Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Wallpapers.exe in AppData (https://www.trojaner-board.de/181231-wallpapers-exe-appdata.html)

Ladekabel612 22.08.2016 12:17
Wallpapers.exe in AppData
 
Hi,

In meinen AppData(s) ist eine Wallpapers.exe aufgetaucht, ich weiß nicht woher diese stammt geschweige den was sie macht, da ich sie nicht wirklich ausführen möchte. Eset sagt, die datei sei sauber.

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
durchgeführt von Tygan (Administrator) auf COMPUTER-128234 (22-08-2016 13:04:25)
Gestartet von C:\Users\Tygan\Desktop
Geladene Profile: Tygan (Verfügbare Profile: Tygan & shady & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Core Temp\Core Temp.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\puush\puush.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.2.0.0_x86__wgeqdkkx372wm\Twitter.Windows.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11607.1001.32.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7031.23501.0_x64__8wekyb3d8bbwe\OHub.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NetSpeedMonitor] => C:\Program Files\NetSpeedMonitor\nsmc.exe [71680 2010-04-04] (Florian Gilles)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2016-04-14] (VMware, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.294\Discord.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-16] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
SSODL: EldosMountNotificator-cbfs6 - {73F8D53A-4E1F-4434-A7D0-7C1E3B50BB78} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs6 - {73F8D53A-4E1F-4434-A7D0-7C1E3B50BB78} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_d1739.dll Keine Datei
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_d1739.dll Keine Datei
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_d1739.dll Keine Datei
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_d1739.dll Keine Datei
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {36A9E202-9EBD-4037-9EC8-9403A1FE827B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_d1739.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {36A9E202-9EBD-4037-9EC8-9403A1FE827B} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk [2016-07-10]
ShortcutTarget: NETGEAR WNA3100M Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe ()
GroupPolicyScripts: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{f2c76c85-8df8-4ee3-a794-c760b75c17ca}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-21] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-21] (Microsoft Corporation)

Edge:
======
Edge Extension: AdBlock -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.0.5.0_neutral__c1wakc4j0nefm [2016-08-19]

FireFox:
========
FF ProfilePath: C:\Users\Tygan\AppData\Roaming\Mozilla\Firefox\Profiles\3am39cb5.default
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Extension: uBlock Origin - C:\Users\Tygan\AppData\Roaming\Mozilla\Firefox\Profiles\3am39cb5.default\Extensions\uBlock0@raymondhill.net.xpi [2016-08-07]
FF Extension: O2 Service Suite - C:\Users\Tygan\AppData\Roaming\Mozilla\Firefox\Profiles\3am39cb5.default\Extensions\{} [2016-08-19] [ist nicht signiert]

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxp://www.youtube.com/"
CHR Profile: C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-19]
CHR Extension: (Google Docs) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-19]
CHR Extension: (Google Drive) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-04]
CHR Extension: (YouTube) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-04]
CHR Extension: (Google Tabellen) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-19]
CHR Extension: (Blue Space) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgafflokkagpjiofcoodepkehnpldbge [2016-04-04]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Google Mail) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-04]
CHR Profile: C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-19]
CHR Extension: (Google Docs) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-19]
CHR Extension: (Google Drive) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-05]
CHR Extension: (YouTube) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-05]
CHR Extension: (uBlock Origin) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-19]
CHR Extension: (ZenMate VPN - Top Internet Security & Unblock) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-08-19]
CHR Extension: (Google Tabellen) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-19]
CHR Extension: (Black blue shards) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgoflmajhinnohnhkfeggflmmppiilck [2016-07-25]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\libedajeiljdoodmokbppgapcfbignci [2016-08-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Google Mail) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Tygan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159832 2016-08-12] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950856 2016-07-25] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-04-05] () [Datei ist nicht signiert]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2779136 2016-08-21] (ESET)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-07-23] (Microsoft Corporation) [Datei ist nicht signiert]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-17] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-08] (TeamViewer GmbH)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [316120 2014-08-18] ()

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 ALSysIO; C:\Users\Tygan\AppData\Local\Temp\ALSysIO64.sys [35320 2016-08-22] (Arthur Liberman)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-06-13] (EldoS Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-12] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263296 2016-08-21] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199328 2016-06-23] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3859704 2015-10-16] (Realtek Semiconductor Corporation                          )
S3 taphss6; C:\Windows\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-11-10] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [198248 2016-08-02] (IDRIX)
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2016-06-13] (EldoS Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-22 13:04 - 2016-08-22 13:05 - 00020851 _____ C:\Users\Tygan\Desktop\FRST.txt
2016-08-22 12:14 - 2016-08-22 12:30 - 04749395 _____ C:\Users\Tygan\AppData\Roaming\wallpapers.exe
2016-08-22 12:13 - 2016-08-22 13:04 - 00000000 ____D C:\FRST
2016-08-22 12:11 - 2016-08-22 12:13 - 02396672 _____ (Farbar) C:\Users\Tygan\Desktop\FRST64.exe
2016-08-22 11:21 - 2016-08-22 11:21 - 00000022 _____ C:\WINDOWS\S.dirmngr
2016-08-22 00:36 - 2016-08-22 00:36 - 00000000 ____D C:\Users\Tygan\Documents\Benutzerdefinierte Office-Vorlagen
2016-08-21 17:57 - 2016-08-21 17:57 - 00000000 ____D C:\Users\Tygan\AppData\Local\ESET
2016-08-21 17:09 - 2016-08-21 17:09 - 00002150 _____ C:\Users\Tygan\Desktop\ESET NOD32 Antivirus.lnk
2016-08-21 17:03 - 2016-08-22 12:23 - 00000000 ___RD C:\Users\Tygan\OneDrive
2016-08-21 17:02 - 2016-08-21 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-08-21 17:02 - 2016-08-21 17:02 - 00000000 ____D C:\ProgramData\ESET
2016-08-21 17:02 - 2016-08-21 17:02 - 00000000 ____D C:\Program Files\ESET
2016-08-21 16:29 - 2016-08-21 16:29 - 00002583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-08-21 16:29 - 2016-08-21 16:29 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-08-21 16:29 - 2016-08-21 16:29 - 00002558 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-08-21 16:29 - 2016-08-21 16:29 - 00002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-08-21 16:29 - 2016-08-21 16:29 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-08-21 16:29 - 2016-08-21 16:29 - 00002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-08-21 16:29 - 2016-08-21 16:29 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-08-21 16:29 - 2016-08-21 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-08-21 16:17 - 2016-08-21 19:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-08-21 16:17 - 2016-08-21 16:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-19 22:00 - 2016-08-19 22:00 - 00000788 _____ C:\Users\Tygan\Documents\Bilder - Verknüpfung.lnk
2016-08-19 18:24 - 2016-08-19 18:24 - 00000000 ____D C:\Users\shady\AppData\Local\Mozilla
2016-08-19 18:10 - 2016-08-19 18:25 - 00000000 ____D C:\Users\shady\AppData\Roaming\NetSpeedMonitor
2016-08-19 18:10 - 2016-08-19 18:10 - 00000000 ____D C:\Users\shady\AppData\Local\MicrosoftEdge
2016-08-19 18:09 - 2016-08-19 18:10 - 00000000 ____D C:\Users\shady\AppData\Local\ConnectedDevicesPlatform
2016-08-19 18:09 - 2016-08-19 18:09 - 00000000 ____D C:\Users\shady\AppData\Local\VirtualStore
2016-08-19 18:09 - 2016-08-19 18:09 - 00000000 ____D C:\Users\shady\AppData\Local\Publishers
2016-08-19 18:09 - 2016-08-19 18:09 - 00000000 ____D C:\Users\shady\AppData\Local\Comms
2016-08-19 17:40 - 2016-08-19 17:40 - 00000000 ____D C:\Users\Tygan\Documents\HDClone Images
2016-08-19 16:15 - 2016-04-14 17:17 - 00066752 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2016-08-19 16:15 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2016-08-19 16:15 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2016-08-19 16:15 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2016-08-19 16:14 - 2016-04-14 17:17 - 00934080 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2016-08-19 16:14 - 2016-04-14 17:17 - 00392896 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2016-08-19 16:14 - 2016-04-14 17:17 - 00358080 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2016-08-19 16:14 - 2016-04-14 16:53 - 00026816 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2016-08-19 16:14 - 2016-03-10 08:03 - 00057536 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2016-08-19 16:13 - 2016-08-19 16:13 - 00001276 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2016-08-19 16:13 - 2016-08-19 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-08-19 16:13 - 2016-08-19 16:13 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-08-19 01:17 - 2016-08-19 01:17 - 00000037 _____ C:\Users\Tygan\Desktop\heiseshow.txt
2016-08-18 00:23 - 2016-08-18 00:23 - 00069632 _____ C:\Users\Tygan\Documents\All-User-Install-Agent.evtx
2016-08-17 22:29 - 2016-08-17 22:30 - 00000000 ____D C:\Users\Maxson\AppData\Roaming\NetSpeedMonitor
2016-08-17 22:29 - 2016-08-17 22:29 - 00000000 ___RD C:\Users\Maxson\OneDrive
2016-08-17 22:28 - 2016-08-17 22:28 - 00000000 ____D C:\Users\Maxson\AppData\Local\VirtualStore
2016-08-17 22:28 - 2016-08-17 22:28 - 00000000 ____D C:\Users\Maxson\AppData\Local\Comms
2016-08-17 22:27 - 2016-08-19 13:48 - 00000000 ____D C:\Users\Maxson
2016-08-17 22:27 - 2016-08-17 22:28 - 00000000 ____D C:\Users\Maxson\AppData\Local\Packages
2016-08-17 22:27 - 2016-08-17 22:28 - 00000000 ____D C:\Users\Maxson\AppData\Local\ConnectedDevicesPlatform
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\Vorlagen
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\Startmenü
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\Netzwerkumgebung
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\Lokale Einstellungen
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\Eigene Dateien
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\Druckumgebung
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\Documents\Eigene Videos
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\Documents\Eigene Musik
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\Documents\Eigene Bilder
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\AppData\Local\Verlauf
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\AppData\Local\Anwendungsdaten
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 _SHDL C:\Users\Maxson\Anwendungsdaten
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 ____D C:\Users\Maxson\AppData\Roaming\Adobe
2016-08-17 22:27 - 2016-08-17 22:27 - 00000000 ____D C:\Users\Maxson\AppData\Local\Google
2016-08-17 22:27 - 2016-08-03 17:17 - 00000000 ____D C:\Users\Maxson\AppData\Roaming\Media Center Programs
2016-08-17 22:24 - 2016-08-17 22:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\NetSpeedMonitor
2016-08-17 22:23 - 2016-08-17 22:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2016-08-17 21:58 - 2016-08-17 21:58 - 00000000 ____D C:\Users\Lem0th\AppData\Local\Comms
2016-08-17 20:27 - 2016-08-17 20:27 - 00000000 ____D C:\Users\Lem0th\AppData\Local\NetworkTiles
2016-08-17 20:19 - 2016-08-17 20:19 - 00000000 ____D C:\Users\Lem0th\AppData\Local\PeerDistRepub
2016-08-17 19:31 - 2016-08-17 19:31 - 00000000 ____D C:\Users\Lem0th\AppData\Local\Steam
2016-08-17 19:31 - 2016-08-17 19:31 - 00000000 ____D C:\Users\Lem0th\AppData\Local\CEF
2016-08-17 19:22 - 2016-08-17 19:23 - 31371264 _____ C:\Users\Lem0th\Downloads\main.db
2016-08-17 19:17 - 2016-08-19 13:48 - 00000000 ____D C:\Users\Lem0th\AppData\Roaming\Skype
2016-08-17 19:17 - 2016-08-17 19:17 - 00000000 ____D C:\Users\Lem0th\Tracing
2016-08-17 19:06 - 2016-08-17 22:41 - 00000000 ____D C:\Users\Lem0th\AppData\Roaming\KeePass
2016-08-17 19:04 - 2016-08-19 13:48 - 00000000 ____D C:\Users\Lem0th\AppData\Roaming\Thunderbird
2016-08-17 19:04 - 2016-08-17 19:04 - 00000000 ____D C:\Users\Lem0th\AppData\Local\Thunderbird
2016-08-17 18:59 - 2016-08-17 18:59 - 00000000 ____D C:\Users\Lem0th\Documents\My Safes
2016-08-17 18:55 - 2016-08-17 19:07 - 00000000 ____D C:\Users\Lem0th\AppData\Local\Mozilla
2016-08-17 18:55 - 2016-08-17 18:55 - 00000000 ____D C:\Users\Lem0th\AppData\Roaming\Mozilla
2016-08-17 18:49 - 2016-08-17 18:50 - 00000000 ___RD C:\Users\Lem0th\OneDrive
2016-08-17 18:48 - 2016-08-19 13:48 - 00000000 ____D C:\Users\Lem0th\AppData\Local\TileDataLayer
2016-08-17 18:48 - 2016-08-19 13:48 - 00000000 ____D C:\Users\Lem0th
2016-08-17 18:48 - 2016-08-17 19:00 - 00000000 ____D C:\Users\Lem0th\AppData\Local\ConnectedDevicesPlatform
2016-08-17 18:48 - 2016-08-17 18:50 - 00000000 ____D C:\Users\Lem0th\AppData\Local\Packages
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\Vorlagen
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\Startmenü
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\Netzwerkumgebung
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\Lokale Einstellungen
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\Eigene Dateien
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\Druckumgebung
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\Documents\Eigene Videos
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\Documents\Eigene Musik
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\Documents\Eigene Bilder
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\AppData\Local\Verlauf
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\AppData\Local\Anwendungsdaten
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 _SHDL C:\Users\Lem0th\Anwendungsdaten
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 ____D C:\Users\Lem0th\AppData\Roaming\Adobe
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 ____D C:\Users\Lem0th\AppData\Local\VirtualStore
2016-08-17 18:48 - 2016-08-17 18:48 - 00000000 ____D C:\Users\Lem0th\AppData\Local\Google
2016-08-17 18:48 - 2016-08-03 17:17 - 00000000 ____D C:\Users\Lem0th\AppData\Roaming\Media Center Programs
2016-08-17 13:17 - 2016-08-17 13:17 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2016-08-17 10:46 - 2016-08-17 10:46 - 00003898 _____ C:\WINDOWS\System32\Tasks\Sperrbildschirm
2016-08-15 17:43 - 2016-08-15 17:43 - 00000000 ____D C:\Users\Tygan\Documents\pCloud Sync
2016-08-15 17:42 - 2016-08-16 00:27 - 00000000 ____D C:\Users\Tygan\AppData\Local\pCloud
2016-08-15 17:41 - 2016-06-13 05:14 - 00235424 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsNetRdr6.dll
2016-08-15 17:41 - 2016-06-13 05:14 - 00134560 _____ (EldoS Corporation) C:\WINDOWS\system32\cbfsNetRdr6.dll
2016-08-15 17:41 - 2016-06-13 05:13 - 00196000 _____ (EldoS Corporation) C:\WINDOWS\system32\cbfsMntNtf6.dll
2016-08-15 17:41 - 2016-06-13 05:13 - 00170400 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll
2016-08-15 17:41 - 2016-06-13 05:07 - 00018624 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\vpnpbus.sys
2016-08-15 17:41 - 2016-06-13 05:06 - 00460992 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs6.sys
2016-08-15 17:40 - 2016-06-13 05:14 - 00018848 _____ (EldoS Corporation) C:\WINDOWS\system32\elevtmsg.dll
2016-08-15 17:37 - 2016-08-15 17:38 - 08526704 _____ (pCloud AG) C:\Users\Tygan\Downloads\pCloud_Windows_3.3.1.exe
2016-08-15 10:21 - 2016-08-15 10:21 - 00000989 _____ C:\Users\Tygan\Desktop\Core Temp.lnk
2016-08-15 10:17 - 2016-08-15 10:20 - 01190712 _____ (Alcpu ) C:\Users\Tygan\Downloads\Core-Temp-setup.exe
2016-08-13 03:23 - 2016-08-19 13:52 - 00000000 ____D C:\Users\Tygan\AppData\Local\fabi.me
2016-08-13 02:34 - 2016-08-13 02:34 - 00000206 _____ C:\Users\Tygan\Desktop\Fallout Shelter.url
2016-08-13 02:34 - 2016-08-13 02:34 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2016-08-13 02:28 - 2016-08-20 01:05 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2016-08-13 02:28 - 2016-08-19 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2016-08-13 02:28 - 2016-08-13 02:31 - 00000000 ____D C:\Users\Tygan\AppData\Local\Bethesda.net Launcher
2016-08-13 02:28 - 2016-08-13 02:28 - 00001221 _____ C:\Users\Public\Desktop\Bethesda.net Launcher.lnk
2016-08-13 02:27 - 2016-08-13 02:28 - 07493336 _____ (Bethesda Softworks ) C:\Users\Tygan\Downloads\BethesdaNetLauncher_Setup.exe
2016-08-11 22:07 - 2016-08-19 13:52 - 00000000 ___RD C:\Users\Tygan\3D Objects
2016-08-10 21:07 - 2016-08-19 13:52 - 00000000 ____D C:\Users\shady\AppData\Roaming\Skype
2016-08-10 20:01 - 2016-08-19 18:24 - 00000000 ____D C:\Users\shady\AppData\Roaming\Mozilla
2016-08-10 19:26 - 2016-08-02 10:48 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 19:26 - 2016-08-02 10:44 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-10 19:26 - 2016-08-02 10:20 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-10 19:26 - 2016-08-02 09:55 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 19:26 - 2016-08-02 06:51 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 19:26 - 2016-08-02 06:25 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-10 19:25 - 2016-08-02 10:58 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 19:25 - 2016-08-02 10:53 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 19:25 - 2016-08-02 10:52 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 19:25 - 2016-08-02 10:48 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-10 19:25 - 2016-08-02 10:44 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 19:25 - 2016-08-02 10:23 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 19:25 - 2016-08-02 10:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-10 19:25 - 2016-08-02 10:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-10 19:25 - 2016-08-02 10:20 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-10 19:25 - 2016-08-02 10:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-10 19:25 - 2016-08-02 10:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-10 19:25 - 2016-08-02 10:14 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-10 19:25 - 2016-08-02 10:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 19:25 - 2016-08-02 10:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-10 19:25 - 2016-08-02 10:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-10 19:25 - 2016-08-02 10:11 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-10 19:25 - 2016-08-02 10:10 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-10 19:25 - 2016-08-02 10:09 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-10 19:25 - 2016-08-02 10:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 19:25 - 2016-08-02 10:07 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-10 19:25 - 2016-08-02 10:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-10 19:25 - 2016-08-02 10:00 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-10 19:25 - 2016-08-02 09:59 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 19:25 - 2016-08-02 09:58 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 19:25 - 2016-08-02 09:57 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 19:25 - 2016-08-02 09:56 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-10 19:25 - 2016-08-02 09:56 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 19:25 - 2016-08-02 09:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-10 19:25 - 2016-08-02 09:55 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 19:25 - 2016-08-02 09:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-10 19:25 - 2016-08-02 06:56 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 19:25 - 2016-08-02 06:47 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-10 19:25 - 2016-08-02 06:39 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-10 19:25 - 2016-08-02 06:37 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-10 19:25 - 2016-08-02 06:37 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-10 19:25 - 2016-08-02 06:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-10 19:25 - 2016-08-02 06:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-10 19:25 - 2016-08-02 06:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-10 19:25 - 2016-08-02 06:28 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 19:25 - 2016-08-02 06:27 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-10 19:25 - 2016-08-02 06:26 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 19:25 - 2016-08-02 06:26 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-10 19:25 - 2016-08-02 06:25 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 19:25 - 2016-08-02 06:23 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-10 19:25 - 2016-08-02 06:16 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 19:25 - 2016-08-02 06:13 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 19:25 - 2016-08-02 06:13 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-10 19:25 - 2016-08-02 06:12 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-10 19:25 - 2016-08-02 06:09 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-09 23:38 - 2016-08-22 11:22 - 00000000 ___HD C:\OneDriveTemp
2016-08-09 23:37 - 2016-08-09 23:38 - 00002428 _____ C:\Users\shady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-09 23:33 - 2016-08-19 18:11 - 00000000 ____D C:\Users\shady\AppData\Local\Packages
2016-08-09 23:33 - 2016-08-19 13:52 - 00000000 ____D C:\Users\shady\AppData\Local\TileDataLayer
2016-08-09 23:33 - 2016-08-19 13:50 - 00000000 ____D C:\Users\shady\AppData\Local\Google
2016-08-09 23:32 - 2016-08-19 14:35 - 00000000 ____D C:\Users\shady
2016-08-09 23:32 - 2016-08-09 23:32 - 00000020 ___SH C:\Users\shady\ntuser.ini
2016-08-09 12:33 - 2016-08-17 17:21 - 00000037 _____ C:\Users\Tygan\Desktop\STARBOUND.txt
2016-08-08 18:06 - 2016-08-22 12:59 - 00000000 ____D C:\Users\Tygan\Desktop\Compressed Data
2016-08-08 16:41 - 2016-08-08 16:41 - 00000335 _____ C:\Users\Tygan\Desktop\Computer.lnk
2016-08-08 16:27 - 2016-08-19 13:54 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\PhotoScape
2016-08-08 16:26 - 2016-08-19 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2016-08-08 16:26 - 2016-08-08 16:27 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2016-08-08 16:26 - 2016-08-08 16:26 - 00001100 _____ C:\Users\Tygan\Desktop\PhotoScape.lnk
2016-08-08 16:23 - 2016-08-19 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-08 16:23 - 2016-08-19 13:50 - 00000000 ____D C:\Program Files\VS Revo Group
2016-08-08 16:23 - 2016-08-08 16:23 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-08-08 16:08 - 2016-08-08 16:08 - 00000000 ____D C:\ProgramData\H&M System Software
2016-08-07 01:00 - 2016-08-07 01:01 - 38494576 _____ (Apple Inc.) C:\Users\Tygan\Documents\SafariSetup-5.1.7.exe
2016-08-04 15:50 - 2016-08-04 15:51 - 02668480 _____ (Resplendence Software Projects Sp. ) C:\Users\Tygan\Documents\whocrashedSetup.exe
2016-08-04 02:21 - 2016-08-19 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-04 02:21 - 2016-08-04 02:21 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2016-08-04 02:21 - 2016-08-04 02:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-04 02:19 - 2016-08-04 02:19 - 01463424 _____ (Skype Technologies S.A.) C:\Users\Tygan\Documents\SkypeSetup.exe
2016-08-04 01:17 - 2016-08-04 01:17 - 00001213 _____ C:\Users\Tygan\Desktop\Grand Theft Auto San Andreas.lnk
2016-08-03 19:45 - 2016-08-22 11:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-03 19:45 - 2016-08-19 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-03 19:45 - 2016-08-03 19:45 - 00001032 _____ C:\Users\Public\Desktop\Steam.lnk
2016-08-03 19:06 - 2016-08-19 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2016-08-03 19:06 - 2016-08-03 19:06 - 00001255 _____ C:\Users\Tygan\Desktop\CrystalDiskInfo.lnk
2016-08-03 19:06 - 2016-08-03 19:06 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2016-08-03 17:55 - 2016-08-03 17:38 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-03 17:52 - 2016-08-03 17:52 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-03 17:52 - 2016-08-03 17:52 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-03 17:52 - 2016-08-03 17:52 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-03 17:52 - 2016-08-03 17:52 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-03 17:52 - 2016-08-03 17:52 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-03 17:52 - 2016-08-03 17:52 - 00000000 ____D C:\Program Files\CMAK
2016-08-03 17:52 - 2016-08-03 17:52 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-08-03 17:50 - 2016-07-15 20:29 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2016-08-03 17:50 - 2016-07-15 20:29 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2016-08-03 17:50 - 2016-07-15 20:14 - 06354944 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2016-08-03 17:50 - 2016-07-15 19:45 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2016-08-03 17:50 - 2016-07-15 19:29 - 05489664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2016-08-03 17:42 - 2016-08-03 17:42 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-03 17:38 - 2016-08-03 19:02 - 00000000 ____D C:\Users\Tygan\AppData\Local\ConnectedDevicesPlatform
2016-08-03 17:38 - 2016-08-03 17:38 - 00000020 ___SH C:\Users\Tygan\ntuser.ini
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2016-08-03 17:37 - 2016-08-03 17:37 - 00000000 ____D C:\ProgramData\USOShared
2016-08-03 17:34 - 2016-08-03 17:36 - 00015243 _____ C:\WINDOWS\diagwrn.xml
2016-08-03 17:34 - 2016-08-03 17:36 - 00015243 _____ C:\WINDOWS\diagerr.xml
2016-08-03 17:33 - 2016-08-03 17:33 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-03 17:33 - 2016-08-03 16:57 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-03 17:29 - 2016-08-22 11:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-03 17:29 - 2016-08-19 18:47 - 00002454 _____ C:\WINDOWS\System32\Tasks\{8E2B0D8E-A7C2-41AB-A0CC-6F1051CCC161}
2016-08-03 17:29 - 2016-08-19 18:47 - 00002272 _____ C:\WINDOWS\System32\Tasks\{197B8FA4-1324-4E58-977E-3387813919D4}
2016-08-03 17:29 - 2016-08-19 18:47 - 00002242 _____ C:\WINDOWS\System32\Tasks\{D5006F34-817C-4DE0-877C-FFF62AEC3502}
2016-08-03 17:29 - 2016-08-19 18:47 - 00002238 _____ C:\WINDOWS\System32\Tasks\{9C213DAE-C246-4484-90F4-704E34947FA1}
2016-08-03 17:29 - 2016-08-03 17:29 - 00003550 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2016-08-03 17:29 - 2016-08-03 17:29 - 00003312 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0AB5F16D-2A55-4AC5-B647-F4960534A94A}
2016-08-03 17:29 - 2016-08-03 17:29 - 00003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A3A3CAB4-91B6-4CA4-B275-7159135E0FFF}
2016-08-03 17:29 - 2016-08-03 17:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-08-03 17:29 - 2015-04-11 21:21 - 00003188 _____ C:\WINDOWS\System32\Tasks\{1A673BBD-E760-48DE-8182-982ABA1E0CD0}
2016-08-03 17:29 - 2015-04-03 20:22 - 00003268 _____ C:\WINDOWS\System32\Tasks\{A1C0E21F-C04B-4D7F-A3C7-F4A887B38845}
2016-08-03 17:29 - 2015-03-29 13:25 - 00003192 _____ C:\WINDOWS\System32\Tasks\{104B9CA5-EF7D-4A10-ADB6-70F6F3EB62CE}
2016-08-03 17:29 - 2015-01-17 17:03 - 00003134 _____ C:\WINDOWS\System32\Tasks\{A4058700-9B97-4117-8851-8B6C3C211F42}
2016-08-03 17:28 - 2016-08-03 17:29 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-03 17:28 - 2016-08-03 17:29 - 00003438 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-03 17:28 - 2016-08-03 17:29 - 00002586 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-08-03 17:28 - 2016-08-03 17:29 - 00002210 _____ C:\WINDOWS\System32\Tasks\Core Temp Autostart Tygan
2016-08-03 17:28 - 2016-08-03 17:28 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-08-03 17:28 - 2016-08-03 17:28 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-08-03 17:28 - 2016-08-03 17:28 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-08-03 17:28 - 2016-08-03 17:28 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-08-03 17:28 - 2016-08-03 17:28 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-03 17:28 - 2016-08-03 17:28 - 00000000 ____D C:\Program Files\MSBuild
2016-08-03 17:28 - 2016-08-03 17:28 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-03 17:28 - 2016-08-03 17:28 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-03 17:28 - 2016-08-03 17:28 - 00000000 ____D C:\inetpub
2016-08-03 17:28 - 2015-01-28 13:12 - 00003252 _____ C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-624198674-977653023-2037852723-1003
2016-08-03 17:28 - 2014-01-23 22:36 - 00003540 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2016-08-03 17:27 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-03 17:27 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-03 17:27 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-03 17:27 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-03 17:27 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-03 17:27 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-03 17:17 - 2016-08-03 17:17 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-03 17:17 - 2016-08-03 17:17 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-08-03 17:17 - 2016-08-03 17:17 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-08-03 17:11 - 2016-08-03 17:20 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-03 17:11 - 2016-08-03 17:11 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-08-03 17:08 - 2016-08-22 11:28 - 00000000 ____D C:\Users\Tygan
2016-08-03 17:08 - 2016-08-19 13:55 - 00000000 ____D C:\Users\DefaultAppPool
2016-08-03 17:08 - 2016-08-19 13:55 - 00000000 ____D C:\Users\Administrator
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\Vorlagen
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\Startmenü
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\Netzwerkumgebung
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\Lokale Einstellungen
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\Eigene Dateien
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\Druckumgebung
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\Documents\Eigene Videos
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\Documents\Eigene Musik
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\Documents\Eigene Bilder
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\AppData\Local\Verlauf
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\AppData\Local\Anwendungsdaten
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Tygan\Anwendungsdaten
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\Vorlagen
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\Startmenü
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\Netzwerkumgebung
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\Lokale Einstellungen
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\Eigene Dateien
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\Druckumgebung
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Videos
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Musik
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Bilder
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Verlauf
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\DefaultAppPool\Anwendungsdaten
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Videos
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2016-08-03 17:08 - 2016-08-03 17:08 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2016-08-03 17:05 - 2016-08-19 16:13 - 01931836 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-08-03 17:05 - 2016-08-19 13:03 - 01910734 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-03 17:02 - 2016-08-03 17:02 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-03 17:02 - 2016-08-03 17:02 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-08-03 17:02 - 2016-08-03 17:02 - 00000000 ____D C:\Program Files\Realtek
2016-08-03 17:02 - 2016-08-03 17:02 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-08-03 17:00 - 2016-07-16 13:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-03 16:57 - 2016-08-22 01:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-03 16:56 - 2016-08-21 18:26 - 00634688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-03 01:25 - 2016-08-03 01:25 - 00000470 _____ C:\Users\Tygan\Documents\listen-dsl.asx
2016-08-02 19:25 - 2016-08-19 13:32 - 00000000 ____D C:\Users\Tygan\Documents\windows-10-product-key-viewer-1-5-1
2016-08-02 19:25 - 2016-08-02 19:25 - 00062019 _____ C:\Users\Tygan\Documents\windows-10-product-key-viewer-1-5-1.zip
2016-08-02 18:39 - 2016-08-02 19:06 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Wireshark
2016-08-02 18:20 - 2016-08-19 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-08-02 18:20 - 2016-08-02 18:20 - 00001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-08-02 18:20 - 2016-08-02 18:20 - 00001569 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-08-02 18:20 - 2016-08-02 18:20 - 00000000 ____D C:\Program Files\Wireshark
2016-08-02 18:20 - 2016-08-02 18:20 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-08-02 02:26 - 2016-08-02 02:26 - 00001900 _____ C:\Users\Tygan\Documents\Google Drive.lnk
2016-08-02 02:22 - 2016-08-02 02:23 - 00987728 _____ (Google Inc.) C:\Users\Tygan\Documents\googledrivesync.exe
2016-08-02 02:19 - 2016-08-02 02:20 - 528482304 _____ C:\Users\Tygan\Desktop\random stuff
2016-08-02 00:57 - 2016-08-02 00:59 - 33556567 _____ C:\Users\Tygan\Documents\Don Omar - Virtual Diva.mp4
2016-08-02 00:42 - 2016-08-02 00:54 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\VeraCrypt
2016-08-02 00:41 - 2016-08-19 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2016-08-02 00:41 - 2016-08-02 00:41 - 00198248 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys
2016-08-02 00:41 - 2016-08-02 00:41 - 00000888 _____ C:\Users\Tygan\Documents\VeraCrypt.lnk
2016-08-02 00:41 - 2016-08-02 00:41 - 00000000 ____D C:\Program Files\VeraCrypt
2016-08-02 00:39 - 2016-08-02 00:41 - 13954552 _____ (IDRIX) C:\Users\Tygan\Documents\veracrypt_setup_1.17.exe
2016-08-02 00:36 - 2016-08-02 00:37 - 00000000 ____D C:\Users\Tygan\Documents\Camera
2016-08-01 21:35 - 2016-08-01 21:36 - 05466520 _____ C:\Users\Tygan\Documents\AcronisTrueImage2016_web.exe
2016-08-01 21:33 - 2016-08-19 13:55 - 00000000 ____D C:\Users\Tygan\Documents\Whatsapp_Xtract_V2.2_2012-11-17
2016-08-01 21:32 - 2016-08-01 21:32 - 01876725 _____ C:\Users\Tygan\Documents\Whatsapp_Xtract_V2.2_2012-11-17.zip
2016-08-01 21:31 - 2016-08-01 21:28 - 00086458 _____ C:\Users\Tygan\Documents\wallpaper.bkup
2016-08-01 19:38 - 2016-08-01 19:38 - 01102663 _____ C:\Users\Tygan\Documents\AESCrypt_v310_x64.zip
2016-08-01 02:23 - 2016-08-01 03:02 - 1531445248 _____ C:\Users\Tygan\Documents\ubuntu-16.04.1-desktop-i386.iso
2016-08-01 01:30 - 2016-08-01 02:18 - 1513308160 _____ C:\Users\Tygan\Documents\ubuntu-16.04.1-desktop-amd64.iso
2016-07-30 20:52 - 2016-08-19 13:54 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Audacity
2016-07-30 20:52 - 2016-07-30 20:52 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-07-30 20:52 - 2016-07-30 20:52 - 00001076 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-07-30 20:52 - 2016-07-30 20:52 - 00000000 ____D C:\Users\Tygan\AppData\Local\Audacity
2016-07-30 20:52 - 2016-07-30 20:52 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-07-30 20:50 - 2016-07-30 20:51 - 26496761 _____ (Audacity Team ) C:\Users\Tygan\Downloads\audacity-win-2.1.2.exe
2016-07-30 20:42 - 2016-07-30 20:43 - 37941248 _____ C:\Users\Tygan\Downloads\install_virtualdj_pc_v8.2.3324.msi
2016-07-30 00:39 - 2016-07-30 00:43 - 00450560 _____ (Tiger-IT.de) C:\Users\Tygan\Desktop\xp-AntiSpy-beta.exe
2016-07-29 16:52 - 2016-07-29 16:58 - 47611856 _____ (Wireshark development team) C:\Users\Tygan\Downloads\Wireshark-win64-2.0.5.exe
2016-07-29 16:28 - 2016-08-19 13:54 - 00000000 ____D C:\Users\Tygan\AppData\Local\WhatsApp
2016-07-29 16:28 - 2016-08-19 13:31 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\WhatsApp
2016-07-29 16:28 - 2016-07-30 00:12 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2016-07-26 22:59 - 2016-07-26 23:32 - 2216096549 _____ C:\Users\Tygan\Documents\Windows 7 Professional 32-bit.7z
2016-07-25 18:12 - 2016-07-26 15:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-07-25 16:05 - 2016-07-25 16:05 - 00000000 ____D C:\Users\Tygan\AppData\Local\TeamViewer
2016-07-25 15:47 - 2016-07-25 15:47 - 00000000 ____D C:\Users\Tygan\AppData\Local\CrashRpt
2016-07-25 15:39 - 2016-08-13 13:43 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-07-25 15:39 - 2016-08-13 13:43 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-07-25 15:39 - 2016-08-13 13:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-07-24 00:54 - 2016-07-25 19:54 - 00023119 _____ C:\Users\Tygan\Documents\Inhaltsverzeichnis Users Tygan Erinnerungen (Old).ods
2016-07-23 18:14 - 2016-07-23 20:39 - 00001679 _____ C:\Users\Tygan\Desktop\LibreOffice 5.1.lnk
2016-07-23 18:13 - 2016-08-19 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
2016-07-23 18:12 - 2016-07-23 18:13 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2016-07-23 18:08 - 2016-07-23 18:08 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-23 18:08 - 2016-07-23 18:08 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-23 18:08 - 2016-07-23 18:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-22 13:05 - 2016-07-14 14:55 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\NetSpeedMonitor
2016-08-22 13:02 - 2016-04-04 23:35 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Skype
2016-08-22 11:21 - 2016-07-22 12:30 - 00000000 ____D C:\ProgramData\VMware
2016-08-22 11:21 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-22 11:20 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-08-21 21:41 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-21 21:40 - 2016-06-23 14:31 - 00263296 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2016-08-21 17:03 - 2016-07-16 13:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-21 16:53 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-21 16:17 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-21 14:09 - 2016-04-17 19:45 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\VMware
2016-08-21 14:09 - 2016-04-17 19:45 - 00000000 ____D C:\Users\Tygan\AppData\Local\VMware
2016-08-21 01:18 - 2016-04-04 22:47 - 00000000 ____D C:\Users\Tygan\AppData\Local\Packages
2016-08-20 01:25 - 2016-07-05 22:02 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\KeePass
2016-08-19 18:16 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-19 18:09 - 2015-07-29 18:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-19 16:13 - 2016-07-17 00:51 - 00685066 _____ C:\WINDOWS\system32\perfh007.dat
2016-08-19 16:13 - 2016-07-17 00:51 - 00155106 _____ C:\WINDOWS\system32\perfc007.dat
2016-08-19 13:56 - 2016-01-22 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-19 13:56 - 2015-07-02 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-19 13:55 - 2016-07-22 15:21 - 00000000 ____D C:\Users\Tygan\Documents\Windows 7
2016-08-19 13:55 - 2016-07-20 19:10 - 00000000 ____D C:\Users\Tygan\Documents\Tor Browser
2016-08-19 13:55 - 2016-07-16 13:47 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-19 13:55 - 2016-05-31 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2015
2016-08-19 13:55 - 2015-05-30 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2016-08-19 13:55 - 2014-12-02 19:36 - 00000000 ____D C:\WINDOWS\pss
2016-08-19 13:54 - 2016-07-14 17:49 - 00000000 ____D C:\Users\Tygan\AppData\Local\Stardock
2016-08-19 13:54 - 2016-07-05 21:57 - 00000000 ____D C:\Users\Tygan\AppData\Local\PasswordSafe
2016-08-19 13:54 - 2016-06-12 14:03 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Factorio
2016-08-19 13:54 - 2016-05-31 13:22 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Buhl Data Service
2016-08-19 13:54 - 2016-05-29 23:25 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Codemasters
2016-08-19 13:54 - 2016-04-18 16:49 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Thunderbird
2016-08-19 13:54 - 2016-04-16 17:34 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\vlc
2016-08-19 13:54 - 2016-04-05 14:15 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\puush
2016-08-19 13:54 - 2016-04-04 22:47 - 00000000 ____D C:\Users\Tygan\AppData\Local\VirtualStore
2016-08-19 13:54 - 2016-01-30 20:49 - 00000000 __RDC C:\Users\Tygan\Documents\MAGIX
2016-08-19 13:52 - 2016-06-22 19:50 - 00000000 ____D C:\Users\Tygan\AppData\Local\Downloaded Installations
2016-08-19 13:50 - 2016-06-22 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2016-08-19 13:50 - 2016-04-17 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2016-08-19 13:50 - 2016-04-05 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-08-19 13:50 - 2016-01-30 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2016-08-19 13:50 - 2014-11-03 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100M Genie
2016-08-19 13:33 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
2016-08-19 13:32 - 2016-06-26 23:34 - 00000000 ____D C:\Users\Tygan\Documents\Factorio.v0.12.3
2016-08-19 13:32 - 2016-05-29 10:58 - 00000000 ____D C:\Users\Tygan\Downloads\Grand Theft Auto San Andreas.part06
2016-08-19 13:32 - 2015-06-10 15:31 - 00000000 ___DC C:\Users\Tygan\Documents\My Games
2016-08-19 13:31 - 2016-06-25 23:13 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\MAGIX
2016-08-19 13:31 - 2016-06-25 22:41 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\discord
2016-08-19 13:31 - 2016-04-20 13:03 - 00000000 ____D C:\Users\Tygan\AppData\LocalLow\Sun
2016-08-19 13:31 - 2016-04-09 13:47 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\LibreOffice
2016-08-19 13:31 - 2016-04-07 23:34 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Mozilla
2016-08-19 13:31 - 2016-04-04 23:57 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\.minecraft
2016-08-19 13:31 - 2016-04-04 22:47 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Adobe
2016-08-19 13:31 - 2016-04-04 22:47 - 00000000 ____D C:\Users\Tygan\AppData\Local\TileDataLayer
2016-08-19 13:29 - 2016-04-07 23:34 - 00000000 ____D C:\Users\Tygan\AppData\Local\Mozilla
2016-08-19 13:28 - 2016-07-07 18:34 - 00000000 ____D C:\Users\Tygan\AppData\Local\MAGIX
2016-08-19 13:28 - 2016-06-22 19:52 - 00000000 ____D C:\Users\Tygan\AppData\Local\Machinecode_Technologies
2016-08-19 13:28 - 2016-04-04 23:33 - 00000000 ____D C:\Users\Tygan\AppData\Local\CEF
2016-08-19 13:28 - 2016-04-04 22:47 - 00000000 ____D C:\Users\Tygan\AppData\Local\Google
2016-08-19 13:27 - 2015-11-19 16:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-08-19 13:26 - 2016-07-22 12:30 - 00000000 ____D C:\Program Files (x86)\VMware
2016-08-19 13:26 - 2015-09-22 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-08-19 13:16 - 2015-01-24 16:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-17 22:25 - 2015-11-19 17:02 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-08-15 10:21 - 2016-04-17 15:46 - 00000000 ____D C:\Program Files\Core Temp
2016-08-13 21:21 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-12 16:19 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 22:17 - 2016-07-08 14:00 - 00000000 ____D C:\Users\Tygan\AppData\LocalLow\Temp
2016-08-11 22:12 - 2016-07-05 21:57 - 00000000 ____D C:\Users\Tygan\Documents\My Safes
2016-08-11 02:13 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 02:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-11 02:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-11 02:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-11 02:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-11 02:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-11 02:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-11 02:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-11 02:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-10 20:40 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 20:35 - 2014-01-23 20:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 20:20 - 2014-01-23 20:41 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 22:55 - 2016-01-23 00:25 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 22:55 - 2016-01-23 00:25 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-05 15:33 - 2016-04-04 23:51 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-08-04 19:06 - 2016-01-22 15:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-04 03:01 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-04 02:22 - 2015-04-07 11:25 - 00000000 ____D C:\ProgramData\Skype
2016-08-03 19:09 - 2016-01-23 00:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-03 18:54 - 2016-04-24 20:02 - 00000000 ____D C:\Users\Tygan\AppData\Local\Unity
2016-08-03 17:55 - 2016-07-16 13:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-03 17:49 - 2016-07-17 00:56 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-08-03 17:49 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-08-03 17:49 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\IME
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-03 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-03 17:49 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\servicing
2016-08-03 17:49 - 2016-04-04 22:53 - 00002428 _____ C:\Users\Tygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-03 17:43 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-08-03 17:43 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-08-03 17:43 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-08-03 17:43 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-08-03 17:43 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-08-03 17:43 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-08-03 17:43 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-08-03 17:43 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-08-03 17:43 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-08-03 17:37 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-03 17:37 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows NT
2016-08-03 17:37 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-03 17:34 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-03 17:34 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-03 17:29 - 2015-07-29 18:19 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-03 17:28 - 2016-07-16 13:47 - 00000000 __RSD C:\WINDOWS\Media
2016-08-03 17:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-08-03 17:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-08-03 17:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-08-03 17:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-08-03 17:28 - 2016-07-16 13:44 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-08-03 17:28 - 2016-07-16 13:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-08-03 17:28 - 2016-07-16 13:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-08-03 17:28 - 2016-07-16 13:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-08-03 17:28 - 2016-07-16 13:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-08-03 17:28 - 2016-07-16 13:44 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-08-03 17:28 - 2016-07-16 13:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-08-03 17:28 - 2016-07-16 13:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-08-03 17:28 - 2016-07-16 13:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-08-03 17:28 - 2016-07-16 13:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-08-03 17:28 - 2016-07-16 13:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-08-03 17:28 - 2016-07-16 13:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-08-03 17:28 - 2016-07-16 13:43 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2016-08-03 17:27 - 2016-07-16 13:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-03 17:27 - 2016-07-16 13:44 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-08-03 17:27 - 2016-07-16 13:44 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-08-03 17:27 - 2016-07-16 13:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-08-03 17:27 - 2016-07-16 13:44 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-08-03 17:27 - 2016-07-16 13:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-08-03 17:27 - 2016-07-16 13:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-08-03 17:27 - 2016-07-16 13:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-08-03 17:27 - 2016-07-16 13:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-08-03 17:27 - 2016-07-16 13:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-08-03 17:27 - 2016-07-16 13:44 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2016-08-03 17:27 - 2016-07-16 13:44 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-08-03 17:27 - 2016-07-16 13:43 - 01414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-08-03 17:27 - 2016-07-16 13:43 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-08-03 17:27 - 2016-07-16 13:43 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-08-03 17:27 - 2016-07-16 13:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-08-03 17:27 - 2016-07-16 13:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-08-03 17:27 - 2016-07-16 13:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-08-03 17:27 - 2016-07-16 13:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-08-03 17:27 - 2016-07-16 13:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-08-03 17:27 - 2016-07-16 13:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-08-03 17:27 - 2016-07-16 13:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-08-03 17:27 - 2016-07-16 13:43 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-08-03 17:27 - 2016-07-16 13:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-08-03 17:27 - 2016-07-16 13:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-08-03 17:20 - 2015-10-27 02:05 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-03 17:17 - 2015-10-30 08:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-03 17:13 - 2016-07-17 00:50 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-08-03 17:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-03 17:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-08-03 17:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-08-03 17:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-03 17:13 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-08-03 17:13 - 2015-02-22 00:13 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2016-08-03 17:12 - 2014-11-22 16:04 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-08-03 17:11 - 2016-07-17 00:52 - 00000000 ____D C:\WINDOWS\OCR
2016-08-03 17:11 - 2016-07-16 13:47 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-08-03 17:11 - 2016-07-16 13:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-08-03 17:11 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-08-03 17:11 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\schemas
2016-08-03 17:11 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Resources
2016-08-03 17:11 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-03 17:11 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-03 17:11 - 2015-09-01 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net
2016-08-03 17:11 - 2011-04-12 09:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-08-03 17:05 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-03 17:02 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-03 17:02 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-03 16:06 - 2016-07-02 03:06 - 00211638 _____ C:\WINDOWS\ntbtlog.txt
2016-08-03 15:53 - 2016-01-23 00:23 - 00001150 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-03 14:23 - 2016-05-18 23:11 - 00000000 ____D C:\Users\Tygan\AppData\Local\CrashDumps
2016-08-03 14:08 - 2016-01-23 00:23 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-02 19:54 - 2016-04-30 20:14 - 00000000 ___DC C:\Users\Tygan\Documents\stuff
2016-08-01 11:38 - 2016-07-22 12:35 - 00000000 ____D C:\Users\Tygan\Documents\Virtual Machines
2016-07-31 14:43 - 1970-01-01 02:00 - 00000000 ____D C:\Users\Tygan\Documents\WhatsApp
2016-07-30 22:46 - 2015-10-31 03:56 - 00000000 ____D C:\Program Files\Sandboxie
2016-07-30 22:45 - 2015-08-16 13:10 - 00000000 ____D C:\Program Files (x86)\Fraps
2016-07-29 16:28 - 2016-06-25 22:40 - 00000000 ____D C:\Users\Tygan\AppData\Local\SquirrelTemp
2016-07-28 23:02 - 2014-11-05 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-27 21:25 - 2010-11-21 05:27 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-26 23:18 - 2016-01-20 13:47 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-07-26 16:35 - 2016-04-08 12:42 - 00000000 ___DC C:\Users\Tygan\Documents\GTA Vice City User Files
2016-07-26 11:29 - 2016-07-13 19:08 - 00000000 ____D C:\Users\Tygan\AppData\Local\Ubisoft Game Launcher
2016-07-25 14:50 - 2015-11-19 17:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-25 13:54 - 2016-01-22 15:31 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-08-22 12:14 - 2016-08-22 12:30 - 4749395 _____ () C:\Users\Tygan\AppData\Roaming\wallpapers.exe
2016-07-17 23:18 - 2016-07-17 23:18 - 0007656 _____ () C:\Users\Tygan\AppData\Local\Resmon.ResmonCfg

Einige Dateien in TEMP:
====================
C:\Users\Tygan\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-21 20:01

==================== Ende von FRST.txt ============================
Addition kann ich nachreichen, sobald jemand geantwortet hat

cosinus 22.08.2016 12:18
Datei bei Virustotal auswerten und Link der Auswertung posten.

Ladekabel612 22.08.2016 12:20
Hier:
https://www.virustotal.com/de/file/c...is/1471864715/

& einmal noch der letzte log:

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
durchgeführt von Tygan (22-08-2016 13:06:03)
Gestartet von C:\Users\Tygan\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-03 15:38:07)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-624198674-977653023-2037852723-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-624198674-977653023-2037852723-503 - Limited - Disabled)
Gast (S-1-5-21-624198674-977653023-2037852723-501 - Limited - Disabled)
shady (S-1-5-21-624198674-977653023-2037852723-1025 - Limited - Enabled) => C:\Users\shady
Tygan (S-1-5-21-624198674-977653023-2037852723-1021 - Administrator - Enabled) => C:\Users\Tygan

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET NOD32 Antivirus 9.0.402.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.402.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7art Fluorescent Clock © 7art-screensavers.com (HKLM-x32\...\7art Fluorescent Clock Screensaver_is1) (Version: 3.1 - 7art-screensavers.com)
7art Radiating Clock © 7art-screensavers.com (HKLM-x32\...\7art Radiating Clock Screensaver_is1) (Version: 3.1 - 7art-screensavers.com)
7art-ScreenSavers-Manager © 7art-screensavers.com (HKLM-x32\...\7art-ScreenSavers-Manager_is1) (Version: 4 - 7art-screensavers.com SoftWare Development Studio)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{7E33E883-0D17-4397-A461-B576605E34B1}) (Version: 12.1.6.156 - Adobe Systems, Inc)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
Core Temp 1.2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.2 - Alcpu)
CrystalDiskInfo 6.8.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.8.2 - Crystal Dew World)
ESET NOD32 Antivirus (HKLM\...\{6A816859-EC01-43F5-9EE2-B3B168CC52CB}) (Version: 9.0.386.1 - ESET, spol. s r.o.)
Factorio version 0.13.6 (HKLM\...\Factorio_is1) (Version:  - )
Fallout Shelter (HKLM-x32\...\Fallout Shelter) (Version:  - Bethesda Softworks)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gpg4win (2.3.1) (HKLM-x32\...\GPG4Win) (Version: 2.3.1 - The Gpg4win Project)
Grand Theft Auto III (HKLM-x32\...\Steam App 12100) (Version:  - Rockstar Games)
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version:  - Rockstar Games)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
LibreOffice 5.1.4.2 (HKLM-x32\...\{D5D4AC5C-C757-4EB2-857C-B021DB22482C}) (Version: 5.1.4.2 - The Document Foundation)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\MX.{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH)
MAGIX Movie Edit Pro 2016 Premium (Version: 15.0.0.73 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (Version: 15.0.0.77 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7070.2033 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Minecraft1.6.2 (HKLM-x32\...\Minecraft1.6.2) (Version:  - )
Mozilla Firefox 47.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR WNA3100M N300 Wireless USB Adapter (HKLM-x32\...\{D3580358-0F78-402A-BE53-2E9D06383E04}) (Version: 1.2.0.6 - NETGEAR)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Sid Meier's Civilization IV (HKLM\...\Steam App 3900) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Beyond the Sword (HKLM\...\Steam App 8800) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Colonization (HKLM\...\Steam App 16810) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Warlords (HKLM\...\Steam App 3990) (Version:  - Firaxis Games)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steuer 2015 (HKLM-x32\...\{E262CD3B-8825-4D56-AEF1-5E127F2FBB05}) (Version: 23.00.1146 - Buhl Data Service GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.17 - IDRIX)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{F4C0A853-FA3B-4404-954B-799299EB5A98}) (Version: 12.1.1 - VMware, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.5 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0307F6A9-6CAC-4B85-890E-096D42F62610} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-25] (Microsoft Corporation)
Task: {077D9730-A325-418A-A370-8FDB2AB69740} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-23] (Google Inc.)
Task: {0925C293-A417-4212-97B6-79AA19FA7961} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {0B75604B-9502-4A48-ADE3-1237E2FBF078} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {0CD77EEF-77A1-4F93-BB9B-E9200CE7EDD2} - System32\Tasks\{D5006F34-817C-4DE0-877C-FFF62AEC3502} => pcalua.exe -a D:\AUTORUN.EXE -d D:\
Task: {15D635DD-27BD-4CBB-8FF7-667CA955FEB0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {1E24BA0C-A9C7-4EB3-B9FC-80BA2F51F025} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2010C5A7-AB3A-49B1-9C74-87670E1563B1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {28F380A0-0DF8-4D51-B386-871F732C952C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2AC1ADE9-DD33-422E-A1CB-A893D6A0AC4D} - System32\Tasks\{9C213DAE-C246-4484-90F4-704E34947FA1} => pcalua.exe -a D:\setup.exe -d D:\
Task: {34150056-E698-4C15-A124-37E8DE1AC7C7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {375C62B9-DC02-4C79-A808-BF1CA0368844} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {40237349-3DDE-4B82-8440-23FA248D5599} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5403244C-E898-4F08-895E-F3CA03F79136} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5653A8BA-5766-4972-AFE4-6AF986F39A5A} - System32\Tasks\{A1C0E21F-C04B-4D7F-A3C7-F4A887B38845} => pcalua.exe -a "C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe" -d "C:\Program Files (x86)\ESET\ESET Online Scanner"
Task: {565763B7-74CD-4027-9408-72B0647956E7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {56F31CE6-6542-4ED2-AD8A-6B1BDE758A4B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {5804C292-C77C-4BA6-A77B-687BCA77E37D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {5ACFA180-BE93-4757-A600-57A61FE79EDC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {66666BC5-008A-46A1-96D6-285393AE992E} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMPMOJMMGMJJIMJMLJCNOJHMPMNJCNLMGMGMGMCNGMOMHMKMCNGMLMNMJJLMGMOJJMMMLJKJMMJNJICMIMCNGMCNOMNMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMNMHMJNHICMEKMICNJJCKJNBJCMDLKJCJPMLIHJJNKJCMJNNICMJNDJCMLJKJJNMJCMPMFMPMFMPMJNFI (Der Dateneintrag hat 29 mehr Zeichen).
Task: {6670D31E-C371-47EA-AEBC-DFCB51D7B4B5} - System32\Tasks\Sperrbildschirm => add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData /t REG_DWORD /v AllowLockScreen /d 0 /f
Task: {6B947FBC-CBFA-49C1-BE7A-76A0EEA3F402} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {79A51A49-477E-4F5F-8156-0AC3B0B6EE79} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {7D2FC676-CC2E-44B0-820F-C92183A172FF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8C74191A-5503-44AD-8270-915C52BBC428} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {90633838-3B10-43F0-BC61-5C8504498795} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {90AFBFCB-A5D9-4CA2-A58A-95CFFE3A4C90} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {92ED629F-603B-4D58-A644-04F7BB98D4C8} - System32\Tasks\Core Temp Autostart Tygan => C:\Program Files\Core Temp\Core Temp.exe [2016-08-13] ()
Task: {948C723C-F96E-4B20-A39A-9FBCBE0F5F2F} - System32\Tasks\avastBCLRestartS-1-5-21-624198674-977653023-2037852723-1003 => Firefox.exe
Task: {9958AC97-9AE4-4593-BC43-0FC982D5E833} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {9B052FB7-4425-490E-BC1E-4E7554AD627D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {9EEF6C19-6405-4416-B34E-A560701B7380} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {A03E5801-CB80-4C0C-A0E8-F73C97F59AEB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {A97FEBFA-8C43-4447-B21D-C6897DA374E4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {AA43015D-35A1-43C5-BE5E-A138B79B3AF1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B6E6AFBA-338C-44F1-B2A5-FBD198DEC00C} - System32\Tasks\{A4058700-9B97-4117-8851-8B6C3C211F42} => pcalua.exe -a C:\Users\Jendrik\Downloads\jxpiinstall.exe -d C:\Users\Jendrik\Downloads
Task: {B843C1FD-003D-4061-A05F-EBD550CBA762} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-21] (Microsoft Corporation)
Task: {B954A2A3-7EA5-47B8-93AB-136A508381A7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {BF62A763-E716-43FD-8FE9-0C5A5842EDF7} - System32\Tasks\{8E2B0D8E-A7C2-41AB-A0CC-6F1051CCC161} => pcalua.exe -a "C:\Program Files\Codemasters\OperationFlashpoint\OpFlashPreferences.exe" -d "C:\Program Files\Codemasters\OperationFlashpoint"
Task: {C525495D-FB5A-4963-BDEC-4C77CE448931} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {C9DE67D1-1BB8-4B1A-AA9D-E0B1199931F8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CBA0DA7C-9D08-4490-9AD7-B38E02C71747} - System32\Tasks\{197B8FA4-1324-4E58-977E-3387813919D4} => pcalua.exe -a D:\DirectX\dxsetup.exe -d D:\DirectX
Task: {CDE38717-7FCF-49E4-9B48-4D8930E458E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {DA80726F-9E08-4DF3-B961-7A8A7D20A5C6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {E7EAF163-3F7F-44D3-9B80-C8B5F93C8F28} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F1E4FF0B-03E2-4A42-BF69-17E5765E0C20} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F6A11EE2-0023-4595-8D9D-F2922462880E} - System32\Tasks\{1A673BBD-E760-48DE-8182-982ABA1E0CD0} => pcalua.exe -a C:\Users\Deus\Downloads\forge-1.8-11.14.1.1361-installer-win.exe -d C:\Users\Deus\Downloads
Task: {F822139D-31DE-425A-8B73-FAAC49C3E5D3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-25] (Microsoft Corporation)
Task: {F8D69DA4-D5C2-4E9D-930E-2906092F8638} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FB409A52-D98C-4458-BB8A-24EE89EF7A6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {FC13AE24-50AF-4150-830A-1BA18858E237} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {FE639A93-6D40-4961-AC31-1B45E9126512} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {FF4245B5-59A8-403F-B4E5-8A1D3FF865E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-23] (Google Inc.)
Task: {FFF8BFAC-4011-4218-BA7B-C5B42F2008CC} - System32\Tasks\{104B9CA5-EF7D-4A10-ADB6-70F6F3EB62CE} => pcalua.exe -a C:\Users\Deus\Downloads\VMware-workstation-full-11.1.0-2496824.exe -d C:\Users\Deus\Downloads

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Tygan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Lem0th - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-05 13:25 - 2016-04-05 13:25 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2014-11-03 19:48 - 2014-08-18 18:50 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-03 17:49 - 2016-08-03 17:49 - 00959168 _____ () C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-05-27 14:19 - 2016-05-27 14:19 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-04-17 15:46 - 2016-08-13 20:59 - 00924136 _____ () C:\Program Files\Core Temp\Core Temp.exe
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-10 19:25 - 2016-08-02 10:15 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-10 19:25 - 2016-08-02 10:01 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-10 19:26 - 2016-08-02 09:53 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-10 19:26 - 2016-08-02 09:53 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-10 19:26 - 2016-08-02 09:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-10 19:26 - 2016-08-02 09:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-13 11:16 - 2016-08-13 11:18 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-13 11:16 - 2016-08-13 11:18 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-13 11:16 - 2016-08-13 11:18 - 35290624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-08-13 11:16 - 2016-08-13 11:18 - 00108544 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2012-01-10 14:41 - 2015-05-30 18:26 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2015-02-11 20:57 - 2015-08-10 02:21 - 08276200 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
2016-08-06 11:12 - 2016-08-06 11:12 - 00016896 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.2.0.0_x86__wgeqdkkx372wm\Twitter.Windows.exe
2016-08-16 20:00 - 2016-08-16 20:02 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-16 20:00 - 2016-08-16 20:02 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 11:38 - 2016-06-03 11:39 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-04 19:25 - 2016-03-04 19:27 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-08-13 11:16 - 2016-08-13 11:18 - 00181760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\Microsoft.Skype.ImageTool.dll
2016-08-13 11:16 - 2016-08-13 11:18 - 00040960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\TraceProvider.dll
2016-07-20 10:45 - 2016-07-20 10:49 - 03893952 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\gfxim.dll
2016-07-17 01:00 - 2016-07-17 01:00 - 03790336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-07-17 01:00 - 2016-07-17 01:00 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-05 13:12 - 2016-04-05 13:12 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-04-05 13:01 - 2016-04-05 13:01 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-04-05 13:12 - 2016-04-05 13:12 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-04-05 13:15 - 2016-04-05 13:15 - 00750592 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2016-04-05 13:06 - 2016-04-05 13:06 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2014-11-03 19:48 - 2015-07-15 17:26 - 00450560 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiLib.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 01309768 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2016-08-03 17:45 - 2016-08-03 17:46 - 00679624 _____ () C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll
2015-02-11 20:58 - 2014-07-22 11:18 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvcLib.dll
2016-08-06 11:12 - 2016-08-06 11:12 - 14593536 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.2.0.0_x86__wgeqdkkx372wm\Twitter.Windows.dll
2016-08-03 19:49 - 2016-08-09 01:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-03 19:49 - 2015-07-02 00:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-03 19:49 - 2016-08-16 22:54 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-03 19:49 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-03 19:49 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-03 19:49 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-03 19:49 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-03 19:49 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-03 19:49 - 2015-07-02 00:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-03 19:49 - 2015-07-02 00:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-03 19:49 - 2016-08-16 22:54 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-03 19:49 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-08-03 19:49 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-08-03 19:49 - 2015-09-25 01:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-08-21 16:20 - 2016-08-21 16:25 - 03544768 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
2016-06-01 16:17 - 2016-06-01 16:17 - 00144832 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2016-06-01 16:19 - 2016-06-01 16:19 - 02632640 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2016-06-01 16:19 - 2016-06-01 16:19 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2016-06-01 16:19 - 2016-06-01 16:19 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2016-06-01 16:19 - 2016-06-01 16:19 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 01265600 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00078272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00127936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libhttp_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 01380288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00598976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00242624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00084928 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00034752 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00961472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00137152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 01308096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00024000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00337856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00728512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblive555_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00418240 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libgme_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00035264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libimage_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00029632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libpva_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libau_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00026048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00169920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libts_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00531392 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmod_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00047552 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libps_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00045504 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libty_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00060352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 00025536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll
2016-06-01 16:19 - 2016-06-01 16:19 - 14929344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2016-06-01 16:19 - 2016-06-01 16:19 - 00334784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2016-06-01 16:18 - 2016-06-01 16:18 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-02-24 15:53 - 00001095 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 choice.microsoft.com
127.0.0.1 Choice.microsoft.com.nstac.net
127.0.0.1 Df.telemetry.microsoft.com
127.0.0.1 Oca.telemetry.microsoft.com
127.0.0.1 Oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 Redir.metaservices.microsoft.com
127.0.0.1 Reports.wes.df.telemetry.microsoft.com
127.0.0.1 Services.wes.df.telemetry.microsoft.com
127.0.0.1 Settings-sandbox.data.microsoft.com
127.0.0.1 Sqm.df.telemetry.microsoft.com
127.0.0.1 Sqm.telemetry.microsoft.com
127.0.0.1 Sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 Telecommand.telemetry.microsoft.com
127.0.0.1 Telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 Telemetry.appex.bing.net
127.0.0.1 Telemetry.appex.bing.net:443
127.0.0.1 Telemetry.microsoft.com
127.0.0.1 Telemetry.urs.microsoft.com
127.0.0.1 Vortex-sandbox.data.microsoft.com
127.0.0.1 Vortex-win.data.microsoft.com
127.0.0.1 Vortex.data.microsoft.com
127.0.0.1 Watson.telemetry.microsoft.com
127.0.0.1 Watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 apps.skype.com
127.0.0.1 apps.spotify.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-624198674-977653023-2037852723-1021\Control Panel\Desktop\\Wallpaper -> c:\windows\resources\themes\deep 7\calm cyan.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MF NTFS Monitor => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F9A4E4554F4E7E4C46D94738AFC6CF13"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "SecureBanking"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "pCloud"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{E60AE206-2D55-4AE2-BE03-1329312FD0F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{378394AB-9822-4122-8E55-E3995F4CA54A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{777B1491-5F7F-41B3-88A0-E196B3EAFCC0}] => (Block) C:\Program Files\MAGIX\Movie Edit Pro 2016 Premium\Videodeluxe.exe
FirewallRules: [{D27C7C8E-1B14-45CA-B1D5-1CE4ECCE5D37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{A42BE9C8-851B-4EF6-AEEF-811D2922A9E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{88B80F2A-4D2D-4167-B2DB-274A064167AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{3D971F71-8933-43F4-ABF0-1D0FAFA5D112}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{AC68BEBD-FB95-4821-96F5-D051F3C7570F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe
FirewallRules: [{AB8027AA-30D9-418F-933C-E9C1E46F1131}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe
FirewallRules: [{5CA233AE-05C8-43E9-B286-450B6F760564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civilization IV Colonization\Colonization.exe
FirewallRules: [{50A6CFBE-9E49-42AC-9709-23D26F9C4577}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civilization IV Colonization\Colonization.exe
FirewallRules: [{3C38DAF4-FB24-44EF-878A-F4A6C9C03B8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{109A825B-BFD3-4938-AC47-369D022FF258}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{B44C3290-9BDF-4139-8560-92E46110C1C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio Demo\bin\x64\Factorio.exe
FirewallRules: [{BF63379B-841E-4B1F-BBA1-A06987AD092E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio Demo\bin\x64\Factorio.exe
FirewallRules: [UDP Query User{7FC55172-7B01-4F4C-8E97-01BD9B41FF9F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{C37E1485-FA69-404E-9B3C-CAB73BFD5045}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{1DB619F2-55EB-458A-A1F0-CC69931D7953}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{CF1861DC-4799-410C-8AE7-FB60D285C243}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{1B73E9FF-F469-4B8D-888C-CA465E90CCA3}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{816974BA-CA0A-4943-9878-2EC7BEE898A6}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{8CA8EC04-3441-45AD-9C88-62454794DE5E}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{1BE7434B-A126-4C66-AA5D-1AD1CD895E4E}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{26D9069E-74CF-4BB8-BB4E-B9A4F160A93B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{9EBF9B06-1E53-4968-8D45-64E7F5AB85D4}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{4AD96FA5-D0F1-4A80-B277-A8EC07B1095B}C:\program files\java\jre1.8.0_71\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\java.exe
FirewallRules: [TCP Query User{1C83C5A9-CB4A-4E20-8FA2-A55AD8A8AD85}C:\program files\java\jre1.8.0_71\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\java.exe
FirewallRules: [{E6972D16-0AC3-4BC9-B47C-514B7F426CB7}] => (Block) C:\Program Files\MAGIX\Movie Edit Pro 2016 Premium\Videodeluxe.exe
FirewallRules: [UDP Query User{1281CC9F-65AC-4C51-899F-6F497D4741B1}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [TCP Query User{A0D57D79-90D4-4328-A541-14045F7C2F3A}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [UDP Query User{87795A95-AC95-41A5-B44D-0FC8B98692F7}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{49D22B15-CEAC-4B61-B0DB-ADB5DD1DBD3B}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{460DAE00-1A73-4C21-88E5-DF8586370FE8}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{5E58BCBA-2A54-42BA-9272-F8FC180D0541}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{FEB90422-50BF-4BBC-9C67-1CA183385D2A}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{2E56E230-0344-4E6A-A98B-DB52242916A6}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{ABD9AFF4-0930-4994-A760-3A0541789D0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1070E7AE-683B-4575-AE32-64B778CEA047}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{CA1EF5BB-0368-4FDB-B4D7-A96D85334062}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [{F930D29C-5362-4EE2-99B9-D74E90CF26FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [UDP Query User{9AAF3CFF-DD7A-497A-BE2F-F9EFB4709A44}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{CBCA0539-E485-4FB4-BF53-DEB504D29C8C}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{C6C52E2C-A3B4-4AD8-AEB5-CC968831FC3E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{93D428DF-D9C1-4E3D-A833-119E7AD19B5F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E2BF7FA6-5490-4AD5-9649-9CEADB98B4C6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{59343DAA-AC50-4FC2-8130-AFAAD277F5B4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{F425035C-FBD1-4846-BDC4-AE2E1A8F6BD6}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{C5BED132-D2F1-4B49-8E1C-89BA784920F2}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{4A4247F5-9F6F-4FBE-AE9A-6856E2C09127}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8275ADA2-E5C4-49CD-8056-9491007BA7D8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{54B2336C-4F2A-4C84-8028-6A77EF4C8E56}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EC32C821-96C4-41F2-BD9A-609FEFA5B42F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{D204B75D-FE2F-452A-A067-DBA89935BD82}C:\users\l14d\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\l14d\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{902F54A4-0F65-4C67-91EA-EC5BFBEEE553}C:\users\l14d\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\l14d\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A24E337A-91EB-489C-82A0-4CA2CCEBA69D}C:\users\l14d\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\l14d\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FC5CEB87-E833-4592-8760-3780D7556624}C:\users\l14d\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\l14d\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9EBBE327-BE32-4380-9CBC-88C1AD733278}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [{6236CC6A-BAC1-4844-B52D-4F058E166D63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [TCP Query User{EE24100D-05F1-4FDC-B0FB-55A8BF1B4487}C:\users\johnny\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\johnny\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{98E01700-645C-4C9A-9952-5BF89CBCF7CB}C:\users\johnny\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\johnny\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4B8C2D2F-48DE-4603-A1B7-651D9094521E}C:\users\johnny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\johnny\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B808CC0C-4968-48F4-9BE7-084EF520E631}C:\users\johnny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\johnny\appdata\roaming\spotify\spotify.exe
FirewallRules: [{06645459-E8FE-460B-9788-FE0E7710DD9A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5CA20CBD-081E-4981-A26E-33A14D8B2915}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D36DDED9-4760-4729-B2B1-A6812CF288DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F6267FE2-ED3A-4E06-ADFD-CD4C95DBE5F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4A804150-E804-4605-8FB7-ACAAA75CC2E0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B290B587-F50F-4E1E-B8F7-9E9DA1A074B1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{3BB40C19-F2EA-4690-B6BB-367E7C2C263A}C:\users\tygan\desktop\utox64.exe] => (Allow) C:\users\tygan\desktop\utox64.exe
FirewallRules: [UDP Query User{AF48CB2B-A69C-4CF2-B462-881C4995E614}C:\users\tygan\desktop\utox64.exe] => (Allow) C:\users\tygan\desktop\utox64.exe
FirewallRules: [{CC5F2C28-7374-4AED-9D91-90C23E4FBB56}] => (Allow) %ProgramFiles% (x86)\Steam\Steam.exe
FirewallRules: [{3C26B0A2-E042-47DB-90D4-9F81BC82B2CC}] => (Allow) %ProgramFiles% (x86)\Mozilla Thunderbird\thunderbird.exe
FirewallRules: [{021008C2-F369-4EC7-A04F-B64627B642D6}] => (Allow) %ProgramFiles% (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E085D014-BFDF-4A7F-B1CE-A0F47ED4980D}] => (Allow) %ProgramFiles% (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0CFD36A9-C245-4D8B-BCE4-B97CFBC7E2E3}] => (Allow) %ProgramFiles% (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A42A4ACF-AFF2-4FE1-B6E7-01E1B0D51AD6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{FA3668CF-4DB9-442E-8FD0-BEA511AF5C28}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{10002992-5381-4F7E-A8E3-F9AC916948F0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{1A0E3CA8-C531-4491-9CC0-85423CB2DCB8}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{375B042F-D886-4DD7-9D1E-E7CA2667F0A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Wiederherstellungspunkte =========================

17-08-2016 13:15:34 Installed VMware Workstation
19-08-2016 16:07:59 Removed VMware Player

==================== Fehlerhafte Geräte im Gerätemanager =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2-Standardtastatur
Description: PS/2-Standardtastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/22/2016 12:49:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COMPUTER-128234)
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023673. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/22/2016 12:43:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 47.0.1.6018, Zeitstempel: 0x576c9637
Name des fehlerhaften Moduls: mozglue.dll, Version: 47.0.1.6018, Zeitstempel: 0x576c85ba
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000f02b
ID des fehlerhaften Prozesses: 0x227c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (08/21/2016 08:01:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COMPUTER-128234)
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/21/2016 08:01:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: COMPUTER-128234)
Description: Das Paket „Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (08/21/2016 04:57:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: COMPUTER-128234)
Description: Das Paket „Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (08/21/2016 01:36:08 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.

Error: (08/21/2016 01:19:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.51, Zeitstempel: 0x57a0516c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x670
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (08/20/2016 12:54:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (08/20/2016 12:54:30 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: ASP.NET_1.1.43228

Error: (08/19/2016 06:25:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COMPUTER-128234)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (08/22/2016 11:21:18 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/22/2016 11:21:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058 = Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (08/22/2016 11:21:07 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (08/22/2016 11:19:25 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/22/2016 01:19:46 AM) (Source: DCOM) (EventID: 10010) (User: COMPUTER-128234)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (08/22/2016 01:19:46 AM) (Source: DCOM) (EventID: 10010) (User: COMPUTER-128234)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (08/21/2016 06:27:25 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/21/2016 06:27:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058 = Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (08/21/2016 06:27:01 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (08/21/2016 05:02:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


CodeIntegrity:
===================================
  Date: 2016-08-16 19:43:08.880
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:43:08.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:43:08.600
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:43:08.472
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:41:57.720
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:41:57.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:41:57.144
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:41:56.389
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz
Prozentuale Nutzung des RAM: 72%
Installierter physikalischer RAM: 4094.18 MB
Verfügbarer physikalischer RAM: 1133.11 MB
Summe virtueller Speicher: 8190.18 MB
Verfügbarer virtueller Speicher: 4375.45 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:390.09 GB) (Free:245.1 GB) NTFS
Drive y: (Volume) (Fixed) (Total:75.14 GB) (Free:75.04 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 933BC6BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=75.1 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

cosinus 22.08.2016 12:25
das kommt von evil-shit.de :rofl:

Ladekabel612 22.08.2016 12:27
Und jetzt kannst du mir erklären was ,,evil-shit.de" sein soll? :)

cosinus 22.08.2016 12:32
Google bei dir kaputt? :blabla:

Ladekabel612 22.08.2016 22:17
Sorry, ja Google war kaputt :blabla:

Ne mal im ernst, habe mich darüber nun ein wenig Informiert, aber woher soll ich den an die Viren kommen ohne den entsprechenden Link auf das Verzeichnis wo die Teile drinne liegen sollen? :D

Habe die .exe jetzt einfach mal Manuell in die Quarantäne geschoben, insofern stellt die nun eigentlich auch keine Bedrohung mehr da. :zunge:


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131