DNS Unlocker gezogen WJAM auf dem Rechner

Kashkuul · 17.03.2016, 23:40

Guten Tag,
Vorgestern wollte ich ein Programm installieren dabei habe ich mir den sogenannten " DNS Unlocker" gezogen. Habe erfahren , dass es sich um ein Virus handelt. Ich glaube, dass ich ihn losgeworden bin aber in meiner Programmliste ist immer noch ein Programm namens "WJAM" diese kann ich mit Rechtsklick und Deinstallieren nicht löschen.

Habe versucht mit Avast, oder Anti Maleware das teil loszuwerden aber leider ohne Erfolg.
Wär schön , wenn mir jemand Helfen könnte ich habe leider nicht so viel Ahnung von der ganze Materie.

LG
Kashkuul

Edit: Ich habe mich verschrieben....das seltsame Programm heisst WAJAM

M-K-D-B · 18.03.2016, 07:11

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

"Wajam" ist ein Adware-Programm. Wir kümmern uns darum.
Hast du noch die Logdatei von MBAM? Wenn ja, bitte posten!!!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von MBAM mit den Funden,
die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

Kashkuul · 21.03.2016, 14:45

Hallo danke ,
sorry war bis gestern nicht zuhause. Habe die Nachricht eben erst gelesen.
Hoffe du hast noch zeit zu helfen. MFG

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von Agando (Administrator) auf CRISSDEE (21-03-2016 14:42:01)
Gestartet von C:\Users\Agando\Downloads
Geladene Profile: Agando & DefaultAppPool (Verfügbare Profile: Agando & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avast Software) D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\asww10mon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46331.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-06] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-18] (AVAST Software)
HKU\S-1-5-21-4051605010-858179373-924828543-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-17] (AVAST Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d4b64fcf-d39c-4384-989f-d42fc6cc67c9}: [DhcpNameServer] 192.168.2.1
ManualProxies: 

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-17] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-17] (AVAST Software)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)

FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\searchplugins\google-images.xml [2015-01-19]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\searchplugins\google-maps.xml [2015-01-19]
FF Extension: Cliqz - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\Extensions\cliqz@cliqz.com.xpi [2015-09-12] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKU\S-1-5-21-4051605010-858179373-924828543-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\extensions\cliqz@cliqz.com => nicht gefunden

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-17]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-17] (AVAST Software)
R3 AvastVBoxSvc; D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570120 2016-03-17] (Avast Software)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2015-01-01] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-12-28] (BitRaider, LLC)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
S2 MBAMService; D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-28] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-17] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-12-28] (BitRaider)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-17] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [154024 2016-03-17] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VBoxAswDrv; D:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2016-03-17] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-21 14:42 - 2016-03-21 14:42 - 00015319 _____ C:\Users\Agando\Downloads\FRST.txt
2016-03-21 14:41 - 2016-03-21 14:42 - 00000000 ____D C:\FRST
2016-03-21 14:41 - 2016-03-21 14:41 - 02374144 _____ (Farbar) C:\Users\Agando\Downloads\FRST64.exe
2016-03-21 14:34 - 2016-03-21 14:34 - 00016148 _____ C:\WINDOWS\system32\CRISSDEE_Agando_HistoryPrediction.bin
2016-03-21 14:34 - 2016-03-21 14:34 - 00000000 ____D C:\Users\Agando\AppData\Local\CrashDumps
2016-03-20 19:59 - 2016-03-20 19:59 - 00000000 ____D C:\WINDOWS\LastGood
2016-03-20 19:59 - 2016-01-12 05:40 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-03-20 19:59 - 2015-12-18 07:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-03-18 00:49 - 2016-03-18 00:49 - 00003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-03-18 00:49 - 2016-03-18 00:49 - 00000824 _____ C:\DelFix.txt
2016-03-18 00:49 - 2016-03-18 00:49 - 00000000 ____D C:\WINDOWS\ERUNT
2016-03-17 21:38 - 2016-03-17 21:38 - 00003040 _____ C:\WINDOWS\System32\Tasks\avast! Windows 10 Start Menu helper
2016-03-17 13:26 - 2016-03-17 13:26 - 00154024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2016-03-17 13:26 - 2016-03-17 13:25 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-03-17 13:25 - 2016-03-17 13:26 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-17 13:25 - 2016-03-17 13:25 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-03-17 13:25 - 2016-03-17 13:25 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-03-17 13:25 - 2016-03-17 13:25 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-03-17 13:25 - 2016-03-17 13:25 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-03-17 13:25 - 2016-03-17 13:25 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-03-17 13:25 - 2016-03-17 13:25 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-03-17 13:25 - 2016-03-17 13:25 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-03-17 13:25 - 2016-03-17 13:25 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-03-17 13:25 - 2016-03-17 13:25 - 00001085 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-17 13:25 - 2016-03-17 13:25 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-03-17 13:25 - 2016-03-17 13:25 - 00000000 ____D C:\Users\Agando\AppData\Roaming\AVAST Software
2016-03-17 13:24 - 2016-03-17 13:24 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-03-17 13:23 - 2016-03-17 13:23 - 05066104 _____ (AVAST Software) C:\Users\Agando\Downloads\avast_free_antivirus_setup_online.exe
2016-03-17 13:06 - 2016-03-17 13:06 - 00000000 _____ C:\autoexec.bat
2016-03-17 13:05 - 2016-03-17 13:05 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Agando\Downloads\SpyHunter-Installer.exe
2016-03-17 13:05 - 2016-03-17 13:05 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-03-17 12:21 - 2016-03-17 12:21 - 00001590 _____ C:\Users\Agando\Desktop\iexplore - Verknüpfung.lnk
2016-03-17 12:00 - 2016-03-17 23:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-17 12:00 - 2016-03-17 12:02 - 00000896 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-03-17 12:00 - 2016-03-17 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-17 12:00 - 2016-03-17 12:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-17 12:00 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-17 12:00 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-17 12:00 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-17 00:34 - 2016-03-17 00:34 - 00000080 _____ C:\Users\Agando\Downloads\longplayer.m3u
2016-03-16 17:12 - 2016-03-16 17:12 - 00000233 _____ C:\Users\Agando\Desktop\Tom Clancy's The Division.url
2016-03-16 17:11 - 2016-03-16 22:50 - 00000000 ____D C:\Users\Agando\AppData\Local\Ubisoft Game Launcher
2016-03-16 17:11 - 2016-03-16 17:11 - 00000985 _____ C:\Users\Agando\Desktop\Uplay.lnk
2016-03-16 17:11 - 2016-03-16 17:11 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-03-16 17:09 - 2016-03-16 17:11 - 64509088 _____ (Ubisoft) C:\Users\Agando\Downloads\UplayInstaller.exe
2016-03-16 16:46 - 2016-03-16 16:46 - 00003772 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade
2016-03-16 15:59 - 2016-03-16 15:59 - 00137728 _____ C:\WINDOWS\68eccf12c10b0d5cd9dea67c1006a7dc.exe
2016-03-09 18:29 - 2016-02-23 11:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 18:28 - 2016-02-23 15:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 18:28 - 2016-02-23 15:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-09 18:28 - 2016-02-23 15:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-09 18:28 - 2016-02-23 15:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 18:28 - 2016-02-23 15:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 18:28 - 2016-02-23 15:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 18:28 - 2016-02-23 15:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-09 18:28 - 2016-02-23 15:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-09 18:28 - 2016-02-23 15:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 18:28 - 2016-02-23 15:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 18:28 - 2016-02-23 15:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-09 18:28 - 2016-02-23 15:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-09 18:28 - 2016-02-23 15:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 18:28 - 2016-02-23 15:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-09 18:28 - 2016-02-23 15:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 18:28 - 2016-02-23 15:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-09 18:28 - 2016-02-23 15:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-09 18:28 - 2016-02-23 15:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 18:28 - 2016-02-23 15:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-09 18:28 - 2016-02-23 14:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 18:28 - 2016-02-23 14:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 18:28 - 2016-02-23 14:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 18:28 - 2016-02-23 14:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 18:28 - 2016-02-23 14:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 18:28 - 2016-02-23 14:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 18:28 - 2016-02-23 14:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 18:28 - 2016-02-23 14:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-09 18:28 - 2016-02-23 14:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-09 18:28 - 2016-02-23 14:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 18:28 - 2016-02-23 14:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-09 18:28 - 2016-02-23 13:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-09 18:28 - 2016-02-23 13:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-09 18:28 - 2016-02-23 13:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-09 18:28 - 2016-02-23 13:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 18:28 - 2016-02-23 13:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-09 18:28 - 2016-02-23 13:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-09 18:28 - 2016-02-23 13:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 18:28 - 2016-02-23 13:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-09 18:28 - 2016-02-23 13:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 18:28 - 2016-02-23 13:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-09 18:28 - 2016-02-23 13:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-09 18:28 - 2016-02-23 13:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 18:28 - 2016-02-23 13:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 18:28 - 2016-02-23 13:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-09 18:28 - 2016-02-23 12:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-09 18:28 - 2016-02-23 12:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-09 18:28 - 2016-02-23 12:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-09 18:28 - 2016-02-23 12:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 18:28 - 2016-02-23 12:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 18:28 - 2016-02-23 12:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 18:28 - 2016-02-23 12:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 18:28 - 2016-02-23 12:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 18:28 - 2016-02-23 12:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-09 18:28 - 2016-02-23 12:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-09 18:28 - 2016-02-23 12:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-09 18:28 - 2016-02-23 12:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 18:28 - 2016-02-23 12:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 18:28 - 2016-02-23 12:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-09 18:28 - 2016-02-23 12:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-09 18:28 - 2016-02-23 12:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-09 18:28 - 2016-02-23 12:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 18:28 - 2016-02-23 12:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 18:28 - 2016-02-23 12:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 18:28 - 2016-02-23 12:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 18:28 - 2016-02-23 12:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 18:28 - 2016-02-23 11:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 18:28 - 2016-02-23 11:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 18:28 - 2016-02-23 11:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 18:28 - 2016-02-23 11:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 18:28 - 2016-02-23 11:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 18:28 - 2016-02-23 11:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 18:28 - 2016-02-23 11:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 18:28 - 2016-02-23 11:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-09 18:28 - 2016-02-23 11:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 18:28 - 2016-02-23 11:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 18:28 - 2016-02-23 11:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-09 18:28 - 2016-02-23 11:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 18:28 - 2016-02-23 11:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-09 18:28 - 2016-02-23 11:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 18:28 - 2016-02-23 11:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 18:28 - 2016-02-23 11:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 18:28 - 2016-02-23 11:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 18:28 - 2016-02-23 11:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 18:28 - 2016-02-23 11:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 18:28 - 2016-02-23 10:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 13:12 - 2016-03-09 13:12 - 00051111 _____ C:\Users\Agando\Downloads\Kontoauszug_3018300__Nr.0032016_vom_04.03.2016_20160309011223.pdf
2016-03-09 13:12 - 2016-03-09 13:12 - 00041968 _____ C:\Users\Agando\Downloads\Entgeltinformationen_3018300_vom_04.03.2016_20160309011201.pdf
2016-02-27 08:40 - 2016-02-27 08:40 - 00000000 ____D C:\Users\Agando\AppData\LocalLow\E_Line Media
2016-02-27 08:40 - 2016-02-27 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2016-02-27 08:40 - 2016-02-27 08:40 - 00000000 ____D C:\Program Files (x86)\LAV Filters
2016-02-26 20:32 - 2016-02-26 20:32 - 00248012 _____ C:\Users\Agando\Downloads\Rechnung.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-21 14:37 - 2015-10-03 13:30 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{18605A33-42D8-4679-A8CF-DAEB4265BBD2}
2016-03-21 14:37 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-21 14:37 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-21 14:34 - 2015-08-05 22:17 - 00000000 ___RD C:\Users\Agando\OneDrive
2016-03-20 21:40 - 2015-01-10 14:48 - 00000000 ____D C:\Users\Agando\AppData\Roaming\TS3Client
2016-03-20 21:22 - 2014-12-27 20:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-20 20:01 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2016-03-20 19:59 - 2015-08-05 22:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-20 19:59 - 2014-11-25 16:03 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-03-20 19:59 - 2014-11-25 16:02 - 00000000 ____D C:\Users\Agando\AppData\Local\NVIDIA
2016-03-20 04:25 - 2015-08-05 22:11 - 00000000 ____D C:\Users\Agando
2016-03-19 17:51 - 2015-08-05 22:11 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-19 17:51 - 2015-07-10 17:34 - 00883584 _____ C:\WINDOWS\system32\perfh007.dat
2016-03-19 17:51 - 2015-07-10 17:34 - 00195718 _____ C:\WINDOWS\system32\perfc007.dat
2016-03-19 17:45 - 2015-08-05 22:10 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-19 17:45 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-18 20:59 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-18 20:59 - 2014-11-25 15:33 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-18 19:04 - 2014-12-26 15:29 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-03-18 19:04 - 2014-12-26 15:29 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-03-18 00:50 - 2015-07-10 10:05 - 07864320 ___SH C:\WINDOWS\system32\config\BBI
2016-03-17 23:44 - 2014-12-27 20:29 - 00000000 ____D C:\Users\Agando\AppData\Local\Battle.net
2016-03-17 22:53 - 2014-12-27 20:29 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Battle.net
2016-03-17 22:53 - 2014-12-27 20:27 - 00000000 ____D C:\ProgramData\Battle.net
2016-03-17 13:23 - 2014-12-26 15:28 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-17 12:58 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Globalization
2016-03-17 12:09 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Web
2016-03-17 11:51 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-17 00:34 - 2016-01-20 15:11 - 00000000 ____D C:\Users\Agando\AppData\Roaming\vlc
2016-03-16 22:09 - 2015-02-03 13:41 - 00000000 ____D C:\Users\Agando\Documents\My Games
2016-03-16 16:08 - 2015-12-25 15:33 - 00000000 ____D C:\WINDOWS\Panther
2016-03-16 16:06 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-15 20:41 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-15 20:08 - 2015-08-05 22:17 - 00002424 _____ C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-14 12:18 - 2015-08-05 22:16 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-14 12:18 - 2015-07-10 13:20 - 00293976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-14 12:17 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-14 12:17 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-14 12:17 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-14 12:17 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 17:25 - 2014-11-26 18:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 17:24 - 2014-11-26 18:27 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 18:34 - 2015-11-02 22:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-08 08:10 - 2015-07-10 12:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:10 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-26 09:35 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2016-02-24 17:10 - 2015-12-25 17:46 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Little Inferno

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-11-25 16:08 - 2014-11-25 16:09 - 1065984 _____ () C:\Users\Agando\AppData\Local\file__0.localstorage
2015-08-21 08:05 - 2015-08-21 08:05 - 0003881 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel

Einige Dateien in TEMP:
====================
C:\Users\Agando\AppData\Local\Temp\prog.exe
C:\Users\Agando\AppData\Local\Temp\upd.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-03-15 20:38

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Agando (2016-03-21 14:42:19)
Gestartet von C:\Users\Agando\Downloads
Windows 10 Home (X64) (2015-08-05 21:16:12)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4051605010-858179373-924828543-500 - Administrator - Disabled)
Agando (S-1-5-21-4051605010-858179373-924828543-1000 - Administrator - Enabled) => C:\Users\Agando
DefaultAccount (S-1-5-21-4051605010-858179373-924828543-503 - Limited - Disabled)
Gast (S-1-5-21-4051605010-858179373-924828543-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4051605010-858179373-924828543-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

[BV] Mod Collection (HKLM-x32\...\{AD769065-D060-460F-A6D9-4199453D9CF9}) (Version: 9.05.03 - Black & Bloody Vengeance)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
Anno 1404: Venice (HKLM-x32\...\Steam App 33350) (Version:  - Blue Byte)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
Benutzerhandbuch EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Useg) (Version:  - )
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Champions Online: Free For All (HKLM-x32\...\Steam App 9880) (Version:  - Cryptic Studios)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Game of Thrones (HKLM-x32\...\{4B1B0CB7-B136-45D6-A63B-CF01EE964E50}_is1) (Version: 2015.5.28.1699 - Telltale Games)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Godus (HKLM-x32\...\Steam App 232810) (Version:  - 22cans)
HELLDIVERS™ (HKLM-x32\...\Steam App 394510) (Version:  - Arrowhead Game Studios)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - Tomorrow Corporation)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Netzwerkhandbuch EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Netg) (Version:  - )
Never Alone (Kisima Ingitchuna) (HKLM-x32\...\Steam App 295790) (Version:  - Upper One Games)
New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OMC ModPack Client Version 1.2.4.8 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.2.4.8 - Odem Mortis)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Sniper Elite: Zombie Army (HKLM-x32\...\Steam App 235700) (Version:  - Rebellion)
SOMA (HKLM-x32\...\1439487606_is1) (Version: 2.0.0.1 - GOG.com)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version:  - KING Art)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wajam (HKLM-x32\...\27d39f8d6e33a519ab538e328645a3e1) (Version: 1.62.1.20 (i1.0) - Wajam) <==== ACHTUNG
WISO steuer:Start 2015 (HKLM-x32\...\{E0B7D5F9-3053-4C15-A6CB-09FAC67AC5E4}) (Version: 22.00.8811 - Buhl Data Service GmbH)
World of Tanks (HKU\S-1-5-21-4051605010-858179373-924828543-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4051605010-858179373-924828543-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Agando\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {039EFE82-6962-4455-8184-763AF380826A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {0E99F39E-2780-4CA4-BFC4-9537B3C38118} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {186453A6-E5AD-4D1D-882F-67161E43C5F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {22F022D7-297C-4EFD-B989-1D35D38A226E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {2889C580-448C-478D-B3F9-70424E5575F3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2E6F3B51-DC17-4009-B9D5-99B0880C912A} - System32\Tasks\avast! Windows 10 Start Menu helper => d:\program files\avast software\avast\asww10mon.exe [2016-03-17] (AVAST Software)
Task: {34122DBF-4E67-4306-88F9-C2032AAC9317} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3C64AF12-143B-4797-A4C1-B737F3A71D48} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4097B4F4-3593-447F-82A7-1DDB13B8A029} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {46E830D0-88F7-4D68-8A83-A1F46577797A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {60AEF4DD-C1BF-4BFD-BDAC-74EFCBEADBE7} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-17] (AVAST Software)
Task: {70769355-75E2-4355-9DF2-3AFB60C1AB68} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {726AC3F9-FABA-4C5B-B40D-D075DA4199FB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {7C9DD853-EADA-4655-89F3-5D76622BA9C8} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {83CC47CD-124B-43B7-A889-35EFBA289EA2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {873B7D6D-F27F-47D3-980C-7F670715D230} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {87F13E50-A762-4B94-AE32-BF8948ECEF04} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9019FCF4-67CA-4488-B3AC-660D9792C464} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {925C1CC8-5CF9-4B2E-B480-6B93A1BA7400} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {99559BE4-6896-48B4-B333-46D9F2B3AA08} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A728B6AD-2B63-4A4B-82DD-501DF9E6D45A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A8D8092C-B368-467B-90F1-49260365D626} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {AA7F293D-5922-4B7F-8D92-09C5F606649B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {AFEDE054-5DDB-4B2A-943F-7E5A9C4BF509} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {B4A82B1A-3E58-4463-8D19-C4909EBDDF99} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {B9021EE9-9AA7-443A-B3A0-D3CAE36054BD} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {BA90403C-26D8-47B6-9FBD-672C81A2BBFC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {BC5951A4-6007-428C-9E48-5C307440E04C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {BD3B326D-B3EC-4DC3-A754-23199AB13215} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {C23BEC03-B396-422F-8563-357DAA67A5AA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {D458C840-13F1-46D0-A0B0-4EF93DCDCA94} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D4BA1554-FCB3-42B4-A9B7-C501FB421A26} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {D78A55CE-2520-4F1E-912A-B631C5D8C101} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {D9CEC23E-3A63-432F-9CB0-AC545D1DF72E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {DA37B09A-38B3-434F-936D-675449C87F69} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DE99D7E0-1DED-435D-98B2-1AF53B74B871} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {E0A61B24-0D21-4F4F-80D1-D4064B57168C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {E4485B82-4C31-489C-BDB5-12B5713B931B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EB01F4F0-82F2-486B-930C-7AC9155CB6D9} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe
Task: {F8277F4D-EB69-4A70-9E59-A0EF180CE6B0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {FABE072D-CCF1-47DF-916D-A1107FC035E3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {FBDC3F4C-216C-4448-948C-CB96AC8D2ECE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-08-05 23:08 - 2015-08-05 23:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-20 22:46 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2016-03-20 19:59 - 2016-01-12 05:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-08-05 22:10 - 2015-07-23 02:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-01 08:53 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 08:53 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 08:53 - 2015-09-17 06:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-12-08 19:56 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 19:56 - 2015-11-25 05:17 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-12-08 19:56 - 2015-11-25 05:18 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-12-08 19:56 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 08:53 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-08 19:56 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 19:56 - 2015-11-25 05:24 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-10-01 08:53 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 17:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2014-11-25 15:38 - 2012-11-01 11:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-11-25 15:38 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-11-25 16:02 - 2016-01-12 05:43 - 00715712 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-11-25 16:02 - 2016-01-12 05:43 - 00861120 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2016-03-17 13:24 - 2016-03-17 13:24 - 00113496 _____ () D:\Program Files\AVAST Software\Avast\log.dll
2016-03-17 13:24 - 2016-03-17 13:24 - 00133768 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-19 00:01 - 2016-03-19 00:01 - 02856960 _____ () D:\Program Files\AVAST Software\Avast\defs\16031802\algo.dll
2016-03-17 13:24 - 2016-03-17 13:24 - 00480760 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-20 01:45 - 2016-03-20 01:45 - 02856960 _____ () D:\Program Files\AVAST Software\Avast\defs\16031901\algo.dll
2016-03-20 20:28 - 2016-03-20 20:28 - 02856960 _____ () D:\Program Files\AVAST Software\Avast\defs\16032001\algo.dll
2014-04-03 16:48 - 2014-04-03 16:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-04-13 16:38 - 2016-01-12 05:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-11-25 15:38 - 2012-10-31 15:00 - 00991232 ____N () C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\de-DE\SBCinema.resources.dll
2016-03-17 13:24 - 2016-03-17 13:24 - 40539648 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4051605010-858179373-924828543-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Agando\Downloads\tj2XiYO_as48562129495664520617.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{6451D619-DF53-46CE-80A8-05A36981B676}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{01DA507C-867B-4703-A5A9-2283EFC62078}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{07C33DC2-A5EE-4C0F-B1F4-6782708083CA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{87FAD552-E433-4848-A4B1-82053C824EAB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{0D948394-53DC-4E21-BC10-C242B1865DD2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Champions Online\Champions Online.exe
FirewallRules: [{21E4634A-AB14-4CBF-A78D-5BAA27B8E1E8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Champions Online\Champions Online.exe
FirewallRules: [{5A2CBC83-62A3-466E-A822-97D85743EFC2}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{F4AAFB93-3CD2-42A6-BAF3-ECD45BE8AD58}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{ADFA3714-C867-40C6-9456-A137180941AE}] => (Allow) D:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{808EEDE4-D49C-4649-B0BC-59374FFC05D2}] => (Allow) D:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [UDP Query User{5F9434FB-562E-4831-8D76-5DF43602A162}D:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) D:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{398AA42B-0AF6-43EA-8835-C3590A5161C8}D:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) D:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{14D7ECD1-4757-4F5F-9CC6-00D9E10505F7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{375326A8-54B5-4A27-92F6-D0C1FAD730F4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{61FE9BE0-2ADA-4FEC-9C55-C6650A325FCB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{CA6C9E6A-7038-4C9B-A3D4-55D70C43855C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{D805E451-7342-4A7D-AEF1-8316C6195977}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Godus\windows\godus.exe
FirewallRules: [{1B77CCCE-FA91-4AF7-9BA8-4DA89083CFD8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Godus\windows\godus.exe
FirewallRules: [UDP Query User{D73F0DD0-9F05-4165-85C3-EC04572FADE9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{43DA4168-1396-4F62-9B88-7475E4CD093A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{37ED8240-1803-432B-AFF6-345A47C4C421}] => (Allow) D:\Program Files (x86)\WoT Mods\OMC ModPack Client.exe
FirewallRules: [{5520B03F-D634-497E-A3D8-71DA393C1B37}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{56B509F3-FBFA-490E-BCAF-263CBE13DE44}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{40668263-7959-4411-8D5A-F9629E0B83C7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales\bout.exe
FirewallRules: [{DFC5F29C-C91D-4798-AC69-3D318E2A5E71}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales\bout.exe
FirewallRules: [{1C23BD6D-B3E6-4524-B317-1BA91F82AD9B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{5F9BC7EF-30FF-4255-965D-8D8C4BEBA3DE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6E86DB33-EEBB-4955-94E2-3C7A047D662C}] => (Allow) D:\Program Files (x86)\base\bin\Settlers6.exe
FirewallRules: [{55EF9258-66BD-4DE6-A711-FE449F535543}] => (Allow) D:\Program Files (x86)\base\bin\Settlers6.exe
FirewallRules: [{FBB87264-1099-4A0E-A63B-83B77D977C3A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sniper Elite Zombie Army\bin\ZA.exe
FirewallRules: [{A20B87F3-5AC5-43A2-9015-557DDEFD1AB6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sniper Elite Zombie Army\bin\ZA.exe
FirewallRules: [{386795D1-F5FC-4A6F-9291-7C945BB7E0B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{D3131F44-54FA-47EF-B313-44266B75295A}D:\program files (x86)\world of tanks\worldoftanks.exe] => (Allow) D:\program files (x86)\world of tanks\worldoftanks.exe
FirewallRules: [TCP Query User{52D3F74B-E5B2-4F61-AFBD-609AE495AF42}D:\program files (x86)\world of tanks\worldoftanks.exe] => (Allow) D:\program files (x86)\world of tanks\worldoftanks.exe
FirewallRules: [UDP Query User{DD5C45E4-BA72-4153-B0E0-AF2B6841E597}D:\program files (x86)\world of tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\world of tanks\wotlauncher.exe
FirewallRules: [TCP Query User{6263CFF7-CF91-4ED0-86A8-C0FE40BAE0F2}D:\program files (x86)\world of tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\world of tanks\wotlauncher.exe
FirewallRules: [UDP Query User{C90FD34D-00A6-48D0-AA6A-6BBF0DCFBB74}D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{3A91983B-341B-42F0-9327-5075BC90A8F4}D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{3CC913DA-ACAF-4BC9-AFFD-F6AE26D7836B}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{62BD60F3-1034-49DD-9093-1FFA9E0480B5}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{028EF945-5986-4252-BFE2-EC9B843740FF}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{896CFB97-8325-4E3E-B0A9-6F6A2CFED9DA}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{4737EBCD-C5C9-4561-B70D-9DB30701C8A1}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2D187429-DD5E-4A9D-AAB6-12FA025CEB74}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D33797C7-0686-449E-8123-4A2290BF7E4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{ADB4F47A-2D9C-4DBC-A587-80D5D18F214C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{765855D1-7840-4FD7-8420-EE88CE5AD3BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{013E492A-4DF5-48A9-896D-EE5154C663B0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{2D911E9D-826E-43F3-BB26-60FA5B376871}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9CCDEBBE-04E3-4A8A-B0C3-1A632655043E}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D5B3BDD3-881F-48EA-BA34-DFF6FE7DD2CD}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{912DC818-A52C-4D58-BEF7-A01723C57B17}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52E3109C-FF77-473A-915F-9CEFF7671BE3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CC0B3965-DB58-4D8A-B75E-8AD42F4DF7A1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{864DF01B-0A44-401A-A017-0B2BF0EFF31E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A527AB15-38FC-44FF-A35D-C11B5FA72A61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C386D037-04B5-45ED-A840-41C3B7952210}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2F4A4C55-0563-4E40-B219-7FCD92761579}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FF7E73A-F225-4949-ACC7-3D5BC036B8F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9C8053D5-CECB-409A-914E-729CCFB91F5C}D:\games\world_of_warships\wowslauncher.exe] => (Allow) D:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{0B39D798-0D9D-41CE-A0E4-EEACBFCA0C18}D:\games\world_of_warships\wowslauncher.exe] => (Allow) D:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{06ADF80C-8C36-4193-98F9-FC63D581CCA1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Addon.exe
FirewallRules: [{04EEF8BC-D5C7-440C-A666-37A8E13CA5D3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Addon.exe
FirewallRules: [{0B591784-E61E-4E28-9865-B7DA1CBF71B2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Anno4.exe
FirewallRules: [{8882764A-E3C3-4299-A717-28E2AD451692}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Anno4.exe
FirewallRules: [TCP Query User{E8BC1F91-6B1C-4579-AE35-4026286B1F22}D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [UDP Query User{FCB78D97-9AD3-4411-BC6A-4EC40B401DB1}D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [TCP Query User{9B839D0E-D5A8-4F25-970E-28CC5B2D8467}D:\games\the beginner's guide\beginnersguide.exe] => (Allow) D:\games\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{2D072E31-45C9-4529-8C3E-41A7014560F5}D:\games\the beginner's guide\beginnersguide.exe] => (Allow) D:\games\the beginner's guide\beginnersguide.exe
FirewallRules: [TCP Query User{B94989A8-87EA-45AF-A790-E436FE2801BB}D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5DC3B872-2F89-482C-BEC5-D23935495D36}D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{58470183-887B-4DAD-9013-AE766957DDA9}D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{57CAE429-18A2-4CAF-9867-D655AA9503C9}D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [{E7A3FFCD-04B8-4776-A14F-7AEBB9AE5F3B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{47160AB6-D6C9-4FE3-86F1-47B180D41E69}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [TCP Query User{E65EFE49-F75C-4C80-979C-051D6BDAF87C}D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B66955B6-B444-4A2D-9650-7F80065B954A}D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B9A9CADD-0761-4FB3-BCD1-9DB2255F81C3}D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D4FE8EEB-9C0D-4108-9B87-A431ECCA5268}D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{48FD8C7C-3CDC-4F90-BA90-D7243392A12D}D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5D71361F-C7DE-4A32-9072-0C04EDD1CD30}D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BEDCD6E8-B368-407E-A317-C4D2FF6D653D}D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ADF12F9E-0223-44F7-A8C7-09A7AF43B793}D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{45AA8FD3-F459-4EF0-B3F3-4D28EC511B6F}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DBAB6859-809E-41BF-800C-975EE4887FF7}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E2A16180-F658-4586-83DB-0CDA3CDE0B3E}D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{F36DE004-4A44-474C-A7F7-7186664AD5F8}D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{81165EAC-61C2-41DD-84CD-612F9B4CB376}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{92A4D2D9-9BD6-4F42-83F4-1BA4108BADE2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{71B6E897-73A4-4DF7-B872-0BC5B5058A4D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{345D30F3-86DE-45CE-8028-FF8A990591C7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{C9D8CF51-4E5F-4F80-8D18-49D7CE16F46D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{4BC7C4F5-90C8-4602-A6DE-41EAA3F09077}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{CA2C4E21-FCD1-4E35-BDD5-9A1428AB834B}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{463C9BA6-1E14-431C-80FC-36AAB8D3FC2C}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{B6FA80C7-006C-45E1-860D-454C484EDC56}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{BF0DE537-4C2E-49A9-8769-69A11D6EED16}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{F21569C7-4256-43FB-B9B4-4324DE1FE774}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{0596961A-15F0-4965-B3FA-02DEF2BF3BFF}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{218AE113-F46D-4AA0-9FA2-ED0E6293D79C}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{AC98DD2E-4C18-4586-8E4B-0026B3920B47}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{5CCE5108-77ED-471D-BBA1-0FD3F758EDF3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{12C86FE1-D731-45D9-870F-E64FDD692553}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [TCP Query User{C1FAF6F9-9B62-4F21-AD18-5F8552488D77}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8F994F1C-0C79-4717-AE68-58FD574EEBF0}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F8692333-03F7-4487-9225-B60B7EA0B140}D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C722B787-554B-4F31-A855-920002C16FAB}D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [{5F425513-6EDA-45DD-8056-2A20F5940E69}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{791C7ADA-4503-4707-A6CC-722B37B0C53D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A3E5F8EB-BA54-4D7B-86A7-3BF7837521A9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NeverAlone\Never_Alone.exe
FirewallRules: [{CB01B3AE-2958-40D0-B9C1-B49C64A29FE4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NeverAlone\Never_Alone.exe
FirewallRules: [{8D5A8735-5CFE-4344-B76E-A4C5359FBD5C}] => (Allow) D:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{52B4469A-AEAD-4B23-A727-0F5DF5BAA6AA}] => (Allow) D:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{AA523118-B002-4F33-B29D-519B8F735683}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{AE9D863C-85B8-4D99-9BF9-9F240231C21A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{024975B9-95F7-4D3A-BB13-1D8D0FCE2067}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe

==================== Wiederherstellungspunkte =========================

18-03-2016 00:49:11 Ende der Bereinigung

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/21/2016 02:34:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x66c
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/20/2016 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsort "J:\" nicht abgeschlossen. Fehler: Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006).

Error: (03/20/2016 04:20:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x1c04
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/20/2016 12:46:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x158
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/19/2016 05:45:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x22b8
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/19/2016 05:21:18 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (12924) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (03/19/2016 05:21:18 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (12924) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (03/19/2016 05:21:08 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (12924) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (03/19/2016 05:21:08 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (12924) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (03/19/2016 05:20:57 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (12924) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.


Systemfehler:
=============
Error: (03/20/2016 09:40:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session3" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/20/2016 09:40:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session3" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/20/2016 09:40:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session3" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/20/2016 09:40:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session3" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/20/2016 01:56:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/20/2016 01:56:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/20/2016 01:56:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/20/2016 01:56:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/20/2016 04:25:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/20/2016 04:25:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-03-15 20:43:44.996
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:43:44.969
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:43:44.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:43:44.905
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:43:44.375
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:43:44.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:42:09.495
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:42:09.469
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:42:09.427
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:42:09.409
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 8143.72 MB
Verfügbarer physikalischer RAM: 6108.95 MB
Summe virtueller Speicher: 16335.72 MB
Verfügbarer virtueller Speicher: 13883.18 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:110.83 GB) (Free:54.39 GB) NTFS
Drive d: (Hauptspeicher) (Fixed) (Total:931.39 GB) (Free:658.35 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

Kashkuul · 21.03.2016, 14:54

Code:

ATTFilter

14:46:15.0175 0x1a60  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
14:46:15.0175 0x1a60  UEFI system
14:46:22.0827 0x1a60  ============================================================
14:46:22.0827 0x1a60  Current date / time: 2016/03/21 14:46:22.0827
14:46:22.0827 0x1a60  SystemInfo:
14:46:22.0827 0x1a60  
14:46:22.0827 0x1a60  OS Version: 10.0.10240 ServicePack: 0.0
14:46:22.0827 0x1a60  Product type: Workstation
14:46:22.0827 0x1a60  ComputerName: CRISSDEE
14:46:22.0827 0x1a60  UserName: Agando
14:46:22.0827 0x1a60  Windows directory: C:\WINDOWS
14:46:22.0827 0x1a60  System windows directory: C:\WINDOWS
14:46:22.0827 0x1a60  Running under WOW64
14:46:22.0827 0x1a60  Processor architecture: Intel x64
14:46:22.0827 0x1a60  Number of processors: 8
14:46:22.0827 0x1a60  Page size: 0x1000
14:46:22.0827 0x1a60  Boot type: Normal boot
14:46:22.0827 0x1a60  ============================================================
14:46:22.0843 0x1a60  KLMD registered as C:\WINDOWS\system32\drivers\26948217.sys
14:46:22.0898 0x1a60  System UUID: {7E7EE991-04FC-8813-5D6A-B689A8525BB6}
14:46:23.0221 0x1a60  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:46:23.0237 0x1a60  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:46:23.0276 0x1a60  ============================================================
14:46:23.0276 0x1a60  \Device\Harddisk0\DR0:
14:46:23.0276 0x1a60  GPT partitions:
14:46:23.0276 0x1a60  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {36126857-AA6B-4793-86AF-47EA74CC79C2}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
14:46:23.0276 0x1a60  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {EB2D0C27-35BB-4B09-B46E-09AA42CB9564}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x31800
14:46:23.0276 0x1a60  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {42EC6281-A659-4300-A7F3-09D8C396BEFA}, Name: Microsoft reserved partition, StartLBA 0xC8000, BlocksNum 0x40000
14:46:23.0276 0x1a60  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {25DC076F-2FBB-4619-BEB5-AE118FB1EB9F}, Name: Basic data partition, StartLBA 0x108000, BlocksNum 0xDDAB800
14:46:23.0276 0x1a60  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {88F0A356-5A93-444F-A0F8-692983AD6B30}, Name: , StartLBA 0xDEB3800, BlocksNum 0xE1000
14:46:23.0276 0x1a60  MBR partitions:
14:46:23.0276 0x1a60  \Device\Harddisk1\DR1:
14:46:23.0276 0x1a60  GPT partitions:
14:46:23.0276 0x1a60  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {71897FCF-3CDF-47B9-89BC-5E5B50794F08}, Name: Microsoft reserved partition, StartLBA 0x800, BlocksNum 0x40000
14:46:23.0276 0x1a60  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DF4793BE-7C0A-450F-8A2D-FD2B3166AE94}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
14:46:23.0276 0x1a60  MBR partitions:
14:46:23.0276 0x1a60  ============================================================
14:46:23.0276 0x1a60  C: <-> \Device\Harddisk0\DR0\Partition4
14:46:23.0308 0x1a60  D: <-> \Device\Harddisk1\DR1\Partition2
14:46:23.0308 0x1a60  ============================================================
14:46:23.0308 0x1a60  Initialize success
14:46:23.0308 0x1a60  ============================================================
14:46:37.0253 0x3158  ============================================================
14:46:37.0253 0x3158  Scan started
14:46:37.0253 0x3158  Mode: Manual; 
14:46:37.0253 0x3158  ============================================================
14:46:37.0253 0x3158  KSN ping started
14:46:39.0582 0x3158  KSN ping finished: true
14:46:40.0941 0x3158  ================ Scan system memory ========================
14:46:40.0941 0x3158  System memory - ok
14:46:40.0941 0x3158  ================ Scan services =============================
14:46:40.0972 0x3158  1394ohci - ok
14:46:40.0972 0x3158  3ware - ok
14:46:40.0988 0x3158  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
14:46:41.0003 0x3158  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
14:46:41.0003 0x3158  ACPI - ok
14:46:41.0003 0x3158  acpiex - ok
14:46:41.0003 0x3158  acpipagr - ok
14:46:41.0003 0x3158  AcpiPmi - ok
14:46:41.0003 0x3158  acpitime - ok
14:46:41.0019 0x3158  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:46:41.0019 0x3158  AdobeARMservice - ok
14:46:41.0043 0x3158  [ 99B993BD0F4C033D832B50D5E83BEBEC, A091635B2B428A51400468353F52D3FF35095460D3FA8CB29E2C4A804D87B845 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:46:41.0046 0x3158  AdobeFlashPlayerUpdateSvc - ok
14:46:41.0049 0x3158  ADP80XX - ok
14:46:41.0051 0x3158  AFD - ok
14:46:41.0052 0x3158  agp440 - ok
14:46:41.0054 0x3158  ahcache - ok
14:46:41.0056 0x3158  AJRouter - ok
14:46:41.0058 0x3158  ALG - ok
14:46:41.0059 0x3158  AmdK8 - ok
14:46:41.0061 0x3158  AmdPPM - ok
14:46:41.0062 0x3158  amdsata - ok
14:46:41.0063 0x3158  amdsbs - ok
14:46:41.0065 0x3158  amdxata - ok
14:46:41.0067 0x3158  AppHostSvc - ok
14:46:41.0068 0x3158  AppID - ok
14:46:41.0070 0x3158  AppIDSvc - ok
14:46:41.0073 0x3158  Appinfo - ok
14:46:41.0075 0x3158  AppReadiness - ok
14:46:41.0076 0x3158  AppXSvc - ok
14:46:41.0078 0x3158  arcsas - ok
14:46:41.0085 0x3158  aspnet_state - ok
14:46:41.0088 0x3158  [ 7E66DFE6B62C6C34FD6B09DB6169E9F6, BCE908BBF35FD9471018BFC9DCE357529F558693692FF51DA868024F7FD0E868 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
14:46:41.0088 0x3158  aswHwid - ok
14:46:41.0091 0x3158  [ 1459AAD5C6A66A458C2D57EE6E080FA5, 6A3D6EBCE1EDCFE307DF915CB0C3183668848BCEAA71EA58AB0F4F650F8EABDA ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
14:46:41.0093 0x3158  aswMonFlt - ok
14:46:41.0097 0x3158  [ 0866D5FE02D614501B7B4AD5E1BC7B53, C34B4AF64DA9592EADC070C7A384070D564DCE3412337F671932A4818D8E12E8 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
14:46:41.0098 0x3158  aswRdr - ok
14:46:41.0101 0x3158  [ 0AA12ADF5F87B4A70BDBAED77F54B978, 2C33F656EC2E51493A40FF32A5C934E209CF1475A8B0F3573396E97F8A10A76A ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
14:46:41.0102 0x3158  aswRvrt - ok
14:46:41.0117 0x3158  [ 719B704109B933D819093CDDB156A7F1, 3FF75BFA8BBE5C4A817C8166BAD73B1E3C5609D6A1F0AE85B166E30DE61EB901 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
14:46:41.0127 0x3158  aswSnx - ok
14:46:41.0135 0x3158  [ 43F46E7D103F46EC345B1056BDD2A60B, 6F8D844F3EBFDC56A319758C88B2C87FBDE185E5B1E08F8627F29158F190DBFF ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
14:46:41.0140 0x3158  aswSP - ok
14:46:41.0144 0x3158  [ 219D0E2348629FAE4E6E3478C21B23D6, 3545F59A966F31CE949596629217FD4D7119162411073D4D811575620728AC68 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
14:46:41.0146 0x3158  aswStm - ok
14:46:41.0151 0x3158  [ 9949BBD5BB70C4D317B7549896132579, DD92AAD8530C04365C24BD540C909FBDCFC92B18CB6ABB0E655F360EBC4DCD1E ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
14:46:41.0155 0x3158  aswVmm - ok
14:46:41.0157 0x3158  AsyncMac - ok
14:46:41.0159 0x3158  atapi - ok
14:46:41.0161 0x3158  AudioEndpointBuilder - ok
14:46:41.0162 0x3158  Audiosrv - ok
14:46:41.0196 0x3158  [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:46:41.0198 0x3158  avast! Antivirus - ok
14:46:41.0408 0x3158  [ E479F4EB69228EB67F55776D7E962322, B4D7237C4523603531BF2AE2CDC0297262C92D4EFAF0FB138A4D713BE8E71978 ] AvastVBoxSvc    D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
14:46:41.0454 0x3158  AvastVBoxSvc - ok
14:46:41.0470 0x3158  [ 05927BED96CF7E1DA308870C6D5C5792, 489AAADF6BEAAFDEA35F332507B889ED9878D7F7319530222A1629A08B49D1A4 ] avgsvc          C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
14:46:41.0486 0x3158  avgsvc - ok
14:46:41.0486 0x3158  AxInstSV - ok
14:46:41.0486 0x3158  b06bdrv - ok
14:46:41.0486 0x3158  BasicDisplay - ok
14:46:41.0501 0x3158  BasicRender - ok
14:46:41.0501 0x3158  bcmfn2 - ok
14:46:41.0506 0x3158  BDESVC - ok
14:46:41.0508 0x3158  Beep - ok
14:46:41.0515 0x3158  [ BE43A13207D6428947248AF7EE05E772, 4118288ECD13B77738070DC298A64732693EEF9679CCFA59FD523CCAACF6335B ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
14:46:41.0519 0x3158  BEService - ok
14:46:41.0521 0x3158  BFE - ok
14:46:41.0523 0x3158  BITS - ok
14:46:41.0524 0x3158  bowser - ok
14:46:41.0527 0x3158  [ 7487B46E104303E247F68D485C12326F, BAC6A4FFD5B4009B4B673479630FAA2784618438925DFB6489F07BF163188114 ] BRDriver64_1_3_3_E02B25FC C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys
14:46:41.0528 0x3158  BRDriver64_1_3_3_E02B25FC - ok
14:46:41.0530 0x3158  BrokerInfrastructure - ok
14:46:41.0531 0x3158  Browser - ok
14:46:41.0537 0x3158  [ 448917845F097FCE9D4554C3D2001EF3, BDCBEC01579D7CF28963E4E13CDC5B26E4B69CA24FA2CC4D6E24CAE0DDBCB3FE ] BRSptStub       C:\ProgramData\BitRaider\BRSptStub.exe
14:46:41.0541 0x3158  BRSptStub - ok
14:46:41.0543 0x3158  BthAvrcpTg - ok
14:46:41.0544 0x3158  BthHFEnum - ok
14:46:41.0546 0x3158  bthhfhid - ok
14:46:41.0548 0x3158  BthHFSrv - ok
14:46:41.0549 0x3158  BTHMODEM - ok
14:46:41.0551 0x3158  bthserv - ok
14:46:41.0553 0x3158  buttonconverter - ok
14:46:41.0554 0x3158  CapImg - ok
14:46:41.0557 0x3158  cdfs - ok
14:46:41.0559 0x3158  CDPSvc - ok
14:46:41.0560 0x3158  cdrom - ok
14:46:41.0562 0x3158  CertPropSvc - ok
14:46:41.0563 0x3158  circlass - ok
14:46:41.0565 0x3158  CLFS - ok
14:46:41.0566 0x3158  ClipSVC - ok
14:46:41.0570 0x3158  CmBatt - ok
14:46:41.0572 0x3158  CNG - ok
14:46:41.0573 0x3158  cnghwassist - ok
14:46:41.0582 0x3158  CompositeBus - ok
14:46:41.0584 0x3158  COMSysApp - ok
14:46:41.0585 0x3158  condrv - ok
14:46:41.0587 0x3158  CoreMessagingRegistrar - ok
14:46:41.0590 0x3158  CryptSvc - ok
14:46:41.0591 0x3158  dam - ok
14:46:41.0593 0x3158  dc1-controller - ok
14:46:41.0595 0x3158  DcomLaunch - ok
14:46:41.0597 0x3158  DcpSvc - ok
14:46:41.0598 0x3158  defragsvc - ok
14:46:41.0600 0x3158  DeviceAssociationService - ok
14:46:41.0601 0x3158  DeviceInstall - ok
14:46:41.0602 0x3158  DevQueryBroker - ok
14:46:41.0604 0x3158  Dfsc - ok
14:46:41.0606 0x3158  Dhcp - ok
14:46:41.0608 0x3158  diagnosticshub.standardcollector.service - ok
14:46:41.0610 0x3158  DiagTrack - ok
14:46:41.0611 0x3158  disk - ok
14:46:41.0613 0x3158  DmEnrollmentSvc - ok
14:46:41.0614 0x3158  dmvsc - ok
14:46:41.0616 0x3158  dmwappushservice - ok
14:46:41.0617 0x3158  Dnscache - ok
14:46:41.0619 0x3158  dot3svc - ok
14:46:41.0621 0x3158  DPS - ok
14:46:41.0624 0x3158  drmkaud - ok
14:46:41.0626 0x3158  DsmSvc - ok
14:46:41.0627 0x3158  DsSvc - ok
14:46:41.0629 0x3158  DXGKrnl - ok
14:46:41.0630 0x3158  Eaphost - ok
14:46:41.0632 0x3158  ebdrv - ok
14:46:41.0633 0x3158  EFS - ok
14:46:41.0635 0x3158  EhStorClass - ok
14:46:41.0636 0x3158  EhStorTcgDrv - ok
14:46:41.0638 0x3158  embeddedmode - ok
14:46:41.0641 0x3158  EntAppSvc - ok
14:46:41.0644 0x3158  [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
14:46:41.0648 0x3158  EpsonScanSvc - ok
14:46:41.0652 0x3158  [ 2A60F7356E9149CF898A6232440F3738, ECF33DABC5287C1D8D163C5411C654F33C669AE0E3249D56BDA25F115C619B54 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
14:46:41.0654 0x3158  EPSON_EB_RPCV4_04 - ok
14:46:41.0658 0x3158  [ 194E8100D57FC13BEF88129BAAD07E46, 745D24ADD99ED182FCCA30C6B85167484B74D3EFD631AF92AA57AAD73F474631 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
14:46:41.0660 0x3158  EPSON_PM_RPCV4_04 - ok
14:46:41.0661 0x3158  ErrDev - ok
14:46:41.0664 0x3158  [ 3B32CAA07D672F8A2E0DF5CB3A873F45, 09687E30FA5779C3593769D66CAEBED95C932746EDD6E83DABE3DCFD126AB5EC ] EsgScanner      C:\WINDOWS\system32\DRIVERS\EsgScanner.sys
14:46:41.0665 0x3158  EsgScanner - ok
14:46:41.0667 0x3158  EventSystem - ok
14:46:41.0669 0x3158  exfat - ok
14:46:41.0670 0x3158  fastfat - ok
14:46:41.0672 0x3158  Fax - ok
14:46:41.0673 0x3158  fcvsc - ok
14:46:41.0675 0x3158  fdc - ok
14:46:41.0676 0x3158  fdPHost - ok
14:46:41.0678 0x3158  FDResPub - ok
14:46:41.0679 0x3158  fhsvc - ok
14:46:41.0681 0x3158  FileCrypt - ok
14:46:41.0682 0x3158  FileInfo - ok
14:46:41.0683 0x3158  Filetrace - ok
14:46:41.0685 0x3158  flpydisk - ok
14:46:41.0686 0x3158  FltMgr - ok
14:46:41.0688 0x3158  FontCache - ok
14:46:41.0691 0x3158  FontCache3.0.0.0 - ok
14:46:41.0692 0x3158  FsDepends - ok
14:46:41.0694 0x3158  Fs_Rec - ok
14:46:41.0695 0x3158  fvevol - ok
14:46:41.0697 0x3158  gagp30kx - ok
14:46:41.0699 0x3158  gencounter - ok
14:46:41.0700 0x3158  genericusbfn - ok
14:46:41.0716 0x3158  [ 061CC5C12C39899D7398CFEBFD19F69F, 62319596863A74665FA801C305C952A0F20AAA0F1CDC2195F2F69D662790C80B ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
14:46:41.0727 0x3158  GfExperienceService - ok
14:46:41.0730 0x3158  GPIOClx0101 - ok
14:46:41.0732 0x3158  gpsvc - ok
14:46:41.0733 0x3158  GpuEnergyDrv - ok
14:46:41.0735 0x3158  HDAudBus - ok
14:46:41.0737 0x3158  HidBatt - ok
14:46:41.0738 0x3158  HidBth - ok
14:46:41.0740 0x3158  hidi2c - ok
14:46:41.0741 0x3158  hidinterrupt - ok
14:46:41.0743 0x3158  HidIr - ok
14:46:41.0744 0x3158  hidserv - ok
14:46:41.0746 0x3158  HidUsb - ok
14:46:41.0747 0x3158  HomeGroupListener - ok
14:46:41.0749 0x3158  HomeGroupProvider - ok
14:46:41.0750 0x3158  HpSAMD - ok
14:46:41.0752 0x3158  HTTP - ok
14:46:41.0753 0x3158  hwpolicy - ok
14:46:41.0755 0x3158  hyperkbd - ok
14:46:41.0756 0x3158  HyperVideo - ok
14:46:41.0758 0x3158  i8042prt - ok
14:46:41.0759 0x3158  iaLPSSi_GPIO - ok
14:46:41.0761 0x3158  iaLPSSi_I2C - ok
14:46:41.0762 0x3158  iaStorAV - ok
14:46:41.0764 0x3158  iaStorV - ok
14:46:41.0765 0x3158  ibbus - ok
14:46:41.0767 0x3158  icssvc - ok
14:46:41.0770 0x3158  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:46:41.0771 0x3158  IDriverT - ok
14:46:41.0773 0x3158  IEEtwCollectorService - ok
14:46:41.0775 0x3158  IKEEXT - ok
14:46:41.0837 0x3158  [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
14:46:41.0880 0x3158  IntcAzAudAddService - ok
14:46:41.0898 0x3158  [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
14:46:41.0907 0x3158  Intel(R) Capability Licensing Service TCP IP Interface - ok
14:46:41.0909 0x3158  intelide - ok
14:46:41.0911 0x3158  intelpep - ok
14:46:41.0912 0x3158  intelppm - ok
14:46:41.0914 0x3158  IoQos - ok
14:46:41.0915 0x3158  IpFilterDriver - ok
14:46:41.0917 0x3158  iphlpsvc - ok
14:46:41.0918 0x3158  IPMIDRV - ok
14:46:41.0919 0x3158  IPNAT - ok
14:46:41.0923 0x3158  IRENUM - ok
14:46:41.0924 0x3158  isapnp - ok
14:46:41.0926 0x3158  iScsiPrt - ok
14:46:41.0930 0x3158  [ 0B93A01F786F37A4B1EDE84E639FFF10, 8747109A2FA2B80C8C5F5B6D2372C1B0DA4F4BF9DC1D551195ADF0715C260223 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
14:46:41.0931 0x3158  jhi_service - ok
14:46:41.0933 0x3158  kbdclass - ok
14:46:41.0935 0x3158  kbdhid - ok
14:46:41.0936 0x3158  kdnic - ok
14:46:41.0938 0x3158  KeyIso - ok
14:46:41.0939 0x3158  KSecDD - ok
14:46:41.0941 0x3158  KSecPkg - ok
14:46:41.0942 0x3158  ksthunk - ok
14:46:41.0944 0x3158  KtmRm - ok
14:46:41.0945 0x3158  LanmanServer - ok
14:46:41.0947 0x3158  LanmanWorkstation - ok
14:46:41.0949 0x3158  lfsvc - ok
14:46:41.0950 0x3158  LicenseManager - ok
14:46:41.0952 0x3158  lltdio - ok
14:46:41.0953 0x3158  lltdsvc - ok
14:46:41.0955 0x3158  lmhosts - ok
14:46:41.0962 0x3158  [ C31139E0907170E2A3FA8D19DCC23D35, C504E93D2018E9E487A428483C646C67B4ECE122560CF0FA49A1626E1509EEAE ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:46:41.0966 0x3158  LMS - ok
14:46:41.0968 0x3158  LSI_SAS - ok
14:46:41.0970 0x3158  LSI_SAS2i - ok
14:46:41.0971 0x3158  LSI_SAS3i - ok
14:46:41.0973 0x3158  LSI_SSS - ok
14:46:41.0974 0x3158  LSM - ok
14:46:41.0976 0x3158  luafv - ok
14:46:41.0982 0x3158  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
14:46:41.0985 0x3158  LVRS64 - ok
14:46:42.0046 0x3158  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
14:46:42.0092 0x3158  LVUVC64 - ok
14:46:42.0098 0x3158  MapsBroker - ok
14:46:42.0100 0x3158  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:46:42.0101 0x3158  MBAMProtector - ok
14:46:42.0204 0x3158  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
14:46:42.0225 0x3158  MBAMService - ok
14:46:42.0228 0x3158  [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
14:46:42.0229 0x3158  MBAMWebAccessControl - ok
14:46:42.0231 0x3158  [ 81E515726AA8FC3DCED6517F30DD70CD, F667211FC6DACB883CAA7D13F0192A6F1323F441485657376F70FDB89891284C ] MBfilt          C:\WINDOWS\system32\drivers\MBfilt64.sys
14:46:42.0232 0x3158  MBfilt - ok
14:46:42.0234 0x3158  megasas - ok
14:46:42.0235 0x3158  megasr - ok
14:46:42.0239 0x3158  [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
14:46:42.0241 0x3158  MEIx64 - ok
14:46:42.0242 0x3158  mlx4_bus - ok
14:46:42.0244 0x3158  MMCSS - ok
14:46:42.0245 0x3158  Modem - ok
14:46:42.0247 0x3158  monitor - ok
14:46:42.0248 0x3158  mouclass - ok
14:46:42.0250 0x3158  mouhid - ok
14:46:42.0251 0x3158  mountmgr - ok
14:46:42.0253 0x3158  mpsdrv - ok
14:46:42.0254 0x3158  MpsSvc - ok
14:46:42.0257 0x3158  MQAC - ok
14:46:42.0259 0x3158  MRxDAV - ok
14:46:42.0260 0x3158  mrxsmb - ok
14:46:42.0261 0x3158  mrxsmb10 - ok
14:46:42.0263 0x3158  mrxsmb20 - ok
14:46:42.0264 0x3158  MsBridge - ok
14:46:42.0266 0x3158  MSDTC - ok
14:46:42.0268 0x3158  Msfs - ok
14:46:42.0270 0x3158  msgpiowin32 - ok
14:46:42.0272 0x3158  mshidkmdf - ok
14:46:42.0273 0x3158  mshidumdf - ok
14:46:42.0274 0x3158  msisadrv - ok
14:46:42.0276 0x3158  MSiSCSI - ok
14:46:42.0277 0x3158  msiserver - ok
14:46:42.0279 0x3158  MSKSSRV - ok
14:46:42.0280 0x3158  MsLldp - ok
14:46:42.0282 0x3158  MSMQ - ok
14:46:42.0283 0x3158  MSPCLOCK - ok
14:46:42.0285 0x3158  MSPQM - ok
14:46:42.0286 0x3158  MsRPC - ok
14:46:42.0290 0x3158  mssmbios - ok
14:46:42.0291 0x3158  MSTEE - ok
14:46:42.0293 0x3158  MTConfig - ok
14:46:42.0294 0x3158  Mup - ok
14:46:42.0295 0x3158  mvumis - ok
14:46:42.0298 0x3158  NativeWifiP - ok
14:46:42.0299 0x3158  NcaSvc - ok
14:46:42.0301 0x3158  NcbService - ok
14:46:42.0302 0x3158  NcdAutoSetup - ok
14:46:42.0304 0x3158  ndfltr - ok
14:46:42.0306 0x3158  NDIS - ok
14:46:42.0307 0x3158  NdisCap - ok
14:46:42.0309 0x3158  NdisImPlatform - ok
14:46:42.0310 0x3158  NdisTapi - ok
14:46:42.0311 0x3158  Ndisuio - ok
14:46:42.0313 0x3158  NdisVirtualBus - ok
14:46:42.0314 0x3158  NdisWan - ok
14:46:42.0316 0x3158  ndiswanlegacy - ok
14:46:42.0317 0x3158  ndproxy - ok
14:46:42.0319 0x3158  Ndu - ok
14:46:42.0320 0x3158  NetBIOS - ok
14:46:42.0323 0x3158  NetBT - ok
14:46:42.0324 0x3158  Netlogon - ok
14:46:42.0326 0x3158  Netman - ok
14:46:42.0329 0x3158  NetMsmqActivator - ok
14:46:42.0330 0x3158  NetPipeActivator - ok
14:46:42.0332 0x3158  netprofm - ok
14:46:42.0333 0x3158  NetSetupSvc - ok
14:46:42.0334 0x3158  NetTcpActivator - ok
14:46:42.0336 0x3158  NetTcpPortSharing - ok
14:46:42.0338 0x3158  netvsc - ok
14:46:42.0340 0x3158  NgcCtnrSvc - ok
14:46:42.0342 0x3158  NgcSvc - ok
14:46:42.0345 0x3158  [ 2F6ABF6376803BAB4E9F4E7D8E2FF84F, 6B60D6BD08E53B3ECF2B604C3169955EF7A22717446B3771A216A000F1D9D54A ] ngvss           C:\WINDOWS\system32\drivers\ngvss.sys
14:46:42.0348 0x3158  ngvss - ok
14:46:42.0350 0x3158  NlaSvc - ok
14:46:42.0351 0x3158  Npfs - ok
14:46:42.0353 0x3158  npsvctrig - ok
14:46:42.0355 0x3158  nsi - ok
14:46:42.0356 0x3158  nsiproxy - ok
14:46:42.0358 0x3158  NTFS - ok
14:46:42.0360 0x3158  Null - ok
14:46:42.0364 0x3158  [ 3EC9421780196DDA1A4C368BC7471778, FC5DEB52CAA76F968D3FF5F2418FA0A9DAC9E07BA5B259DEA5380759305F290E ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
14:46:42.0366 0x3158  NVHDA - ok
14:46:42.0535 0x3158  [ 9BE2E483F588B3A57C67352847037046, 1D0A4D86853C8A9188C4545842037F99DCC423CBA9DB68F51D10ACE302DE5AE2 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
14:46:42.0629 0x3158  nvlddmkm - ok
14:46:42.0660 0x3158  [ 1E3277F1C9F62F90488D02869A9522B7, 464870ACE9BDF7A6A9C46701209BEED5C33454CFF44CDABEAF871E06F23FEF17 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
14:46:42.0691 0x3158  NvNetworkService - ok
14:46:42.0691 0x3158  nvraid - ok
14:46:42.0691 0x3158  nvstor - ok
14:46:42.0691 0x3158  [ 59A8DE923619F3DC0C6C63DC33FB231E, 29D20EA3EB9599DE829A0630F2063D5DFD2263E9222CD4E3559725792D1454A5 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
14:46:42.0691 0x3158  NvStreamKms - ok
14:46:42.0785 0x3158  [ 9B4B3747C6756F49B986398A46EC1FE0, D0A25F07CBFB39B86DCB148A2EC8F01FDDD9B6D994418C54F49AA2B782CE9811 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
14:46:42.0848 0x3158  NvStreamNetworkSvc - ok
14:46:42.0910 0x3158  [ 266512CCC3B2E195CDE3A7A2C98A353A, DCB6C88A32FE3EE11D4FF242DE6E52B3C576C2EA4E4A5A245B4451CDEDCE94B0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
14:46:42.0957 0x3158  NvStreamSvc - ok
14:46:42.0973 0x3158  [ DFCCA437717EACA8418F47992A41B39A, E587A629B894EE6A16AC414747D492FFC6B6E9F051B40F7D25F0D4406E2FF919 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
14:46:42.0988 0x3158  nvsvc - ok
14:46:42.0988 0x3158  [ 64E8275CEAD43D3CA8E3A311B2F4B64A, 99E683890B9AF3243100B387317760B5F91745EF9F7FF2ABA2DC7B6551A6EAB6 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
14:46:42.0988 0x3158  nvvad_WaveExtensible - ok
14:46:43.0004 0x3158  nv_agp - ok
14:46:43.0006 0x3158  OneSyncSvc - ok
14:46:43.0103 0x3158  [ 40CB809645F1D0A93C535F9B0402F269, E683ED4ED824CE4E49715F23E3D3E8245B398D7A0D279E1F31470B9D7AF7E223 ] Origin Client Service D:\Program Files (x86)\Origin\OriginClientService.exe
14:46:43.0242 0x3158  Origin Client Service - ok
14:46:43.0258 0x3158  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:46:43.0258 0x3158  ose - ok
14:46:43.0258 0x3158  p2pimsvc - ok
14:46:43.0258 0x3158  p2psvc - ok
14:46:43.0258 0x3158  Parport - ok
14:46:43.0258 0x3158  partmgr - ok
14:46:43.0258 0x3158  PcaSvc - ok
14:46:43.0258 0x3158  pci - ok
14:46:43.0273 0x3158  pciide - ok
14:46:43.0274 0x3158  pcmcia - ok
14:46:43.0276 0x3158  pcw - ok
14:46:43.0277 0x3158  pdc - ok
14:46:43.0279 0x3158  PEAUTH - ok
14:46:43.0280 0x3158  percsas2i - ok
14:46:43.0282 0x3158  percsas3i - ok
14:46:43.0299 0x3158  PerfHost - ok
14:46:43.0303 0x3158  PimIndexMaintenanceSvc - ok
14:46:43.0306 0x3158  pla - ok
14:46:43.0307 0x3158  PlugPlay - ok
14:46:43.0309 0x3158  PNRPAutoReg - ok
14:46:43.0310 0x3158  PNRPsvc - ok
14:46:43.0312 0x3158  PolicyAgent - ok
14:46:43.0314 0x3158  Power - ok
14:46:43.0315 0x3158  PptpMiniport - ok
14:46:43.0361 0x3158  [ 12E2582F69ACA40A6BAE91DA578CBF34, 648C6394763906AA4163976DA2C3308F8B706486D9D8F16258CB1D61C2929930 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:46:43.0394 0x3158  PrintNotify - ok
14:46:43.0398 0x3158  Processor - ok
14:46:43.0400 0x3158  ProfSvc - ok
14:46:43.0401 0x3158  Psched - ok
14:46:43.0402 0x3158  QWAVE - ok
14:46:43.0404 0x3158  QWAVEdrv - ok
14:46:43.0406 0x3158  RasAcd - ok
14:46:43.0407 0x3158  RasAgileVpn - ok
14:46:43.0409 0x3158  RasAuto - ok
14:46:43.0410 0x3158  Rasl2tp - ok
14:46:43.0412 0x3158  RasMan - ok
14:46:43.0413 0x3158  RasPppoe - ok
14:46:43.0415 0x3158  RasSstp - ok
14:46:43.0416 0x3158  rdbss - ok
14:46:43.0418 0x3158  rdpbus - ok
14:46:43.0420 0x3158  RDPDR - ok
14:46:43.0423 0x3158  RdpVideoMiniport - ok
14:46:43.0425 0x3158  rdyboost - ok
14:46:43.0426 0x3158  ReFSv1 - ok
14:46:43.0428 0x3158  RemoteAccess - ok
14:46:43.0429 0x3158  RemoteRegistry - ok
14:46:43.0431 0x3158  RetailDemo - ok
14:46:43.0432 0x3158  RpcEptMapper - ok
14:46:43.0434 0x3158  RpcLocator - ok
14:46:43.0436 0x3158  RpcSs - ok
14:46:43.0437 0x3158  rspndr - ok
14:46:43.0451 0x3158  [ AC4CA62572CA516945AB92D6C9F501F4, 6CB4178DD1ED3D8224EA1F91CAA00AFBC756DCA2DFD71F399B05E511E79D5150 ] RTL8167         C:\WINDOWS\system32\DRIVERS\Rt64win7.sys
14:46:43.0460 0x3158  RTL8167 - ok
14:46:43.0463 0x3158  s3cap - ok
14:46:43.0464 0x3158  SamSs - ok
14:46:43.0466 0x3158  sbp2port - ok
14:46:43.0467 0x3158  SCardSvr - ok
14:46:43.0469 0x3158  ScDeviceEnum - ok
14:46:43.0471 0x3158  scfilter - ok
14:46:43.0472 0x3158  Schedule - ok
14:46:43.0474 0x3158  SCPolicySvc - ok
14:46:43.0476 0x3158  sdbus - ok
14:46:43.0477 0x3158  SDRSVC - ok
14:46:43.0479 0x3158  sdstor - ok
14:46:43.0480 0x3158  seclogon - ok
14:46:43.0482 0x3158  SENS - ok
14:46:43.0483 0x3158  SensorDataService - ok
14:46:43.0485 0x3158  SensorService - ok
14:46:43.0486 0x3158  SensrSvc - ok
14:46:43.0488 0x3158  SerCx - ok
14:46:43.0489 0x3158  SerCx2 - ok
14:46:43.0491 0x3158  Serenum - ok
14:46:43.0493 0x3158  Serial - ok
14:46:43.0494 0x3158  sermouse - ok
14:46:43.0498 0x3158  SessionEnv - ok
14:46:43.0500 0x3158  sfloppy - ok
14:46:43.0502 0x3158  SharedAccess - ok
14:46:43.0504 0x3158  ShellHWDetection - ok
14:46:43.0507 0x3158  SiSRaid2 - ok
14:46:43.0509 0x3158  SiSRaid4 - ok
14:46:43.0515 0x3158  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:46:43.0518 0x3158  SkypeUpdate - ok
14:46:43.0520 0x3158  smphost - ok
14:46:43.0522 0x3158  SmsRouter - ok
14:46:43.0526 0x3158  SNMPTRAP - ok
14:46:43.0527 0x3158  spaceport - ok
14:46:43.0529 0x3158  SpbCx - ok
14:46:43.0531 0x3158  Spooler - ok
14:46:43.0532 0x3158  sppsvc - ok
14:46:43.0533 0x3158  srv - ok
14:46:43.0535 0x3158  srv2 - ok
14:46:43.0537 0x3158  srvnet - ok
14:46:43.0539 0x3158  SSDPSRV - ok
14:46:43.0540 0x3158  SstpSvc - ok
14:46:43.0542 0x3158  StateRepository - ok
14:46:43.0554 0x3158  [ 81433E112B6BD31B59519BA31EF927DB, DD1776E5729F22C58A4969132E0C105B0E48672ADC4E8FD958A8D5A627596BBA ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:46:43.0562 0x3158  Steam Client Service - ok
14:46:43.0570 0x3158  [ D2B4376F9F36C5873A6CF99EF5750724, 2A5C12EE3657D4A6819080549ADFA3288E0DAC975114D9466DCCC3ED922D2539 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:46:43.0579 0x3158  Stereo Service - ok
14:46:43.0583 0x3158  stexstor - ok
14:46:43.0587 0x3158  stisvc - ok
14:46:43.0591 0x3158  storahci - ok
14:46:43.0595 0x3158  storflt - ok
14:46:43.0599 0x3158  stornvme - ok
14:46:43.0602 0x3158  storqosflt - ok
14:46:43.0604 0x3158  StorSvc - ok
14:46:43.0605 0x3158  storufs - ok
14:46:43.0607 0x3158  storvsc - ok
14:46:43.0609 0x3158  svsvc - ok
14:46:43.0618 0x3158  swenum - ok
14:46:43.0620 0x3158  swprv - ok
14:46:43.0624 0x3158  Synth3dVsc - ok
14:46:43.0625 0x3158  SysMain - ok
14:46:43.0627 0x3158  SystemEventsBroker - ok
14:46:43.0629 0x3158  TabletInputService - ok
14:46:43.0631 0x3158  TapiSrv - ok
14:46:43.0632 0x3158  Tcpip - ok
14:46:43.0634 0x3158  Tcpip6 - ok
14:46:43.0636 0x3158  tcpipreg - ok
14:46:43.0639 0x3158  tdx - ok
14:46:43.0640 0x3158  terminpt - ok
14:46:43.0642 0x3158  TermService - ok
14:46:43.0643 0x3158  Themes - ok
14:46:43.0645 0x3158  tiledatamodelsvc - ok
14:46:43.0647 0x3158  TimeBroker - ok
14:46:43.0648 0x3158  TPM - ok
14:46:43.0650 0x3158  TrkWks - ok
14:46:43.0651 0x3158  TrustedInstaller - ok
14:46:43.0654 0x3158  TsUsbFlt - ok
14:46:43.0655 0x3158  TsUsbGD - ok
14:46:43.0657 0x3158  tunnel - ok
14:46:43.0658 0x3158  uagp35 - ok
14:46:43.0660 0x3158  UASPStor - ok
14:46:43.0662 0x3158  UcmCx0101 - ok
14:46:43.0663 0x3158  UcmUcsi - ok
14:46:43.0665 0x3158  Ucx01000 - ok
14:46:43.0666 0x3158  UdeCx - ok
14:46:43.0668 0x3158  udfs - ok
14:46:43.0670 0x3158  UEFI - ok
14:46:43.0671 0x3158  Ufx01000 - ok
14:46:43.0673 0x3158  UfxChipidea - ok
14:46:43.0675 0x3158  ufxsynopsys - ok
14:46:43.0678 0x3158  UI0Detect - ok
14:46:43.0679 0x3158  uliagpkx - ok
14:46:43.0681 0x3158  umbus - ok
14:46:43.0683 0x3158  UmPass - ok
14:46:43.0684 0x3158  UmRdpService - ok
14:46:43.0686 0x3158  UnistoreSvc - ok
14:46:43.0690 0x3158  upnphost - ok
14:46:43.0692 0x3158  UrsChipidea - ok
14:46:43.0693 0x3158  UrsCx01000 - ok
14:46:43.0695 0x3158  UrsSynopsys - ok
14:46:43.0696 0x3158  usbaudio - ok
14:46:43.0698 0x3158  usbccgp - ok
14:46:43.0699 0x3158  usbcir - ok
14:46:43.0702 0x3158  usbehci - ok
14:46:43.0703 0x3158  usbhub - ok
14:46:43.0705 0x3158  USBHUB3 - ok
14:46:43.0707 0x3158  usbohci - ok
14:46:43.0708 0x3158  usbprint - ok
14:46:43.0711 0x3158  [ 923CA145CD0A9DFBA4CBBA60AB684C2C, EFAA1E730802490E9A53718D70484832A38345FE0A670937FC546FD245DF2CC9 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:46:43.0712 0x3158  usbscan - ok
14:46:43.0714 0x3158  usbser - ok
14:46:43.0716 0x3158  USBSTOR - ok
14:46:43.0718 0x3158  usbuhci - ok
14:46:43.0719 0x3158  usbvideo - ok
14:46:43.0721 0x3158  USBXHCI - ok
14:46:43.0723 0x3158  UserDataSvc - ok
14:46:43.0725 0x3158  UserManager - ok
14:46:43.0727 0x3158  UsoSvc - ok
14:46:43.0728 0x3158  VaultSvc - ok
14:46:43.0877 0x3158  [ EE639C5EAC1186B6ACF0FABD243F3E29, F80128BEE028BB274EE11401915DDABD033E0B8AEDCDDE426CBA00BD4B1278E5 ] VBoxAswDrv      D:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
14:46:43.0893 0x3158  VBoxAswDrv - ok
14:46:43.0900 0x3158  vdrvroot - ok
14:46:43.0900 0x3158  vds - ok
14:46:43.0916 0x3158  VerifierExt - ok
14:46:43.0916 0x3158  vhdmp - ok
14:46:43.0916 0x3158  vhf - ok
14:46:43.0916 0x3158  vmbus - ok
14:46:43.0931 0x3158  VMBusHID - ok
14:46:43.0931 0x3158  vmicguestinterface - ok
14:46:43.0931 0x3158  vmicheartbeat - ok
14:46:43.0940 0x3158  vmickvpexchange - ok
14:46:43.0943 0x3158  vmicrdv - ok
14:46:43.0945 0x3158  vmicshutdown - ok
14:46:43.0947 0x3158  vmictimesync - ok
14:46:43.0949 0x3158  vmicvmsession - ok
14:46:43.0952 0x3158  vmicvss - ok
14:46:43.0954 0x3158  volmgr - ok
14:46:43.0956 0x3158  volmgrx - ok
14:46:43.0959 0x3158  volsnap - ok
14:46:43.0961 0x3158  vpci - ok
14:46:43.0963 0x3158  vsmraid - ok
14:46:43.0964 0x3158  VSS - ok
14:46:43.0966 0x3158  VSTXRAID - ok
14:46:43.0968 0x3158  vwifibus - ok
14:46:43.0969 0x3158  vwififlt - ok
14:46:43.0971 0x3158  W32Time - ok
14:46:43.0973 0x3158  w3logsvc - ok
14:46:43.0975 0x3158  W3SVC - ok
14:46:43.0977 0x3158  WacomPen - ok
14:46:43.0978 0x3158  WalletService - ok
14:46:43.0980 0x3158  wanarp - ok
14:46:43.0982 0x3158  wanarpv6 - ok
14:46:43.0983 0x3158  WAS - ok
14:46:43.0985 0x3158  wbengine - ok
14:46:43.0987 0x3158  WbioSrvc - ok
14:46:43.0990 0x3158  Wcmsvc - ok
14:46:43.0991 0x3158  wcncsvc - ok
14:46:43.0993 0x3158  WcsPlugInService - ok
14:46:43.0995 0x3158  WdBoot - ok
14:46:43.0996 0x3158  Wdf01000 - ok
14:46:43.0998 0x3158  WdFilter - ok
14:46:44.0000 0x3158  WdiServiceHost - ok
14:46:44.0001 0x3158  WdiSystemHost - ok
14:46:44.0003 0x3158  wdiwifi - ok
14:46:44.0005 0x3158  WdNisDrv - ok
14:46:44.0007 0x3158  WdNisSvc - ok
14:46:44.0008 0x3158  WebClient - ok
14:46:44.0010 0x3158  Wecsvc - ok
14:46:44.0012 0x3158  WEPHOSTSVC - ok
14:46:44.0013 0x3158  wercplsupport - ok
14:46:44.0015 0x3158  WerSvc - ok
14:46:44.0017 0x3158  wfpcapture - ok
14:46:44.0018 0x3158  WFPLWFS - ok
14:46:44.0020 0x3158  WiaRpc - ok
14:46:44.0022 0x3158  WIMMount - ok
14:46:44.0024 0x3158  WinDefend - ok
14:46:44.0027 0x3158  WindowsTrustedRT - ok
14:46:44.0029 0x3158  WindowsTrustedRTProxy - ok
14:46:44.0031 0x3158  WinHttpAutoProxySvc - ok
14:46:44.0033 0x3158  WinMad - ok
14:46:44.0036 0x3158  Winmgmt - ok
14:46:44.0038 0x3158  WinRM - ok
14:46:44.0042 0x3158  WINUSB - ok
14:46:44.0043 0x3158  WinVerbs - ok
14:46:44.0045 0x3158  WlanSvc - ok
14:46:44.0047 0x3158  wlidsvc - ok
14:46:44.0049 0x3158  [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
14:46:44.0050 0x3158  WmBEnum - ok
14:46:44.0053 0x3158  WmiAcpi - ok
14:46:44.0055 0x3158  wmiApSrv - ok
14:46:44.0057 0x3158  WMPNetworkSvc - ok
14:46:44.0060 0x3158  [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
14:46:44.0062 0x3158  WmXlCore - ok
14:46:44.0063 0x3158  Wof - ok
14:46:44.0066 0x3158  workfolderssvc - ok
14:46:44.0068 0x3158  wpcfltr - ok
14:46:44.0071 0x3158  WPDBusEnum - ok
14:46:44.0074 0x3158  WpdUpFltr - ok
14:46:44.0076 0x3158  WpnService - ok
14:46:44.0077 0x3158  ws2ifsl - ok
14:46:44.0079 0x3158  wscsvc - ok
14:46:44.0081 0x3158  WSearch - ok
14:46:44.0083 0x3158  WSService - ok
14:46:44.0085 0x3158  wuauserv - ok
14:46:44.0087 0x3158  WudfPf - ok
14:46:44.0089 0x3158  WUDFRd - ok
14:46:44.0090 0x3158  wudfsvc - ok
14:46:44.0092 0x3158  WUDFWpdComp - ok
14:46:44.0094 0x3158  WUDFWpdFs - ok
14:46:44.0095 0x3158  WUDFWpdMtp - ok
14:46:44.0097 0x3158  WwanSvc - ok
14:46:44.0099 0x3158  XblAuthManager - ok
14:46:44.0101 0x3158  XblGameSave - ok
14:46:44.0102 0x3158  xboxgip - ok
14:46:44.0104 0x3158  XboxNetApiSvc - ok
14:46:44.0106 0x3158  xinputhid - ok
14:46:44.0109 0x3158  xusb22 - ok
14:46:44.0109 0x3158  ================ Scan global ===============================
14:46:44.0117 0x3158  [ Global ] - ok
14:46:44.0117 0x3158  ================ Scan MBR ==================================
14:46:44.0118 0x3158  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:46:44.0128 0x3158  \Device\Harddisk0\DR0 - ok
14:46:44.0150 0x3158  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:46:44.0159 0x3158  \Device\Harddisk1\DR1 - ok
14:46:44.0159 0x3158  ================ Scan VBR ==================================
14:46:44.0160 0x3158  [ 43A51478C485FE01E0B0DE47162F6E2D ] \Device\Harddisk0\DR0\Partition1
14:46:44.0161 0x3158  \Device\Harddisk0\DR0\Partition1 - ok
14:46:44.0163 0x3158  [ 3E91804FCE835E528269A7EBF552339F ] \Device\Harddisk0\DR0\Partition2
14:46:44.0163 0x3158  \Device\Harddisk0\DR0\Partition2 - ok
14:46:44.0164 0x3158  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
14:46:44.0164 0x3158  \Device\Harddisk0\DR0\Partition3 - ok
14:46:44.0166 0x3158  [ 2B7D5785DCA964BC6FC647CCC31C3BCB ] \Device\Harddisk0\DR0\Partition4
14:46:44.0167 0x3158  \Device\Harddisk0\DR0\Partition4 - ok
14:46:44.0168 0x3158  [ 9B25D2E73ACC648BB293521876CF4221 ] \Device\Harddisk0\DR0\Partition5
14:46:44.0168 0x3158  \Device\Harddisk0\DR0\Partition5 - ok
14:46:44.0170 0x3158  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
14:46:44.0170 0x3158  \Device\Harddisk1\DR1\Partition1 - ok
14:46:44.0177 0x3158  [ AD44CA2FB68A97C78FA8A94E4BB7900B ] \Device\Harddisk1\DR1\Partition2
14:46:44.0227 0x3158  \Device\Harddisk1\DR1\Partition2 - ok
14:46:44.0228 0x3158  ================ Scan generic autorun ======================
14:46:44.0323 0x3080  Object required for P2P: [ 99B993BD0F4C033D832B50D5E83BEBEC ] AdobeFlashPlayerUpdateSvc
14:46:44.0373 0x3158  [ 22EBD5AE3B3220D713E544D1D3AB3FEE, 9EF058B096DAA5C6242FBEB3DF509108180B1EB1EA252E63C437CF6C1B743BE0 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
14:46:44.0452 0x3158  RTHDVCPL - ok
14:46:44.0452 0x3158  MBCfg64 - ok
14:46:44.0483 0x3158  [ E445C0DB7E5E89C657FC89C0C4CCEDE5, ABD7A9B36CFD6740CE06456B152D9EB1856C11CD7FB2A34E06D63BAD0639B2A0 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
14:46:44.0514 0x3158  NvBackend - ok
14:46:44.0514 0x3158  ShadowPlay - ok
14:46:44.0530 0x3158  [ 4BA4EE813C494E70FF381DB39CEE3F39, 8AF9C9F680145FC2B2DC50317F708A27117BB240652E3EF3A728837DC7D5BB7B ] C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
14:46:44.0530 0x3158  Sound Blaster Cinema - ok
14:46:44.0530 0x3158  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
14:46:44.0530 0x3158  UpdReg - ok
14:46:44.0545 0x3158  [ BD2C0CDD525902E3033DAA8D08D0F015, F6B9F5356FA4264BCC708A41B7CECE92B1439598CB719F6CA25397E6C717B886 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
14:46:44.0545 0x3158  USB3MON - ok
14:46:44.0568 0x3158  [ 01D92A226791867F2DED688F25271905, E2B8F12C9675C8AA1BE96BB68570E40F6F62CA81B6BE6EC3FAACCD096F303D15 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
14:46:44.0578 0x3158  EEventManager - ok
14:46:44.0582 0x3158  [ 222AA1F2FB05FB3F8A46EAFE6EBDD730, BF051C1A6DA92A98946BCB37B7D768E809331D610CF9E7A792FEBB971C4F6BEB ] C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe
14:46:44.0583 0x3158  AvgUi - ok
14:46:44.0755 0x3158  [ 4AEF74758C3C19E3126CAA867ECE7DD8, 8F0261B145383C2E4C321498BC0D92420670D577316A4C93E02DAFCFAB7BE362 ] D:\Program Files\AVAST Software\Avast\AvastUI.exe
14:46:44.0819 0x3158  AvastUI.exe - ok
14:46:44.0835 0x3158  OneDriveSetup - ok
14:46:44.0835 0x3158  OneDriveSetup - ok
14:46:44.0851 0x3158  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\Agando\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:46:44.0851 0x3158  OneDrive - ok
14:46:44.0866 0x3158  [ 2287DAEA100837E40232FD9053F635D8, 8E905B8BC72F8DD6C7C71A7E04CD8D8EC1E9AD2B77EF5A48E089E439A75043D6 ] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE
14:46:44.0882 0x3158  EPLTarget\P0000000000000000 - ok
14:46:44.0882 0x3158  OneDriveSetup - ok
14:46:44.0882 0x3158  Waiting for KSN requests completion. In queue: 62
14:46:45.0898 0x3158  Waiting for KSN requests completion. In queue: 62
14:46:46.0773 0x3080  Object send P2P result: true
14:46:46.0773 0x3080  Object required for P2P: [ 501E11AE85EE28D305D228F5931AC76C ] avast! Antivirus
14:46:46.0913 0x3158  Waiting for KSN requests completion. In queue: 26
14:46:47.0929 0x3158  Waiting for KSN requests completion. In queue: 16
14:46:48.0945 0x3158  Waiting for KSN requests completion. In queue: 16
14:46:49.0179 0x3080  Object send P2P result: true
14:46:49.0179 0x3080  Object required for P2P: [ E479F4EB69228EB67F55776D7E962322 ] AvastVBoxSvc
14:46:49.0960 0x3158  Waiting for KSN requests completion. In queue: 15
14:46:50.0976 0x3158  Waiting for KSN requests completion. In queue: 15
14:46:51.0632 0x3080  Object send P2P result: true
14:46:52.0023 0x3158  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x60100 ( disabled : updated )
14:46:52.0039 0x3158  AV detected via SS2: avast! Antivirus, D:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41000 ( enabled : updated )
14:46:52.0054 0x3158  Win FW state via NFP2: enabled ( trusted )
14:46:54.0414 0x3158  ============================================================
14:46:54.0414 0x3158  Scan finished
14:46:54.0414 0x3158  ============================================================
14:46:54.0430 0x1700  Detected object count: 0
14:46:54.0430 0x1700  Actual detected object count: 0
14:47:20.0103 0x22e8  ============================================================
14:47:20.0103 0x22e8  Scan started
14:47:20.0103 0x22e8  Mode: Manual; 
14:47:20.0103 0x22e8  ============================================================
14:47:20.0103 0x22e8  KSN ping started
14:47:22.0385 0x22e8  KSN ping finished: true
14:47:22.0822 0x22e8  ================ Scan system memory ========================
14:47:22.0822 0x22e8  System memory - ok
14:47:22.0822 0x22e8  ================ Scan services =============================
14:47:22.0854 0x22e8  1394ohci - ok
14:47:22.0854 0x22e8  3ware - ok
14:47:22.0869 0x22e8  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
14:47:22.0869 0x22e8  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
14:47:22.0869 0x22e8  ACPI - ok
14:47:22.0869 0x22e8  acpiex - ok
14:47:22.0885 0x22e8  acpipagr - ok
14:47:22.0885 0x22e8  AcpiPmi - ok
14:47:22.0885 0x22e8  acpitime - ok
14:47:22.0891 0x22e8  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:47:22.0892 0x22e8  AdobeARMservice - ok
14:47:22.0919 0x22e8  [ 99B993BD0F4C033D832B50D5E83BEBEC, A091635B2B428A51400468353F52D3FF35095460D3FA8CB29E2C4A804D87B845 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:47:22.0927 0x22e8  AdobeFlashPlayerUpdateSvc - ok
14:47:22.0928 0x22e8  Object required for P2P: [ 99B993BD0F4C033D832B50D5E83BEBEC ] AdobeFlashPlayerUpdateSvc
14:47:25.0343 0x22e8  Object send P2P result: true
14:47:25.0358 0x22e8  ADP80XX - ok
14:47:25.0358 0x22e8  AFD - ok
14:47:25.0374 0x22e8  agp440 - ok
14:47:25.0374 0x22e8  ahcache - ok
14:47:25.0374 0x22e8  AJRouter - ok
14:47:25.0374 0x22e8  ALG - ok
14:47:25.0392 0x22e8  AmdK8 - ok
14:47:25.0394 0x22e8  AmdPPM - ok
14:47:25.0396 0x22e8  amdsata - ok
14:47:25.0398 0x22e8  amdsbs - ok
14:47:25.0400 0x22e8  amdxata - ok
14:47:25.0403 0x22e8  AppHostSvc - ok
14:47:25.0405 0x22e8  AppID - ok
14:47:25.0407 0x22e8  AppIDSvc - ok
14:47:25.0409 0x22e8  Appinfo - ok
14:47:25.0411 0x22e8  AppReadiness - ok
14:47:25.0413 0x22e8  AppXSvc - ok
14:47:25.0415 0x22e8  arcsas - ok
14:47:25.0424 0x22e8  aspnet_state - ok
14:47:25.0427 0x22e8  [ 7E66DFE6B62C6C34FD6B09DB6169E9F6, BCE908BBF35FD9471018BFC9DCE357529F558693692FF51DA868024F7FD0E868 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
14:47:25.0427 0x22e8  aswHwid - ok
14:47:25.0430 0x22e8  [ 1459AAD5C6A66A458C2D57EE6E080FA5, 6A3D6EBCE1EDCFE307DF915CB0C3183668848BCEAA71EA58AB0F4F650F8EABDA ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
14:47:25.0432 0x22e8  aswMonFlt - ok
14:47:25.0435 0x22e8  [ 0866D5FE02D614501B7B4AD5E1BC7B53, C34B4AF64DA9592EADC070C7A384070D564DCE3412337F671932A4818D8E12E8 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
14:47:25.0436 0x22e8  aswRdr - ok
14:47:25.0438 0x22e8  [ 0AA12ADF5F87B4A70BDBAED77F54B978, 2C33F656EC2E51493A40FF32A5C934E209CF1475A8B0F3573396E97F8A10A76A ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
14:47:25.0439 0x22e8  aswRvrt - ok
14:47:25.0454 0x22e8  [ 719B704109B933D819093CDDB156A7F1, 3FF75BFA8BBE5C4A817C8166BAD73B1E3C5609D6A1F0AE85B166E30DE61EB901 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
14:47:25.0465 0x22e8  aswSnx - ok
14:47:25.0473 0x22e8  [ 43F46E7D103F46EC345B1056BDD2A60B, 6F8D844F3EBFDC56A319758C88B2C87FBDE185E5B1E08F8627F29158F190DBFF ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
14:47:25.0477 0x22e8  aswSP - ok
14:47:25.0482 0x22e8  [ 219D0E2348629FAE4E6E3478C21B23D6, 3545F59A966F31CE949596629217FD4D7119162411073D4D811575620728AC68 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
14:47:25.0483 0x22e8  aswStm - ok
14:47:25.0489 0x22e8  [ 9949BBD5BB70C4D317B7549896132579, DD92AAD8530C04365C24BD540C909FBDCFC92B18CB6ABB0E655F360EBC4DCD1E ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
14:47:25.0492 0x22e8  aswVmm - ok
14:47:25.0493 0x22e8  AsyncMac - ok
14:47:25.0495 0x22e8  atapi - ok
14:47:25.0497 0x22e8  AudioEndpointBuilder - ok
14:47:25.0498 0x22e8  Audiosrv - ok
14:47:25.0588 0x22e8  [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:47:25.0601 0x22e8  avast! Antivirus - ok
14:47:25.0602 0x22e8  Object required for P2P: [ 501E11AE85EE28D305D228F5931AC76C ] avast! Antivirus
14:47:28.0020 0x22e8  Object send P2P result: true
14:47:28.0208 0x22e8  [ E479F4EB69228EB67F55776D7E962322, B4D7237C4523603531BF2AE2CDC0297262C92D4EFAF0FB138A4D713BE8E71978 ] AvastVBoxSvc    D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
14:47:28.0270 0x22e8  AvastVBoxSvc - ok
14:47:28.0270 0x22e8  Object required for P2P: [ E479F4EB69228EB67F55776D7E962322 ] AvastVBoxSvc
14:47:30.0692 0x22e8  Object send P2P result: true
14:47:30.0739 0x22e8  [ 05927BED96CF7E1DA308870C6D5C5792, 489AAADF6BEAAFDEA35F332507B889ED9878D7F7319530222A1629A08B49D1A4 ] avgsvc          C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
14:47:30.0770 0x22e8  avgsvc - ok
14:47:30.0770 0x22e8  AxInstSV - ok
14:47:30.0770 0x22e8  b06bdrv - ok
14:47:30.0770 0x22e8  BasicDisplay - ok
14:47:30.0770 0x22e8  BasicRender - ok
14:47:30.0770 0x22e8  bcmfn2 - ok
14:47:30.0770 0x22e8  BDESVC - ok
14:47:30.0786 0x22e8  Beep - ok
14:47:30.0793 0x22e8  [ BE43A13207D6428947248AF7EE05E772, 4118288ECD13B77738070DC298A64732693EEF9679CCFA59FD523CCAACF6335B ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
14:47:30.0798 0x22e8  BEService - ok
14:47:30.0800 0x22e8  BFE - ok
14:47:30.0801 0x22e8  BITS - ok
14:47:30.0803 0x22e8  bowser - ok
14:47:30.0806 0x22e8  [ 7487B46E104303E247F68D485C12326F, BAC6A4FFD5B4009B4B673479630FAA2784618438925DFB6489F07BF163188114 ] BRDriver64_1_3_3_E02B25FC C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys
14:47:30.0807 0x22e8  BRDriver64_1_3_3_E02B25FC - ok
14:47:30.0808 0x22e8  BrokerInfrastructure - ok
14:47:30.0810 0x22e8  Browser - ok
14:47:30.0815 0x22e8  [ 448917845F097FCE9D4554C3D2001EF3, BDCBEC01579D7CF28963E4E13CDC5B26E4B69CA24FA2CC4D6E24CAE0DDBCB3FE ] BRSptStub       C:\ProgramData\BitRaider\BRSptStub.exe
14:47:30.0819 0x22e8  BRSptStub - ok
14:47:30.0821 0x22e8  BthAvrcpTg - ok
14:47:30.0823 0x22e8  BthHFEnum - ok
14:47:30.0824 0x22e8  bthhfhid - ok
14:47:30.0826 0x22e8  BthHFSrv - ok
14:47:30.0827 0x22e8  BTHMODEM - ok
14:47:30.0830 0x22e8  bthserv - ok
14:47:30.0831 0x22e8  buttonconverter - ok
14:47:30.0833 0x22e8  CapImg - ok
14:47:30.0834 0x22e8  cdfs - ok
14:47:30.0835 0x22e8  CDPSvc - ok
14:47:30.0837 0x22e8  cdrom - ok
14:47:30.0840 0x22e8  CertPropSvc - ok
14:47:30.0842 0x22e8  circlass - ok
14:47:30.0843 0x22e8  CLFS - ok
14:47:30.0844 0x22e8  ClipSVC - ok
14:47:30.0848 0x22e8  CmBatt - ok
14:47:30.0850 0x22e8  CNG - ok
14:47:30.0851 0x22e8  cnghwassist - ok
14:47:30.0860 0x22e8  CompositeBus - ok
14:47:30.0862 0x22e8  COMSysApp - ok
14:47:30.0863 0x22e8  condrv - ok
14:47:30.0865 0x22e8  CoreMessagingRegistrar - ok
14:47:30.0868 0x22e8  CryptSvc - ok
14:47:30.0869 0x22e8  dam - ok
14:47:30.0871 0x22e8  dc1-controller - ok
14:47:30.0873 0x22e8  DcomLaunch - ok
14:47:30.0875 0x22e8  DcpSvc - ok
14:47:30.0876 0x22e8  defragsvc - ok
14:47:30.0878 0x22e8  DeviceAssociationService - ok
14:47:30.0879 0x22e8  DeviceInstall - ok
14:47:30.0880 0x22e8  DevQueryBroker - ok
14:47:30.0882 0x22e8  Dfsc - ok
14:47:30.0883 0x22e8  Dhcp - ok
14:47:30.0885 0x22e8  diagnosticshub.standardcollector.service - ok
14:47:30.0887 0x22e8  DiagTrack - ok
14:47:30.0889 0x22e8  disk - ok
14:47:30.0890 0x22e8  DmEnrollmentSvc - ok
14:47:30.0892 0x22e8  dmvsc - ok
14:47:30.0893 0x22e8  dmwappushservice - ok
14:47:30.0895 0x22e8  Dnscache - ok
14:47:30.0897 0x22e8  dot3svc - ok
14:47:30.0898 0x22e8  DPS - ok
14:47:30.0900 0x22e8  drmkaud - ok
14:47:30.0902 0x22e8  DsmSvc - ok
14:47:30.0903 0x22e8  DsSvc - ok
14:47:30.0905 0x22e8  DXGKrnl - ok
14:47:30.0906 0x22e8  Eaphost - ok
14:47:30.0908 0x22e8  ebdrv - ok
14:47:30.0909 0x22e8  EFS - ok
14:47:30.0911 0x22e8  EhStorClass - ok
14:47:30.0912 0x22e8  EhStorTcgDrv - ok
14:47:30.0913 0x22e8  embeddedmode - ok
14:47:30.0915 0x22e8  EntAppSvc - ok
14:47:30.0918 0x22e8  [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
14:47:30.0922 0x22e8  EpsonScanSvc - ok
14:47:30.0927 0x22e8  [ 2A60F7356E9149CF898A6232440F3738, ECF33DABC5287C1D8D163C5411C654F33C669AE0E3249D56BDA25F115C619B54 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
14:47:30.0929 0x22e8  EPSON_EB_RPCV4_04 - ok
14:47:30.0933 0x22e8  [ 194E8100D57FC13BEF88129BAAD07E46, 745D24ADD99ED182FCCA30C6B85167484B74D3EFD631AF92AA57AAD73F474631 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
14:47:30.0934 0x22e8  EPSON_PM_RPCV4_04 - ok
14:47:30.0936 0x22e8  ErrDev - ok
14:47:30.0939 0x22e8  [ 3B32CAA07D672F8A2E0DF5CB3A873F45, 09687E30FA5779C3593769D66CAEBED95C932746EDD6E83DABE3DCFD126AB5EC ] EsgScanner      C:\WINDOWS\system32\DRIVERS\EsgScanner.sys
14:47:30.0939 0x22e8  EsgScanner - ok
14:47:30.0942 0x22e8  EventSystem - ok
14:47:30.0943 0x22e8  exfat - ok
14:47:30.0945 0x22e8  fastfat - ok
14:47:30.0946 0x22e8  Fax - ok
14:47:30.0948 0x22e8  fcvsc - ok
14:47:30.0949 0x22e8  fdc - ok
14:47:30.0950 0x22e8  fdPHost - ok
14:47:30.0952 0x22e8  FDResPub - ok
14:47:30.0953 0x22e8  fhsvc - ok
14:47:30.0955 0x22e8  FileCrypt - ok
14:47:30.0956 0x22e8  FileInfo - ok
14:47:30.0958 0x22e8  Filetrace - ok
14:47:30.0959 0x22e8  flpydisk - ok
14:47:30.0961 0x22e8  FltMgr - ok
14:47:30.0962 0x22e8  FontCache - ok
14:47:30.0964 0x22e8  FontCache3.0.0.0 - ok
14:47:30.0966 0x22e8  FsDepends - ok
14:47:30.0967 0x22e8  Fs_Rec - ok
14:47:30.0969 0x22e8  fvevol - ok
14:47:30.0970 0x22e8  gagp30kx - ok
14:47:30.0974 0x22e8  gencounter - ok
14:47:30.0975 0x22e8  genericusbfn - ok
14:47:30.0991 0x22e8  [ 061CC5C12C39899D7398CFEBFD19F69F, 62319596863A74665FA801C305C952A0F20AAA0F1CDC2195F2F69D662790C80B ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
14:47:31.0002 0x22e8  GfExperienceService - ok
14:47:31.0005 0x22e8  GPIOClx0101 - ok
14:47:31.0007 0x22e8  gpsvc - ok
14:47:31.0008 0x22e8  GpuEnergyDrv - ok
14:47:31.0010 0x22e8  HDAudBus - ok
14:47:31.0012 0x22e8  HidBatt - ok
14:47:31.0013 0x22e8  HidBth - ok
14:47:31.0014 0x22e8  hidi2c - ok
14:47:31.0016 0x22e8  hidinterrupt - ok
14:47:31.0017 0x22e8  HidIr - ok
14:47:31.0019 0x22e8  hidserv - ok
14:47:31.0021 0x22e8  HidUsb - ok
14:47:31.0023 0x22e8  HomeGroupListener - ok
14:47:31.0024 0x22e8  HomeGroupProvider - ok
14:47:31.0025 0x22e8  HpSAMD - ok
14:47:31.0027 0x22e8  HTTP - ok
14:47:31.0028 0x22e8  hwpolicy - ok
14:47:31.0030 0x22e8  hyperkbd - ok
14:47:31.0031 0x22e8  HyperVideo - ok
14:47:31.0033 0x22e8  i8042prt - ok
14:47:31.0034 0x22e8  iaLPSSi_GPIO - ok
14:47:31.0036 0x22e8  iaLPSSi_I2C - ok
14:47:31.0037 0x22e8  iaStorAV - ok
14:47:31.0039 0x22e8  iaStorV - ok
14:47:31.0040 0x22e8  ibbus - ok
14:47:31.0042 0x22e8  icssvc - ok
14:47:31.0045 0x22e8  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:47:31.0046 0x22e8  IDriverT - ok
14:47:31.0048 0x22e8  IEEtwCollectorService - ok
14:47:31.0050 0x22e8  IKEEXT - ok
14:47:31.0112 0x22e8  [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
14:47:31.0156 0x22e8  IntcAzAudAddService - ok
14:47:31.0176 0x22e8  [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
14:47:31.0185 0x22e8  Intel(R) Capability Licensing Service TCP IP Interface - ok
14:47:31.0187 0x22e8  intelide - ok
14:47:31.0189 0x22e8  intelpep - ok
14:47:31.0190 0x22e8  intelppm - ok
14:47:31.0191 0x22e8  IoQos - ok
14:47:31.0193 0x22e8  IpFilterDriver - ok
14:47:31.0194 0x22e8  iphlpsvc - ok
14:47:31.0196 0x22e8  IPMIDRV - ok
14:47:31.0197 0x22e8  IPNAT - ok
14:47:31.0199 0x22e8  IRENUM - ok
14:47:31.0200 0x22e8  isapnp - ok
14:47:31.0202 0x22e8  iScsiPrt - ok
14:47:31.0205 0x22e8  [ 0B93A01F786F37A4B1EDE84E639FFF10, 8747109A2FA2B80C8C5F5B6D2372C1B0DA4F4BF9DC1D551195ADF0715C260223 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
14:47:31.0207 0x22e8  jhi_service - ok
14:47:31.0209 0x22e8  kbdclass - ok
14:47:31.0210 0x22e8  kbdhid - ok
14:47:31.0212 0x22e8  kdnic - ok
14:47:31.0213 0x22e8  KeyIso - ok
14:47:31.0215 0x22e8  KSecDD - ok
14:47:31.0216 0x22e8  KSecPkg - ok
14:47:31.0218 0x22e8  ksthunk - ok
14:47:31.0219 0x22e8  KtmRm - ok
14:47:31.0221 0x22e8  LanmanServer - ok
14:47:31.0224 0x22e8  LanmanWorkstation - ok
14:47:31.0226 0x22e8  lfsvc - ok
14:47:31.0227 0x22e8  LicenseManager - ok
14:47:31.0228 0x22e8  lltdio - ok
14:47:31.0230 0x22e8  lltdsvc - ok
14:47:31.0231 0x22e8  lmhosts - ok
14:47:31.0238 0x22e8  [ C31139E0907170E2A3FA8D19DCC23D35, C504E93D2018E9E487A428483C646C67B4ECE122560CF0FA49A1626E1509EEAE ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:47:31.0242 0x22e8  LMS - ok
14:47:31.0245 0x22e8  LSI_SAS - ok
14:47:31.0246 0x22e8  LSI_SAS2i - ok
14:47:31.0248 0x22e8  LSI_SAS3i - ok
14:47:31.0249 0x22e8  LSI_SSS - ok
14:47:31.0251 0x22e8  LSM - ok
14:47:31.0252 0x22e8  luafv - ok
14:47:31.0258 0x22e8  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
14:47:31.0262 0x22e8  LVRS64 - ok
14:47:31.0322 0x22e8  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
14:47:31.0367 0x22e8  LVUVC64 - ok
14:47:31.0375 0x22e8  MapsBroker - ok
14:47:31.0377 0x22e8  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:47:31.0378 0x22e8  MBAMProtector - ok
14:47:31.0487 0x22e8  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
14:47:31.0507 0x22e8  MBAMService - ok
14:47:31.0513 0x22e8  [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
14:47:31.0515 0x22e8  MBAMWebAccessControl - ok
14:47:31.0517 0x22e8  [ 81E515726AA8FC3DCED6517F30DD70CD, F667211FC6DACB883CAA7D13F0192A6F1323F441485657376F70FDB89891284C ] MBfilt          C:\WINDOWS\system32\drivers\MBfilt64.sys
14:47:31.0518 0x22e8  MBfilt - ok
14:47:31.0519 0x22e8  megasas - ok
14:47:31.0521 0x22e8  megasr - ok
14:47:31.0524 0x22e8  [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
14:47:31.0526 0x22e8  MEIx64 - ok
14:47:31.0528 0x22e8  mlx4_bus - ok
14:47:31.0529 0x22e8  MMCSS - ok
14:47:31.0530 0x22e8  Modem - ok
14:47:31.0532 0x22e8  monitor - ok
14:47:31.0533 0x22e8  mouclass - ok
14:47:31.0535 0x22e8  mouhid - ok
14:47:31.0536 0x22e8  mountmgr - ok
14:47:31.0539 0x22e8  mpsdrv - ok
14:47:31.0541 0x22e8  MpsSvc - ok
14:47:31.0542 0x22e8  MQAC - ok
14:47:31.0544 0x22e8  MRxDAV - ok
14:47:31.0545 0x22e8  mrxsmb - ok
14:47:31.0546 0x22e8  mrxsmb10 - ok
14:47:31.0548 0x22e8  mrxsmb20 - ok
14:47:31.0549 0x22e8  MsBridge - ok
14:47:31.0551 0x22e8  MSDTC - ok
14:47:31.0553 0x22e8  Msfs - ok
14:47:31.0555 0x22e8  msgpiowin32 - ok
14:47:31.0556 0x22e8  mshidkmdf - ok
14:47:31.0558 0x22e8  mshidumdf - ok
14:47:31.0559 0x22e8  msisadrv - ok
14:47:31.0561 0x22e8  MSiSCSI - ok
14:47:31.0562 0x22e8  msiserver - ok
14:47:31.0564 0x22e8  MSKSSRV - ok
14:47:31.0565 0x22e8  MsLldp - ok
14:47:31.0567 0x22e8  MSMQ - ok
14:47:31.0568 0x22e8  MSPCLOCK - ok
14:47:31.0569 0x22e8  MSPQM - ok
14:47:31.0572 0x22e8  MsRPC - ok
14:47:31.0575 0x22e8  mssmbios - ok
14:47:31.0576 0x22e8  MSTEE - ok
14:47:31.0577 0x22e8  MTConfig - ok
14:47:31.0579 0x22e8  Mup - ok
14:47:31.0580 0x22e8  mvumis - ok
14:47:31.0583 0x22e8  NativeWifiP - ok
14:47:31.0584 0x22e8  NcaSvc - ok
14:47:31.0586 0x22e8  NcbService - ok
14:47:31.0587 0x22e8  NcdAutoSetup - ok
14:47:31.0589 0x22e8  ndfltr - ok
14:47:31.0590 0x22e8  NDIS - ok
14:47:31.0591 0x22e8  NdisCap - ok
14:47:31.0593 0x22e8  NdisImPlatform - ok
14:47:31.0594 0x22e8  NdisTapi - ok
14:47:31.0596 0x22e8  Ndisuio - ok
14:47:31.0597 0x22e8  NdisVirtualBus - ok
14:47:31.0598 0x22e8  NdisWan - ok
14:47:31.0600 0x22e8  ndiswanlegacy - ok
14:47:31.0601 0x22e8  ndproxy - ok
14:47:31.0603 0x22e8  Ndu - ok
14:47:31.0606 0x22e8  NetBIOS - ok
14:47:31.0608 0x22e8  NetBT - ok
14:47:31.0609 0x22e8  Netlogon - ok
14:47:31.0611 0x22e8  Netman - ok
14:47:31.0614 0x22e8  NetMsmqActivator - ok
14:47:31.0615 0x22e8  NetPipeActivator - ok
14:47:31.0617 0x22e8  netprofm - ok
14:47:31.0619 0x22e8  NetSetupSvc - ok
14:47:31.0620 0x22e8  NetTcpActivator - ok
14:47:31.0622 0x22e8  NetTcpPortSharing - ok
14:47:31.0624 0x22e8  netvsc - ok
14:47:31.0626 0x22e8  NgcCtnrSvc - ok
14:47:31.0627 0x22e8  NgcSvc - ok
14:47:31.0631 0x22e8  [ 2F6ABF6376803BAB4E9F4E7D8E2FF84F, 6B60D6BD08E53B3ECF2B604C3169955EF7A22717446B3771A216A000F1D9D54A ] ngvss           C:\WINDOWS\system32\drivers\ngvss.sys
14:47:31.0633 0x22e8  ngvss - ok
14:47:31.0634 0x22e8  NlaSvc - ok
14:47:31.0636 0x22e8  Npfs - ok
14:47:31.0638 0x22e8  npsvctrig - ok
14:47:31.0639 0x22e8  nsi - ok
14:47:31.0640 0x22e8  nsiproxy - ok
14:47:31.0642 0x22e8  NTFS - ok
14:47:31.0644 0x22e8  Null - ok
14:47:31.0648 0x22e8  [ 3EC9421780196DDA1A4C368BC7471778, FC5DEB52CAA76F968D3FF5F2418FA0A9DAC9E07BA5B259DEA5380759305F290E ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
14:47:31.0651 0x22e8  NVHDA - ok
14:47:31.0829 0x22e8  [ 9BE2E483F588B3A57C67352847037046, 1D0A4D86853C8A9188C4545842037F99DCC423CBA9DB68F51D10ACE302DE5AE2 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
14:47:31.0923 0x22e8  nvlddmkm - ok
14:47:31.0970 0x22e8  [ 1E3277F1C9F62F90488D02869A9522B7, 464870ACE9BDF7A6A9C46701209BEED5C33454CFF44CDABEAF871E06F23FEF17 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
14:47:31.0985 0x22e8  NvNetworkService - ok
14:47:31.0985 0x22e8  nvraid - ok
14:47:31.0985 0x22e8  nvstor - ok
14:47:31.0985 0x22e8  [ 59A8DE923619F3DC0C6C63DC33FB231E, 29D20EA3EB9599DE829A0630F2063D5DFD2263E9222CD4E3559725792D1454A5 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
14:47:31.0985 0x22e8  NvStreamKms - ok
14:47:32.0098 0x22e8  [ 9B4B3747C6756F49B986398A46EC1FE0, D0A25F07CBFB39B86DCB148A2EC8F01FDDD9B6D994418C54F49AA2B782CE9811 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
14:47:32.0159 0x22e8  NvStreamNetworkSvc - ok
14:47:32.0224 0x22e8  [ 266512CCC3B2E195CDE3A7A2C98A353A, DCB6C88A32FE3EE11D4FF242DE6E52B3C576C2EA4E4A5A245B4451CDEDCE94B0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
14:47:32.0270 0x22e8  NvStreamSvc - ok
14:47:32.0290 0x22e8  [ DFCCA437717EACA8418F47992A41B39A, E587A629B894EE6A16AC414747D492FFC6B6E9F051B40F7D25F0D4406E2FF919 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
14:47:32.0304 0x22e8  nvsvc - ok
14:47:32.0307 0x22e8  [ 64E8275CEAD43D3CA8E3A311B2F4B64A, 99E683890B9AF3243100B387317760B5F91745EF9F7FF2ABA2DC7B6551A6EAB6 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
14:47:32.0308 0x22e8  nvvad_WaveExtensible - ok
14:47:32.0310 0x22e8  nv_agp - ok
14:47:32.0311 0x22e8  OneSyncSvc - ok
14:47:32.0440 0x22e8  [ 40CB809645F1D0A93C535F9B0402F269, E683ED4ED824CE4E49715F23E3D3E8245B398D7A0D279E1F31470B9D7AF7E223 ] Origin Client Service D:\Program Files (x86)\Origin\OriginClientService.exe
14:47:32.0471 0x22e8  Origin Client Service - ok
14:47:32.0471 0x22e8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:47:32.0471 0x22e8  ose - ok
14:47:32.0487 0x22e8  p2pimsvc - ok
14:47:32.0487 0x22e8  p2psvc - ok
14:47:32.0487 0x22e8  Parport - ok
14:47:32.0487 0x22e8  partmgr - ok
14:47:32.0487 0x22e8  PcaSvc - ok
14:47:32.0487 0x22e8  pci - ok
14:47:32.0487 0x22e8  pciide - ok
14:47:32.0502 0x22e8  pcmcia - ok
14:47:32.0502 0x22e8  pcw - ok
14:47:32.0506 0x22e8  pdc - ok
14:47:32.0507 0x22e8  PEAUTH - ok
14:47:32.0509 0x22e8  percsas2i - ok
14:47:32.0511 0x22e8  percsas3i - ok
14:47:32.0529 0x22e8  PerfHost - ok
14:47:32.0533 0x22e8  PimIndexMaintenanceSvc - ok
14:47:32.0535 0x22e8  pla - ok
14:47:32.0536 0x22e8  PlugPlay - ok
14:47:32.0538 0x22e8  PNRPAutoReg - ok
14:47:32.0539 0x22e8  PNRPsvc - ok
14:47:32.0541 0x22e8  PolicyAgent - ok
14:47:32.0543 0x22e8  Power - ok
14:47:32.0545 0x22e8  PptpMiniport - ok
14:47:32.0591 0x22e8  [ 12E2582F69ACA40A6BAE91DA578CBF34, 648C6394763906AA4163976DA2C3308F8B706486D9D8F16258CB1D61C2929930 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:47:32.0623 0x22e8  PrintNotify - ok
14:47:32.0629 0x22e8  Processor - ok
14:47:32.0631 0x22e8  ProfSvc - ok
14:47:32.0632 0x22e8  Psched - ok
14:47:32.0634 0x22e8  QWAVE - ok
14:47:32.0635 0x22e8  QWAVEdrv - ok
14:47:32.0637 0x22e8  RasAcd - ok
14:47:32.0638 0x22e8  RasAgileVpn - ok
14:47:32.0640 0x22e8  RasAuto - ok
14:47:32.0641 0x22e8  Rasl2tp - ok
14:47:32.0643 0x22e8  RasMan - ok
14:47:32.0644 0x22e8  RasPppoe - ok
14:47:32.0646 0x22e8  RasSstp - ok
14:47:32.0647 0x22e8  rdbss - ok
14:47:32.0649 0x22e8  rdpbus - ok
14:47:32.0651 0x22e8  RDPDR - ok
14:47:32.0654 0x22e8  RdpVideoMiniport - ok
14:47:32.0655 0x22e8  rdyboost - ok
14:47:32.0657 0x22e8  ReFSv1 - ok
14:47:32.0658 0x22e8  RemoteAccess - ok
14:47:32.0660 0x22e8  RemoteRegistry - ok
14:47:32.0662 0x22e8  RetailDemo - ok
14:47:32.0663 0x22e8  RpcEptMapper - ok
14:47:32.0665 0x22e8  RpcLocator - ok
14:47:32.0666 0x22e8  RpcSs - ok
14:47:32.0667 0x22e8  rspndr - ok
14:47:32.0680 0x22e8  [ AC4CA62572CA516945AB92D6C9F501F4, 6CB4178DD1ED3D8224EA1F91CAA00AFBC756DCA2DFD71F399B05E511E79D5150 ] RTL8167         C:\WINDOWS\system32\DRIVERS\Rt64win7.sys
14:47:32.0689 0x22e8  RTL8167 - ok
14:47:32.0691 0x22e8  s3cap - ok
14:47:32.0693 0x22e8  SamSs - ok
14:47:32.0695 0x22e8  sbp2port - ok
14:47:32.0696 0x22e8  SCardSvr - ok
14:47:32.0698 0x22e8  ScDeviceEnum - ok
14:47:32.0699 0x22e8  scfilter - ok
14:47:32.0701 0x22e8  Schedule - ok
14:47:32.0702 0x22e8  SCPolicySvc - ok
14:47:32.0704 0x22e8  sdbus - ok
14:47:32.0705 0x22e8  SDRSVC - ok
14:47:32.0707 0x22e8  sdstor - ok
14:47:32.0708 0x22e8  seclogon - ok
14:47:32.0710 0x22e8  SENS - ok
14:47:32.0711 0x22e8  SensorDataService - ok
14:47:32.0713 0x22e8  SensorService - ok
14:47:32.0714 0x22e8  SensrSvc - ok
14:47:32.0716 0x22e8  SerCx - ok
14:47:32.0717 0x22e8  SerCx2 - ok
14:47:32.0719 0x22e8  Serenum - ok
14:47:32.0722 0x22e8  Serial - ok
14:47:32.0724 0x22e8  sermouse - ok
14:47:32.0727 0x22e8  SessionEnv - ok
14:47:32.0730 0x22e8  sfloppy - ok
14:47:32.0732 0x22e8  SharedAccess - ok
14:47:32.0733 0x22e8  ShellHWDetection - ok
14:47:32.0735 0x22e8  SiSRaid2 - ok
14:47:32.0736 0x22e8  SiSRaid4 - ok
14:47:32.0744 0x22e8  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:47:32.0747 0x22e8  SkypeUpdate - ok
14:47:32.0749 0x22e8  smphost - ok
14:47:32.0751 0x22e8  SmsRouter - ok
14:47:32.0754 0x22e8  SNMPTRAP - ok
14:47:32.0756 0x22e8  spaceport - ok
14:47:32.0758 0x22e8  SpbCx - ok
14:47:32.0759 0x22e8  Spooler - ok
14:47:32.0760 0x22e8  sppsvc - ok
14:47:32.0762 0x22e8  srv - ok
14:47:32.0764 0x22e8  srv2 - ok
14:47:32.0765 0x22e8  srvnet - ok
14:47:32.0767 0x22e8  SSDPSRV - ok
14:47:32.0768 0x22e8  SstpSvc - ok
14:47:32.0770 0x22e8  StateRepository - ok
14:47:32.0782 0x22e8  [ 81433E112B6BD31B59519BA31EF927DB, DD1776E5729F22C58A4969132E0C105B0E48672ADC4E8FD958A8D5A627596BBA ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:47:32.0790 0x22e8  Steam Client Service - ok
14:47:32.0798 0x22e8  [ D2B4376F9F36C5873A6CF99EF5750724, 2A5C12EE3657D4A6819080549ADFA3288E0DAC975114D9466DCCC3ED922D2539 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:47:32.0802 0x22e8  Stereo Service - ok
14:47:32.0805 0x22e8  stexstor - ok
14:47:32.0807 0x22e8  stisvc - ok
14:47:32.0808 0x22e8  storahci - ok
14:47:32.0810 0x22e8  storflt - ok
14:47:32.0811 0x22e8  stornvme - ok
14:47:32.0813 0x22e8  storqosflt - ok
14:47:32.0815 0x22e8  StorSvc - ok
14:47:32.0816 0x22e8  storufs - ok
14:47:32.0818 0x22e8  storvsc - ok
14:47:32.0819 0x22e8  svsvc - ok
14:47:32.0828 0x22e8  swenum - ok
14:47:32.0830 0x22e8  swprv - ok
14:47:32.0832 0x22e8  Synth3dVsc - ok
14:47:32.0833 0x22e8  SysMain - ok
14:47:32.0835 0x22e8  SystemEventsBroker - ok
14:47:32.0837 0x22e8  TabletInputService - ok
14:47:32.0839 0x22e8  TapiSrv - ok
14:47:32.0841 0x22e8  Tcpip - ok
14:47:32.0842 0x22e8  Tcpip6 - ok
14:47:32.0845 0x22e8  tcpipreg - ok
14:47:32.0847 0x22e8  tdx - ok
14:47:32.0849 0x22e8  terminpt - ok
14:47:32.0850 0x22e8  TermService - ok
14:47:32.0852 0x22e8  Themes - ok
14:47:32.0854 0x22e8  tiledatamodelsvc - ok
14:47:32.0856 0x22e8  TimeBroker - ok
14:47:32.0857 0x22e8  TPM - ok
14:47:32.0859 0x22e8  TrkWks - ok
14:47:32.0860 0x22e8  TrustedInstaller - ok
14:47:32.0862 0x22e8  TsUsbFlt - ok
14:47:32.0864 0x22e8  TsUsbGD - ok
14:47:32.0866 0x22e8  tunnel - ok
14:47:32.0867 0x22e8  uagp35 - ok
14:47:32.0869 0x22e8  UASPStor - ok
14:47:32.0870 0x22e8  UcmCx0101 - ok
14:47:32.0874 0x22e8  UcmUcsi - ok
14:47:32.0875 0x22e8  Ucx01000 - ok
14:47:32.0877 0x22e8  UdeCx - ok
14:47:32.0878 0x22e8  udfs - ok
14:47:32.0880 0x22e8  UEFI - ok
14:47:32.0882 0x22e8  Ufx01000 - ok
14:47:32.0883 0x22e8  UfxChipidea - ok
14:47:32.0885 0x22e8  ufxsynopsys - ok
14:47:32.0888 0x22e8  UI0Detect - ok
14:47:32.0890 0x22e8  uliagpkx - ok
14:47:32.0891 0x22e8  umbus - ok
14:47:32.0893 0x22e8  UmPass - ok
14:47:32.0894 0x22e8  UmRdpService - ok
14:47:32.0896 0x22e8  UnistoreSvc - ok
14:47:32.0899 0x22e8  upnphost - ok
14:47:32.0900 0x22e8  UrsChipidea - ok
14:47:32.0902 0x22e8  UrsCx01000 - ok
14:47:32.0903 0x22e8  UrsSynopsys - ok
14:47:32.0905 0x22e8  usbaudio - ok
14:47:32.0907 0x22e8  usbccgp - ok
14:47:32.0908 0x22e8  usbcir - ok
14:47:32.0910 0x22e8  usbehci - ok
14:47:32.0912 0x22e8  usbhub - ok
14:47:32.0914 0x22e8  USBHUB3 - ok
14:47:32.0915 0x22e8  usbohci - ok
14:47:32.0917 0x22e8  usbprint - ok
14:47:32.0919 0x22e8  [ 923CA145CD0A9DFBA4CBBA60AB684C2C, EFAA1E730802490E9A53718D70484832A38345FE0A670937FC546FD245DF2CC9 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:47:32.0921 0x22e8  usbscan - ok
14:47:32.0922 0x22e8  usbser - ok
14:47:32.0924 0x22e8  USBSTOR - ok
14:47:32.0926 0x22e8  usbuhci - ok
14:47:32.0928 0x22e8  usbvideo - ok
14:47:32.0929 0x22e8  USBXHCI - ok
14:47:32.0931 0x22e8  UserDataSvc - ok
14:47:32.0934 0x22e8  UserManager - ok
14:47:32.0935 0x22e8  UsoSvc - ok
14:47:32.0937 0x22e8  VaultSvc - ok
14:47:33.0107 0x22e8  [ EE639C5EAC1186B6ACF0FABD243F3E29, F80128BEE028BB274EE11401915DDABD033E0B8AEDCDDE426CBA00BD4B1278E5 ] VBoxAswDrv      D:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
14:47:33.0122 0x22e8  VBoxAswDrv - ok
14:47:33.0122 0x22e8  vdrvroot - ok
14:47:33.0138 0x22e8  vds - ok
14:47:33.0138 0x22e8  VerifierExt - ok
14:47:33.0138 0x22e8  vhdmp - ok
14:47:33.0138 0x22e8  vhf - ok
14:47:33.0154 0x22e8  vmbus - ok
14:47:33.0154 0x22e8  VMBusHID - ok
14:47:33.0154 0x22e8  vmicguestinterface - ok
14:47:33.0154 0x22e8  vmicheartbeat - ok
14:47:33.0169 0x22e8  vmickvpexchange - ok
14:47:33.0171 0x22e8  vmicrdv - ok
14:47:33.0173 0x22e8  vmicshutdown - ok
14:47:33.0175 0x22e8  vmictimesync - ok
14:47:33.0176 0x22e8  vmicvmsession - ok
14:47:33.0178 0x22e8  vmicvss - ok
14:47:33.0180 0x22e8  volmgr - ok
14:47:33.0181 0x22e8  volmgrx - ok
14:47:33.0183 0x22e8  volsnap - ok
14:47:33.0185 0x22e8  vpci - ok
14:47:33.0186 0x22e8  vsmraid - ok
14:47:33.0188 0x22e8  VSS - ok
14:47:33.0190 0x22e8  VSTXRAID - ok
14:47:33.0192 0x22e8  vwifibus - ok
14:47:33.0193 0x22e8  vwififlt - ok
14:47:33.0195 0x22e8  W32Time - ok
14:47:33.0197 0x22e8  w3logsvc - ok
14:47:33.0199 0x22e8  W3SVC - ok
14:47:33.0200 0x22e8  WacomPen - ok
14:47:33.0202 0x22e8  WalletService - ok
14:47:33.0204 0x22e8  wanarp - ok
14:47:33.0205 0x22e8  wanarpv6 - ok
14:47:33.0207 0x22e8  WAS - ok
14:47:33.0209 0x22e8  wbengine - ok
14:47:33.0210 0x22e8  WbioSrvc - ok
14:47:33.0212 0x22e8  Wcmsvc - ok
14:47:33.0214 0x22e8  wcncsvc - ok
14:47:33.0216 0x22e8  WcsPlugInService - ok
14:47:33.0217 0x22e8  WdBoot - ok
14:47:33.0219 0x22e8  Wdf01000 - ok
14:47:33.0221 0x22e8  WdFilter - ok
14:47:33.0222 0x22e8  WdiServiceHost - ok
14:47:33.0224 0x22e8  WdiSystemHost - ok
14:47:33.0225 0x22e8  wdiwifi - ok
14:47:33.0227 0x22e8  WdNisDrv - ok
14:47:33.0229 0x22e8  WdNisSvc - ok
14:47:33.0231 0x22e8  WebClient - ok
14:47:33.0232 0x22e8  Wecsvc - ok
14:47:33.0234 0x22e8  WEPHOSTSVC - ok
14:47:33.0236 0x22e8  wercplsupport - ok
14:47:33.0238 0x22e8  WerSvc - ok
14:47:33.0239 0x22e8  wfpcapture - ok
14:47:33.0241 0x22e8  WFPLWFS - ok
14:47:33.0243 0x22e8  WiaRpc - ok
14:47:33.0245 0x22e8  WIMMount - ok
14:47:33.0246 0x22e8  WinDefend - ok
14:47:33.0249 0x22e8  WindowsTrustedRT - ok
14:47:33.0251 0x22e8  WindowsTrustedRTProxy - ok
14:47:33.0253 0x22e8  WinHttpAutoProxySvc - ok
14:47:33.0255 0x22e8  WinMad - ok
14:47:33.0259 0x22e8  Winmgmt - ok
14:47:33.0260 0x22e8  WinRM - ok
14:47:33.0264 0x22e8  WINUSB - ok
14:47:33.0265 0x22e8  WinVerbs - ok
14:47:33.0267 0x22e8  WlanSvc - ok
14:47:33.0269 0x22e8  wlidsvc - ok
14:47:33.0271 0x22e8  [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
14:47:33.0272 0x22e8  WmBEnum - ok
14:47:33.0275 0x22e8  WmiAcpi - ok
14:47:33.0277 0x22e8  wmiApSrv - ok
14:47:33.0279 0x22e8  WMPNetworkSvc - ok
14:47:33.0282 0x22e8  [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
14:47:33.0283 0x22e8  WmXlCore - ok
14:47:33.0285 0x22e8  Wof - ok
14:47:33.0289 0x22e8  workfolderssvc - ok
14:47:33.0291 0x22e8  wpcfltr - ok
14:47:33.0294 0x22e8  WPDBusEnum - ok
14:47:33.0295 0x22e8  WpdUpFltr - ok
14:47:33.0297 0x22e8  WpnService - ok
14:47:33.0299 0x22e8  ws2ifsl - ok
14:47:33.0301 0x22e8  wscsvc - ok
14:47:33.0302 0x22e8  WSearch - ok
14:47:33.0305 0x22e8  WSService - ok
14:47:33.0307 0x22e8  wuauserv - ok
14:47:33.0308 0x22e8  WudfPf - ok
14:47:33.0310 0x22e8  WUDFRd - ok
14:47:33.0312 0x22e8  wudfsvc - ok
14:47:33.0313 0x22e8  WUDFWpdComp - ok
14:47:33.0315 0x22e8  WUDFWpdFs - ok
14:47:33.0317 0x22e8  WUDFWpdMtp - ok
14:47:33.0319 0x22e8  WwanSvc - ok
14:47:33.0320 0x22e8  XblAuthManager - ok
14:47:33.0322 0x22e8  XblGameSave - ok
14:47:33.0324 0x22e8  xboxgip - ok
14:47:33.0326 0x22e8  XboxNetApiSvc - ok
14:47:33.0327 0x22e8  xinputhid - ok
14:47:33.0330 0x22e8  xusb22 - ok
14:47:33.0330 0x22e8  ================ Scan global ===============================
14:47:33.0337 0x22e8  [ Global ] - ok
14:47:33.0337 0x22e8  ================ Scan MBR ==================================
14:47:33.0338 0x22e8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:47:33.0346 0x22e8  \Device\Harddisk0\DR0 - ok
14:47:33.0367 0x22e8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:47:33.0376 0x22e8  \Device\Harddisk1\DR1 - ok
14:47:33.0376 0x22e8  ================ Scan VBR ==================================
14:47:33.0377 0x22e8  [ 43A51478C485FE01E0B0DE47162F6E2D ] \Device\Harddisk0\DR0\Partition1
14:47:33.0378 0x22e8  \Device\Harddisk0\DR0\Partition1 - ok
14:47:33.0379 0x22e8  [ 3E91804FCE835E528269A7EBF552339F ] \Device\Harddisk0\DR0\Partition2
14:47:33.0380 0x22e8  \Device\Harddisk0\DR0\Partition2 - ok
14:47:33.0381 0x22e8  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
14:47:33.0381 0x22e8  \Device\Harddisk0\DR0\Partition3 - ok
14:47:33.0382 0x22e8  [ 2B7D5785DCA964BC6FC647CCC31C3BCB ] \Device\Harddisk0\DR0\Partition4
14:47:33.0383 0x22e8  \Device\Harddisk0\DR0\Partition4 - ok
14:47:33.0384 0x22e8  [ 9B25D2E73ACC648BB293521876CF4221 ] \Device\Harddisk0\DR0\Partition5
14:47:33.0384 0x22e8  \Device\Harddisk0\DR0\Partition5 - ok
14:47:33.0386 0x22e8  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
14:47:33.0386 0x22e8  \Device\Harddisk1\DR1\Partition1 - ok
14:47:33.0394 0x22e8  [ AD44CA2FB68A97C78FA8A94E4BB7900B ] \Device\Harddisk1\DR1\Partition2
14:47:33.0444 0x22e8  \Device\Harddisk1\DR1\Partition2 - ok
14:47:33.0444 0x22e8  ================ Scan generic autorun ======================
14:47:33.0601 0x22e8  [ 22EBD5AE3B3220D713E544D1D3AB3FEE, 9EF058B096DAA5C6242FBEB3DF509108180B1EB1EA252E63C437CF6C1B743BE0 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
14:47:33.0679 0x22e8  RTHDVCPL - ok
14:47:33.0695 0x22e8  MBCfg64 - ok
14:47:33.0726 0x22e8  [ E445C0DB7E5E89C657FC89C0C4CCEDE5, ABD7A9B36CFD6740CE06456B152D9EB1856C11CD7FB2A34E06D63BAD0639B2A0 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
14:47:33.0742 0x22e8  NvBackend - ok
14:47:33.0757 0x22e8  ShadowPlay - ok
14:47:33.0757 0x22e8  [ 4BA4EE813C494E70FF381DB39CEE3F39, 8AF9C9F680145FC2B2DC50317F708A27117BB240652E3EF3A728837DC7D5BB7B ] C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
14:47:33.0773 0x22e8  Sound Blaster Cinema - ok
14:47:33.0773 0x22e8  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
14:47:33.0773 0x22e8  UpdReg - ok
14:47:33.0773 0x22e8  [ BD2C0CDD525902E3033DAA8D08D0F015, F6B9F5356FA4264BCC708A41B7CECE92B1439598CB719F6CA25397E6C717B886 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
14:47:33.0773 0x22e8  USB3MON - ok
14:47:33.0804 0x22e8  [ 01D92A226791867F2DED688F25271905, E2B8F12C9675C8AA1BE96BB68570E40F6F62CA81B6BE6EC3FAACCD096F303D15 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
14:47:33.0804 0x22e8  EEventManager - ok
14:47:33.0804 0x22e8  [ 222AA1F2FB05FB3F8A46EAFE6EBDD730, BF051C1A6DA92A98946BCB37B7D768E809331D610CF9E7A792FEBB971C4F6BEB ] C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe
14:47:33.0820 0x22e8  AvgUi - ok
14:47:33.0976 0x22e8  [ 4AEF74758C3C19E3126CAA867ECE7DD8, 8F0261B145383C2E4C321498BC0D92420670D577316A4C93E02DAFCFAB7BE362 ] D:\Program Files\AVAST Software\Avast\AvastUI.exe
14:47:34.0054 0x22e8  AvastUI.exe - ok
14:47:34.0070 0x22e8  OneDriveSetup - ok
14:47:34.0070 0x22e8  OneDriveSetup - ok
14:47:34.0085 0x22e8  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\Agando\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:47:34.0085 0x22e8  OneDrive - ok
14:47:34.0101 0x22e8  [ 2287DAEA100837E40232FD9053F635D8, 8E905B8BC72F8DD6C7C71A7E04CD8D8EC1E9AD2B77EF5A48E089E439A75043D6 ] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE
14:47:34.0101 0x22e8  EPLTarget\P0000000000000000 - ok
14:47:34.0101 0x22e8  OneDriveSetup - ok
14:47:34.0101 0x22e8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x60100 ( disabled : updated )
14:47:34.0101 0x22e8  AV detected via SS2: avast! Antivirus, D:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41000 ( enabled : updated )
14:47:34.0101 0x22e8  Win FW state via NFP2: enabled ( trusted )
14:47:36.0445 0x22e8  ============================================================
14:47:36.0445 0x22e8  Scan finished
14:47:36.0445 0x22e8  ============================================================
14:47:36.0445 0x32e0  Detected object count: 0
14:47:36.0445 0x32e0  Actual detected object count: 0

Die MBAM Datei hab ich leider nichtmehr.

M-K-D-B · 21.03.2016, 23:14

Servus,

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

Kashkuul · 23.03.2016, 11:16

Code:

ATTFilter

# AdwCleaner v5.105 - Bericht erstellt am 23/03/2016 um 10:59:49
# Aktualisiert am 21/03/2016 von Xplode
# Datenbank : 2016-03-23.1 [Server]
# Betriebssystem : Windows 10 Home  (x64)
# Benutzername : Agando - CRISSDEE
# Gestartet von : C:\Users\Agando\Downloads\AdwCleaner_5.105.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\27d39f8d6e33a519ab538e328645a3e1

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [995 Bytes] - [23/03/2016 10:59:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [916 Bytes] - [23/03/2016 10:58:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1139 Bytes] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 23.03.2016
Suchlaufzeit: 11:04
Protokolldatei: mbam datei.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.03.23.02
Rootkit-Datenbank: v2016.03.12.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Agando

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 420285
Abgelaufene Zeit: 3 Min., 58 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64 
Ran by Agando (Administrator) on 23.03.2016 at 11:10:29,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.03.2016 at 11:10:55,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von Agando (Administrator) auf CRISSDEE (23-03-2016 11:14:02)
Gestartet von C:\Users\Agando\Downloads
Geladene Profile: Agando (Verfügbare Profile: Agando & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Agando\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Farbar) C:\Users\Agando\Downloads\FRST64 (1).exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-06] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d4b64fcf-d39c-4384-989f-d42fc6cc67c9}: [DhcpNameServer] 192.168.2.1
ManualProxies: 

Internet Explorer:
==================
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)

FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\searchplugins\google-images.xml [2015-01-19]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\searchplugins\google-maps.xml [2015-01-19]
FF Extension: Cliqz - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\Extensions\cliqz@cliqz.com.xpi [2015-09-12] [ist nicht signiert]
FF HKU\S-1-5-21-4051605010-858179373-924828543-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\extensions\cliqz@cliqz.com => nicht gefunden

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2015-01-01] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-12-28] (BitRaider, LLC)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-28] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-12-28] (BitRaider)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-17] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-23 11:13 - 2016-03-23 11:14 - 00000000 ____D C:\FRST
2016-03-23 11:13 - 2016-03-23 11:13 - 02374144 _____ (Farbar) C:\Users\Agando\Downloads\FRST64 (1).exe
2016-03-23 11:10 - 2016-03-23 11:10 - 00000548 _____ C:\Users\Agando\Desktop\JRT.txt
2016-03-23 11:09 - 2016-03-23 11:10 - 01610352 _____ (Malwarebytes) C:\Users\Agando\Downloads\JRT.exe
2016-03-23 11:08 - 2016-03-23 11:08 - 00001202 _____ C:\Users\Agando\Desktop\mbam datei.txt
2016-03-23 11:02 - 2016-03-23 11:02 - 22851472 _____ (Malwarebytes ) C:\Users\Agando\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-23 11:00 - 2016-03-23 11:00 - 00016148 _____ C:\WINDOWS\system32\CRISSDEE_Agando_HistoryPrediction.bin
2016-03-23 10:57 - 2016-03-23 10:59 - 00000000 ____D C:\AdwCleaner
2016-03-23 10:57 - 2016-03-23 10:57 - 01530368 _____ C:\Users\Agando\Downloads\AdwCleaner_5.105.exe
2016-03-21 15:10 - 2016-03-21 15:10 - 00000000 ____D C:\Users\Agando\Documents\The Witcher 3
2016-03-21 14:46 - 2016-03-21 14:46 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Agando\Downloads\tdsskiller.exe
2016-03-21 14:42 - 2016-03-23 11:14 - 00011570 _____ C:\Users\Agando\Downloads\FRST.txt
2016-03-21 14:42 - 2016-03-21 14:42 - 00058066 _____ C:\Users\Agando\Downloads\Addition.txt
2016-03-21 14:41 - 2016-03-21 14:41 - 02374144 _____ (Farbar) C:\Users\Agando\Downloads\FRST64.exe
2016-03-21 14:34 - 2016-03-23 11:01 - 00000000 ____D C:\Users\Agando\AppData\Local\CrashDumps
2016-03-20 19:59 - 2016-03-20 19:59 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-20 19:59 - 2016-01-12 05:40 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-03-20 19:59 - 2015-12-18 07:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-03-18 00:49 - 2016-03-18 00:49 - 00003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-03-18 00:49 - 2016-03-18 00:49 - 00000824 _____ C:\DelFix.txt
2016-03-18 00:49 - 2016-03-18 00:49 - 00000000 ____D C:\WINDOWS\ERUNT
2016-03-17 21:38 - 2016-03-17 21:38 - 00003040 _____ C:\WINDOWS\System32\Tasks\avast! Windows 10 Start Menu helper
2016-03-17 13:23 - 2016-03-17 13:23 - 05066104 _____ (AVAST Software) C:\Users\Agando\Downloads\avast_free_antivirus_setup_online.exe
2016-03-17 13:06 - 2016-03-17 13:06 - 00000000 _____ C:\autoexec.bat
2016-03-17 13:05 - 2016-03-17 13:05 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Agando\Downloads\SpyHunter-Installer.exe
2016-03-17 13:05 - 2016-03-17 13:05 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-03-17 12:21 - 2016-03-17 12:21 - 00001590 _____ C:\Users\Agando\Desktop\iexplore - Verknüpfung.lnk
2016-03-17 12:00 - 2016-03-23 11:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-17 12:00 - 2016-03-23 11:03 - 00000896 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-03-17 12:00 - 2016-03-23 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-17 12:00 - 2016-03-17 12:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-17 12:00 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-17 12:00 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-17 12:00 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-17 00:34 - 2016-03-17 00:34 - 00000080 _____ C:\Users\Agando\Downloads\longplayer.m3u
2016-03-16 17:12 - 2016-03-16 17:12 - 00000233 _____ C:\Users\Agando\Desktop\Tom Clancy's The Division.url
2016-03-16 17:11 - 2016-03-16 22:50 - 00000000 ____D C:\Users\Agando\AppData\Local\Ubisoft Game Launcher
2016-03-16 17:11 - 2016-03-16 17:11 - 00000985 _____ C:\Users\Agando\Desktop\Uplay.lnk
2016-03-16 17:11 - 2016-03-16 17:11 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-03-16 17:09 - 2016-03-16 17:11 - 64509088 _____ (Ubisoft) C:\Users\Agando\Downloads\UplayInstaller.exe
2016-03-16 16:46 - 2016-03-16 16:46 - 00003772 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade
2016-03-16 15:59 - 2016-03-16 15:59 - 00137728 _____ C:\WINDOWS\68eccf12c10b0d5cd9dea67c1006a7dc.exe
2016-03-09 18:29 - 2016-02-23 11:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 18:28 - 2016-02-23 15:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 18:28 - 2016-02-23 15:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-09 18:28 - 2016-02-23 15:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-09 18:28 - 2016-02-23 15:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 18:28 - 2016-02-23 15:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 18:28 - 2016-02-23 15:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 18:28 - 2016-02-23 15:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-09 18:28 - 2016-02-23 15:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-09 18:28 - 2016-02-23 15:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 18:28 - 2016-02-23 15:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 18:28 - 2016-02-23 15:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-09 18:28 - 2016-02-23 15:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-09 18:28 - 2016-02-23 15:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 18:28 - 2016-02-23 15:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-09 18:28 - 2016-02-23 15:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 18:28 - 2016-02-23 15:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-09 18:28 - 2016-02-23 15:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-09 18:28 - 2016-02-23 15:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 18:28 - 2016-02-23 15:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-09 18:28 - 2016-02-23 14:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 18:28 - 2016-02-23 14:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 18:28 - 2016-02-23 14:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 18:28 - 2016-02-23 14:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 18:28 - 2016-02-23 14:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 18:28 - 2016-02-23 14:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 18:28 - 2016-02-23 14:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 18:28 - 2016-02-23 14:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-09 18:28 - 2016-02-23 14:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-09 18:28 - 2016-02-23 14:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 18:28 - 2016-02-23 14:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-09 18:28 - 2016-02-23 13:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-09 18:28 - 2016-02-23 13:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-09 18:28 - 2016-02-23 13:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-09 18:28 - 2016-02-23 13:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 18:28 - 2016-02-23 13:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-09 18:28 - 2016-02-23 13:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-09 18:28 - 2016-02-23 13:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 18:28 - 2016-02-23 13:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-09 18:28 - 2016-02-23 13:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 18:28 - 2016-02-23 13:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-09 18:28 - 2016-02-23 13:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-09 18:28 - 2016-02-23 13:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 18:28 - 2016-02-23 13:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 18:28 - 2016-02-23 13:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-09 18:28 - 2016-02-23 12:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-09 18:28 - 2016-02-23 12:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-09 18:28 - 2016-02-23 12:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-09 18:28 - 2016-02-23 12:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 18:28 - 2016-02-23 12:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 18:28 - 2016-02-23 12:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 18:28 - 2016-02-23 12:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 18:28 - 2016-02-23 12:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 18:28 - 2016-02-23 12:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-09 18:28 - 2016-02-23 12:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-09 18:28 - 2016-02-23 12:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-09 18:28 - 2016-02-23 12:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 18:28 - 2016-02-23 12:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 18:28 - 2016-02-23 12:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-09 18:28 - 2016-02-23 12:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-09 18:28 - 2016-02-23 12:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-09 18:28 - 2016-02-23 12:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 18:28 - 2016-02-23 12:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 18:28 - 2016-02-23 12:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 18:28 - 2016-02-23 12:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 18:28 - 2016-02-23 12:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 18:28 - 2016-02-23 11:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 18:28 - 2016-02-23 11:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 18:28 - 2016-02-23 11:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 18:28 - 2016-02-23 11:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 18:28 - 2016-02-23 11:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 18:28 - 2016-02-23 11:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 18:28 - 2016-02-23 11:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 18:28 - 2016-02-23 11:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-09 18:28 - 2016-02-23 11:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 18:28 - 2016-02-23 11:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 18:28 - 2016-02-23 11:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-09 18:28 - 2016-02-23 11:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 18:28 - 2016-02-23 11:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-09 18:28 - 2016-02-23 11:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 18:28 - 2016-02-23 11:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 18:28 - 2016-02-23 11:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 18:28 - 2016-02-23 11:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 18:28 - 2016-02-23 11:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 18:28 - 2016-02-23 11:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 18:28 - 2016-02-23 10:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 13:12 - 2016-03-09 13:12 - 00051111 _____ C:\Users\Agando\Downloads\Kontoauszug_3018300__Nr.0032016_vom_04.03.2016_20160309011223.pdf
2016-03-09 13:12 - 2016-03-09 13:12 - 00041968 _____ C:\Users\Agando\Downloads\Entgeltinformationen_3018300_vom_04.03.2016_20160309011201.pdf
2016-02-27 08:40 - 2016-02-27 08:40 - 00000000 ____D C:\Users\Agando\AppData\LocalLow\E_Line Media
2016-02-27 08:40 - 2016-02-27 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2016-02-27 08:40 - 2016-02-27 08:40 - 00000000 ____D C:\Program Files (x86)\LAV Filters
2016-02-26 20:32 - 2016-02-26 20:32 - 00248012 _____ C:\Users\Agando\Downloads\Rechnung.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-23 11:07 - 2015-08-05 22:11 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-23 11:07 - 2015-07-10 17:34 - 00883584 _____ C:\WINDOWS\system32\perfh007.dat
2016-03-23 11:07 - 2015-07-10 17:34 - 00195718 _____ C:\WINDOWS\system32\perfc007.dat
2016-03-23 11:07 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2016-03-23 11:01 - 2015-08-05 22:17 - 00000000 ___RD C:\Users\Agando\OneDrive
2016-03-23 11:00 - 2015-08-05 22:10 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-23 11:00 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-23 11:00 - 2015-07-10 10:05 - 07864320 ___SH C:\WINDOWS\system32\config\BBI
2016-03-23 10:57 - 2015-10-03 13:30 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{18605A33-42D8-4679-A8CF-DAEB4265BBD2}
2016-03-23 10:57 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-23 10:57 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-23 01:45 - 2015-01-10 14:48 - 00000000 ____D C:\Users\Agando\AppData\Roaming\TS3Client
2016-03-23 01:22 - 2014-12-27 20:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-21 15:10 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-21 14:58 - 2014-12-26 15:28 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-20 19:59 - 2015-08-05 22:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-20 19:59 - 2014-11-25 16:03 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-03-20 19:59 - 2014-11-25 16:02 - 00000000 ____D C:\Users\Agando\AppData\Local\NVIDIA
2016-03-20 04:25 - 2015-08-05 22:11 - 00000000 ____D C:\Users\Agando
2016-03-18 20:59 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-18 20:59 - 2014-11-25 15:33 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-18 19:04 - 2014-12-26 15:29 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-03-18 19:04 - 2014-12-26 15:29 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-03-17 23:44 - 2014-12-27 20:29 - 00000000 ____D C:\Users\Agando\AppData\Local\Battle.net
2016-03-17 22:53 - 2014-12-27 20:29 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Battle.net
2016-03-17 22:53 - 2014-12-27 20:27 - 00000000 ____D C:\ProgramData\Battle.net
2016-03-17 12:58 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Globalization
2016-03-17 12:09 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Web
2016-03-17 11:51 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-17 00:34 - 2016-01-20 15:11 - 00000000 ____D C:\Users\Agando\AppData\Roaming\vlc
2016-03-16 22:09 - 2015-02-03 13:41 - 00000000 ____D C:\Users\Agando\Documents\My Games
2016-03-16 16:06 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-15 20:41 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-15 20:08 - 2015-08-05 22:17 - 00002424 _____ C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-14 12:18 - 2015-08-05 22:16 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-14 12:18 - 2015-07-10 13:20 - 00293976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-14 12:17 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-14 12:17 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-14 12:17 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-14 12:17 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 17:25 - 2014-11-26 18:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 17:24 - 2014-11-26 18:27 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 18:34 - 2015-11-02 22:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-08 08:10 - 2015-07-10 12:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:10 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-26 09:35 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2016-02-24 17:10 - 2015-12-25 17:46 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Little Inferno

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-11-25 16:08 - 2014-11-25 16:09 - 1065984 _____ () C:\Users\Agando\AppData\Local\file__0.localstorage
2015-08-21 08:05 - 2015-08-21 08:05 - 0003881 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel

Einige Dateien in TEMP:
====================
C:\Users\Agando\AppData\Local\Temp\prog.exe
C:\Users\Agando\AppData\Local\Temp\sqlite3.dll
C:\Users\Agando\AppData\Local\Temp\upd.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-03-22 16:54

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Agando (2016-03-23 11:14:23)
Gestartet von C:\Users\Agando\Downloads
Windows 10 Home (X64) (2015-08-05 21:16:12)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4051605010-858179373-924828543-500 - Administrator - Disabled)
Agando (S-1-5-21-4051605010-858179373-924828543-1000 - Administrator - Enabled) => C:\Users\Agando
DefaultAccount (S-1-5-21-4051605010-858179373-924828543-503 - Limited - Disabled)
Gast (S-1-5-21-4051605010-858179373-924828543-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4051605010-858179373-924828543-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Anno 1404: Venice (HKLM-x32\...\Steam App 33350) (Version:  - Blue Byte)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Benutzerhandbuch EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Useg) (Version:  - )
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Champions Online: Free For All (HKLM-x32\...\Steam App 9880) (Version:  - Cryptic Studios)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Godus (HKLM-x32\...\Steam App 232810) (Version:  - 22cans)
HELLDIVERS™ (HKLM-x32\...\Steam App 394510) (Version:  - Arrowhead Game Studios)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - Tomorrow Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Netzwerkhandbuch EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Netg) (Version:  - )
Never Alone (Kisima Ingitchuna) (HKLM-x32\...\Steam App 295790) (Version:  - Upper One Games)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OMC ModPack Client Version 1.2.4.8 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.2.4.8 - Odem Mortis)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Sniper Elite: Zombie Army (HKLM-x32\...\Steam App 235700) (Version:  - Rebellion)
SOMA (HKLM-x32\...\1439487606_is1) (Version: 2.0.0.1 - GOG.com)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version:  - KING Art)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WISO steuer:Start 2015 (HKLM-x32\...\{E0B7D5F9-3053-4C15-A6CB-09FAC67AC5E4}) (Version: 22.00.8811 - Buhl Data Service GmbH)
World of Tanks (HKU\S-1-5-21-4051605010-858179373-924828543-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4051605010-858179373-924828543-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Agando\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {039EFE82-6962-4455-8184-763AF380826A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {0E99F39E-2780-4CA4-BFC4-9537B3C38118} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {186453A6-E5AD-4D1D-882F-67161E43C5F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {22F022D7-297C-4EFD-B989-1D35D38A226E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {2889C580-448C-478D-B3F9-70424E5575F3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2E6F3B51-DC17-4009-B9D5-99B0880C912A} - System32\Tasks\avast! Windows 10 Start Menu helper => d:\program files\avast software\avast\asww10mon.exe
Task: {34122DBF-4E67-4306-88F9-C2032AAC9317} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3C64AF12-143B-4797-A4C1-B737F3A71D48} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4097B4F4-3593-447F-82A7-1DDB13B8A029} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {46E830D0-88F7-4D68-8A83-A1F46577797A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {70769355-75E2-4355-9DF2-3AFB60C1AB68} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {726AC3F9-FABA-4C5B-B40D-D075DA4199FB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {7C9DD853-EADA-4655-89F3-5D76622BA9C8} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {83CC47CD-124B-43B7-A889-35EFBA289EA2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {873B7D6D-F27F-47D3-980C-7F670715D230} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {87F13E50-A762-4B94-AE32-BF8948ECEF04} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9019FCF4-67CA-4488-B3AC-660D9792C464} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {925C1CC8-5CF9-4B2E-B480-6B93A1BA7400} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {99559BE4-6896-48B4-B333-46D9F2B3AA08} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A728B6AD-2B63-4A4B-82DD-501DF9E6D45A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A8D8092C-B368-467B-90F1-49260365D626} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {AA7F293D-5922-4B7F-8D92-09C5F606649B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {AFEDE054-5DDB-4B2A-943F-7E5A9C4BF509} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {B4A82B1A-3E58-4463-8D19-C4909EBDDF99} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {B9021EE9-9AA7-443A-B3A0-D3CAE36054BD} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {BA90403C-26D8-47B6-9FBD-672C81A2BBFC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {BC5951A4-6007-428C-9E48-5C307440E04C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {BD3B326D-B3EC-4DC3-A754-23199AB13215} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {C23BEC03-B396-422F-8563-357DAA67A5AA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {D458C840-13F1-46D0-A0B0-4EF93DCDCA94} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D4BA1554-FCB3-42B4-A9B7-C501FB421A26} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {D78A55CE-2520-4F1E-912A-B631C5D8C101} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {D9CEC23E-3A63-432F-9CB0-AC545D1DF72E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {DA37B09A-38B3-434F-936D-675449C87F69} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DE99D7E0-1DED-435D-98B2-1AF53B74B871} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {E0A61B24-0D21-4F4F-80D1-D4064B57168C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {E4485B82-4C31-489C-BDB5-12B5713B931B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EB01F4F0-82F2-486B-930C-7AC9155CB6D9} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe
Task: {F8277F4D-EB69-4A70-9E59-A0EF180CE6B0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {FABE072D-CCF1-47DF-916D-A1107FC035E3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {FBDC3F4C-216C-4448-948C-CB96AC8D2ECE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-08-05 23:08 - 2015-08-05 23:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-20 22:46 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2016-03-20 19:59 - 2016-01-12 05:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-01 08:53 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 08:53 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 08:53 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-08 19:56 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 19:56 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 19:56 - 2015-11-25 05:24 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-12-08 19:56 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 08:53 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-05 23:08 - 2015-08-05 23:08 - 00577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-08-05 23:08 - 2015-08-05 23:08 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-08-05 23:08 - 2015-08-05 23:08 - 00559616 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-07-10 12:00 - 2015-07-10 17:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-05 23:08 - 2015-08-05 23:08 - 00643072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation.diagnostics\bin\NodeRT_Windows_Foundation_Diagnostics.node
2015-07-10 12:00 - 2015-07-10 17:45 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-08-05 23:08 - 2015-08-05 23:08 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-08-05 23:08 - 2015-08-05 23:08 - 00961536 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-08-05 23:08 - 2015-08-05 23:08 - 00204288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-08-05 23:08 - 2015-08-05 23:08 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-12-08 19:56 - 2015-11-25 05:18 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2014-04-03 16:48 - 2014-04-03 16:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-04-13 16:38 - 2016-01-12 05:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4051605010-858179373-924828543-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Agando\Downloads\tj2XiYO_as48562129495664520617.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{6451D619-DF53-46CE-80A8-05A36981B676}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{01DA507C-867B-4703-A5A9-2283EFC62078}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{07C33DC2-A5EE-4C0F-B1F4-6782708083CA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{87FAD552-E433-4848-A4B1-82053C824EAB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{0D948394-53DC-4E21-BC10-C242B1865DD2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Champions Online\Champions Online.exe
FirewallRules: [{21E4634A-AB14-4CBF-A78D-5BAA27B8E1E8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Champions Online\Champions Online.exe
FirewallRules: [{5A2CBC83-62A3-466E-A822-97D85743EFC2}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{F4AAFB93-3CD2-42A6-BAF3-ECD45BE8AD58}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [UDP Query User{5F9434FB-562E-4831-8D76-5DF43602A162}D:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) D:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{398AA42B-0AF6-43EA-8835-C3590A5161C8}D:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) D:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{14D7ECD1-4757-4F5F-9CC6-00D9E10505F7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{375326A8-54B5-4A27-92F6-D0C1FAD730F4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{61FE9BE0-2ADA-4FEC-9C55-C6650A325FCB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{CA6C9E6A-7038-4C9B-A3D4-55D70C43855C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{D805E451-7342-4A7D-AEF1-8316C6195977}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Godus\windows\godus.exe
FirewallRules: [{1B77CCCE-FA91-4AF7-9BA8-4DA89083CFD8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Godus\windows\godus.exe
FirewallRules: [UDP Query User{D73F0DD0-9F05-4165-85C3-EC04572FADE9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{43DA4168-1396-4F62-9B88-7475E4CD093A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{37ED8240-1803-432B-AFF6-345A47C4C421}] => (Allow) D:\Program Files (x86)\WoT Mods\OMC ModPack Client.exe
FirewallRules: [{5520B03F-D634-497E-A3D8-71DA393C1B37}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{56B509F3-FBFA-490E-BCAF-263CBE13DE44}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{40668263-7959-4411-8D5A-F9629E0B83C7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales\bout.exe
FirewallRules: [{DFC5F29C-C91D-4798-AC69-3D318E2A5E71}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales\bout.exe
FirewallRules: [{1C23BD6D-B3E6-4524-B317-1BA91F82AD9B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{5F9BC7EF-30FF-4255-965D-8D8C4BEBA3DE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6E86DB33-EEBB-4955-94E2-3C7A047D662C}] => (Allow) D:\Program Files (x86)\base\bin\Settlers6.exe
FirewallRules: [{55EF9258-66BD-4DE6-A711-FE449F535543}] => (Allow) D:\Program Files (x86)\base\bin\Settlers6.exe
FirewallRules: [{FBB87264-1099-4A0E-A63B-83B77D977C3A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sniper Elite Zombie Army\bin\ZA.exe
FirewallRules: [{A20B87F3-5AC5-43A2-9015-557DDEFD1AB6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sniper Elite Zombie Army\bin\ZA.exe
FirewallRules: [{386795D1-F5FC-4A6F-9291-7C945BB7E0B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{D3131F44-54FA-47EF-B313-44266B75295A}D:\program files (x86)\world of tanks\worldoftanks.exe] => (Allow) D:\program files (x86)\world of tanks\worldoftanks.exe
FirewallRules: [TCP Query User{52D3F74B-E5B2-4F61-AFBD-609AE495AF42}D:\program files (x86)\world of tanks\worldoftanks.exe] => (Allow) D:\program files (x86)\world of tanks\worldoftanks.exe
FirewallRules: [UDP Query User{DD5C45E4-BA72-4153-B0E0-AF2B6841E597}D:\program files (x86)\world of tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\world of tanks\wotlauncher.exe
FirewallRules: [TCP Query User{6263CFF7-CF91-4ED0-86A8-C0FE40BAE0F2}D:\program files (x86)\world of tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\world of tanks\wotlauncher.exe
FirewallRules: [UDP Query User{C90FD34D-00A6-48D0-AA6A-6BBF0DCFBB74}D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{3A91983B-341B-42F0-9327-5075BC90A8F4}D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{3CC913DA-ACAF-4BC9-AFFD-F6AE26D7836B}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{62BD60F3-1034-49DD-9093-1FFA9E0480B5}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{028EF945-5986-4252-BFE2-EC9B843740FF}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{896CFB97-8325-4E3E-B0A9-6F6A2CFED9DA}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{4737EBCD-C5C9-4561-B70D-9DB30701C8A1}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2D187429-DD5E-4A9D-AAB6-12FA025CEB74}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D33797C7-0686-449E-8123-4A2290BF7E4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{ADB4F47A-2D9C-4DBC-A587-80D5D18F214C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{765855D1-7840-4FD7-8420-EE88CE5AD3BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{013E492A-4DF5-48A9-896D-EE5154C663B0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{2D911E9D-826E-43F3-BB26-60FA5B376871}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9CCDEBBE-04E3-4A8A-B0C3-1A632655043E}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D5B3BDD3-881F-48EA-BA34-DFF6FE7DD2CD}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{912DC818-A52C-4D58-BEF7-A01723C57B17}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52E3109C-FF77-473A-915F-9CEFF7671BE3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CC0B3965-DB58-4D8A-B75E-8AD42F4DF7A1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{864DF01B-0A44-401A-A017-0B2BF0EFF31E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A527AB15-38FC-44FF-A35D-C11B5FA72A61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C386D037-04B5-45ED-A840-41C3B7952210}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2F4A4C55-0563-4E40-B219-7FCD92761579}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FF7E73A-F225-4949-ACC7-3D5BC036B8F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9C8053D5-CECB-409A-914E-729CCFB91F5C}D:\games\world_of_warships\wowslauncher.exe] => (Allow) D:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{0B39D798-0D9D-41CE-A0E4-EEACBFCA0C18}D:\games\world_of_warships\wowslauncher.exe] => (Allow) D:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{06ADF80C-8C36-4193-98F9-FC63D581CCA1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Addon.exe
FirewallRules: [{04EEF8BC-D5C7-440C-A666-37A8E13CA5D3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Addon.exe
FirewallRules: [{0B591784-E61E-4E28-9865-B7DA1CBF71B2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Anno4.exe
FirewallRules: [{8882764A-E3C3-4299-A717-28E2AD451692}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Anno4.exe
FirewallRules: [TCP Query User{E8BC1F91-6B1C-4579-AE35-4026286B1F22}D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [UDP Query User{FCB78D97-9AD3-4411-BC6A-4EC40B401DB1}D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [TCP Query User{9B839D0E-D5A8-4F25-970E-28CC5B2D8467}D:\games\the beginner's guide\beginnersguide.exe] => (Allow) D:\games\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{2D072E31-45C9-4529-8C3E-41A7014560F5}D:\games\the beginner's guide\beginnersguide.exe] => (Allow) D:\games\the beginner's guide\beginnersguide.exe
FirewallRules: [TCP Query User{B94989A8-87EA-45AF-A790-E436FE2801BB}D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5DC3B872-2F89-482C-BEC5-D23935495D36}D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{58470183-887B-4DAD-9013-AE766957DDA9}D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{57CAE429-18A2-4CAF-9867-D655AA9503C9}D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [{E7A3FFCD-04B8-4776-A14F-7AEBB9AE5F3B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{47160AB6-D6C9-4FE3-86F1-47B180D41E69}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [TCP Query User{E65EFE49-F75C-4C80-979C-051D6BDAF87C}D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B66955B6-B444-4A2D-9650-7F80065B954A}D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B9A9CADD-0761-4FB3-BCD1-9DB2255F81C3}D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D4FE8EEB-9C0D-4108-9B87-A431ECCA5268}D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{48FD8C7C-3CDC-4F90-BA90-D7243392A12D}D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5D71361F-C7DE-4A32-9072-0C04EDD1CD30}D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BEDCD6E8-B368-407E-A317-C4D2FF6D653D}D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ADF12F9E-0223-44F7-A8C7-09A7AF43B793}D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{45AA8FD3-F459-4EF0-B3F3-4D28EC511B6F}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DBAB6859-809E-41BF-800C-975EE4887FF7}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E2A16180-F658-4586-83DB-0CDA3CDE0B3E}D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{F36DE004-4A44-474C-A7F7-7186664AD5F8}D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{81165EAC-61C2-41DD-84CD-612F9B4CB376}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{92A4D2D9-9BD6-4F42-83F4-1BA4108BADE2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{71B6E897-73A4-4DF7-B872-0BC5B5058A4D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{345D30F3-86DE-45CE-8028-FF8A990591C7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{C9D8CF51-4E5F-4F80-8D18-49D7CE16F46D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{4BC7C4F5-90C8-4602-A6DE-41EAA3F09077}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{CA2C4E21-FCD1-4E35-BDD5-9A1428AB834B}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{463C9BA6-1E14-431C-80FC-36AAB8D3FC2C}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{B6FA80C7-006C-45E1-860D-454C484EDC56}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{BF0DE537-4C2E-49A9-8769-69A11D6EED16}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{F21569C7-4256-43FB-B9B4-4324DE1FE774}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{0596961A-15F0-4965-B3FA-02DEF2BF3BFF}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{218AE113-F46D-4AA0-9FA2-ED0E6293D79C}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{AC98DD2E-4C18-4586-8E4B-0026B3920B47}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{5CCE5108-77ED-471D-BBA1-0FD3F758EDF3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{12C86FE1-D731-45D9-870F-E64FDD692553}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [TCP Query User{C1FAF6F9-9B62-4F21-AD18-5F8552488D77}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8F994F1C-0C79-4717-AE68-58FD574EEBF0}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F8692333-03F7-4487-9225-B60B7EA0B140}D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C722B787-554B-4F31-A855-920002C16FAB}D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [{5F425513-6EDA-45DD-8056-2A20F5940E69}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{791C7ADA-4503-4707-A6CC-722B37B0C53D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A3E5F8EB-BA54-4D7B-86A7-3BF7837521A9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NeverAlone\Never_Alone.exe
FirewallRules: [{CB01B3AE-2958-40D0-B9C1-B49C64A29FE4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NeverAlone\Never_Alone.exe
FirewallRules: [{AA523118-B002-4F33-B29D-519B8F735683}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{AE9D863C-85B8-4D99-9BF9-9F240231C21A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{024975B9-95F7-4D3A-BB13-1D8D0FCE2067}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe

==================== Wiederherstellungspunkte =========================

18-03-2016 00:49:11 Ende der Bereinigung
21-03-2016 15:00:30 [BV] Mod Collection wird entfernt
23-03-2016 11:10:30 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/23/2016 11:10:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (03/23/2016 11:01:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x154c
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/23/2016 10:57:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x500
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/22/2016 11:33:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x2334
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/22/2016 08:32:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRISSDEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/22/2016 04:28:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x1cfc
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/22/2016 12:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x934
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/22/2016 09:49:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x2274
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/21/2016 03:47:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneDrive.exe, Version: 17.3.6302.225, Zeitstempel: 0x56cf98cd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16683, Zeitstempel: 0x56ad9410
Ausnahmecode: 0x80000003
Fehleroffset: 0x00132d82
ID des fehlerhaften Prozesses: 0x1ef4
Startzeit der fehlerhaften Anwendung: 0xOneDrive.exe0
Pfad der fehlerhaften Anwendung: OneDrive.exe1
Pfad des fehlerhaften Moduls: OneDrive.exe2
Berichtskennung: OneDrive.exe3
Vollständiger Name des fehlerhaften Pakets: OneDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OneDrive.exe5

Error: (03/21/2016 03:00:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


Systemfehler:
=============
Error: (03/23/2016 11:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/23/2016 11:01:46 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/23/2016 11:00:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/23/2016 11:00:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/23/2016 11:00:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/23/2016 11:00:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/23/2016 11:00:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/23/2016 10:59:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/23/2016 10:59:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/23/2016 10:59:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-03-15 20:43:44.996
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:43:44.969
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:43:44.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:43:44.905
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:43:44.375
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:43:44.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:42:09.495
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:42:09.469
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:42:09.427
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-03-15 20:42:09.409
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 8143.72 MB
Verfügbarer physikalischer RAM: 5993.35 MB
Summe virtueller Speicher: 16335.72 MB
Verfügbarer virtueller Speicher: 14082.87 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:110.83 GB) (Free:61.86 GB) NTFS
Drive d: (Hauptspeicher) (Fixed) (Total:931.39 GB) (Free:688.19 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B · 23.03.2016, 16:17

Servus,

wir spüren noch eventuelle Reste auf:

Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
wajam
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Kashkuul · 23.03.2016, 19:51

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 19:50 on 23/03/2016 by Agando
Administrator - Elevation successful

========== regfind ==========

Searching for "wajam"
No data found.

-= EOF =-

M-K-D-B · 24.03.2016, 13:43

Servus,

sieht schon mal gut aus.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

Kashkuul · 24.03.2016, 16:54

Hallo, irgendwie funktioniert das mit den Fixlist.txt nicht....wie speicher ich das Textdokument , welches ich mit den notepad öffne als Fixlist.tx.

M-K-D-B · 24.03.2016, 22:24

du speicherst die fixlist.txt im gleichne Verzeichnis wie FRST.exe und dann führst du FRST wie beschrieben aus.

Kashkuul · 25.03.2016, 17:10

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Agando (2016-03-25 15:39:44) Run:1
Gestartet von C:\Users\Agando\Downloads
Geladene Profile: Agando (Verfügbare Profile: Agando & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

*****************

Prozess erfolgreich geschlossen.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4051605010-858179373-924828543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4051605010-858179373-924828543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========

EmptyTemp: => 91.8 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 15:39:54 ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ec55439331af9041badd211351f08934
# end=init
# utc_time=2016-03-25 02:45:27
# local_time=2016-03-25 03:45:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28757
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ec55439331af9041badd211351f08934
# end=updated
# utc_time=2016-03-25 02:47:42
# local_time=2016-03-25 03:47:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ec55439331af9041badd211351f08934
# engine=28757
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-03-25 03:54:31
# local_time=2016-03-25 04:54:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 19228 12735414 0 0
# scanned=556004
# found=0
# cleaned=0
# scan_time=4008

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.13.258
www.hitmanpro.com

   Computer name . . . . : CRISSDEE
   Windows . . . . . . . : 10.0.0.10586.X64/8
   User name . . . . . . : CRISSDEE\Agando
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-03-25 17:00:16
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 21s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 5

   Objects scanned . . . : 1.898.199
   Files scanned . . . . : 53.196
   Remnants scanned  . . : 639.999 files / 1.205.004 keys

Malware _____________________________________________________________________

   C:\WINDOWS\68eccf12c10b0d5cd9dea67c1006a7dc.exe
      Size . . . . . . . : 137.728 bytes
      Age  . . . . . . . : 9.0 days (2016-03-16 15:59:58)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : D5FD928BD7CA342C3754AEF86FF4739063828FADE4DB61C8184E2B40348EE4CE
    > Kaspersky  . . . . : not-a-virus:HEUR:Downloader.Win32.Wajam.gen
      Fuzzy  . . . . . . : 109.0


Suspicious files ____________________________________________________________

   C:\Users\Agando\Downloads\FRST64 (1).exe
      Size . . . . . . . : 2.374.144 bytes
      Age  . . . . . . . : 2.2 days (2016-03-23 11:13:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 1CB35A93213562911D4E4218EFFCB9FC5A946B6E1A99509BCD2B5C936898D159
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Agando\Downloads\FRST64 (1).exe
          2.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\43\
          2.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\43\552E03375E4073FB.dat
          2.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\43\552E03375E4073FB.dat
         14.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{90250B42-92F9-4D03-9DDF-61A94AF6B4D5}
         15.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\43\552E03375E4073FB.dat
         18.2s C:\Windows.old\WINDOWS\Prefetch\FRST64 (1).EXE-A4D0997F.pf
         38.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C5B9E056-F84E-4F7D-9902-0EDB7F2D7CD1}


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\WOW6432Node\PC-MECHANIC\ (PCMechanic)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564\ (SearchWindow)
   HKLM\SOFTWARE\WOW6432Node\Systweak\ (AdvSysProtector)

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von Agando (Administrator) auf CRISSDEE (25-03-2016 17:04:42)
Gestartet von C:\Users\Agando\Downloads
Geladene Profile: Agando & DefaultAppPool (Verfügbare Profile: Agando & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Farbar) C:\Users\Agando\Downloads\FRST64 (1).exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-06] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-4051605010-858179373-924828543-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d4b64fcf-d39c-4384-989f-d42fc6cc67c9}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)

FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\searchplugins\google-images.xml [2015-01-19]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\searchplugins\google-maps.xml [2015-01-19]
FF Extension: Cliqz - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\Extensions\cliqz@cliqz.com.xpi [2015-09-12] [ist nicht signiert]
FF HKU\S-1-5-21-4051605010-858179373-924828543-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\v9bkcvhi.default\extensions\cliqz@cliqz.com => nicht gefunden

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2015-01-01] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-12-28] (BitRaider, LLC)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-28] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-12-28] (BitRaider)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-17] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-25 17:04 - 2016-03-25 17:04 - 00012274 _____ C:\Users\Agando\Downloads\FRST.txt
2016-03-25 16:59 - 2016-03-25 17:03 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-25 16:58 - 2016-03-25 16:59 - 11441744 _____ (SurfRight B.V.) C:\Users\Agando\Downloads\HitmanPro_x64.exe
2016-03-25 15:45 - 2016-03-25 15:45 - 02870984 _____ (ESET) C:\Users\Agando\Downloads\esetsmartinstaller_deu.exe
2016-03-25 15:45 - 2016-03-25 15:45 - 00000000 ____D C:\Program Files (x86)\ESET
2016-03-25 09:35 - 2016-03-25 09:35 - 00000000 ____D C:\Users\Agando\AppData\Local\ActiveSync
2016-03-25 09:33 - 2016-03-25 09:33 - 00000020 ___SH C:\Users\Agando\ntuser.ini
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2016-03-25 09:31 - 2016-03-25 09:31 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2016-03-25 09:30 - 2016-03-25 15:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-25 09:29 - 2016-03-25 09:29 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-25 09:29 - 2016-03-25 09:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-03-25 09:29 - 2016-03-25 09:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-03-25 09:28 - 2016-03-25 09:29 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-03-25 09:28 - 2016-03-25 09:28 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-03-25 09:27 - 2016-03-25 15:47 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-25 09:27 - 2016-03-25 15:40 - 00000000 ____D C:\Users\Agando
2016-03-25 09:27 - 2016-03-25 15:40 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-25 09:27 - 2016-03-25 09:30 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-25 09:27 - 2016-03-25 09:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-25 09:27 - 2016-03-25 09:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-25 09:27 - 2016-03-25 09:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-25 09:27 - 2016-03-25 09:27 - 01989310 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\Vorlagen
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\Startmenü
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\Netzwerkumgebung
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\Lokale Einstellungen
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\Eigene Dateien
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\Druckumgebung
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Videos
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Musik
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Bilder
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Verlauf
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\DefaultAppPool\Anwendungsdaten
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\Vorlagen
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\Startmenü
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\Netzwerkumgebung
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\Lokale Einstellungen
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\Eigene Dateien
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\Druckumgebung
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\Documents\Eigene Videos
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\Documents\Eigene Musik
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\Documents\Eigene Bilder
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\AppData\Local\Verlauf
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\AppData\Local\Anwendungsdaten
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 _SHDL C:\Users\Agando\Anwendungsdaten
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-03-25 09:27 - 2016-03-25 09:27 - 00000000 ____D C:\Program Files\Realtek
2016-03-25 09:27 - 2015-08-07 01:24 - 06873904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-25 09:27 - 2015-08-07 01:24 - 03492984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-25 09:27 - 2015-08-07 01:24 - 02558768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-25 09:27 - 2015-08-07 01:24 - 00937592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-25 09:27 - 2015-08-07 01:24 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-25 09:27 - 2015-08-07 01:24 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-25 09:27 - 2015-08-03 11:04 - 05133709 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-25 09:26 - 2016-03-25 12:00 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-25 09:26 - 2016-03-25 09:30 - 00297256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-25 09:26 - 2016-03-25 09:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-03-25 09:26 - 2016-03-25 09:26 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-03-25 09:26 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-03-25 09:24 - 2016-03-25 09:24 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-03-25 09:24 - 2016-03-25 09:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-25 09:24 - 2016-03-25 09:24 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-25 09:24 - 2016-03-25 09:24 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-25 09:24 - 2016-03-25 09:24 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-03-25 09:24 - 2016-03-25 09:24 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-03-25 09:24 - 2016-03-25 09:24 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-25 09:24 - 2016-03-25 09:24 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-03-25 09:24 - 2016-03-25 09:24 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-25 09:24 - 2016-03-25 09:24 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-03-25 09:24 - 2016-03-25 09:24 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-03-25 09:24 - 2016-03-25 09:24 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-03-25 09:24 - 2016-03-25 09:24 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-03-25 09:24 - 2016-03-25 09:24 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-03-25 09:24 - 2016-03-25 09:24 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-25 09:24 - 2016-03-25 09:24 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-25 09:24 - 2016-03-25 09:24 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-25 09:24 - 2016-03-25 09:24 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-03-25 09:24 - 2016-03-25 09:24 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-03-25 09:24 - 2016-03-25 09:24 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-03-25 09:24 - 2016-03-25 09:24 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-25 09:24 - 2016-03-25 09:24 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-03-25 09:24 - 2016-03-25 09:24 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-03-25 09:24 - 2016-03-25 09:24 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-03-25 09:24 - 2016-03-25 09:24 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-25 09:24 - 2016-03-25 09:24 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2016-03-25 09:24 - 2016-03-25 09:24 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00000000 ____D C:\Windows.old
2016-03-25 09:22 - 2016-03-25 09:22 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-03-25 09:22 - 2015-10-29 19:43 - 05739520 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2016-03-25 09:22 - 2015-10-29 19:43 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2016-03-25 09:22 - 2015-10-29 19:41 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2016-03-25 09:22 - 2015-10-29 19:25 - 06359040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2016-03-25 09:22 - 2015-10-29 19:24 - 04847616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2016-03-25 09:21 - 2016-03-25 09:21 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-03-25 09:21 - 2016-03-25 09:21 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-03-25 09:21 - 2016-03-25 09:21 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-25 09:21 - 2016-03-25 09:21 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-25 09:21 - 2016-03-25 09:21 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-03-25 09:21 - 2016-03-25 09:21 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-03-25 09:21 - 2016-03-25 09:21 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-03-25 09:21 - 2016-03-25 09:21 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-03-25 09:21 - 2016-03-25 09:21 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-03-25 09:21 - 2016-03-25 09:21 - 00000000 ____D C:\Program Files\MSBuild
2016-03-25 09:21 - 2016-03-25 09:21 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-03-25 09:21 - 2016-03-25 09:21 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-25 09:21 - 2016-03-25 09:21 - 00000000 ____D C:\inetpub
2016-03-25 09:21 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-03-25 09:21 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 09:21 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-03-25 09:21 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-03-25 09:21 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-03-25 09:21 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-24 16:48 - 2016-03-25 17:04 - 00000000 ____D C:\FRST
2016-03-23 19:50 - 2016-03-23 19:50 - 00165376 _____ C:\Users\Agando\Downloads\SystemLook_x64.exe
2016-03-23 19:50 - 2016-03-23 19:50 - 00000412 _____ C:\WINDOWS\system32\SystemLook.txt
2016-03-23 11:13 - 2016-03-23 11:13 - 02374144 _____ (Farbar) C:\Users\Agando\Downloads\FRST64 (1).exe
2016-03-23 11:09 - 2016-03-23 11:10 - 01610352 _____ (Malwarebytes) C:\Users\Agando\Downloads\JRT.exe
2016-03-23 11:02 - 2016-03-23 11:02 - 22851472 _____ (Malwarebytes ) C:\Users\Agando\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-23 10:57 - 2016-03-23 10:57 - 01530368 _____ C:\Users\Agando\Downloads\AdwCleaner_5.105.exe
2016-03-21 15:10 - 2016-03-21 15:10 - 00000000 ____D C:\Users\Agando\Documents\The Witcher 3
2016-03-21 14:46 - 2016-03-21 14:46 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Agando\Downloads\tdsskiller.exe
2016-03-21 14:34 - 2016-03-25 09:14 - 00000000 ____D C:\Users\Agando\AppData\Local\CrashDumps
2016-03-20 19:59 - 2016-01-12 05:40 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-03-18 00:49 - 2016-03-25 09:30 - 00002586 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-03-18 00:49 - 2016-03-18 00:49 - 00000824 _____ C:\DelFix.txt
2016-03-18 00:49 - 2016-03-18 00:49 - 00000000 ____D C:\WINDOWS\ERUNT
2016-03-17 21:38 - 2016-03-25 09:30 - 00002440 _____ C:\WINDOWS\System32\Tasks\avast! Windows 10 Start Menu helper
2016-03-17 13:23 - 2016-03-17 13:23 - 05066104 _____ (AVAST Software) C:\Users\Agando\Downloads\avast_free_antivirus_setup_online.exe
2016-03-17 13:06 - 2016-03-17 13:06 - 00000000 _____ C:\autoexec.bat
2016-03-17 13:05 - 2016-03-17 13:05 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Agando\Downloads\SpyHunter-Installer.exe
2016-03-17 13:05 - 2016-03-17 13:05 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-03-17 12:21 - 2016-03-17 12:21 - 00001590 _____ C:\Users\Agando\Desktop\iexplore - Verknüpfung.lnk
2016-03-17 12:00 - 2016-03-17 12:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-17 00:34 - 2016-03-17 00:34 - 00000080 _____ C:\Users\Agando\Downloads\longplayer.m3u
2016-03-16 17:12 - 2016-03-16 17:12 - 00000233 _____ C:\Users\Agando\Desktop\Tom Clancy's The Division.url
2016-03-16 17:11 - 2016-03-25 09:28 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-03-16 17:11 - 2016-03-16 22:50 - 00000000 ____D C:\Users\Agando\AppData\Local\Ubisoft Game Launcher
2016-03-16 17:11 - 2016-03-16 17:11 - 00000985 _____ C:\Users\Agando\Desktop\Uplay.lnk
2016-03-16 17:09 - 2016-03-16 17:11 - 64509088 _____ (Ubisoft) C:\Users\Agando\Downloads\UplayInstaller.exe
2016-03-16 16:46 - 2016-03-25 09:30 - 00002894 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade
2016-03-16 16:05 - 2016-03-16 16:05 - 42738816 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 37759272 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 30527616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 22982272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 18385488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 16169344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 16020584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 15762912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 14520136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 13283808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 12982400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 11853424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 11151488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-16 16:05 - 2016-03-16 16:05 - 03360576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 02971736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 02371368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 02172544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 01908336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435382.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 01567856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435382.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 01567560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 01174088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 01069696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 01063024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00999864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00992056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00986728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00797432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00641560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00416896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00394696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00384624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00374384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00350832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00323648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00206152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-03-16 16:05 - 2016-03-16 16:05 - 00185616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00163992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00159544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00137224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00040264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-03-16 16:05 - 2016-03-16 16:05 - 00031976 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-16 15:59 - 2016-03-16 15:59 - 00137728 _____ C:\WINDOWS\68eccf12c10b0d5cd9dea67c1006a7dc.exe
2016-03-09 13:12 - 2016-03-09 13:12 - 00051111 _____ C:\Users\Agando\Downloads\Kontoauszug_3018300__Nr.0032016_vom_04.03.2016_20160309011223.pdf
2016-03-09 13:12 - 2016-03-09 13:12 - 00041968 _____ C:\Users\Agando\Downloads\Entgeltinformationen_3018300_vom_04.03.2016_20160309011201.pdf
2016-02-27 08:40 - 2016-03-25 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2016-02-27 08:40 - 2016-02-27 08:40 - 00000000 ____D C:\Users\Agando\AppData\LocalLow\E_Line Media
2016-02-27 08:40 - 2016-02-27 08:40 - 00000000 ____D C:\Program Files (x86)\LAV Filters
2016-02-26 20:32 - 2016-02-26 20:32 - 00248012 _____ C:\Users\Agando\Downloads\Rechnung.pdf

Kashkuul · 25.03.2016, 17:16

Code:

ATTFilter

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-25 16:22 - 2014-12-27 20:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-25 15:47 - 2015-10-30 19:35 - 00888008 _____ C:\WINDOWS\system32\perfh007.dat
2016-03-25 15:47 - 2015-10-30 19:35 - 00197092 _____ C:\WINDOWS\system32\perfc007.dat
2016-03-25 15:47 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-25 15:41 - 2015-08-05 22:17 - 00000000 ___RD C:\Users\Agando\OneDrive
2016-03-25 15:40 - 2015-10-30 07:28 - 07864320 ___SH C:\WINDOWS\system32\config\BBI
2016-03-25 15:39 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2016-03-25 15:39 - 2015-03-11 00:30 - 00000000 ____D C:\Users\Agando\AppData\LocalLow\Temp
2016-03-25 11:34 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-25 10:48 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-25 10:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-25 09:50 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-03-25 09:50 - 2015-08-05 22:16 - 00000000 ____D C:\Users\Agando\AppData\Local\Packages
2016-03-25 09:35 - 2015-08-05 22:17 - 00002424 _____ C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-25 09:33 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-03-25 09:33 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-03-25 09:33 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-03-25 09:33 - 2015-08-05 22:16 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-25 09:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-03-25 09:31 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT
2016-03-25 09:31 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-25 09:31 - 2015-08-05 20:50 - 00023784 _____ C:\WINDOWS\diagerr.xml
2016-03-25 09:31 - 2015-08-05 20:50 - 00022863 _____ C:\WINDOWS\diagwrn.xml
2016-03-25 09:30 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-25 09:30 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-25 09:30 - 2015-10-03 13:30 - 00003298 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{18605A33-42D8-4679-A8CF-DAEB4265BBD2}
2016-03-25 09:30 - 2015-08-05 22:14 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-03-25 09:30 - 2015-02-18 09:05 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-25 09:30 - 2014-12-27 20:56 - 00003142 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-25 09:29 - 2016-01-20 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-25 09:29 - 2015-10-03 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOMA [GOG.com]
2016-03-25 09:29 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated
2016-03-25 09:29 - 2015-05-10 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-03-25 09:29 - 2015-04-26 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-03-25 09:29 - 2015-04-22 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Start 2015
2016-03-25 09:29 - 2015-04-22 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2016-03-25 09:29 - 2015-04-22 11:36 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-03-25 09:29 - 2015-04-22 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2016-03-25 09:29 - 2015-01-25 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-03-25 09:29 - 2015-01-10 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-03-25 09:29 - 2015-01-06 17:08 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2016-03-25 09:29 - 2014-12-27 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-03-25 09:29 - 2014-12-27 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-03-25 09:29 - 2014-12-26 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-25 09:29 - 2014-12-26 15:29 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-03-25 09:29 - 2014-12-26 15:29 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-03-25 09:29 - 2014-11-25 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-25 09:29 - 2014-11-25 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-03-25 09:29 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-25 09:28 - 2016-02-14 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-25 09:28 - 2015-12-28 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2016-03-25 09:28 - 2015-10-30 19:44 - 00000000 ____D C:\WINDOWS\ShellNew
2016-03-25 09:28 - 2015-10-30 19:36 - 00000000 ____D C:\WINDOWS\OCR
2016-03-25 09:28 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-03-25 09:28 - 2015-10-30 19:35 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\schemas
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2016-03-25 09:28 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-25 09:28 - 2015-02-07 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-03-25 09:28 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-25 09:28 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-03-25 09:27 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-25 09:27 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-25 09:26 - 2015-10-30 19:55 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-03-25 09:26 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-25 09:24 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-25 09:24 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-03-25 09:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-25 09:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-03-25 09:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-25 09:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-03-25 09:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-25 09:24 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-25 09:24 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-25 09:24 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-25 09:24 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-25 09:24 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-25 09:24 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-25 09:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-03-25 09:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-03-25 09:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-03-25 09:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-03-25 09:21 - 2015-10-30 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-03-25 09:21 - 2015-10-30 08:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-03-25 09:21 - 2015-10-30 08:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-03-25 09:21 - 2015-10-30 08:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-03-25 09:21 - 2015-10-30 08:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-03-25 09:21 - 2015-10-30 08:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-03-25 09:21 - 2015-10-30 08:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-03-25 09:21 - 2015-10-30 08:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-03-25 09:21 - 2015-10-30 08:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-03-25 09:21 - 2015-10-30 08:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-03-25 09:21 - 2015-10-30 08:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-03-25 09:21 - 2015-10-30 08:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-03-25 09:21 - 2015-10-30 08:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-03-25 09:21 - 2015-10-30 08:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-03-25 09:21 - 2015-10-30 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-03-25 09:21 - 2015-10-30 08:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-03-25 09:21 - 2015-10-30 08:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-03-25 09:21 - 2015-10-30 08:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-03-25 09:21 - 2015-10-30 08:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-03-25 09:21 - 2015-10-30 08:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-03-25 09:21 - 2015-10-30 08:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-03-25 09:21 - 2015-10-30 08:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-03-25 09:21 - 2015-10-30 08:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-03-25 09:21 - 2015-10-30 08:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-03-25 09:21 - 2015-10-30 08:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-03-25 09:21 - 2015-10-30 08:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-03-25 09:17 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-25 01:37 - 2015-01-10 14:48 - 00000000 ____D C:\Users\Agando\AppData\Roaming\TS3Client
2016-03-21 14:58 - 2014-12-26 15:28 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-20 19:59 - 2014-11-25 16:03 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-03-20 19:59 - 2014-11-25 16:02 - 00000000 ____D C:\Users\Agando\AppData\Local\NVIDIA
2016-03-18 20:59 - 2014-11-25 15:33 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-17 23:44 - 2014-12-27 20:29 - 00000000 ____D C:\Users\Agando\AppData\Local\Battle.net
2016-03-17 22:53 - 2014-12-27 20:29 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Battle.net
2016-03-17 22:53 - 2014-12-27 20:27 - 00000000 ____D C:\ProgramData\Battle.net
2016-03-17 00:34 - 2016-01-20 15:11 - 00000000 ____D C:\Users\Agando\AppData\Roaming\vlc
2016-03-16 22:09 - 2015-02-03 13:41 - 00000000 ____D C:\Users\Agando\Documents\My Games
2016-03-10 17:25 - 2014-11-26 18:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 17:24 - 2014-11-26 18:27 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 18:34 - 2015-11-02 22:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-24 17:10 - 2015-12-25 17:46 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Little Inferno

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-11-25 16:08 - 2014-11-25 16:09 - 1065984 _____ () C:\Users\Agando\AppData\Local\file__0.localstorage
2015-08-21 08:05 - 2015-08-21 08:05 - 0003881 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-03-25 09:26

==================== Ende von FRST.txt ======================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Agando (2016-03-25 17:04:59)
Gestartet von C:\Users\Agando\Downloads
Windows 10 Home Version 1511 (X64) (2016-03-25 08:31:53)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4051605010-858179373-924828543-500 - Administrator - Disabled)
Agando (S-1-5-21-4051605010-858179373-924828543-1000 - Administrator - Enabled) => C:\Users\Agando
DefaultAccount (S-1-5-21-4051605010-858179373-924828543-503 - Limited - Disabled)
Gast (S-1-5-21-4051605010-858179373-924828543-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4051605010-858179373-924828543-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Anno 1404: Venice (HKLM-x32\...\Steam App 33350) (Version:  - Blue Byte)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Benutzerhandbuch EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Useg) (Version:  - )
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Champions Online: Free For All (HKLM-x32\...\Steam App 9880) (Version:  - Cryptic Studios)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Godus (HKLM-x32\...\Steam App 232810) (Version:  - 22cans)
HELLDIVERS™ (HKLM-x32\...\Steam App 394510) (Version:  - Arrowhead Game Studios)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - Tomorrow Corporation)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Netzwerkhandbuch EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Netg) (Version:  - )
Never Alone (Kisima Ingitchuna) (HKLM-x32\...\Steam App 295790) (Version:  - Upper One Games)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OMC ModPack Client Version 1.2.4.8 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.2.4.8 - Odem Mortis)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Sniper Elite: Zombie Army (HKLM-x32\...\Steam App 235700) (Version:  - Rebellion)
SOMA (HKLM-x32\...\1439487606_is1) (Version: 2.0.0.1 - GOG.com)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version:  - KING Art)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WISO steuer:Start 2015 (HKLM-x32\...\{E0B7D5F9-3053-4C15-A6CB-09FAC67AC5E4}) (Version: 22.00.8811 - Buhl Data Service GmbH)
World of Tanks (HKU\S-1-5-21-4051605010-858179373-924828543-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4051605010-858179373-924828543-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Agando\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {039EFE82-6962-4455-8184-763AF380826A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {0E99F39E-2780-4CA4-BFC4-9537B3C38118} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {186453A6-E5AD-4D1D-882F-67161E43C5F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {22F022D7-297C-4EFD-B989-1D35D38A226E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {2889C580-448C-478D-B3F9-70424E5575F3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2E6F3B51-DC17-4009-B9D5-99B0880C912A} - System32\Tasks\avast! Windows 10 Start Menu helper => d:\program files\avast software\avast\asww10mon.exe
Task: {34122DBF-4E67-4306-88F9-C2032AAC9317} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3C64AF12-143B-4797-A4C1-B737F3A71D48} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4097B4F4-3593-447F-82A7-1DDB13B8A029} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {46E830D0-88F7-4D68-8A83-A1F46577797A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {70769355-75E2-4355-9DF2-3AFB60C1AB68} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {726AC3F9-FABA-4C5B-B40D-D075DA4199FB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {7C9DD853-EADA-4655-89F3-5D76622BA9C8} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {83CC47CD-124B-43B7-A889-35EFBA289EA2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {873B7D6D-F27F-47D3-980C-7F670715D230} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {87F13E50-A762-4B94-AE32-BF8948ECEF04} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9019FCF4-67CA-4488-B3AC-660D9792C464} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {925C1CC8-5CF9-4B2E-B480-6B93A1BA7400} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {99559BE4-6896-48B4-B333-46D9F2B3AA08} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A728B6AD-2B63-4A4B-82DD-501DF9E6D45A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A8D8092C-B368-467B-90F1-49260365D626} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {AA7F293D-5922-4B7F-8D92-09C5F606649B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {AFEDE054-5DDB-4B2A-943F-7E5A9C4BF509} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {B4A82B1A-3E58-4463-8D19-C4909EBDDF99} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {B9021EE9-9AA7-443A-B3A0-D3CAE36054BD} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {BA90403C-26D8-47B6-9FBD-672C81A2BBFC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {BC5951A4-6007-428C-9E48-5C307440E04C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {BD3B326D-B3EC-4DC3-A754-23199AB13215} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {C23BEC03-B396-422F-8563-357DAA67A5AA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {D458C840-13F1-46D0-A0B0-4EF93DCDCA94} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D4BA1554-FCB3-42B4-A9B7-C501FB421A26} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {D78A55CE-2520-4F1E-912A-B631C5D8C101} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {D9CEC23E-3A63-432F-9CB0-AC545D1DF72E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {DA37B09A-38B3-434F-936D-675449C87F69} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DE99D7E0-1DED-435D-98B2-1AF53B74B871} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
Task: {E0A61B24-0D21-4F4F-80D1-D4064B57168C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {E4485B82-4C31-489C-BDB5-12B5713B931B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EB01F4F0-82F2-486B-930C-7AC9155CB6D9} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe
Task: {F8277F4D-EB69-4A70-9E59-A0EF180CE6B0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {FABE072D-CCF1-47DF-916D-A1107FC035E3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {FBDC3F4C-216C-4448-948C-CB96AC8D2ECE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-25 09:27 - 2015-08-07 01:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-20 19:59 - 2016-01-12 05:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-03-25 09:24 - 2016-03-25 09:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-11-25 15:38 - 2012-11-01 11:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-11-25 15:38 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-11-25 16:02 - 2016-01-12 05:43 - 00715712 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-11-25 16:02 - 2016-01-12 05:43 - 00861120 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2016-03-11 13:01 - 2016-03-11 13:01 - 10244608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2015-04-13 16:38 - 2016-01-12 05:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-11-25 15:38 - 2012-10-31 15:00 - 00991232 ____N () C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\de-DE\SBCinema.resources.dll
2014-04-03 16:48 - 2014-04-03 16:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4051605010-858179373-924828543-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Agando\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\tj2xiyo_as48562129495664520617.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{3E09727F-8A73-46A3-A227-ED303F7810CA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{51F6831D-12E5-4390-B240-95CCD625EF46}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{024975B9-95F7-4D3A-BB13-1D8D0FCE2067}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{AE9D863C-85B8-4D99-9BF9-9F240231C21A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{AA523118-B002-4F33-B29D-519B8F735683}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{CB01B3AE-2958-40D0-B9C1-B49C64A29FE4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NeverAlone\Never_Alone.exe
FirewallRules: [{A3E5F8EB-BA54-4D7B-86A7-3BF7837521A9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NeverAlone\Never_Alone.exe
FirewallRules: [UDP Query User{C722B787-554B-4F31-A855-920002C16FAB}D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F8692333-03F7-4487-9225-B60B7EA0B140}D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8F994F1C-0C79-4717-AE68-58FD574EEBF0}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C1FAF6F9-9B62-4F21-AD18-5F8552488D77}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [{12C86FE1-D731-45D9-870F-E64FDD692553}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{5CCE5108-77ED-471D-BBA1-0FD3F758EDF3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{AC98DD2E-4C18-4586-8E4B-0026B3920B47}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{218AE113-F46D-4AA0-9FA2-ED0E6293D79C}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{0596961A-15F0-4965-B3FA-02DEF2BF3BFF}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{F21569C7-4256-43FB-B9B4-4324DE1FE774}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{BF0DE537-4C2E-49A9-8769-69A11D6EED16}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{B6FA80C7-006C-45E1-860D-454C484EDC56}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{463C9BA6-1E14-431C-80FC-36AAB8D3FC2C}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{CA2C4E21-FCD1-4E35-BDD5-9A1428AB834B}] => (Allow) D:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{4BC7C4F5-90C8-4602-A6DE-41EAA3F09077}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{C9D8CF51-4E5F-4F80-8D18-49D7CE16F46D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{345D30F3-86DE-45CE-8028-FF8A990591C7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{71B6E897-73A4-4DF7-B872-0BC5B5058A4D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{92A4D2D9-9BD6-4F42-83F4-1BA4108BADE2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{81165EAC-61C2-41DD-84CD-612F9B4CB376}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [UDP Query User{F36DE004-4A44-474C-A7F7-7186664AD5F8}D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{E2A16180-F658-4586-83DB-0CDA3CDE0B3E}D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{DBAB6859-809E-41BF-800C-975EE4887FF7}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{45AA8FD3-F459-4EF0-B3F3-4D28EC511B6F}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ADF12F9E-0223-44F7-A8C7-09A7AF43B793}D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BEDCD6E8-B368-407E-A317-C4D2FF6D653D}D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39595\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5D71361F-C7DE-4A32-9072-0C04EDD1CD30}D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{48FD8C7C-3CDC-4F90-BA90-D7243392A12D}D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D4FE8EEB-9C0D-4108-9B87-A431ECCA5268}D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B9A9CADD-0761-4FB3-BCD1-9DB2255F81C3}D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B66955B6-B444-4A2D-9650-7F80065B954A}D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E65EFE49-F75C-4C80-979C-051D6BDAF87C}D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [{47160AB6-D6C9-4FE3-86F1-47B180D41E69}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{E7A3FFCD-04B8-4776-A14F-7AEBB9AE5F3B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [UDP Query User{57CAE429-18A2-4CAF-9867-D655AA9503C9}D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{58470183-887B-4DAD-9013-AE766957DDA9}D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5DC3B872-2F89-482C-BEC5-D23935495D36}D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B94989A8-87EA-45AF-A790-E436FE2801BB}D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2D072E31-45C9-4529-8C3E-41A7014560F5}D:\games\the beginner's guide\beginnersguide.exe] => (Allow) D:\games\the beginner's guide\beginnersguide.exe
FirewallRules: [TCP Query User{9B839D0E-D5A8-4F25-970E-28CC5B2D8467}D:\games\the beginner's guide\beginnersguide.exe] => (Allow) D:\games\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{FCB78D97-9AD3-4411-BC6A-4EC40B401DB1}D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [TCP Query User{E8BC1F91-6B1C-4579-AE35-4026286B1F22}D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Block) D:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [{8882764A-E3C3-4299-A717-28E2AD451692}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Anno4.exe
FirewallRules: [{0B591784-E61E-4E28-9865-B7DA1CBF71B2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Anno4.exe
FirewallRules: [{04EEF8BC-D5C7-440C-A666-37A8E13CA5D3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Addon.exe
FirewallRules: [{06ADF80C-8C36-4193-98F9-FC63D581CCA1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Addon.exe
FirewallRules: [UDP Query User{0B39D798-0D9D-41CE-A0E4-EEACBFCA0C18}D:\games\world_of_warships\wowslauncher.exe] => (Allow) D:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{9C8053D5-CECB-409A-914E-729CCFB91F5C}D:\games\world_of_warships\wowslauncher.exe] => (Allow) D:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{8FF7E73A-F225-4949-ACC7-3D5BC036B8F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2F4A4C55-0563-4E40-B219-7FCD92761579}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C386D037-04B5-45ED-A840-41C3B7952210}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A527AB15-38FC-44FF-A35D-C11B5FA72A61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{864DF01B-0A44-401A-A017-0B2BF0EFF31E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CC0B3965-DB58-4D8A-B75E-8AD42F4DF7A1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{52E3109C-FF77-473A-915F-9CEFF7671BE3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{912DC818-A52C-4D58-BEF7-A01723C57B17}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D5B3BDD3-881F-48EA-BA34-DFF6FE7DD2CD}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9CCDEBBE-04E3-4A8A-B0C3-1A632655043E}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2D911E9D-826E-43F3-BB26-60FA5B376871}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{013E492A-4DF5-48A9-896D-EE5154C663B0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{765855D1-7840-4FD7-8420-EE88CE5AD3BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{ADB4F47A-2D9C-4DBC-A587-80D5D18F214C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D33797C7-0686-449E-8123-4A2290BF7E4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{2D187429-DD5E-4A9D-AAB6-12FA025CEB74}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4737EBCD-C5C9-4561-B70D-9DB30701C8A1}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{896CFB97-8325-4E3E-B0A9-6F6A2CFED9DA}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{028EF945-5986-4252-BFE2-EC9B843740FF}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{62BD60F3-1034-49DD-9093-1FFA9E0480B5}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{3CC913DA-ACAF-4BC9-AFFD-F6AE26D7836B}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{3A91983B-341B-42F0-9327-5075BC90A8F4}D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{C90FD34D-00A6-48D0-AA6A-6BBF0DCFBB74}D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{6263CFF7-CF91-4ED0-86A8-C0FE40BAE0F2}D:\program files (x86)\world of tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\world of tanks\wotlauncher.exe
FirewallRules: [UDP Query User{DD5C45E4-BA72-4153-B0E0-AF2B6841E597}D:\program files (x86)\world of tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\world of tanks\wotlauncher.exe
FirewallRules: [TCP Query User{52D3F74B-E5B2-4F61-AFBD-609AE495AF42}D:\program files (x86)\world of tanks\worldoftanks.exe] => (Allow) D:\program files (x86)\world of tanks\worldoftanks.exe
FirewallRules: [UDP Query User{D3131F44-54FA-47EF-B313-44266B75295A}D:\program files (x86)\world of tanks\worldoftanks.exe] => (Allow) D:\program files (x86)\world of tanks\worldoftanks.exe
FirewallRules: [{386795D1-F5FC-4A6F-9291-7C945BB7E0B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A20B87F3-5AC5-43A2-9015-557DDEFD1AB6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sniper Elite Zombie Army\bin\ZA.exe
FirewallRules: [{FBB87264-1099-4A0E-A63B-83B77D977C3A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sniper Elite Zombie Army\bin\ZA.exe
FirewallRules: [{55EF9258-66BD-4DE6-A711-FE449F535543}] => (Allow) D:\Program Files (x86)\base\bin\Settlers6.exe
FirewallRules: [{6E86DB33-EEBB-4955-94E2-3C7A047D662C}] => (Allow) D:\Program Files (x86)\base\bin\Settlers6.exe
FirewallRules: [{5F9BC7EF-30FF-4255-965D-8D8C4BEBA3DE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1C23BD6D-B3E6-4524-B317-1BA91F82AD9B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{DFC5F29C-C91D-4798-AC69-3D318E2A5E71}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales\bout.exe
FirewallRules: [{40668263-7959-4411-8D5A-F9629E0B83C7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales\bout.exe
FirewallRules: [{56B509F3-FBFA-490E-BCAF-263CBE13DE44}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{5520B03F-D634-497E-A3D8-71DA393C1B37}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{37ED8240-1803-432B-AFF6-345A47C4C421}] => (Allow) D:\Program Files (x86)\WoT Mods\OMC ModPack Client.exe
FirewallRules: [TCP Query User{43DA4168-1396-4F62-9B88-7475E4CD093A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D73F0DD0-9F05-4165-85C3-EC04572FADE9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{1B77CCCE-FA91-4AF7-9BA8-4DA89083CFD8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Godus\windows\godus.exe
FirewallRules: [{D805E451-7342-4A7D-AEF1-8316C6195977}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Godus\windows\godus.exe
FirewallRules: [TCP Query User{CA6C9E6A-7038-4C9B-A3D4-55D70C43855C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{61FE9BE0-2ADA-4FEC-9C55-C6650A325FCB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{375326A8-54B5-4A27-92F6-D0C1FAD730F4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{14D7ECD1-4757-4F5F-9CC6-00D9E10505F7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{398AA42B-0AF6-43EA-8835-C3590A5161C8}D:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) D:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{5F9434FB-562E-4831-8D76-5DF43602A162}D:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) D:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{F4AAFB93-3CD2-42A6-BAF3-ECD45BE8AD58}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{5A2CBC83-62A3-466E-A822-97D85743EFC2}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{21E4634A-AB14-4CBF-A78D-5BAA27B8E1E8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Champions Online\Champions Online.exe
FirewallRules: [{0D948394-53DC-4E21-BC10-C242B1865DD2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Champions Online\Champions Online.exe
FirewallRules: [{87FAD552-E433-4848-A4B1-82053C824EAB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{07C33DC2-A5EE-4C0F-B1F4-6782708083CA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{01DA507C-867B-4703-A5A9-2283EFC62078}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6451D619-DF53-46CE-80A8-05A36981B676}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/25/2016 05:03:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRISSDEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/25/2016 05:03:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRISSDEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/25/2016 05:03:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RemindersServer.exe, Version 10.0.10586.63 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2f18

Startzeit: 01d186afd7fe5fcd

Beendigungszeit: 4294967295

Anwendungspfad: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

Berichts-ID: 15b2e29b-f2a3-11e5-9be0-448a5bd1728a

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy

Auf das fehlerhafte Paket bezogene Anwendungs-ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/25/2016 05:03:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRISSDEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/25/2016 05:03:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRISSDEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/25/2016 05:03:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRISSDEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/25/2016 05:03:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRISSDEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/25/2016 05:03:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRISSDEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/25/2016 05:03:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRISSDEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/25/2016 05:01:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRISSDEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (03/25/2016 05:03:18 PM) (Source: DCOM) (EventID: 10010) (User: CRISSDEE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/25/2016 05:03:17 PM) (Source: DCOM) (EventID: 10010) (User: CRISSDEE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/25/2016 05:01:17 PM) (Source: DCOM) (EventID: 10010) (User: CRISSDEE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/25/2016 05:01:16 PM) (Source: DCOM) (EventID: 10010) (User: CRISSDEE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/25/2016 04:59:16 PM) (Source: DCOM) (EventID: 10010) (User: CRISSDEE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/25/2016 04:59:15 PM) (Source: DCOM) (EventID: 10010) (User: CRISSDEE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/25/2016 04:57:15 PM) (Source: DCOM) (EventID: 10010) (User: CRISSDEE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/25/2016 04:57:15 PM) (Source: DCOM) (EventID: 10010) (User: CRISSDEE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/25/2016 04:55:15 PM) (Source: DCOM) (EventID: 10010) (User: CRISSDEE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/25/2016 04:55:15 PM) (Source: DCOM) (EventID: 10010) (User: CRISSDEE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca


CodeIntegrity:
===================================
  Date: 2016-03-25 09:30:53.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-25 09:30:13.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-25 09:26:51.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 8143.72 MB
Verfügbarer physikalischer RAM: 5445.58 MB
Summe virtueller Speicher: 16335.72 MB
Verfügbarer virtueller Speicher: 13609.95 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:110.83 GB) (Free:56.8 GB) NTFS
Drive d: (Hauptspeicher) (Fixed) (Total:931.39 GB) (Free:689.42 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

Was ist denn nun mit den Funden von HitmanPro. Soll ich die löschen oder nicht? Sollte ja nix löschen...

M-K-D-B · 25.03.2016, 21:41

Servus,

wir entfernen jetzt die Reste.

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\WINDOWS\68eccf12c10b0d5cd9dea67c1006a7dc.exe
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\PC-MECHANIC
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Systweak
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Microsoft Security Essentials	ESET

Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Kashkuul · 26.03.2016, 09:09

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Agando (2016-03-26 09:07:05) Run:2
Gestartet von C:\Users\Agando\Downloads
Geladene Profile: Agando & DefaultAppPool (Verfügbare Profile: Agando & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\WINDOWS\68eccf12c10b0d5cd9dea67c1006a7dc.exe
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\PC-MECHANIC
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Systweak
Reboot:
end
*****************

Prozess erfolgreich geschlossen.
C:\WINDOWS\68eccf12c10b0d5cd9dea67c1006a7dc.exe => erfolgreich verschoben
HKLM\SOFTWARE\Classes\WOW6432Node\PC-MECHANIC => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Systweak => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\WOW6432Node\Systweak => Schlüssel erfolgreich entfernt


Das System musste neu gestartet werden.

==== Ende von Fixlog 09:07:06 ====

24.03.2016, 22:24	#11
M-K-D-B /// TB-Ausbilder	DNS Unlocker gezogen WJAM auf dem Rechner du speicherst die fixlist.txt im gleichne Verzeichnis wie FRST.exe und dann führst du FRST wie beschrieben aus.

DNS Unlocker gezogen WJAM auf dem Rechner

Plagegeister aller Art und deren Bekämpfung: DNS Unlocker gezogen WJAM auf dem Rechner