71}] => (Allow) C:\Users\ducanh\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{846B9078-B408-4788-B348-D8A6FA88FD97}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{2EF23D5D-277A-4B5F-AB8E-3988077F787C}] => (Allow) C:\Program Files (x86)\Droid4X\MultiMgr.exe
FirewallRules: [{95992841-61AA-48D5-84D6-2DCB39A68E39}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6668C0E0-D29D-4941-B3C8-42970422DB28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04AF7958-E784-454F-A088-772C3543FC45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA1D80AD-9BF7-421A-B6FE-DFF148586062}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{84783F8B-58B8-49CA-AB34-55FBDE757613}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3E4BFE81-9293-41BD-B3FE-E61300D856C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{69CE4CFA-269D-4E32-9AC8-1CB7BFFA33AC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D659635A-7148-4ED0-882B-06E2EA6F4BEE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BEFB88BD-7CDF-46D8-A2CF-6F0EA6E403FF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E6D9AC72-E5BE-4FBD-B090-654100676F13}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{7D95D3DE-E2B6-4355-9493-E89AE643F390}C:\users\ducanh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ducanh\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DF26136E-B4DF-4ECF-9D2C-E63F82020023}C:\users\ducanh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ducanh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7839A1E7-EA87-4EB6-853B-A177DF252E00}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{E64B121A-2694-4BD7-AFB4-4B3EF3028433}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{A4BA125A-BD9D-4A3A-897B-BE25C39B6405}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{3C2D556D-AEE2-4818-A30F-3EBD74EC48FF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{D8FC0380-D597-4FE1-BC00-E3961317FD29}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5D481C33-F3A2-4607-A335-DE4DBC2F3D77}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{86C66020-9F98-4E62-A7D1-CE52367E5511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{63CAA03B-43A1-4565-9A80-6F9887E5AFD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [TCP Query User{FCEFE5C2-56FC-4EE6-B4F0-8E0D5F1F2B48}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4BF2E0CC-BE2E-44B4-9562-EE11152BF53F}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [{86EFA35B-AD4F-4DB3-A3E8-9767BD0F55BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe
FirewallRules: [{439FA976-2AB3-45D2-9A33-C1628236ACAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe
FirewallRules: [TCP Query User{11393079-3F70-4D54-AFE4-1D3946AF999C}C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6CB31187-B9F8-43A6-AEC1-063A49F197E9}C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [{93D407C5-8B80-41A8-809A-AD366D51CFD9}] => (Allow) C:\Program Files (x86)\InfestationNewZ\TheNewZ.exe
FirewallRules: [{EA806DA6-D1A4-4FBC-969A-B2F0FF62DC72}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{04158EE1-B463-4DFE-A444-985B2459D19F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C65052DE-9427-42F8-823E-D85B6EAA2BC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B0C481B7-05FF-42FE-9416-751BAB294F6E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{120CB8E8-3B92-40CF-A8AB-A36B92E5B739}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{31F30A1A-11AB-4A3C-A98F-FC1B86AA1143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{4374C69D-EF14-4B24-9CA4-CB6C3EC832FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{29FF15C1-E9F7-4D92-ADBB-849AD8CCF1FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D29037BC-9560-42A6-82CA-C2D6DEE1B3E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1F67818F-2A18-44B2-B659-A138AAE2D7F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

16-11-2016 21:24:49 Malwarebytes Anti-Rootkit Restore Point
17-11-2016 22:18:29 JRT Pre-Junkware Removal
17-11-2016 22:48:55 JRT Pre-Junkware Removal
18-11-2016 16:44:47 JRT Pre-Junkware Removal
19-11-2016 00:45:22 JRT Pre-Junkware Removal
19-11-2016 00:45:55 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/19/2016 08:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.3.9600.17415, Zeitstempel: 0x5450541b
Name des fehlerhaften Moduls: OmniPassCredProv.dll_unloaded, Version: 8.0.1.46, Zeitstempel: 0x5595778e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001f8bb
ID des fehlerhaften Prozesses: 0x3b0
Startzeit der fehlerhaften Anwendung: 0x01d24279305a8156
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\LogonUI.exe
Pfad des fehlerhaften Moduls: OmniPassCredProv.dll
Berichtskennung: 4dd687d7-ae8e-11e6-846c-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/19/2016 04:25:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x1e04
Startzeit der fehlerhaften Anwendung: 0x01d242792233dfec
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 6010352b-ae6c-11e6-846b-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/19/2016 04:25:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x17b4
Startzeit der fehlerhaften Anwendung: 0x01d2427921d6e3de
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 5fa73335-ae6c-11e6-846b-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/19/2016 04:25:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x18e4
Startzeit der fehlerhaften Anwendung: 0x01d2427921968430
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 5f72bf44-ae6c-11e6-846b-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/19/2016 04:25:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x121c
Startzeit der fehlerhaften Anwendung: 0x01d24279215d4b8d
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 5f325f82-ae6c-11e6-846b-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/19/2016 04:25:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0xc10
Startzeit der fehlerhaften Anwendung: 0x01d2427920dccde0
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 5ec97851-ae6c-11e6-846b-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/19/2016 02:46:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x17b8
Startzeit der fehlerhaften Anwendung: 0x01d2426b63c5009c
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: a1908b2d-ae5e-11e6-846a-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/19/2016 02:46:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x3f4
Startzeit der fehlerhaften Anwendung: 0x01d2426b6378b538
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: a146a20f-ae5e-11e6-846a-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/19/2016 02:46:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x1828
Startzeit der fehlerhaften Anwendung: 0x01d2426b6341df41
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: a1122e45-ae5e-11e6-846a-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/19/2016 02:46:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x13d8
Startzeit der fehlerhaften Anwendung: 0x01d2426b62de392f
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: a0b3a5b3-ae5e-11e6-846a-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (11/19/2016 04:27:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde mit folgendem Fehler beendet: 
Es wurde versucht, auf ein Token zuzugreifen, das nicht vorhanden ist.

Error: (11/19/2016 04:27:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Anwendungshost-Hilfsdienst" wurde nicht richtig gestartet.

Error: (11/19/2016 04:25:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: 
Die Daten sind unzulässig.

Error: (11/19/2016 04:25:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Pleketherderbotion" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.

Error: (11/19/2016 04:25:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
Der Dienst wurde nicht gestartet.

Error: (11/19/2016 02:49:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde mit folgendem Fehler beendet: 
Es wurde versucht, auf ein Token zuzugreifen, das nicht vorhanden ist.

Error: (11/19/2016 02:49:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Anwendungshost-Hilfsdienst" wurde nicht richtig gestartet.

Error: (11/19/2016 02:47:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: 
Die Daten sind unzulässig.

Error: (11/19/2016 02:47:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Pleketherderbotion" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.

Error: (11/19/2016 02:42:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "COMODO Internet Security Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-11-19 20:28:32.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-19 14:49:32.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-19 13:12:43.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-19 08:41:39.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-18 21:52:54.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-18 21:01:20.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-18 17:15:39.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-18 16:40:25.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-18 15:39:13.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-17 23:04:59.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 12218.15 MB
Verfügbarer physikalischer RAM: 8736.55 MB
Summe virtueller Speicher: 14074.15 MB
Verfügbarer virtueller Speicher: 10362.4 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:910.44 GB) (Free:660.53 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.05 GB) (Free:2.01 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E1B0F7F4)

Partition: GPT.

==================== Ende von Addition.txt ============================

cosinus · 19.11.2016, 20:39

Und nochn Fix

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\RunOnce: [Application Restart #5] => C:\Users\ducanh\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resou (Der Dateneintrag hat 607 mehr Zeichen).
ShellExecuteHooks:  - {2B5FE6D2-A5AB-11E6-AA81-64006A5CFC23} - C:\Users\ducanh\AppData\Roaming\Phuvighqerley\Chaqury.dll Keine Datei [ ]
Task: {2C8B0ECD-BB47-42A5-936C-A8DD005607D5} - \Ckucosp Core -> Keine Datei <==== ACHTUNG
C:\Users\ducanh\AppData\Roaming\Phuvighqerley
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

helpme156 · 19.11.2016, 20:44

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-11-2016 01
durchgeführt von ducanh (19-11-2016 20:40:30) Run:2
Gestartet von C:\Users\ducanh\Desktop
Geladene Profile: ducanh (Verfügbare Profile: ducanh & Administrator)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\RunOnce: [Application Restart #5] => C:\Users\ducanh\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resou (Der Dateneintrag hat 607 mehr Zeichen).
ShellExecuteHooks:  - {2B5FE6D2-A5AB-11E6-AA81-64006A5CFC23} - C:\Users\ducanh\AppData\Roaming\Phuvighqerley\Chaqury.dll Keine Datei [ ]
Task: {2C8B0ECD-BB47-42A5-936C-A8DD005607D5} - \Ckucosp Core -> Keine Datei <==== ACHTUNG
C:\Users\ducanh\AppData\Roaming\Phuvighqerley
emptytemp:
*****************

HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #5 => Wert erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{2B5FE6D2-A5AB-11E6-AA81-64006A5CFC23} => Wert erfolgreich entfernt
"HKCR\CLSID\{2B5FE6D2-A5AB-11E6-AA81-64006A5CFC23}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C8B0ECD-BB47-42A5-936C-A8DD005607D5}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C8B0ECD-BB47-42A5-936C-A8DD005607D5}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ckucosp Core" => Schlüssel erfolgreich entfernt
"C:\Users\ducanh\AppData\Roaming\Phuvighqerley" => nicht gefunden.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6573679 B
Java, Flash, Steam htmlcache => 27267342 B
Windows/system/drivers => 7559461 B
Edge => 0 B
Chrome => 31978469 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8182 B
NetworkService => 0 B
ducanh => 13173922 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 82.6 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 20:40:38 ====

cosinus · 19.11.2016, 20:45

Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:

1. Schritt: MBAM

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

2. Schritt: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

3. Schritt: SecurityCheck

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

helpme156 · 19.11.2016, 21:16

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 19/11/2016
Suchlaufzeit: 8:48 CH
Protokolldatei: mbamlog.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.11.19.07
Rootkit-Datenbank: v2016.10.31.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: ducanh

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 337971
Abgelaufene Zeit: 14 Min., 6 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 4
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\D57653E819183B317DB1095A42C99DC6, , [e93ab70ba1f91e180c61e4f6d9299b65], 
PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Pleketherderbotion, , [b073833f8713f4422047e2f2a162629e], 
PUP.Optional.Wajam, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\WajIEnhance, , [75ae41816c2e42f405d04f511fe3817f], 
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ABAA9DAC-E150-11E4-825E-A08869BF085F}, , [0e15b50d5743bc7a3de8fe8e62a007f9], 

Registrierungswerte: 5
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\d57653e819183b317db1095a42c99dc6|DisplayName, Social2Search, , [e93ab70ba1f91e180c61e4f6d9299b65]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ABAA9DAC-E150-11E4-825E-A08869BF085F}|FaviconURL, hxxp://homepage-web.com/favicon.ico, , [0e15b50d5743bc7a3de8fe8e62a007f9]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ABAA9DAC-E150-11E4-825E-A08869BF085F}|FaviconURLFallback, hxxp://homepage-web.com/favicon.ico, , [8e955b673d5dd4624fd6ddaf4cb6b54b]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ABAA9DAC-E150-11E4-825E-A08869BF085F}|TopResultURL, hxxp://search.homepage-web.com/?src=omnibox&partner=hp&q={searchTerms}, , [7fa4685a36647fb72df81478c33fe818]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ABAA9DAC-E150-11E4-825E-A08869BF085F}|URL, hxxp://search.homepage-web.com/?src=omnibox&partner=hp&q={searchTerms}, , [7fa4b012e1b948eed84de1abac56619f]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 62
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\icons, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hi, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\am, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ar, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\be, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\bg, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\bn, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ca, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\cs, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\da, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\de, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\el, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en_GB, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en_US, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\es, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\es_419, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\et, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fa, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fi, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fil, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fr, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\gu, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\he, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hr, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hu, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\id, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\it, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ja, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\kn, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ko, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\lt, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\lv, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\mk, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ml, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\mr, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ms, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\nl, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\no, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pl, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt_BR, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt_PT, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ro, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ru, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sk, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sl, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sq, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sr, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sv, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sw, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ta, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\te, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\th, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\tr, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\uk, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\vi, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\zh_CN, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\zh_TW, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg, , [2cf7bf03aded88aeee373a6e976c0ef2], 

Dateien: 72
PUP.Optional.Downloader, C:\ProgramData\Comodo\Cis\Quarantine\data\{12C43BE9-776F-4906-86B3-00AA0B1EC7B0}, , [d350f9c9a6f44bebbed753e50ff4db25], 
PUP.Optional.GoldClick, C:\ProgramData\Comodo\Cis\Quarantine\data\{8D0F18F1-7359-491C-959C-1ECBDB82152C}, , [b172ae14485294a2266b8f6325db926e], 
PUP.Optional.GoldClick, C:\ProgramData\Comodo\Cis\Quarantine\data\{DDD93DD2-B65A-42B1-8282-FF7702BC0458}, , [ab787f43ddbde650226f9e5432ce3cc4], 
PUP.Optional.Elex, C:\Program Files (x86)\BlueStacks\xcifyt.dll, , [60c36062ecae51e5477da9162ed521df], 
Adware.AdInstaller, C:\Users\ducanh\Downloads\ipadians.exe, , [83a0d2f0d8c23afc97676920c43fd32d], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\manifest.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\icons\icon128.png, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\icons\icon16.png, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\icons\icon48.png, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hi\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\am\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ar\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\be\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\bg\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\bn\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ca\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\cs\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\da\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\de\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\el\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\background.js, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\Content.js, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\foreground.js, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\Kernel.js, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\main.css, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en_GB\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en_US\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\es\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\es_419\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\et\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fa\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fi\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fil\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fr\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\gu\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\he\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hr\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hu\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\id\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\it\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ja\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\kn\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ko\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\lt\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\lv\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\mk\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ml\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\mr\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ms\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\nl\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\no\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pl\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt_BR\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt_PT\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ro\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ru\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sk\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sl\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sq\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sr\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sv\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sw\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ta\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\te\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\th\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\tr\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\uk\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\vi\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\zh_CN\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\zh_TW\messages.json, , [2cf7bf03aded88aeee373a6e976c0ef2], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

cosinus · 19.11.2016, 22:31

Du musst die Funde mit MBAM auch entfernen!

helpme156 · 20.11.2016, 07:45

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 19/11/2016
Suchlaufzeit: 8:48 CH
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.11.19.07
Rootkit-Datenbank: v2016.10.31.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: ducanh

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 337971
Abgelaufene Zeit: 14 Min., 6 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 4
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\D57653E819183B317DB1095A42C99DC6, In Quarantäne, [e93ab70ba1f91e180c61e4f6d9299b65], 
PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Pleketherderbotion, In Quarantäne, [b073833f8713f4422047e2f2a162629e], 
PUP.Optional.Wajam, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\WajIEnhance, In Quarantäne, [75ae41816c2e42f405d04f511fe3817f], 
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ABAA9DAC-E150-11E4-825E-A08869BF085F}, In Quarantäne, [0e15b50d5743bc7a3de8fe8e62a007f9], 

Registrierungswerte: 5
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\d57653e819183b317db1095a42c99dc6|DisplayName, Social2Search, In Quarantäne, [e93ab70ba1f91e180c61e4f6d9299b65]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ABAA9DAC-E150-11E4-825E-A08869BF085F}|FaviconURL, hxxp://homepage-web.com/favicon.ico, In Quarantäne, [0e15b50d5743bc7a3de8fe8e62a007f9]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ABAA9DAC-E150-11E4-825E-A08869BF085F}|FaviconURLFallback, hxxp://homepage-web.com/favicon.ico, In Quarantäne, [8e955b673d5dd4624fd6ddaf4cb6b54b]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ABAA9DAC-E150-11E4-825E-A08869BF085F}|TopResultURL, hxxp://search.homepage-web.com/?src=omnibox&partner=hp&q={searchTerms}, In Quarantäne, [7fa4685a36647fb72df81478c33fe818]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4038466168-2714463032-1615967804-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ABAA9DAC-E150-11E4-825E-A08869BF085F}|URL, hxxp://search.homepage-web.com/?src=omnibox&partner=hp&q={searchTerms}, In Quarantäne, [7fa4b012e1b948eed84de1abac56619f]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 62
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\icons, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hi, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\am, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ar, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\be, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\bg, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\bn, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ca, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\cs, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\da, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\de, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\el, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en_GB, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en_US, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\es, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\es_419, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\et, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fa, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fi, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fil, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fr, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\gu, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\he, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hr, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hu, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\id, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\it, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ja, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\kn, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ko, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\lt, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\lv, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\mk, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ml, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\mr, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ms, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\nl, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\no, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pl, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt_BR, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt_PT, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ro, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ru, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sk, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sl, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sq, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sr, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sv, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sw, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ta, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\te, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\th, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\tr, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\uk, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\vi, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\zh_CN, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\zh_TW, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 

Dateien: 72
PUP.Optional.Downloader, C:\ProgramData\Comodo\Cis\Quarantine\data\{12C43BE9-776F-4906-86B3-00AA0B1EC7B0}, In Quarantäne, [d350f9c9a6f44bebbed753e50ff4db25], 
PUP.Optional.GoldClick, C:\ProgramData\Comodo\Cis\Quarantine\data\{8D0F18F1-7359-491C-959C-1ECBDB82152C}, In Quarantäne, [b172ae14485294a2266b8f6325db926e], 
PUP.Optional.GoldClick, C:\ProgramData\Comodo\Cis\Quarantine\data\{DDD93DD2-B65A-42B1-8282-FF7702BC0458}, In Quarantäne, [ab787f43ddbde650226f9e5432ce3cc4], 
PUP.Optional.Elex, C:\Program Files (x86)\BlueStacks\xcifyt.dll, In Quarantäne, [60c36062ecae51e5477da9162ed521df], 
Adware.AdInstaller, C:\Users\ducanh\Downloads\ipadians.exe, In Quarantäne, [83a0d2f0d8c23afc97676920c43fd32d], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\manifest.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\icons\icon128.png, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\icons\icon16.png, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\icons\icon48.png, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hi\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\am\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ar\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\be\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\bg\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\bn\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ca\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\cs\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\da\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\de\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\el\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\background.js, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\Content.js, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\foreground.js, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\Kernel.js, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\main.css, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en_GB\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\en_US\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\es\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\es_419\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\et\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fa\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fi\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fil\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\fr\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\gu\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\he\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hr\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\hu\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\id\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\it\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ja\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\kn\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ko\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\lt\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\lv\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\mk\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ml\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\mr\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ms\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\nl\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\no\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pl\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt_BR\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\pt_PT\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ro\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ru\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sk\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sl\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sq\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sr\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sv\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\sw\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\ta\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\te\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\th\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\tr\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\uk\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\vi\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\zh_CN\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 
PUP.Optional.NeoBar.ChrPRST, C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg\362.0.0.71_0\_locales\zh_TW\messages.json, In Quarantäne, [2cf7bf03aded88aeee373a6e976c0ef2], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

okey ich glaub jetzt ? ESET läuft seit 1std 20min wird ein bisschen dauern

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=08ccc588f975f549a982c2061e135253
# end=init
# utc_time=2016-11-20 12:38:18
# local_time=2016-11-20 01:38:18 (+0100, Mitteleuropäische Zeit)
# country="Vietnam"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 31467
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=08ccc588f975f549a982c2061e135253
# end=updated
# utc_time=2016-11-20 12:40:15
# local_time=2016-11-20 01:40:15 (+0100, Mitteleuropäische Zeit)
# country="Vietnam"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=08ccc588f975f549a982c2061e135253
# engine=31467
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-11-20 04:36:32
# local_time=2016-11-20 05:36:32 (+0100, Mitteleuropäische Zeit)
# country="Vietnam"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3085 16777213 87 90 364545 21496868 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 405717 43406162 0 0
# scanned=494166
# found=16
# cleaned=0
# scan_time=14176
sh=F87CC1E05AE0E70898F910E439D75EA742585BDE ft=1 fh=83c54c0bbbb167a5 vn="Variante von Win32/Adware.ELEX.BA Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\afrwcdnzupwjmigwnumceljlnbuskydj\chrome_elf.dll"
sh=4B932ADC1E90CAB4D7EA8A82AABC388F0B809FB4 ft=1 fh=4dcee08542ea7854 vn="Variante von Win32/Adware.Neoreklami.AK.gen Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\bmvglkhqctyayekyhcqzvlwoozslixps\uninstall.exe"
sh=FEEB8EB12D70402D35915B87418672BC4885499B ft=1 fh=f69a34d7c56bafb8 vn="Variante von Win32/Adware.Neoreklami.A Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\bmvglkhqctyayekyhcqzvlwoozslixps\IEEF\5d5oge0y.exe"
sh=1CD0671C884049B3604B5E73FA4A6C7575321A9F ft=1 fh=c71c00110d3c87e7 vn="Variante von Win32/Adware.ELEX.BH Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\izhrazmproutsvwthrdemihbobqyuosi\WinSAP.dll"
sh=A381430826F0B4E88CF9E39F9C7C968503A87803 ft=1 fh=ae366bbd20dbc338 vn="Variante von Win32/ProxyGate.A evtl. unerwĂ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\rwaolexlktnfwvssrhpkhwxczglddaqi\PGChk.exe"
sh=95D0FDDF5794E6B7105D442FF7A755DE83FAA01A ft=1 fh=48acea7e1fbf5801 vn="Variante von Win32/ProxyGate.A evtl. unerwĂ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\rwaolexlktnfwvssrhpkhwxczglddaqi\ProxyGate.exe"
sh=A08A0655E32062C043C7B0DA92FA1B6C24D98263 ft=1 fh=96f8869dc20a5d1f vn="Variante von Win32/ProxyGate.A evtl. unerwĂ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\rwaolexlktnfwvssrhpkhwxczglddaqi\Socket.exe"
sh=EE05E27A26C3852A835A007ADD1B89AFE5DD9B88 ft=1 fh=389f12129e92bc03 vn="Variante von Win32/ProxyGate.A evtl. unerwĂ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\rwaolexlktnfwvssrhpkhwxczglddaqi\TrafficMonitor.exe"
sh=6013CA1D8352BECD1AE965ED989664DA8538B23E ft=1 fh=c71c00110cd10d53 vn="Variante von Win32/Adware.ELEX.BK Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\wlrrlljdcyvhvxxugaesbdxrrlrphggl\Archer.dll"
sh=F5C4BF5F2B08437E715B0ACCDC200F33DF33386B ft=1 fh=9479c388a735dcb7 vn="Variante von Win32/Adware.ELEX.BO Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\utplayza\{A3FE9065-6680-4FA5-B0D8-FBFDF0CAE117}\kibhbr3o.x9c"
sh=42ED4AFFE436E950B39D7E82A23190AA63FD6AEC ft=1 fh=c763f0175f881161 vn="Variante von Win32/DownloadSponsor.C evtl. unerwĂ¼nschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{44E7E0E6-2188-4B51-B479-48A56C1B782F}"
sh=277E88988561EC938CAEF8DF41D2419558EAA030 ft=1 fh=f99095e3ddcfe633 vn="Variante von Win32/DownloadSponsor.C evtl. unerwĂ¼nschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{C5620909-087A-4433-BDAB-483E02391EE2}"
sh=42ED4AFFE436E950B39D7E82A23190AA63FD6AEC ft=1 fh=c763f0175f881161 vn="Variante von Win32/DownloadSponsor.C evtl. unerwĂ¼nschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Comodo\Cis\Quarantine\data\{44E7E0E6-2188-4B51-B479-48A56C1B782F}"
sh=277E88988561EC938CAEF8DF41D2419558EAA030 ft=1 fh=f99095e3ddcfe633 vn="Variante von Win32/DownloadSponsor.C evtl. unerwĂ¼nschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Comodo\Cis\Quarantine\data\{C5620909-087A-4433-BDAB-483E02391EE2}"
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.A evtl. unerwĂ¼nschte Anwendung" ac=I fn="C:\Windows.old\Users\ducanh\AppData\Local\Temp\OCS\ocs_v71b.exe"
sh=0918448BCAF31A76C61B02901227F9D70E3692C2 ft=1 fh=4497163f0ba9fbb5 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwĂ¼nschte Anwendung" ac=I fn="C:\Windows.old\Users\ducanh\AppData\Roaming\uTorrent\updates\3.4.2_31515.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 40  
 Java version 32-bit out of Date! 
 Google Chrome (54.0.2840.71) 
 Google Chrome (54.0.2840.99) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

cosinus · 20.11.2016, 17:17

Dein Google-Profil dürfte wahrschein völlig im Eimer sein.

Ich würde empfehlen, den Google Browser komplett zu deinstallieren und neu anzufangen. Ich empfehle immer Mozilla Firefox. Bei der Gelegenheit auch das uralte Java Geraffel deinstallieren!

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Google Chrome

Java 8 Update 40
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

helpme156 · 20.11.2016, 18:42

Hey, also ich habe das genau so gemacht und jetzt chrome nochmal neu runtergeladet. Aber das problem habe ich immernoch was soll ich machen ?

cosinus · 20.11.2016, 19:01

adwcleaner und JRT nochmal, logs posten

helpme156 · 20.11.2016, 19:55

Code:

ATTFilter

# AdwCleaner v6.030 - Bericht erstellt am 20/11/2016 um 19:40:04
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-11-20.1 [Server]
# Betriebssystem : Windows 8.1  (X64)
# Benutzername : ducanh - VIP
# Gestartet von : C:\Users\ducanh\Downloads\AdwCleaner_6.030.exe
# Modus: LÃ¶schen
# UnterstÃ¼tzung : hxxps://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****



***** [ Dateien ] *****

[-] Datei gelÃ¶scht: C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_homepage-web.com_0.localstorage
[-] Datei gelÃ¶scht: C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_homepage-web.com_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ VerknÃ¼pfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] SchlÃ¼ssel gelÃ¶scht: HKLM\SOFTWARE\jhtrsq
[-] SchlÃ¼ssel gelÃ¶scht: [x64] HKLM\SOFTWARE\jhtrsq


***** [ Browser ] *****

[-] [C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1] [startup_urls] GelÃ¶scht: hxxp://homepage-web.com/?s=hp&m=start


*************************

:: "Tracing" SchlÃ¼ssel gelÃ¶scht
:: Winsock Einstellungen zurÃ¼ckgesetzt
:: Proxy Einstellungen zurÃ¼ckgesetzt
:: Internet Explorer Richtlinien gelÃ¶scht
:: Chrome Richtlinien gelÃ¶scht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [13799 Bytes] - [17/11/2016 22:11:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [1673 Bytes] - [17/11/2016 22:31:50]
C:\AdwCleaner\AdwCleaner[C3].txt - [2188 Bytes] - [18/11/2016 15:39:51]
C:\AdwCleaner\AdwCleaner[C4].txt - [1656 Bytes] - [20/11/2016 19:40:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [12445 Bytes] - [17/11/2016 21:43:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [12755 Bytes] - [17/11/2016 22:06:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [1816 Bytes] - [17/11/2016 22:29:37]
C:\AdwCleaner\AdwCleaner[S3].txt - [2199 Bytes] - [18/11/2016 15:30:17]
C:\AdwCleaner\AdwCleaner[S4].txt - [2184 Bytes] - [20/11/2016 19:16:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2096 Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8.1 x64 
Ran by ducanh (Administrator) on 20/11/2016 at 19:45:22,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/11/2016 at 19:55:17,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus · 21.11.2016, 09:40

Und nochmal neue FRST Logs

helpme156 · 21.11.2016, 23:43

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
durchgeführt von ducanh (Administrator) auf VIP (21-11-2016 20:35:00)
Gestartet von C:\Users\ducanh\Desktop
Geladene Profile: ducanh (Verfügbare Profile: ducanh & Administrator)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Spotify Ltd) C:\Users\ducanh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\ducanh\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\ducanh\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\ducanh\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\ducanh\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(IO3O LLC) C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2016-01-25] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2198872 2014-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2015-12-04] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-28] (Apple Inc.)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-14] (COMODO)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896608 2015-12-01] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [Spotify Web Helper] => C:\Users\ducanh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-13] (Spotify Ltd)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [Spotify] => C:\Users\ducanh\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-13] (Spotify Ltd)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\MountPoints2: {4002a6a9-1392-11e5-8288-a08869bf085f} - "G:\HTC_Sync_Manager_PC.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-05-12]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-12-04]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Who Is On My Wifi.lnk [2016-08-30]
ShortcutTarget: Who Is On My Wifi.lnk -> C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe (IO3O LLC)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4BDC64C7-1BFA-40ED-BBD8-617C53B4CA6F}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{BB2EEAC3-52F6-42A4-8DFE-2CDFECA0FAF2}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DC171AA7-770F-4C4A-9599-6C9E21E36C8C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131237249141147113&GUID=DDE61BD2-0B14-9938-4ABA-529488C50ADF
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> {A1646118-552A-42A1-A4E7-A43AB3F0603F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001 -> DefaultScope {ABAA9DAC-E150-11E4-825E-A08869BF085F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001 -> {ABAA9DAC-E150-11E4-825E-A08869BF085F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

FireFox:
========
FF ProfilePath: C:\Users\ducanh\AppData\Roaming\TomTom\HOME\Profiles\27zmdx5y.default [2016-04-15]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-11-02] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2016-01-14] [ist nicht signiert]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "","hxxp://www.google.de/","hxxp://homepage-web.com/?s=hp&m=start"
CHR Profile: C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default [2016-11-19]
CHR Extension: (ProxFlow) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-10-11]
CHR Extension: (Google Trang trình bày) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-12]
CHR Extension: (Google Tài liệu) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-12]
CHR Extension: (Google Drive) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-28]
CHR Extension: (Adblock cho Youtube™) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-05]
CHR Extension: (Google Search) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Bảng tính) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-12]
CHR Extension: (HP SimplePass) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2016-06-05]
CHR Extension: (Dấu trang iCloud) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-05-16]
CHR Extension: (Google Tài liệu ngoại tuyến) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Thanh toán trên cửa hàng Chrome trực tuyến) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR Profile: C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-21]
CHR Extension: (ProxFlow) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-11-16]
CHR Extension: (Google Trang trình bày) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-16]
CHR Extension: (Google Tài liệu) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-16]
CHR Extension: (Google Drive) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-16]
CHR Extension: (YouTube) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-16]
CHR Extension: (Adblock Plus) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-16]
CHR Extension: (Adblock cho Youtube™) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-11-16]
CHR Extension: (Adblocker for Youtube™) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg [2016-11-16]
CHR Extension: (Google Bảng tính) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-16]
CHR Extension: (Google Tài liệu ngoại tuyến) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-16]
CHR Extension: (Thanh toán trên cửa hàng Chrome trực tuyến) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-16]
CHR Extension: (Gmail) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-16]
CHR Extension: (Chrome Media Router) - C:\Users\ducanh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433760 2015-12-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413280 2015-12-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855648 2015-12-01] (BlueStack Systems, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-09-15] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-09-14] (COMODO)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [315376 2016-01-25] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-04-22] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-03-28] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20539168 2014-03-28] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2016-01-25] (Realtek Semiconductor)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2015-12-04] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-04-22] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146016 2015-12-01] (BlueStack Systems)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [32224 2016-08-31] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [853904 2016-08-31] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [45592 2016-08-31] (COMODO)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [162512 2014-02-14] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [138560 2016-08-31] (COMODO)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [38432 2015-12-04] (SoftEther Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3497752 2015-04-16] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [40392 2014-03-28] (NVIDIA Corporation)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [506072 2016-06-15] (Realsil Semiconductor Corporation)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51232 2015-12-04] (SoftEther Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R1 XQHDrv; C:\WINDOWS\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-20 19:55 - 2016-11-20 19:55 - 00000544 _____ C:\Users\ducanh\Desktop\JRT.txt
2016-11-20 18:39 - 2016-11-20 18:39 - 00002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-20 18:20 - 2016-11-20 18:20 - 00001057 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-11-20 18:20 - 2016-11-20 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-11-20 18:20 - 2016-11-20 18:20 - 00000000 ____D C:\Program Files\VS Revo Group
2016-11-20 18:19 - 2016-11-20 18:19 - 07100088 _____ (VS Revo Group ) C:\Users\ducanh\Downloads\revosetup201.exe
2016-11-20 07:14 - 2016-11-20 07:14 - 00852720 _____ C:\Users\ducanh\Downloads\SecurityCheck.exe
2016-11-20 07:10 - 2016-11-20 07:10 - 00852720 _____ C:\Users\ducanh\Desktop\SecurityCheck.exe
2016-11-20 07:08 - 2016-11-20 07:08 - 00004456 _____ C:\Users\ducanh\Downloads\asdasd.txt
2016-11-19 22:39 - 2016-11-19 22:39 - 00032276 _____ C:\Users\ducanh\Desktop\mbam.txt
2016-11-19 21:19 - 2016-11-19 21:19 - 00000000 ____D C:\Program Files (x86)\ESET
2016-11-19 21:18 - 2016-11-19 21:18 - 02870984 _____ (ESET) C:\Users\ducanh\Downloads\esetsmartinstaller_deu.exe
2016-11-19 21:04 - 2016-11-19 21:04 - 00030420 _____ C:\Users\ducanh\Desktop\mbamlog.txt
2016-11-19 20:47 - 2016-11-19 20:47 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-19 20:47 - 2016-11-19 20:47 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-19 20:47 - 2016-11-19 20:47 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-11-19 20:47 - 2016-11-19 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-11-19 20:47 - 2016-11-19 20:47 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-11-19 20:45 - 2016-11-19 20:46 - 22851472 _____ (Malwarebytes ) C:\Users\ducanh\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-19 20:31 - 2016-11-19 20:32 - 00053599 _____ C:\Users\ducanh\Desktop\Addition.txt
2016-11-19 20:29 - 2016-11-21 20:35 - 00027792 _____ C:\Users\ducanh\Desktop\FRST.txt
2016-11-19 14:46 - 2016-11-21 20:34 - 00000000 ____D C:\Users\ducanh\Desktop\FRST-OlderVersion
2016-11-19 14:46 - 2016-11-19 20:40 - 00002597 _____ C:\Users\ducanh\Desktop\Fixlog.txt
2016-11-19 14:45 - 2016-11-21 20:35 - 00000000 ____D C:\FRST
2016-11-18 21:21 - 2016-11-19 13:14 - 00000000 ____D C:\Users\ducanh\Downloads\FRST-OlderVersion
2016-11-17 22:18 - 2016-11-17 22:18 - 01631928 _____ (Malwarebytes) C:\Users\ducanh\Desktop\JRT.exe
2016-11-17 21:40 - 2016-11-20 19:44 - 00000000 ____D C:\AdwCleaner
2016-11-17 21:40 - 2016-11-17 21:40 - 03910208 _____ C:\Users\ducanh\Downloads\AdwCleaner_6.030.exe
2016-11-16 21:49 - 2016-11-16 21:50 - 00250840 _____ C:\TDSSKiller.3.1.0.12_16.11.2016_21.49.49_log.txt
2016-11-16 21:49 - 2016-11-16 21:49 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ducanh\Downloads\tdsskiller (2).exe
2016-11-16 21:38 - 2016-11-16 21:49 - 00849254 _____ C:\TDSSKiller.3.1.0.12_16.11.2016_21.38.19_log.txt
2016-11-16 21:38 - 2016-11-16 21:38 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ducanh\Downloads\tdsskiller (1).exe
2016-11-16 21:34 - 2016-11-16 21:38 - 00248970 _____ C:\TDSSKiller.3.1.0.12_16.11.2016_21.34.25_log.txt
2016-11-16 21:34 - 2016-11-16 21:34 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ducanh\Downloads\tdsskiller.exe
2016-11-16 14:31 - 2016-11-19 22:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-16 14:31 - 2016-11-19 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-16 14:31 - 2016-11-17 21:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-16 14:30 - 2016-11-19 20:47 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-16 14:30 - 2016-11-16 21:32 - 00000000 ____D C:\Users\ducanh\Desktop\mbar
2016-11-16 14:30 - 2016-11-16 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ducanh\Downloads\mbar-1.09.3.1001.exe
2016-11-16 14:04 - 2016-11-16 14:04 - 00014652 _____ C:\Users\ducanh\Desktop\virus.htm
2016-11-16 02:51 - 2016-11-18 21:23 - 00039428 _____ C:\Users\ducanh\Downloads\Addition.txt
2016-11-16 02:32 - 2016-11-19 13:16 - 00102900 _____ C:\Users\ducanh\Downloads\FRST.txt
2016-11-16 02:31 - 2016-11-16 02:53 - 00000000 ___HD C:\VTRoot
2016-11-16 02:30 - 2016-11-21 20:34 - 02412544 _____ (Farbar) C:\Users\ducanh\Desktop\FRST64.exe
2016-11-16 02:30 - 2016-11-20 19:40 - 00082334 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2016-11-16 01:43 - 2016-11-16 01:43 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-11-16 01:21 - 2016-11-16 01:21 - 00001141 _____ C:\Users\ducanh\Desktop\Battle.net.lnk
2016-11-16 00:23 - 2016-11-16 00:23 - 00000000 ____D C:\NVIDIA Corporation
2016-11-16 00:20 - 2016-11-21 20:17 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2016-11-16 00:20 - 2016-11-16 00:20 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2016-11-16 00:20 - 2016-11-16 00:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2016-11-16 00:20 - 2016-11-16 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-11-16 00:19 - 2016-11-16 00:19 - 00000000 ____D C:\Program Files\COMODO
2016-11-16 00:17 - 2016-11-16 00:18 - 00000000 ____D C:\ProgramData\Comodo
2016-11-16 00:17 - 2016-11-16 00:17 - 71955456 _____ (COMODO) C:\Users\ducanh\Downloads\cispremium_only_installer.exe
2016-11-16 00:17 - 2016-11-16 00:17 - 00000000 ____D C:\ProgramData\Shared Space
2016-11-16 00:13 - 2016-11-17 22:11 - 00000008 __RSH C:\Users\ducanh\ntuser.pol
2016-11-16 00:10 - 2016-11-17 22:11 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-16 00:07 - 2016-11-16 00:07 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\ducanh\Documents\libeay32.dll
2016-11-16 00:07 - 2016-11-16 00:07 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\ducanh\Documents\ssleay32.dll
2016-11-16 00:06 - 2016-11-16 00:30 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-11-15 23:58 - 2016-11-16 00:01 - 73981120 _____ (NVIDIA Corporation) C:\Users\ducanh\Documents\GeForce_Experience_v3.1.0.52.exe
2016-11-14 19:03 - 2016-11-20 19:37 - 00000000 ____D C:\Users\ducanh\AppData\Roaming\TS3Client
2016-11-14 19:03 - 2016-11-14 19:03 - 00000986 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-11-14 19:03 - 2016-11-14 19:03 - 00000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-11-14 19:03 - 2016-11-14 19:03 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-11-14 01:53 - 2016-11-14 01:53 - 00000219 _____ C:\Users\ducanh\Desktop\Counter-Strike Global Offensive.url
2016-11-09 16:40 - 2016-10-27 19:28 - 25763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 16:39 - 2016-11-02 21:48 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 16:39 - 2016-11-02 21:48 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 16:39 - 2016-11-02 15:03 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 16:39 - 2016-11-02 15:00 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 16:39 - 2016-10-27 19:53 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-11-09 16:39 - 2016-10-27 19:51 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 16:39 - 2016-10-27 19:37 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-11-09 16:39 - 2016-10-27 19:19 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 16:39 - 2016-10-27 19:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 16:39 - 2016-10-27 19:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 16:39 - 2016-10-27 19:05 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 16:39 - 2016-10-27 18:57 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 16:39 - 2016-10-27 18:49 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-11-09 16:39 - 2016-10-27 18:47 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-11-09 16:39 - 2016-10-27 18:46 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-11-09 16:39 - 2016-10-27 18:46 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-11-09 16:39 - 2016-10-27 18:44 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-11-09 16:39 - 2016-10-27 18:17 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 16:39 - 2016-10-27 18:16 - 02920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 16:39 - 2016-10-27 18:03 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 16:39 - 2016-10-27 17:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 16:39 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 16:39 - 2016-10-25 15:11 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 16:39 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-11-09 16:39 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-11-09 16:39 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 16:39 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-11-09 16:39 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 16:39 - 2016-10-22 17:57 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 16:39 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 16:39 - 2016-10-22 17:51 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 16:39 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-11-09 16:39 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-11-09 16:39 - 2016-10-22 17:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-11-09 16:39 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 16:39 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-11-09 16:39 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 16:39 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 16:39 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 16:39 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 16:39 - 2016-10-13 20:06 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 16:39 - 2016-10-13 20:06 - 01124376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 16:39 - 2016-10-12 09:01 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 16:39 - 2016-10-11 21:21 - 00497448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 16:39 - 2016-10-11 21:21 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 16:39 - 2016-10-11 19:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 16:39 - 2016-10-11 18:47 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 16:39 - 2016-10-11 17:55 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 16:39 - 2016-10-10 22:17 - 00444248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 16:39 - 2016-10-10 22:17 - 00333656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 16:39 - 2016-10-09 23:59 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 16:39 - 2016-10-09 00:12 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-11-09 16:39 - 2016-10-08 23:53 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 16:39 - 2016-10-08 23:21 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 16:39 - 2016-10-08 23:18 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-11-09 16:39 - 2016-10-08 23:07 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 16:39 - 2016-10-08 23:02 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-11-09 16:39 - 2016-10-08 22:49 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 16:39 - 2016-10-08 22:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 16:39 - 2016-10-08 02:34 - 01660040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 16:39 - 2016-10-08 02:34 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 16:39 - 2016-10-04 21:39 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 16:39 - 2016-10-04 21:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 16:39 - 2016-10-04 21:08 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 16:39 - 2016-10-04 21:08 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 16:39 - 2016-09-09 23:52 - 00921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-11-09 16:39 - 2016-09-09 23:14 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2016-11-09 16:39 - 2016-09-09 15:15 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-11-09 16:39 - 2016-09-09 15:09 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-11-09 16:39 - 2016-09-09 15:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-11-09 16:39 - 2016-09-09 15:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-11-09 16:39 - 2016-09-09 15:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-11-09 16:39 - 2016-09-09 14:38 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 16:39 - 2016-09-03 19:20 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsidsc.dll
2016-11-09 16:39 - 2016-09-03 19:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2016-11-09 16:39 - 2016-09-03 18:21 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsidsc.dll
2016-11-09 16:39 - 2016-09-03 17:12 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-11-09 16:39 - 2016-09-03 17:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-11-09 16:39 - 2016-09-03 16:58 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-11-09 16:39 - 2016-09-02 15:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-11-09 16:39 - 2016-09-02 15:05 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-11-09 16:39 - 2016-09-01 15:33 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-11-09 16:39 - 2016-09-01 15:33 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-11-09 16:39 - 2016-09-01 15:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-11-09 16:39 - 2016-08-30 15:11 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 16:39 - 2016-08-30 03:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-11-09 16:39 - 2016-08-30 03:18 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-11-09 16:39 - 2016-08-30 03:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-11-09 16:39 - 2016-08-30 03:03 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-11-09 16:39 - 2016-08-22 14:34 - 01628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-11-01 19:36 - 2016-11-01 19:36 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-01 19:36 - 2016-11-01 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-01 19:35 - 2016-11-01 19:36 - 00000000 ____D C:\Program Files\iTunes
2016-11-01 19:35 - 2016-11-01 19:35 - 00000000 ____D C:\Program Files\iPod
2016-10-31 17:03 - 2016-10-31 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-10-25 17:34 - 2016-10-25 17:34 - 00000000 ____D C:\Users\ducanh\AppData\Local\Arktos Entertainment
2016-10-25 17:25 - 2016-10-25 17:25 - 00000000 ____D C:\Users\ducanh\Documents\FredaikisAB
2016-10-25 17:25 - 2016-10-25 17:25 - 00000000 ____D C:\Users\ducanh\AppData\Local\FredaikisAB
2016-10-25 17:23 - 2016-10-25 17:23 - 00000000 ____D C:\Users\ducanh\Desktop\a
2016-10-23 16:50 - 2016-10-23 16:50 - 00000000 ____D C:\Users\ducanh\Desktop\gamer mu
2016-10-23 16:49 - 2016-10-23 16:52 - 00000000 ____D C:\Users\ducanh\Documents\gamer mu
2016-10-23 16:49 - 2016-10-23 16:49 - 00000000 ____D C:\Users\ducanh\Documents\Neuer Ordner
2016-10-23 02:14 - 2016-11-16 14:51 - 00000000 ___RD C:\Users\ducanh\Desktop\dfgg

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-21 20:32 - 2016-01-27 17:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-21 20:32 - 2014-06-06 14:31 - 00000000 ____D C:\Users\ducanh\Documents\Youcam
2016-11-21 20:31 - 2016-05-16 01:52 - 00000000 ___RD C:\Users\ducanh\iCloudDrive
2016-11-21 20:31 - 2016-02-16 19:11 - 00000000 ____D C:\Users\ducanh\AppData\Local\Spotify
2016-11-21 20:31 - 2015-04-12 16:33 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-21 20:13 - 2015-04-12 16:33 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-21 00:00 - 2016-02-16 19:11 - 00000000 ____D C:\Users\ducanh\AppData\Roaming\Spotify
2016-11-20 23:45 - 2015-04-12 16:35 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4038466168-2714463032-1615967804-1001
2016-11-20 23:42 - 2015-04-19 10:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-20 23:40 - 2016-08-30 21:20 - 00000000 ____D C:\wifidata
2016-11-20 20:52 - 2015-05-01 18:40 - 00000000 ____D C:\Users\ducanh\AppData\Roaming\Skype
2016-11-20 19:46 - 2015-12-04 19:52 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-11-20 19:46 - 2015-04-16 21:12 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-11-20 19:41 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-20 18:40 - 2015-10-20 19:00 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-11-20 18:40 - 2015-10-20 18:59 - 00000000 ____D C:\ProgramData\Battle.net
2016-11-20 18:39 - 2015-04-12 16:34 - 00002290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-20 18:39 - 2015-04-12 16:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-20 18:33 - 2015-04-12 16:33 - 00000000 ____D C:\Users\ducanh\AppData\Local\Deployment
2016-11-20 18:31 - 2015-04-12 16:44 - 00000000 ____D C:\Users\ducanh\AppData\Local\CrashDumps
2016-11-19 21:05 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppCompat
2016-11-19 21:04 - 2015-12-14 16:03 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2016-11-19 14:47 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-11-18 22:31 - 2016-08-30 21:01 - 00003160 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForducanh
2016-11-18 22:31 - 2016-08-30 21:01 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForducanh.job
2016-11-17 22:18 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-11-17 22:11 - 2015-04-12 16:24 - 00000000 ____D C:\Users\ducanh
2016-11-16 02:45 - 2014-05-12 19:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-16 00:51 - 2016-02-21 13:42 - 00000000 ____D C:\Wooxy
2016-11-16 00:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-16 00:50 - 2015-12-03 18:40 - 00000000 ____D C:\Boom
2016-11-16 00:39 - 2015-04-16 21:12 - 00000000 ____D C:\Program Files (x86)\AutoIt3
2016-11-16 00:38 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-16 00:23 - 2015-04-12 16:49 - 00000000 ____D C:\NVIDIA
2016-11-16 00:08 - 2016-10-09 22:41 - 00000000 ____D C:\Program Files (x86)\InfestationNewZ
2016-11-16 00:08 - 2016-08-30 21:20 - 00000000 ____D C:\Program Files (x86)\IO3O LLC
2016-11-16 00:08 - 2016-04-20 23:52 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-11-16 00:08 - 2016-04-15 23:11 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-11-16 00:08 - 2016-01-16 21:32 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-11-16 00:08 - 2016-01-14 18:16 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-11-16 00:08 - 2016-01-14 16:50 - 00000000 ____D C:\Program Files (x86)\HP
2016-11-16 00:08 - 2015-12-26 19:53 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-16 00:08 - 2015-11-29 01:20 - 00000000 ____D C:\Program Files (x86)\Boom
2016-11-16 00:08 - 2015-11-02 23:59 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2016-11-16 00:08 - 2015-11-02 23:50 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2016-11-16 00:08 - 2015-11-02 23:49 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2016-11-16 00:08 - 2015-10-20 19:05 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-11-16 00:08 - 2015-10-20 18:59 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-16 00:08 - 2015-06-21 19:42 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-11-16 00:08 - 2015-06-21 19:40 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2016-11-16 00:08 - 2015-06-21 19:40 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2016-11-16 00:08 - 2015-06-11 22:03 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-11-16 00:08 - 2015-05-01 18:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-16 00:08 - 2015-05-01 14:34 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2016-11-16 00:08 - 2015-04-20 00:03 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2016-11-16 00:08 - 2015-04-12 16:54 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-11-16 00:08 - 2014-07-20 23:42 - 00000000 ____D C:\csmtalk
2016-11-16 00:08 - 2014-07-20 12:39 - 00000000 ____D C:\Temp
2016-11-16 00:08 - 2014-05-12 19:43 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-11-16 00:08 - 2014-05-12 19:36 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-11-16 00:08 - 2014-05-12 19:36 - 00000000 ____D C:\Program Files (x86)\WildGames
2016-11-16 00:08 - 2014-05-12 19:34 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-11-16 00:08 - 2014-05-12 19:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-16 00:08 - 2014-05-12 19:18 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-11-16 00:08 - 2014-05-12 19:17 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-11-16 00:08 - 2014-05-12 19:12 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-16 00:08 - 2014-05-06 20:59 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-11-16 00:08 - 2014-05-06 20:59 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-11-16 00:08 - 2014-05-06 20:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-16 00:08 - 2014-05-06 20:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-16 00:08 - 2014-05-06 20:50 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-11-16 00:08 - 2014-04-02 10:50 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-16 00:08 - 2014-04-02 10:50 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-16 00:08 - 2013-08-22 16:36 - 00000000 ____D C:\PerfLogs
2016-11-15 23:58 - 2013-08-22 14:25 - 00000223 _____ C:\WINDOWS\win.ini
2016-11-15 23:37 - 2014-05-12 19:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-15 12:28 - 2014-05-07 06:28 - 00787018 _____ C:\WINDOWS\system32\perfh007.dat
2016-11-15 12:28 - 2014-05-07 06:28 - 00170888 _____ C:\WINDOWS\system32\perfc007.dat
2016-11-15 12:28 - 2014-03-18 10:53 - 01924576 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-14 17:06 - 2016-01-27 17:07 - 00000000 ____D C:\Users\ducanh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-11 00:41 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-10 16:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 14:18 - 2013-08-22 15:44 - 00378816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-10 00:25 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-11-09 18:57 - 2015-04-22 08:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 18:54 - 2015-04-22 08:31 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 16:52 - 2016-04-13 16:09 - 00000000 ____D C:\Users\ducanh\Desktop\PBE
2016-11-03 19:52 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-01 20:41 - 2016-03-19 17:12 - 00000000 ____D C:\Users\ducanh\AppData\LocalLow\Smartly Dressed Games
2016-11-01 19:35 - 2015-04-12 16:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-10-29 21:13 - 2015-04-12 16:33 - 00000000 ____D C:\Users\ducanh\AppData\Local\Google
2016-10-28 22:04 - 2013-08-22 16:38 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 22:04 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-28 16:31 - 2015-05-01 18:40 - 00000000 ____D C:\ProgramData\Skype
2016-10-28 02:22 - 2015-05-08 15:38 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-23 02:15 - 2016-10-09 13:27 - 00000000 ____D C:\Users\ducanh\Desktop\fkkkkkkkkkk
2016-10-23 02:10 - 2016-09-05 22:49 - 00001002 _____ C:\Users\ducanh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-25 18:10 - 2015-11-25 18:17 - 0002633 _____ () C:\Users\ducanh\AppData\Roaming\droid4xinstaller.log
2016-05-10 14:09 - 2016-05-10 14:09 - 0007608 _____ () C:\Users\ducanh\AppData\Local\Resmon.ResmonCfg

Einige Dateien in TEMP:
====================
C:\Users\ducanh\AppData\Local\Temp\libeay32.dll
C:\Users\ducanh\AppData\Local\Temp\msvcr120.dll
C:\Users\ducanh\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-11-19 16:35

==================== Ende von FRST.txt ============================

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
durchgeführt von ducanh (21-11-2016 20:36:26)
Gestartet von C:\Users\ducanh\Desktop
Windows 8.1 (Update) (X64) (2015-04-12 15:26:00)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4038466168-2714463032-1615967804-500 - Administrator - Disabled) => C:\Users\Administrator
ducanh (S-1-5-21-4038466168-2714463032-1615967804-1001 - Administrator - Enabled) => C:\Users\ducanh
Gast (S-1-5-21-4038466168-2714463032-1615967804-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4038466168-2714463032-1615967804-1003 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: COMODO Antivirus (Enabled - Out of date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\{D080F290-4B2A-4C67-9757-63DA0C6E8855}) (Version: 2.0.0.1011 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP)
COMODO Internet Security Premium (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 8.4.0.5165 - COMODO Security Solutions Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.4.6127 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free YouTube Download version 3.2.59.616 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.59.616 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hỗ trợ Ứng dụng Apple (32 bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Hỗ trợ Ứng dụng Apple (64 bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4BBA238C-9E5D-40F9-8AC6-FACB736752B9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.34.7 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
Infestation New Z (HKLM-x32\...\Infestation New Z) (Version: v26.01.16 Beta - Fredaikis AB)
Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.46 - Softex Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{c1a7f0cd-91ec-424a-8edf-e0606e915765}) (Version: 17.16.0002.2705 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{8B4EA042-9E21-46FB-8286-225F4D51CC52}) (Version: 4.2.41.2710 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{33AD9A5D-209C-4D2A-91BB-C1F3B4BF87A3}) (Version: 17.0.1407.02 - Intel Corporation)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead (HKLM\...\Steam App 500) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MyDriveConnect 4.0.7.2442 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.7.2442 - TomTom)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 4 (HKLM\...\Steam App 349040) (Version:  - CyberConnect2 Co. Ltd.)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.22 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
SHIELD Streaming (Version: 1.8.315 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.19.9599 - SoftEther VPN Project)
Spotify (HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
UniKey 4.0 RC2 (build 1101) (HKLM-x32\...\{AC006985-A51F-42AC-A7E9-5E66D8AC8063}_is1) (Version:  - Pham Kim Long)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Warface (HKLM\...\Steam App 291480) (Version:  - Crytek)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Who Is On My Wifi version 4.0.0 (HKLM-x32\...\{010D45A1-093D-4534-8147-4E10E80F81CC}_is1) (Version: 4.0.0 - IO3O LLC)
WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4038466168-2714463032-1615967804-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0A7EACC3-DEAE-4B6E-9DD1-B6EF8757BDDB} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.)
Task: {25AFB360-0501-453E-B66B-942CBCD209A6} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-02] (Hewlett-Packard)
Task: {262E31D1-4BC7-42F2-810C-47E4CE191273} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-14] (COMODO)
Task: {2E0E4990-D6CA-4B3F-90E3-C53BBB2EA1C9} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-02] (Hewlett-Packard)
Task: {490ACCF5-5986-4FBA-89BB-59A80068417A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12] (Google Inc.)
Task: {4C55E198-6AA8-4231-9608-CE0D9EFC2219} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {815B3BEA-45AB-4DEF-A4EE-4DBEF2B686EC} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {86332851-384A-4B5F-8499-401DE9423E9E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {8BEBFA66-B6B8-4EFD-8FFC-A63F78C13EBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {9548583C-07A4-4D26-970D-7B7BB77D570F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {9751F857-8DFA-4B1C-B96C-EF4766B6AAB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {97672ABF-D65C-4EDA-9370-BA7CB4AD4A75} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {988FF597-F2E1-4F14-ABB9-006C4887B2E8} - System32\Tasks\{DA8E6507-0DF1-41D5-AB60-6D254E02F562} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
Task: {B5FABC50-B368-461E-ACCB-410EC6B77A38} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {BAFB62B2-E8DE-40BC-8FC9-7E7028D05F22} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {BF5A4D78-AD90-4CFE-ACAE-4851D3C0C96D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12] (Google Inc.)
Task: {C958479A-1F6D-4E7B-A5B5-114E93DB467D} - System32\Tasks\HPCeeScheduleForducanh => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {D3424280-2D97-41CF-84CC-7955A5092B96} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {EE5AB25E-8C16-41E2-9FBA-AA8170CF0D96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {F3568130-C271-40EF-AC99-BDE3D504FC29} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-02] (Hewlett-Packard)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForducanh.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2016-03-16 11:25 - 2016-03-16 11:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-11-20 18:39 - 2016-11-08 22:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-20 18:39 - 2016-11-08 22:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2014-05-12 19:13 - 2013-12-10 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-01-27 17:24 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-27 17:24 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-27 17:24 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-27 17:24 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-27 17:24 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-27 17:23 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-27 17:23 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-27 17:23 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-27 17:23 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-27 17:23 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-27 17:23 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 14:59 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-13 23:37 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-02-16 19:11 - 2016-11-13 15:23 - 51776112 _____ () C:\Users\ducanh\AppData\Roaming\Spotify\libcef.dll
2016-02-16 19:11 - 2016-11-13 15:23 - 01803888 _____ () C:\Users\ducanh\AppData\Roaming\Spotify\libglesv2.dll
2016-02-16 19:11 - 2016-11-13 15:23 - 00086128 _____ () C:\Users\ducanh\AppData\Roaming\Spotify\libegl.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-08-30 21:20 - 2015-07-09 11:26 - 00839680 _____ () C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\System.Data.SQLite.dll
2016-01-27 17:23 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh:Heroes & Generals [38]
AlternateDataStreams: C:\Users\ducanh\Desktop\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Desktop\SecurityCheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Desktop\SecurityCheck.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\AdwCleaner_6.030.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\AdwCleaner_6.030.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\esetsmartinstaller_deu.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\esetsmartinstaller_deu.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\mbam-setup-2.2.1.1043.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\mbam-setup-2.2.1.1043.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\mbar-1.09.3.1001.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\mbar-1.09.3.1001.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\revosetup201.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\revosetup201.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\SecurityCheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\SecurityCheck.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller (2).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller (2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\ducanh\Downloads\tdsskiller.exe:$CmdZnID [26]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2015-12-07 21:58 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ducanh\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-4038466168-2714463032-1615967804-1001\...\StartupApproved\Run: => "Skype"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5FD27008-3998-46BB-90B6-3044A679D7A0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{64F99A8C-0877-4B8C-94CE-390678F196D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E9824D4A-D2B9-4603-88DD-9D56AC1FEEC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8318E001-968B-4E8B-B17F-15FDE8954A84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E661CB3D-9069-4F87-A514-EC4D8B6F4088}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0920AF33-0DFE-4A94-A7C1-63FE973AC765}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2A275877-CB2D-4E34-A912-B976EC447341}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{396C0FA5-1015-42CA-9895-03D56641FF4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{082F1F63-8E15-431E-B321-4DBB5C5B9D56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95A44F63-5CFD-4E3E-88E5-4C665149614D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B5942159-CBB5-4928-9D64-B7815B446120}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{62A8800F-1117-49C0-AD8B-5BA97820C29C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{E74A733F-BEAA-476E-9114-150E3C14580E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9156F99C-8455-4C89-A59F-B80AD9CD8B0F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{76A9F238-5454-4462-8B76-749BFD216B86}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{15C931F1-6174-4C65-B36A-B53C8FA5446A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D614E9CD-5AF0-4D8C-ADCF-D0A3A3CBA7D9}C:\users\ducanh\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\ducanh\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{45281AB2-57C6-40DA-952D-0BC19F57C46C}] => (Allow) C:\Program Files (x86)\Droid4X\Droid4X.exe
FirewallRules: [{D8DC9170-2FA1-402E-9D5C-6907DBF9578D}] => (Allow) C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe
FirewallRules: [{C0951403-CA57-4A47-B041-4099A689E3E3}] => (Allow) C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
FirewallRules: [{85BA7E11-3AC1-4B62-9C6A-A2384EA9611F}] => (Allow) C:\Boom\ca.exe
FirewallRules: [{367AEB9A-0BB0-4C4E-A795-6C81A2990669}] => (Allow) C:\Boom\ca.exe
FirewallRules: [{FB2064E3-BD41-4CE6-A627-6655F4CC3EA2}] => (Allow) C:\Boom\nmcosrv.exe
FirewallRules: [{85B63B22-A0EF-48F7-B7C5-738BE83463B9}] => (Allow) C:\Boom\nmcosrv.exe
FirewallRules: [{D31C5AD3-7853-48D2-AD3A-3035A6D503E7}] => (Allow) C:\Program Files (x86)\Boom\ca.exe
FirewallRules: [{93EA3A94-BC0F-4152-AFFC-799A3061ADE7}] => (Allow) C:\Program Files (x86)\Boom\ca.exe
FirewallRules: [{41263AB9-849C-4D24-8F97-0A41C1F2403D}] => (Allow) C:\Program Files (x86)\Boom\nmcosrv.exe
FirewallRules: [{9DAB86AD-92FF-4BF8-BF33-38059B62327A}] => (Allow) C:\Program Files (x86)\Boom\nmcosrv.exe
FirewallRules: [{F9F6192B-03EA-48CF-A1C5-62BEF33A20AC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{FC378735-65A8-40D2-9D47-36EF65CA149E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{0E5F91E2-C802-45EC-B715-DFB6C960AE20}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{439FBE5B-9690-4221-8657-0CD1BB8AF005}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{9A06B6DC-85D5-49F0-82A1-A943F92BAA8F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{7D8DA4FC-676F-4284-ADDD-24CA9ADF3DE0}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{C3B6062E-B56A-4ABB-A84F-8C34A2D8E1DE}] => (Allow) C:\Boom\nmcosrv.exe
FirewallRules: [{2470A7F5-F78C-4814-9D37-E76E36716462}] => (Allow) C:\Boom\nmcosrv.exe
FirewallRules: [{382B10B0-19C0-4AE0-AAF8-7D98F533CB71}] => (Allow) C:\Users\ducanh\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{846B9078-B408-4788-B348-D8A6FA88FD97}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{2EF23D5D-277A-4B5F-AB8E-3988077F787C}] => (Allow) C:\Program Files (x86)\Droid4X\MultiMgr.exe
FirewallRules: [{95992841-61AA-48D5-84D6-2DCB39A68E39}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6668C0E0-D29D-4941-B3C8-42970422DB28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04AF7958-E784-454F-A088-772C3543FC45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA1D80AD-9BF7-421A-B6FE-DFF148586062}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{84783F8B-58B8-49CA-AB34-55FBDE757613}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3E4BFE81-9293-41BD-B3FE-E61300D856C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{69CE4CFA-269D-4E32-9AC8-1CB7BFFA33AC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D659635A-7148-4ED0-882B-06E2EA6F4BEE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BEFB88BD-7CDF-46D8-A2CF-6F0EA6E403FF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E6D9AC72-E5BE-4FBD-B090-654100676F13}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{7D95D3DE-E2B6-4355-9493-E89AE643F390}C:\users\ducanh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ducanh\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DF26136E-B4DF-4ECF-9D2C-E63F82020023}C:\users\ducanh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ducanh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7839A1E7-EA87-4EB6-853B-A177DF252E00}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{E64B121A-2694-4BD7-AFB4-4B3EF3028433}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{A4BA125A-BD9D-4A3A-897B-BE25C39B6405}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{3C2D556D-AEE2-4818-A30F-3EBD74EC48FF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{D8FC0380-D597-4FE1-BC00-E3961317FD29}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5D481C33-F3A2-4607-A335-DE4DBC2F3D77}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{86C66020-9F98-4E62-A7D1-CE52367E5511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{63CAA03B-43A1-4565-9A80-6F9887E5AFD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{86EFA35B-AD4F-4DB3-A3E8-9767BD0F55BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe
FirewallRules: [{439FA976-2AB3-45D2-9A33-C1628236ACAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe
FirewallRules: [{93D407C5-8B80-41A8-809A-AD366D51CFD9}] => (Allow) C:\Program Files (x86)\InfestationNewZ\TheNewZ.exe
FirewallRules: [{EA806DA6-D1A4-4FBC-969A-B2F0FF62DC72}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{04158EE1-B463-4DFE-A444-985B2459D19F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C65052DE-9427-42F8-823E-D85B6EAA2BC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B0C481B7-05FF-42FE-9416-751BAB294F6E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{120CB8E8-3B92-40CF-A8AB-A36B92E5B739}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{31F30A1A-11AB-4A3C-A98F-FC1B86AA1143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{4374C69D-EF14-4B24-9CA4-CB6C3EC832FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{29FF15C1-E9F7-4D92-ADBB-849AD8CCF1FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D29037BC-9560-42A6-82CA-C2D6DEE1B3E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1F67818F-2A18-44B2-B659-A138AAE2D7F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2146DFC9-D06E-4287-A820-DE4E6F0B70E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

17-11-2016 22:18:29 JRT Pre-Junkware Removal
17-11-2016 22:48:55 JRT Pre-Junkware Removal
18-11-2016 16:44:47 JRT Pre-Junkware Removal
19-11-2016 00:45:22 JRT Pre-Junkware Removal
19-11-2016 00:45:55 JRT Pre-Junkware Removal
20-11-2016 18:24:57 Revo Uninstaller's restore point - Google Chrome
20-11-2016 18:33:36 Revo Uninstaller's restore point - Java 8 Update 40
20-11-2016 18:33:50 Removed Java 8 Update 40
20-11-2016 18:36:35 Revo Uninstaller's restore point - Heroes of the Storm
20-11-2016 18:40:16 Revo Uninstaller's restore point - Google Chrome
20-11-2016 19:45:27 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/20/2016 08:44:03 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (11/20/2016 07:44:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm cistray.exe, Version 8.4.0.5165 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e14

Startzeit: 01d2435db4556cc2

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

Berichts-ID: 6688e4fa-af51-11e6-846f-a08869bf085f

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/20/2016 06:31:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.18123, Zeitstempel: 0x563faf80
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18525, Zeitstempel: 0x5812433c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000c959f
ID des fehlerhaften Prozesses: 0xa54
Startzeit der fehlerhaften Anwendung: 0x01d24353c067a259
Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\MSHTML.dll
Berichtskennung: 2afc8faf-af47-11e6-846e-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/20/2016 06:25:39 PM) (Source: HP Active Health) (EventID: 1002) (User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Ungültiger Namespace 
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (11/20/2016 06:24:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {64f8405a-f6c5-4959-90c9-1242f98df90e}

Error: (11/20/2016 07:50:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x17d0
Startzeit der fehlerhaften Anwendung: 0x01d242fa56dfe165
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 94ab6c5e-aeed-11e6-846e-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/20/2016 07:50:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0x01d242fa55ae2a99
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 937e79d6-aeed-11e6-846e-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/20/2016 07:50:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.315.0, Zeitstempel: 0x5331827a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x14f0
Startzeit der fehlerhaften Anwendung: 0x01d242fa54b20bf3
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 9290a95a-aeed-11e6-846e-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/20/2016 07:08:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (11/20/2016 05:47:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: steamwebhelper.exe, Version: 3.65.13.80, Zeitstempel: 0x57fed9f2
Name des fehlerhaften Moduls: steamwebhelper.exe, Version: 3.65.13.80, Zeitstempel: 0x57fed9f2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037b59
ID des fehlerhaften Prozesses: 0x183c
Startzeit der fehlerhaften Anwendung: 0x01d242a1b8bef996
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Berichtskennung: 664ccdba-aedc-11e6-846e-a08869bf085f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (11/21/2016 12:39:10 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (11/20/2016 07:46:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SoftEther VPN Client" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/20/2016 07:46:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/20/2016 07:45:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/20/2016 07:44:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "COMODO Internet Security Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/20/2016 07:42:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Anwendungshost-Hilfsdienst" wurde nicht richtig gestartet.

Error: (11/20/2016 07:41:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: 
Die Daten sind unzulässig.

Error: (11/20/2016 07:40:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann den angegebenen Pfad nicht finden.

Error: (11/20/2016 07:40:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (11/20/2016 07:40:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll


CodeIntegrity:
===================================
  Date: 2016-11-21 20:31:50.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-21 00:38:54.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-21 00:22:20.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-21 00:15:34.743
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-20 23:41:10.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-20 19:43:36.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-19 23:21:25.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-19 21:47:23.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-19 21:15:52.993
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-19 20:43:19.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Prozentuale Nutzung des RAM: 47%
Installierter physikalischer RAM: 12218.15 MB
Verfügbarer physikalischer RAM: 6408.57 MB
Summe virtueller Speicher: 14074.15 MB
Verfügbarer virtueller Speicher: 7901.42 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:910.44 GB) (Free:664.68 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.05 GB) (Free:2.01 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E1B0F7F4)

Partition: GPT.

==================== Ende von Addition.txt ============================

--- --- ---

? wenn etwas fehlt bitte sagen soweit ich weiß sind das die 2 logs ...

cosinus · 22.11.2016, 13:04

Ich hab hier schwer den Eindruck, dass du das das Profil vom Google Chrome nicht neugemacht hast. Also nochmal:

1. Google Chrome deinstallieren
2. Verzeichnis C:\Users\ducanh\AppData\Local\Google\Chrome in eine Datei zippen als Sicherheitskopie, dann den Ordner löschen
3. Google Chrome neu installieren
4. testen testen testen

helpme156 · 22.11.2016, 17:14

Hey also ich habe alles genau so gemacht aber das problem ist immernoch da manchmal steigt cpu auch 100% aber sinkt schnell runter
. Also ich merke jedes mal wenn ich etwas öffne zB games oder skype.. Usw steigt Datenträger auf 100% aber wird dann von Comodo geblockt somit sinkt es dann wieder also comodo hat es schon mal blockiert jedes mal wenn es auftaucht kann das vielleicht was helfen ?

19.11.2016, 22:31	#36
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Laptop wurde infiziert, 100% Datenträger und Chrome öffnet werbung Du musst die Funde mit MBAM auch entfernen! __________________ --> Laptop wurde infiziert, 100% Datenträger und Chrome öffnet werbung

20.11.2016, 19:01	#40
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Laptop wurde infiziert, 100% Datenträger und Chrome öffnet werbung adwcleaner und JRT nochmal, logs posten __________________ Logfiles bitte immer in CODE-Tags posten

21.11.2016, 09:40	#42
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Laptop wurde infiziert, 100% Datenträger und Chrome öffnet werbung Und nochmal neue FRST Logs __________________ Logfiles bitte immer in CODE-Tags posten

Laptop wurde infiziert, 100% Datenträger und Chrome öffnet werbung

Plagegeister aller Art und deren Bekämpfung: Laptop wurde infiziert, 100% Datenträger und Chrome öffnet werbung